Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Sprawdzenie loga, wyskakujący komunikat
03 Cze 2008, 22:01
Kiedy chcę wejśc do jakiegos folderu to pojawia sie często (nie zawsze) taki komunikat
Your system is infected with dangerous virus!
Note: Strongly recommend to install antispyware program to clean your system and avoid total Cash of your computer!
Click Ok to download the antispyware. (Recommended)
Chialem pusuwac wirusy ale komunikat i tak wyskakuje. Dopiero potem poczytałem o logach i programie ComboFix. Zrobilem loga a teraz bardzo bym prosił o pomoc co robic dalej. Log jest poniżej , mam nadzieje ze dobrze wszystko zrobiłem.
ComboFix 08-06-01.6 - andrzej 2008-06-03 17:45:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.183 [GMT 2:00]
Running from: C:\Documents and Settings\andrzej\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.
2008-05-19 10:48 . 2008-05-30 18:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-19 10:48 . 2008-05-19 10:48 <DIR> d-------- C:\Documents and Settings\andrzej\Dane aplikacji\PC Tools
2008-05-19 10:48 . 2008-06-03 17:43 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-19 10:48 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-19 10:48 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-19 10:48 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-19 10:48 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-19 09:22 . 2008-05-19 09:22 254,464 --a------ C:\WINDOWS\oddoxu.dll
2008-05-13 21:30 . 2008-05-13 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\GRETECH
2008-05-13 21:29 . 2008-05-13 21:29 <DIR> d-------- C:\Program Files\GRETECH
2008-05-13 21:29 . 2008-05-13 21:29 <DIR> d-------- C:\Documents and Settings\andrzej\Dane aplikacji\GRETECH
2008-05-11 17:06 . 2008-05-11 17:13 <DIR> d-------- C:\Program Files\SopCast
2008-05-11 16:57 . 2008-05-11 17:04 <DIR> d-------- C:\Program Files\TVAnts
2008-05-11 16:55 . 2008-05-11 17:01 <DIR> d-------- C:\Documents and Settings\andrzej\Dane aplikacji\TVU Networks
2008-05-10 17:10 . 2008-05-10 17:11 <DIR> d-------- C:\Program Files\SPMT
2008-05-10 14:42 . 2008-05-10 14:42 <DIR> d-------- C:\Program Files\UberIcon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 15:38 --------- d-----w C:\Documents and Settings\andrzej\Dane aplikacji\foobar2000
2008-06-03 11:10 7,526,912 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-05-28 04:17 --------- d-----w C:\Documents and Settings\andrzej\Dane aplikacji\Azureus
2008-05-21 16:36 --------- d-----w C:\Program Files\Java
2008-05-13 19:15 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-04-15 14:44 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-13 21:38 --------- d-----w C:\Program Files\eMule
2008-04-09 09:43 --------- d-----w C:\Program Files\Opera1
2007-09-17 05:00 14 ----a-w C:\Documents and Settings\andrzej\getfile.dat
.
------- Sigcheck -------
2007-06-13 15:23 1225728 deae881b208d2ab313644aae3a28b86f C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1225728 deae881b208d2ab313644aae3a28b86f C:\WINDOWS\icon_TMP\explorer.exe
2007-06-13 15:23 1225728 deae881b208d2ab313644aae3a28b86f C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system_backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F841E5A-AA28-4037-BE7A-96E943E91F4D}]
2008-05-19 09:22 254464 --a------ C:\WINDOWS\oddoxu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Ulepszenia\wskaźniki XP\CursorXP.exe" [2005-01-19 17:34 128000]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 16:09 68856]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2007-08-17 19:10 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 20:27 65536]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 19:38 987187]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^andrzej^Menu Start^Programy^Autostart^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\andrzej\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2006-04-15 07:35 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]
--a------ 2007-06-28 21:44 2816512 C:\Program Files\HEXelon MAX 6\hexelon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 19:38 987187 C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-20 16:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Maxima-5.11.0\\wxMaxima\\wxMaxima.exe"=
"D:\\Gry\\counter\\hl.exe"=
"D:\\Gry\\counter\\hlds.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"D:\\Gry\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 17:48:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
C:\Program Files\UberIcon\UberIcon.dll
.
