bardzo prosze o pomoc jak usunac tego trojana.

oto log

ComboFix 08-04-10.7 - Pawel 2008-04-11 8:32:57.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.137 [GMT 2:00]

Running from: C:\Documents and Settings\Pawel\Dane aplikacji\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Autorun.inf

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\amvo0.dll

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))

.

2008-04-11 08:29 . 2008-04-11 08:29

2008-04-11 08:29 . 2008-04-11 08:30

2008-04-11 08:29 . 2008-04-11 08:29 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys

2008-04-09 21:52 . 2008-04-06 22:33 103,343 -r-hs---- C:\2.bat

2008-04-05 21:54 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-05 21:54 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-04-05 16:24 . 2008-04-05 16:24

2008-04-05 16:20 . 2008-04-05 16:20

2008-04-05 16:20 . 2008-04-05 16:20

2008-04-05 16:20 . 2008-04-05 16:20

2008-03-16 16:26 . 2008-03-16 16:26

2008-03-16 16:25 . 2008-03-16 16:25

2008-03-16 16:24 . 2008-03-16 16:25

2008-03-16 06:27 . 2008-03-16 06:31

2008-03-16 06:27 . 2008-03-16 06:27

2008-03-15 23:44 . 2008-03-15 23:44 45,056 --a------ C:\WINDOWS\NCUNINST.EXE

2008-03-15 23:43 . 2008-03-15 23:43

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-11 06:17 --------- d-----w C:\Program Files\Kalendarz XP

2008-04-09 16:20 --------- d-----w C:\Program Files\Opera

2008-04-09 11:29 --------- d-----w C:\Program Files\eMule

2008-04-09 07:37 --------- d-----w C:\Program Files\DC++

2008-04-05 14:20 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2008-03-26 19:27 --------- d-----w C:\Program Files\SopCast

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-16 04:27 --------- d-----w C:\Documents and Settings\Pawel\Dane aplikacji\TVU networks

2008-03-10 21:09 --------- d-----w C:\Documents and Settings\Pawel\Dane aplikacji\U3

2008-03-08 10:20 --------- d-----w C:\Program Files\CoffeeCup Software

2008-03-08 09:57 --------- d-----w C:\Program Files\PDFCreator

2008-03-08 09:56 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_6046.exe

2008-03-08 09:56 14,290 ----a-w C:\Program Files\settings.dat

2008-03-08 09:56 --------- d-----w C:\Program Files\PDFCreator Toolbar

2008-03-07 22:13 --------- d-----w C:\Program Files\Advanced GIF Animator

2008-03-03 18:40 --------- d-----w C:\Program Files\TextReader

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-28 18:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\stamina

2008-02-27 19:35 --------- d-----w C:\Program Files\Common Files\Synacast

2008-02-27 19:35 --------- d-----w C:\Documents and Settings\Pawel\Dane aplikacji\PPMate

2008-02-27 17:24 --------- d-----w C:\Program Files\Deluxe Ski Jump 3

2008-02-24 11:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-02-24 10:49 --------- d-----w C:\Program Files\Rainlendar2

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-01-20 17:16 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” []

“Rainlendar2”=“C:\Program Files\Rainlendar2\Rainlendar2.exe” []

“Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” []

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe” [2007-09-20 16:35 202024]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“HTpatch”=“C:\WINDOWS\htpatch.exe” [2007-10-10 12:00 28672]

“MPB”=“C:\WINDOWS\system32\MPB.exe” [2007-10-10 12:00 286720]

“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2007-10-10 12:00 114688]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-10-10 12:00 630784]

“SiS Tray”=“C:\WINDOWS\system32\sistray.EXE” [2002-11-17 10:36 303104]

“SiS KHooker”=“C:\WINDOWS\system32\khooker.exe” [2002-09-24 01:50 290816]

“AGRSMMSG”=“AGRSMMSG.exe” [2007-10-10 12:00 88363 C:\WINDOWS\AGRSMMSG.exe]

