z tą różnicą, że u mnie taki komunikat pojawiał się przy uruchamianiu Internet Explorera i niezależnie co kliknąłem, otwierała się dodatkowa karta w Firefox'ie i próbowało przenieść mnie na stronę "free-virusscan.com". Po zainstalowaniu i uruchomieniu ComboFix'a ten problem zniknął. Teraz, gdy wchodzę przez IE na inną stronę niż startowa, trzy razy pojawia się komunikat o błędzie debugowania, po czym przeglądarka działa normalnie. Poza tym, nie mogę wejść (ani przez IE, ani przez Firefoxa) na stronę programosy.pl (z której ściągnąłem ComboFix'a), ani na jej forum. Proszę o pomoc. Poniżej zamieszczam log ComboFixa z wczorajszego skanu:
- Kod: Zaznacz wszystko
ComboFix 08-07-29.1 - darek 2008-07-30 20:12:57.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.323 [GMT 2:00]
Running from: C:\Documents and Settings\darek\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\jack.A-WJ852A79MPELC\Dane aplikacji\macromedia\Flash Player\#SharedObjects\NAHEAMDK\interclick.com
C:\Documents and Settings\jack.A-WJ852A79MPELC\Dane aplikacji\macromedia\Flash Player\#SharedObjects\NAHEAMDK\interclick.com\ud.sol
C:\Documents and Settings\jack.A-WJ852A79MPELC\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\jack.A-WJ852A79MPELC\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0014939.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0014D18.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0015242
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]00214D6.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0021706.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]00217B1.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0BFD188
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0BFD61B.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0BFDACD.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0BFDD08.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\system32\domie.dll
C:\WINDOWS\system32\fsb.exe
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.
2008-07-30 17:01 . 2008-07-30 17:01 <DIR> d--hs---- C:\FOUND.020
2008-07-30 16:59 . 2008-07-30 16:59 <DIR> d-------- C:\Program Files\Avira
2008-07-30 16:59 . 2008-07-30 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-07-29 14:33 . 2008-07-29 14:33 <DIR> d-------- C:\Program Files\Winamp
2008-07-29 14:33 . 2008-07-29 14:33 <DIR> d-------- C:\Documents and Settings\jack.A-WJ852A79MPELC\Dane aplikacji\Winamp
2008-07-28 10:46 . 2008-07-28 10:46 <DIR> d-------- C:\Program Files\[u]0[/u]1-mp3search
2008-07-28 10:33 . 2008-07-28 10:33 18,432 --a------ C:\WINDOWS\system32\hombho.dll
2008-07-28 10:31 . 2008-07-28 10:31 18,432 --a------ C:\WINDOWS\system32\domiebho.dll
2008-07-27 22:37 . 2008-07-27 22:37 <DIR> d--hs---- C:\FOUND.019
2008-07-21 21:45 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-07-21 21:45 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-07-21 21:44 . 2008-07-21 21:44 <DIR> d-------- C:\Program Files\eRightSoft
2008-07-21 21:44 . 2008-06-24 20:28 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-07-06 19:32 . 2008-07-06 19:32 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-07-03 13:57 . 2008-07-03 13:57 <DIR> d-------- C:\Documents and Settings\jack.A-WJ852A79MPELC\Dane aplikacji\Media Player Classic
2008-07-01 13:38 . 2008-07-01 13:38 <DIR> d--hs---- C:\FOUND.018
2008-06-28 20:41 . 2004-07-09 04:27 381,952 --a------ C:\WINDOWS\system32\dllcache\dsound.dll
2008-06-28 20:41 . 2002-12-12 00:14 83,456 --a------ C:\WINDOWS\system32\l3codecx.ax
2008-06-28 20:41 . 2002-12-12 00:14 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2008-06-28 20:41 . 2002-08-29 03:41 31,744 --a------ C:\WINDOWS\system32\dllcache\pid.dll
2008-06-28 20:33 . 2008-06-28 20:33 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-06-28 20:32 . 2008-06-28 20:32 <DIR> d-------- C:\Program Files\Philips
2008-06-28 20:32 . 2007-01-04 15:38 19,840 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-06-28 20:13 . 2008-06-28 20:13 <DIR> d-------- C:\Program Files\Any Video Converter
2008-06-28 20:13 . 2008-06-28 20:14 <DIR> d-------- C:\Documents and Settings\darek\Dane aplikacji\Any Video Converter
2008-06-28 20:09 . 2008-06-28 20:09 66 --a------ C:\WINDOWS\#1 Video Converter.INI
2008-06-28 20:08 . 2008-06-28 20:08 <DIR> d-------- C:\Program Files\NO1 Video Converter