Completion time: 2008-06-03 17:50:08
ComboFix-quarantined-files.txt 2008-06-03 15:49:55
Pre-Run: 10,393,108,480 bajtów wolnych
Post-Run: 11,041,812,480 bajtów wolnych
139 --- E O F --- 2008-01-25 08:29:51
Your system is infected with dangerous virus!
Note: Strongly recommend to install antispyware program to clean your system and avoid total Cash of your computer!
Click Ok to download the antispyware. (Recommended)
Chialem pusuwac wirusy ale komunikat i tak wyskakuje. Dopiero potem poczytałem o logach i programie ComboFix. Zrobilem loga a teraz bardzo bym prosił o pomoc co robic dalej. Log jest poniżej , mam nadzieje ze dobrze wszystko zrobiłem.
ComboFix 08-06-01.6 - andrzej 2008-06-03 17:45:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.183 [GMT 2:00]
Running from: C:\Documents and Settings\andrzej\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.
2008-05-19 10:48 . 2008-05-30 18:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-19 10:48 . 2008-05-19 10:48 <DIR> d-------- C:\Documents and Settings\andrzej\Dane aplikacji\PC Tools
2008-05-19 10:48 . 2008-06-03 17:43 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-19 10:48 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-19 10:48 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-19 10:48 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-19 10:48 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-19 09:22 . 2008-05-19 09:22 254,464 --a------ C:\WINDOWS\oddoxu.dll
2008-05-13 21:30 . 2008-05-13 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\GRETECH
2008-05-13 21:29 . 2008-05-13 21:29 <DIR> d-------- C:\Program Files\GRETECH
2008-05-13 21:29 . 2008-05-13 21:29 <DIR> d-------- C:\Documents and Settings\andrzej\Dane aplikacji\GRETECH
2008-05-11 17:06 . 2008-05-11 17:13 <DIR> d-------- C:\Program Files\SopCast
2008-05-11 16:57 . 2008-05-11 17:04 <DIR> d-------- C:\Program Files\TVAnts
2008-05-11 16:55 . 2008-05-11 17:01 <DIR> d-------- C:\Documents and Settings\andrzej\Dane aplikacji\TVU Networks
2008-05-10 17:10 . 2008-05-10 17:11 <DIR> d-------- C:\Program Files\SPMT
2008-05-10 14:42 . 2008-05-10 14:42 <DIR> d-------- C:\Program Files\UberIcon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 15:38 --------- d-----w C:\Documents and Settings\andrzej\Dane aplikacji\foobar2000
2008-06-03 11:10 7,526,912 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-05-28 04:17 --------- d-----w C:\Documents and Settings\andrzej\Dane aplikacji\Azureus
2008-05-21 16:36 --------- d-----w C:\Program Files\Java
2008-05-13 19:15 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-04-15 14:44 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-13 21:38 --------- d-----w C:\Program Files\eMule
2008-04-09 09:43 --------- d-----w C:\Program Files\Opera1
2007-09-17 05:00 14 ----a-w C:\Documents and Settings\andrzej\getfile.dat
.
------- Sigcheck -------
2007-06-13 15:23 1225728 deae881b208d2ab313644aae3a28b86f C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1225728 deae881b208d2ab313644aae3a28b86f C:\WINDOWS\icon_TMP\explorer.exe
2007-06-13 15:23 1225728 deae881b208d2ab313644aae3a28b86f C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system_backup\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F841E5A-AA28-4037-BE7A-96E943E91F4D}]
2008-05-19 09:22 254464 --a------ C:\WINDOWS\oddoxu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Ulepszenia\wskaźniki XP\CursorXP.exe" [2005-01-19 17:34 128000]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 16:09 68856]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2007-08-17 19:10 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 20:27 65536]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 19:38 987187]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^andrzej^Menu Start^Programy^Autostart^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\andrzej\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2006-04-15 07:35 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]
--a------ 2007-06-28 21:44 2816512 C:\Program Files\HEXelon MAX 6\hexelon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 19:38 987187 C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-20 16:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Maxima-5.11.0\\wxMaxima\\wxMaxima.exe"=
"D:\\Gry\\counter\\hl.exe"=
"D:\\Gry\\counter\\hlds.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"D:\\Gry\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 17:48:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
C:\Program Files\UberIcon\UberIcon.dll
.