“LtMoh”=“C:\Program Files\ltmoh\Ltmoh.exe” [2007-10-10 12:00 184320]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]

“NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2007-03-01 16:57 153136]

“NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2007-09-20 10:51 1836328]

“DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004-08-22 18:05 81920]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-11-06 22:03:08 882176]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\Internet Explorer\IEXPLORE.EXE”=

“C:\Program Files\DC++\DCPlusPlus.exe”=

“C:\Program Files\Opera\Opera.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\SopCast\SopCast.exe”=

“C:\Program Files\SopCast\adv\SopAdver.exe”=

“C:\Program Files\TVUPlayer\TVUPlayer.exe”=

R0 DlPortio;DlPortio;C:\WINDOWS\system32\dlportio.sys [2001-02-27 12:50]

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-04-11 08:29]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 CSIScanner;CSIScanner;“C:\Program Files\PrevxCSI\PrevxCSI.exe” /service []

R3 MTC0001_MPB;MPB device driver;C:\WINDOWS\system32\ntMPB.sys [2007-10-10 12:00]

S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\fide.sys [2007-10-22 16:51]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{21fa0cac-066e-11dd-813f-0040d05115a5}]

\Shell\AutoRun\command - G:\2.bat

\Shell\explore\Command - G:\2.bat

\Shell\open\Command - G:\2.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5424f080-7c9e-11dc-805f-0040d05115a5}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5424f081-7c9e-11dc-805f-0040d05115a5}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5989c3c2-7969-11dc-9182-806d6172696f}]

\Shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7c4d6084-04c3-11dd-8137-0040d05115a5}]

\Shell\AutoRun\command - G:\2.bat

\Shell\explore\Command - G:\2.bat

\Shell\open\Command - G:\2.bat

*Newly Created Service* - CSISCANNER

*Newly Created Service* - PXARK

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-11 08:35:21

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???/??[??? [?? [???[???[?D??? [$???[???S??[???m??[???w???(???{??w???w???w???w???[???d???b6?[%??[?? [???"??[A??[???[.??wZ??[?3?[?3?[???st.I???[???d???0=?[?K?[

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-11 8:36:07

ComboFix-quarantined-files.txt 2008-04-11 06:35:55

Pre-Run: 2,863,484,928 bajtów wolnych

Post-Run: 2,857,140,224 bajtów wolnych

.

2008-04-09 07:19:55 — E O F —

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\2.bat


Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.

Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox

to ten log

ComboFix 08-04-10.9 - Pawel 2008-04-11 15:56:11.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.116 [GMT 2:00]

Running from: C:\Documents and Settings\Pawel\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Pawel\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

C:\2.bat

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\2.bat

.

((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))

.

2008-04-05 21:54 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-05 21:54 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-04-05 16:24 . 2008-04-05 16:24

2008-04-05 16:20 . 2008-04-05 16:20

2008-04-05 16:20 . 2008-04-05 16:20

2008-04-05 16:20 . 2008-04-05 16:20

2008-03-16 16:26 . 2008-03-16 16:26

2008-03-16 16:25 . 2008-03-16 16:25

2008-03-16 16:24 . 2008-03-16 16:25

2008-03-16 06:27 . 2008-03-16 06:31

2008-03-16 06:27 . 2008-03-16 06:27

2008-03-15 23:44 . 2008-03-15 23:44 45,056 --a------ C:\WINDOWS\NCUNINST.EXE

2008-03-15 23:43 . 2008-03-15 23:43

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-11 13:22 --------- d-----w C:\Program Files\Kalendarz XP

2008-04-09 16:20 --------- d-----w C:\Program Files\Opera

2008-04-09 11:29 --------- d-----w C:\Program Files\eMule

2008-04-09 07:37 --------- d-----w C:\Program Files\DC++

2008-04-05 14:20 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr

2008-03-26 19:27 --------- d-----w C:\Program Files\SopCast

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-16 04:27 --------- d-----w C:\Documents and Settings\Pawel\Dane aplikacji\TVU networks

