Komputer wiesza sie po uruchomieniu prośba o spr log

Logfile of HijackThis v1.99.1

Scan saved at 10:49:04, on 2009-01-29

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\GStartUp.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

G:\JBrowser.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\DfrgNtfs.exe

C:\Documents and Settings\Kamil\Pulpit\stinger.exe

C:\Documents and Settings\Kamil\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe”

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: StartUp Service (GStartUp) - G DATA Software Sp. z o.o. - C:\WINDOWS\system32\GStartUp.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Usuń te wpisy w HJT

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Loga wklej na http://www.wklejto.pl lub http://www.wklej.org/ a w poście daj linka

ComboFix 09-02-03.01 - Kamil 2009-02-04 11:51:53.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.3326.2747 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Kamil\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Kamil\Pulpit\CFScript.txt

AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning disabled* (Updated)

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::

c:\windows\system32\GStartUp.exe

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\GStartUp.exe

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GSTARTUP

-------\Service_GStartUp

((((((((((((((((((((((((( Pliki utworzone od 2009-01-04 do 2009-02-04 )))))))))))))))))))))))))))))))

.

2009-02-03 22:20 . 2009-02-03 22:20

2009-02-03 22:20 . 2009-02-03 22:20

2009-02-03 22:18 . 2009-02-03 22:20

2009-02-03 21:51 . 2009-02-03 21:51 286,720 --------- c:\windows\Setup1.exe

2009-02-03 21:51 . 2009-02-03 21:51 73,216 --a------ c:\windows\ST6UNST.EXE

2009-02-02 22:15 . 2007-11-02 11:47 83,496 -ra------ c:\windows\system32\drivers\s916bus.sys

2009-02-02 22:15 . 2007-11-02 11:47 12,200 -ra------ c:\windows\system32\drivers\s916whnt.sys

2009-02-02 22:15 . 2007-11-02 11:47 12,200 -ra------ c:\windows\system32\drivers\s916wh.sys

2009-01-29 21:54 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll

2009-01-29 21:53 . 2009-01-29 21:53

2009-01-29 21:53 . 2009-01-29 21:53

2009-01-29 21:50 . 2009-01-29 21:50

2009-01-29 21:49 . 2009-01-29 21:49

2009-01-29 21:49 . 2009-02-03 18:40

2009-01-29 10:52 . 2009-01-29 10:52

2009-01-28 16:15 . 2009-01-28 16:15

2009-01-28 13:29 . 2009-01-28 13:32

2009-01-28 13:27 . 2009-01-28 13:28

2009-01-28 13:27 . 2009-01-28 13:27 215,872 --a------ c:\windows\system32\drivers\truecrypt.sys

2009-01-28 13:19 . 2002-10-09 14:53 43,904 --a------ c:\windows\system32\drivers\AFPAnsi.sys

2009-01-28 13:19 . 2009-01-28 13:25 4 --a------ c:\windows\gstartup.dat

2009-01-27 16:52 . 2009-01-27 16:52

2009-01-27 16:52 . 2009-01-27 16:52

2009-01-27 16:52 . 2009-01-27 16:52

2009-01-27 16:52 . 2008-08-19 10:56 53,248 --a------ c:\windows\system32\CSVer.dll

2009-01-27 16:44 . 2009-02-04 11:54 16,608 --a------ c:\windows\gdrv.sys

2009-01-27 16:40 . 2009-01-27 16:40

2009-01-27 16:40 . 2008-12-23 21:58 453,152 --a------ c:\windows\system32\NVUNINST.EXE

2009-01-27 16:40 . 2008-12-26 19:20 453,152 --a------ c:\windows\system32\nvudisp.exe

2009-01-27 16:40 . 2009-02-04 11:54 211,076 --a------ c:\windows\system32\nvapps.xml

2009-01-27 16:40 . 2008-12-26 19:20 18,725 --a------ c:\windows\system32\nvdisp.nvu

2009-01-26 19:18 . 2008-04-14 00:15 26,368 --a–c— c:\windows\system32\dllcache\usbstor.sys