Completion time: 2008-06-03 17:50:08
ComboFix-quarantined-files.txt 2008-06-03 15:49:55
Pre-Run: 10,393,108,480 bajtów wolnych
Post-Run: 11,041,812,480 bajtów wolnych
139 --- E O F --- 2008-01-25 08:29:51
04 Cze 2008, 05:55
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
Wklej do notatnika:
- Kod:
File::
C:\WINDOWS\oddoxu.dll
C:\WINDOWS\system32\amvo.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F841E5A-AA28-4037-BE7A-96E943E91F4D}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
04 Cze 2008, 09:43
zrobilem wszystko co napisales. Ponizej daje loga z ComboFixa.
ComboFix 08-06-03.1 - andrzej 2008-06-04 9:33:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.125 [GMT 2:00]
Running from: C:\Documents and Settings\andrzej\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\andrzej\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\oddoxu.dll
C:\WINDOWS\system32\amvo.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\oddoxu.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.
2008-05-19 10:48 . 2008-05-30 18:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-19 10:48 . 2008-05-19 10:48 <DIR> d-------- C:\Documents and Settings\andrzej\Dane aplikacji\PC Tools
2008-05-19 10:48 . 2008-06-03 17:43 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-19 10:48 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-19 10:48 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-19 10:48 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-19 10:48 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-13 21:30 . 2008-05-13 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\GRETECH
2008-05-13 21:29 . 2008-05-13 21:29 <DIR> d-------- C:\Program Files\GRETECH
2008-05-13 21:29 . 2008-05-13 21:29 <DIR> d-------- C:\Documents and Settings\andrzej\Dane aplikacji\GRETECH
2008-05-11 17:06 . 2008-05-11 17:13 <DIR> d-------- C:\Program Files\SopCast
2008-05-11 16:57 . 2008-05-11 17:04 <DIR> d-------- C:\Program Files\TVAnts
2008-05-11 16:55 . 2008-05-11 17:01 <DIR> d-------- C:\Documents and Settings\andrzej\Dane aplikacji\TVU Networks
2008-05-10 17:10 . 2008-05-10 17:11 <DIR> d-------- C:\Program Files\SPMT
2008-05-10 14:42 . 2008-05-10 14:42 <DIR> d-------- C:\Program Files\UberIcon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 07:30 7,526,912 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-06-03 15:38 --------- d-----w C:\Documents and Settings\andrzej\Dane aplikacji\foobar2000
2008-05-28 04:17 --------- d-----w C:\Documents and Settings\andrzej\Dane aplikacji\Azureus
2008-05-21 16:36 --------- d-----w C:\Program Files\Java
2008-05-13 19:15 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-04-15 14:44 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-13 21:38 --------- d-----w C:\Program Files\eMule
2008-04-09 09:43 --------- d-----w C:\Program Files\Opera1
2007-09-17 05:00 14 ----a-w C:\Documents and Settings\andrzej\getfile.dat
.
------- Sigcheck -------
2007-06-13 15:23 1225728 deae881b208d2ab313644aae3a28b86f C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1225728 deae881b208d2ab313644aae3a28b86f C:\WINDOWS\icon_TMP\explorer.exe
2007-06-13 15:23 1225728 deae881b208d2ab313644aae3a28b86f C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system_backup\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-03_17.49.41,32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 11:09:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 07:29:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 07:29:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Ulepszenia\wskaźniki XP\CursorXP.exe" [2005-01-19 17:34 128000]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 16:09 68856]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2007-08-17 19:10 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 20:27 65536]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 19:38 987187]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^andrzej^Menu Start^Programy^Autostart^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\andrzej\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2006-04-15 07:35 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]
--a------ 2007-06-28 21:44 2816512 C:\Program Files\HEXelon MAX 6\hexelon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 19:38 987187 C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-20 16:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Maxima-5.11.0\\wxMaxima\\wxMaxima.exe"=
"D:\\Gry\\counter\\hl.exe"=
"D:\\Gry\\counter\\hlds.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"D:\\Gry\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 09:35:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-04 9:36:40
ComboFix-quarantined-files.txt 2008-06-04 07:36:33
Pre-Run: 11,013,148,672 bajtów wolnych
Post-Run: 11,007,791,104 bajtów wolnych
139 --- E O F --- 2008-01-25 08:29:51
ComboFix 08-06-03.1 - andrzej 2008-06-04 9:33:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.125 [GMT 2:00]
Running from: C:\Documents and Settings\andrzej\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\andrzej\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\oddoxu.dll
C:\WINDOWS\system32\amvo.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\oddoxu.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.