2008-03-10 21:09 --------- d-----w C:\Documents and Settings\Pawel\Dane aplikacji\U3

2008-03-08 10:20 --------- d-----w C:\Program Files\CoffeeCup Software

2008-03-08 09:57 --------- d-----w C:\Program Files\PDFCreator

2008-03-08 09:56 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_6046.exe

2008-03-08 09:56 14,290 ----a-w C:\Program Files\settings.dat

2008-03-08 09:56 --------- d-----w C:\Program Files\PDFCreator Toolbar

2008-03-07 22:13 --------- d-----w C:\Program Files\Advanced GIF Animator

2008-03-03 18:40 --------- d-----w C:\Program Files\TextReader

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-28 18:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\stamina

2008-02-27 19:35 --------- d-----w C:\Program Files\Common Files\Synacast

2008-02-27 19:35 --------- d-----w C:\Documents and Settings\Pawel\Dane aplikacji\PPMate

2008-02-27 17:24 --------- d-----w C:\Program Files\Deluxe Ski Jump 3

2008-02-24 11:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-02-24 10:49 --------- d-----w C:\Program Files\Rainlendar2

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-01-20 17:16 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( snapshot@2008-04-11_ 8.35.39.28 )))))))))))))))))))))))))))))))))))))))))

.

• 2008-04-11 13:11:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” []

“Rainlendar2”=“C:\Program Files\Rainlendar2\Rainlendar2.exe” []

“Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” []

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe” [2007-09-20 16:35 202024]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“HTpatch”=“C:\WINDOWS\htpatch.exe” [2007-10-10 12:00 28672]

“MPB”=“C:\WINDOWS\system32\MPB.exe” [2007-10-10 12:00 286720]

“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2007-10-10 12:00 114688]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-10-10 12:00 630784]

“SiS Tray”=“C:\WINDOWS\system32\sistray.EXE” [2002-11-17 10:36 303104]

“SiS KHooker”=“C:\WINDOWS\system32\khooker.exe” [2002-09-24 01:50 290816]

“AGRSMMSG”=“AGRSMMSG.exe” [2007-10-10 12:00 88363 C:\WINDOWS\AGRSMMSG.exe]

“LtMoh”=“C:\Program Files\ltmoh\Ltmoh.exe” [2007-10-10 12:00 184320]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]

“NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2007-03-01 16:57 153136]

“NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2007-09-20 10:51 1836328]

“DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004-08-22 18:05 81920]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-11-06 22:03:08 882176]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\Internet Explorer\IEXPLORE.EXE”=

“C:\Program Files\DC++\DCPlusPlus.exe”=

“C:\Program Files\Opera\Opera.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\SopCast\SopCast.exe”=

“C:\Program Files\SopCast\adv\SopAdver.exe”=

“C:\Program Files\TVUPlayer\TVUPlayer.exe”=

R0 DlPortio;DlPortio;C:\WINDOWS\system32\dlportio.sys [2001-02-27 12:50]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R3 MTC0001_MPB;MPB device driver;C:\WINDOWS\system32\ntMPB.sys [2007-10-10 12:00]

S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\fide.sys [2007-10-22 16:51]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-11 15:58:50

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run???/??[??? [?? [???[???[?D??? [$???[???S??[???m??[???w???(???{??w???w???w???w???[???d???b6?[%??[?? [???"??[A??[???[.??wZ??[?3?[?3?[???st.I???[???d???0=?[?K?[

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-11 15:59:51

ComboFix-quarantined-files.txt 2008-04-11 13:59:38

ComboFix2.txt 2008-04-11 06:36:08

Pre-Run: 4,007,784,448 bajtów wolnych

Post-Run: 3,997,437,952 bajtów wolnych

.

2008-04-09 07:19:55 — E O F —

Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

powstanie plik o takiej ikonie

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

zrób optymalizacje uruchamiania http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

przeskanuj tym http://www.kaspersky.pl/virusscanner.html pokaż raport

włącz przywracanie systemu