2008-06-27 18:35 . 2008-06-27 18:35 <DIR> d--hs---- C:\FOUND.017
2008-06-25 14:46 . 2008-06-25 14:46 <DIR> d--hs---- C:\FOUND.016
2008-06-24 20:32 . 2001-10-26 19:28 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-24 20:31 . 2001-10-26 19:28 10,096,640 --a------ C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-06-24 20:28 . 2003-02-01 13:51 749,568 --a------ C:\WINDOWS\system32\dllcache\setup_wm.exe
2008-06-24 20:24 . 2001-08-17 20:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2008-06-24 19:24 . 2008-06-24 19:24 <DIR> d--hs---- C:\FOUND.015
2008-06-22 22:45 . 2008-06-22 22:45 <DIR> d--hs---- C:\FOUND.014
2008-06-21 20:53 . 2008-06-21 20:53 298 --a------ C:\WINDOWS\thug2.ini
2008-06-20 09:26 . 2008-06-20 09:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-20 09:26 . 2008-06-20 09:26 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-18 20:00 . 2008-06-18 20:00 <DIR> d--hs---- C:\FOUND.013
2008-06-16 17:25 . 2008-06-16 17:25 <DIR> d--hs---- C:\FOUND.012
2008-06-15 20:23 . 2008-06-15 20:23 <DIR> d-------- C:\Program Files\18 Wheels of Steel Convoy
2008-06-15 19:58 . 2008-06-15 19:58 <DIR> d-------- C:\Documents and Settings\darek\Dane aplikacji\gtk-2.0
2008-06-15 10:10 . 2008-06-15 10:10 <DIR> d-------- C:\Program Files\directx
2008-06-14 18:31 . 2008-06-14 18:31 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-13 17:21 . 2008-06-13 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-08 14:46 . 2008-06-08 14:47 12 --a------ C:\Documents and Settings\darek\USERDATA.DAT
2008-06-07 18:11 . 2008-06-07 18:11 <DIR> d-------- C:\Documents and Settings\darek\.thumbnails
2008-06-07 18:10 . 2008-06-07 18:10 <DIR> d-------- C:\Documents and Settings\darek\.gimp-2.4
2008-06-06 18:05 . 2008-06-06 18:05 <DIR> d-------- C:\Documents and Settings\jack.A-WJ852A79MPELC\Dane aplikacji\gtk-2.0
2008-06-06 18:05 . 2008-06-06 18:05 <DIR> d-------- C:\Documents and Settings\jack.A-WJ852A79MPELC\.thumbnails
2008-06-06 18:04 . 2008-06-06 18:04 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-06-06 18:04 . 2008-06-06 18:04 <DIR> d-------- C:\Documents and Settings\jack.A-WJ852A79MPELC\.gimp-2.4
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 17:49 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-04-27 09:33 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-21 20:00 220 ----a-w C:\Documents and Settings\jack\BestScr.DAT
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r C:\WINDOWS\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14 1077277]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-09-19 15:27 2483504]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-15 11:42 4112384]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-15 11:42 81920]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 10:50 155648]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 17:29 13312]
C:\Documents and Settings\darek\Menu Start\Programy\Autostart\
Instant Memory Cleaner.lnk - C:\Program Files\Vasilios Applications\Instant Memory Cleaner\Instant Memory Cleaner.exe [2008-01-31 14:47:38 1373409]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-10 19:36:32 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.I420"= i420vfw.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.vp31"= vp31vfw.dll
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-05-09 13:15]
R1 pctfw2;pctfw2;C:\WINDOWS\System32\drivers\pctfw2.sys [2007-09-19 15:26]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\System32\drivers\pctmp.sys [2007-09-19 15:26]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\System32\drivers\pctssipc.sys [2007-09-19 15:26]
R1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\System32\DRIVERS\SysTool.sys [2006-11-10 15:08]
S3 HPUATA;HP CD Writer Plus Controller Driver;C:\WINDOWS\System32\DRIVERS\HPUATA.sys [2001-09-24 04:36]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.bearshare.com/pl
O8 -: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 -: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 20:15:05
Windows 5.1.2600 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-30 20:15:51
ComboFix-quarantined-files.txt 2008-07-30 18:15:48
Pre-Run: 3,512,205,312 bajtów wolnych
Post-Run: 4,372,643,840 bajtów wolnych
168
zapisz jako 