2008-05-19 10:48 . 2008-05-30 18:03 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-19 10:48 . 2008-05-19 10:48 <DIR> d-------- C:\Documents and Settings\andrzej\Dane aplikacji\PC Tools
2008-05-19 10:48 . 2008-06-03 17:43 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-19 10:48 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-19 10:48 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-19 10:48 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-19 10:48 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-13 21:30 . 2008-05-13 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\GRETECH
2008-05-13 21:29 . 2008-05-13 21:29 <DIR> d-------- C:\Program Files\GRETECH
2008-05-13 21:29 . 2008-05-13 21:29 <DIR> d-------- C:\Documents and Settings\andrzej\Dane aplikacji\GRETECH
2008-05-11 17:06 . 2008-05-11 17:13 <DIR> d-------- C:\Program Files\SopCast
2008-05-11 16:57 . 2008-05-11 17:04 <DIR> d-------- C:\Program Files\TVAnts
2008-05-11 16:55 . 2008-05-11 17:01 <DIR> d-------- C:\Documents and Settings\andrzej\Dane aplikacji\TVU Networks
2008-05-10 17:10 . 2008-05-10 17:11 <DIR> d-------- C:\Program Files\SPMT
2008-05-10 14:42 . 2008-05-10 14:42 <DIR> d-------- C:\Program Files\UberIcon
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 07:30 7,526,912 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-06-03 15:38 --------- d-----w C:\Documents and Settings\andrzej\Dane aplikacji\foobar2000
2008-05-28 04:17 --------- d-----w C:\Documents and Settings\andrzej\Dane aplikacji\Azureus
2008-05-21 16:36 --------- d-----w C:\Program Files\Java
2008-05-13 19:15 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-04-15 14:44 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-04-13 21:38 --------- d-----w C:\Program Files\eMule
2008-04-09 09:43 --------- d-----w C:\Program Files\Opera1
2007-09-17 05:00 14 ----a-w C:\Documents and Settings\andrzej\getfile.dat
.
------- Sigcheck -------
2007-06-13 15:23 1225728 deae881b208d2ab313644aae3a28b86f C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1225728 deae881b208d2ab313644aae3a28b86f C:\WINDOWS\icon_TMP\explorer.exe
2007-06-13 15:23 1225728 deae881b208d2ab313644aae3a28b86f C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system_backup\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-03_17.49.41,32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 11:09:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 07:29:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 07:29:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Ulepszenia\wskaźniki XP\CursorXP.exe" [2005-01-19 17:34 128000]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 16:09 68856]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2007-08-17 19:10 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 20:27 65536]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 19:38 987187]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^andrzej^Menu Start^Programy^Autostart^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\andrzej\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2006-04-15 07:35 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HEXelon MAX]
--a------ 2007-06-28 21:44 2816512 C:\Program Files\HEXelon MAX 6\hexelon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 19:38 987187 C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-20 16:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Maxima-5.11.0\\wxMaxima\\wxMaxima.exe"=
"D:\\Gry\\counter\\hl.exe"=
"D:\\Gry\\counter\\hlds.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"D:\\Gry\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 14:56]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 09:35:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-04 9:36:40
ComboFix-quarantined-files.txt 2008-06-04 07:36:33
Pre-Run: 11,013,148,672 bajtów wolnych
Post-Run: 11,007,791,104 bajtów wolnych
139 --- E O F --- 2008-01-25 08:29:51
04 Cze 2008, 16:41
log ok
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
Włącz przywracanie systemu.
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
Włącz przywracanie systemu.
04 Cze 2008, 17:05
jest problem bo nie moge tego zrobic. Sprawa wyglada tak, ze wczesniej mieszkalem na stancji poza domem i tam mialem dostep do interentu dla laptopa a teraz jestem juz w domu i nie mam neta przy laptopie tylko przy komputerze stacjonarnym. W zwiazku z tym nie moge przeskanowac laptopa tym programem... co mozna innego zrobic?
04 Cze 2008, 17:10
Możesz przeskanowac innym antywirusem dla bezpieczeństwa ale wszystko powinno byc ok
04 Cze 2008, 17:35
w takim razie dzieki 