2009-01-26 18:35 . 2009-01-26 19:50 664 --a------ c:\windows\system32\d3d9caps.dat

2009-01-26 13:20 . 2009-01-26 13:20

2009-01-26 13:08 . 2009-01-26 13:08

2009-01-26 08:03 . 2009-01-26 08:05

2009-01-26 08:03 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll

2009-01-26 07:37 . 2009-01-26 07:38

2009-01-26 06:50 . 2009-02-04 11:52

2009-01-26 06:50 . 2009-01-21 00:19

2009-01-26 06:50 . 2009-01-20 23:26

2009-01-26 06:50 . 2009-01-21 00:19

2009-01-26 06:50 . 2009-01-21 00:19

2009-01-26 06:50 . 2009-01-21 00:19

2009-01-26 06:50 . 2009-01-21 00:19

2009-01-26 06:50 . 2009-01-26 06:50

2009-01-23 15:27 . 2009-01-23 15:27

2009-01-22 21:25 . 2009-01-22 21:25

2009-01-21 17:47 . 2009-01-21 17:47

2009-01-21 17:47 . 2009-01-22 22:30 69 --a------ c:\windows\NeroDigital.ini

2009-01-21 15:42 . 2008-04-14 21:51 221,184 --a------ c:\windows\system32\wmpns.dll

2009-01-21 15:40 . 2009-01-29 10:22

2009-01-21 14:35 . 2009-01-21 14:35

2009-01-21 14:24 . 2009-02-02 07:25

2009-01-21 03:04 . 2009-01-21 03:04

2009-01-21 03:00 . 2009-01-21 03:01

2009-01-21 01:12 . 2009-01-21 01:12

2009-01-21 01:11 . 2009-02-03 22:20

2009-01-21 01:02 . 2009-01-21 01:02

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-03 21:23 --------- d–h--w c:\program files\InstallShield Installation Information

2009-02-03 21:19 --------- d-----w c:\program files\Common Files\InstallShield

2009-01-26 06:51 --------- d-----w c:\program files\Unlocker

2009-01-22 22:09 --------- d-----w c:\program files\RegCleaner

2009-01-22 21:10 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Winamp

2009-01-22 07:37 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Skype

2009-01-21 16:57 --------- d-----w c:\program files\NAPI-PROJEKT

2009-01-21 16:55 --------- d-----w c:\program files\K-Lite Codec Pack

2009-01-20 23:47 --------- d-----w c:\program files\YouTube Downloader

2009-01-20 23:46 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Xilisoft Corporation

2009-01-20 23:45 --------- d-----w c:\program files\Microsoft.NET

2009-01-20 23:45 --------- d-----w c:\program files\Any Video Converter

2009-01-20 23:45 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Any Video Converter

2009-01-20 23:41 --------- d-----w c:\program files\Winamp

2009-01-20 23:41 --------- d-----w c:\program files\Java

2009-01-20 23:39 --------- d-----w c:\program files\Common Files\Nero

2009-01-20 23:39 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Nero

2009-01-20 23:38 --------- d-----w c:\program files\Nero

2009-01-20 23:38 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero

2009-01-20 23:33 --------- d-----w c:\program files\SureThing CD Labeler 5

2009-01-20 23:33 --------- d-----w c:\program files\Common Files\SureThing Shared

2009-01-20 23:33 --------- d-----w c:\program files\Common Files\LightScribe

2009-01-20 23:26 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\TuneUp Software

2009-01-20 23:25 --------- d-----w c:\program files\ivo

2009-01-20 23:23 --------- d-----w c:\program files\Common Files\Adobe

2009-01-20 23:20 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Desktopicon

2009-01-20 23:19 --------- d-----w c:\program files\SubEdit-Player

2009-01-20 23:19 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\skypePM

2009-01-20 23:18 --------- d-----w c:\program files\Skype

2009-01-20 23:18 --------- d-----w c:\program files\Real Alternative

2009-01-20 23:18 --------- d-----w c:\program files\Imagenomic

2009-01-20 23:18 --------- d-----w c:\program files\Common Files\Skype

2009-01-20 23:18 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype

2009-01-20 23:17 --------- d-----w c:\program files\mp3DirectCut

2009-01-20 23:17 --------- d-----w c:\program files\foobar2000

2009-01-20 23:16 --------- d-----w c:\program files\DAEMON Tools Lite

2009-01-20 23:13 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-01-20 23:13 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\DAEMON Tools

2009-01-20 23:12 --------- d-----w c:\program files\Crystal Player

2009-01-20 23:12 --------- d-----w c:\program files\CCleaner

2009-01-20 23:11 --------- d-----w c:\program files\MarBit

2009-01-20 23:11 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\BESTplayer

2009-01-20 23:10 --------- d-----w c:\program files\Common Files\Java

2009-01-20 23:04 --------- d-----w c:\program files\IVT Corporation

2009-01-20 23:02 --------- d-----w c:\program files\VGA USB Camera

2009-01-20 23:02 --------- d-----w c:\program files\directx

2009-01-20 22:29 --------- d-----w c:\program files\microsoft frontpage

2009-01-20 22:28 --------- d-----w c:\program files\Usługi online

2008-12-26 18:20 7,962,528 ----a-w c:\windows\system32\drivers\nv4_mini.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe” [2007-09-20 202024]

“Gadu-Gadu”=“e:\kamil\Komunikatory\Gadu-Gadu1\gg.exe” [2005-09-15 749568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-01-21 136600]

“UnlockerAssistant”=“c:\program files\Unlocker\UnlockerAssistant.exe” [2008-05-02 15872]

“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-26 81000]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-12-26 13729792]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-12-26 86016]

“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 31016]

“nwiz”=“nwiz.exe” [2008-12-26 c:\windows\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

–a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

–a------ 2005-09-15 15:05 749568 e:\kamil\Komunikatory\Gadu-Gadu1\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

–a------ 2008-10-22 19:57 2363392 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

–a------ 2007-09-20 09:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2007-10-10 06:28 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-ra------ 2008-05-13 11:50 16862720 c:\windows\RTHDCPL.EXE

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Skype\Phone\Skype.exe”=

“e:\Gry\Company of Heroes\RelicCOH.exe”=

“f:\KAMIL\Bit Lord 1.1\BitLord.exe”=

“e:\KAMIL\Emul\Nowy folder (2)\emule.exe”=

“e:\KAMIL\Komunikatory\Gadu-Gadu1\gg.exe”=

“e:\Gry\WoW\World of Warcraft\Wow.exe”=

“c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=

“d:\Steam\SteamApps\zygzak6540\counter-strike\hl.exe”=

“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“c:\Program Files\Wolfram Research\Mathematica\5.2\Mathematica.exe”=

“c:\Program Files\Wolfram Research\Mathematica\5.2\MathKernel.exe”=

“c:\Program Files\Wolfram Research\Mathematica\5.2\math.exe”=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-21 111184]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-21 20560]

R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-01-29 80392]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2009-02-02 83496]

S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [2009-01-21 74384]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“c:\program files\Common Files\LightScribe\LSRunOnce.exe”

.

Zawartość folderu ‘Zaplanowane zadania’

2009-01-30 c:\windows\Tasks\1-Click Maintenance.job

  • c:\program files\TuneUp Utilities 2008\OneClick.exe []

.

        • USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-DriverCD - G:\Run.exe

.

------- Skan uzupełniający -------

.

IE: Eksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\kmxkfsax.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-04 11:54:48

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Czas ukończenia: 2009-02-04 11:55:50 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-02-04 10:55:48

Przed: 2 108 817 408 bajtów wolnych

Po: 2,201,010,176 bajtów wolnych

243

Log wygląda na czysty.

usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wykonaj optymalizacje Autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Przeskanuj system daj raport na forum

lub Dr.WEB CureIt!

supersonic65, zachęcam do lektury tematu Zasady wklejania logów na forum