ten sam problem. zamieszczam ponizej logo z combo fixa i prosze o pomoc.
ComboFix 08-06-20.4 - a 2008-06-25 12:45:53.1 - NTFSx86
Running from: C:\Documents and Settings\a\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.
2008-06-25 12:34 . 2008-06-25 12:34
2008-06-25 12:34 . 2008-06-25 12:36
2008-06-25 12:34 . 2008-06-25 12:34 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-06-25 11:40 . 2008-06-25 11:40
2008-06-11 21:29 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 21:29 . 2008-06-14 20:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 21:34 --------- d-----w C:\Program Files\oDC
2008-05-26 09:52 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-28 15:16 --------- d-----w C:\Program Files\Java
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“HControl”=“C:\WINDOWS\ATK0100\HControl.exe” [2005-02-04 12:34 98304]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2004-07-15 08:25 155648]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2004-07-15 08:24 118784]
“SoundMan”=“SOUNDMAN.EXE” [2005-01-28 08:55 77824 C:\WINDOWS\SOUNDMAN.EXE]
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-10-29 14:39 98394]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-10-29 14:39 688218]
“Power_Gear”=“C:\Program Files\Generic\Power4 Gear\BatteryLife.exe” [2004-09-21 16:55 81920]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2004-12-20 20:41 33792]
“SpeedTouch USB Diagnostics”=“C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” [2002-06-06 11:15 861184]
“WOOWATCH”=“C:\PROGRA~1\Wanadoo\Watch.exe” [2002-12-09 18:24 20480]
“WOOTASKBARICON”=“C:\PROGRA~1\Wanadoo\TaskbarIcon.exe” [2002-12-09 18:24 45056]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]
“DAEMON Tools-1033”=“C:\Program Files\D-Tools\daemon.exe” [2004-08-22 17:05 81920]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-05-16 20:19 180269]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Generic ChkMail.lnk - C:\Program Files\GENERIC\Generic ChkMail\ChkMail.exe [2005-05-18 13:22:27 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“LoadAppInit_DLLs”=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.I420”= i420vfw.dll
“vidc.3ivx”= 3ivxVfWCodec.dll
“VIDC.i263”= i263_32.drv
“msacm.imc”= imc32.acm
“VIDC.X264”= x264vfw.dll
“VIDC.HFYU”= huffyuv.dll
“vidc.yv12”= yv12vfw.dll
“msacm.divxa32”= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\WINDOWS\system32\dplaysvr.exe”=
“C:\Program Files\Age of Empires II\age2_x1\age2_x1.exe”=
“C:\Program Files\EA SPORTS\FIFA 07\fifa07.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-06-25 12:34]
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2003-10-20 19:09]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 04:03]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 15:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 15:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 15:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0817e354-456f-11db-a6b6-0011d8cf612e}]
\Shell\Auto\command - activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - activexdebugger32.exe f
\Shell\open\Command - activexdebugger32.exe f
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5764d92e-3341-11da-a3f7-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f4dbd79a-4228-11dd-aa83-0011d8cf612e}]
\Shell\AutoRun\command - F:\1nkbd8h.bat
\Shell\explore\Command - F:\1nkbd8h.bat
\Shell\open\Command - F:\1nkbd8h.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f71bc10a-cf5f-11dc-a978-0011d8cf612e}]
\Shell\AutoRun\command - F:\EXPLORER.EXE
\Shell\explore\Command - F:\EXPLORER.EXE
\Shell\open\Command - F:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fcc29174-897f-11da-a4d3-0011d8cf612e}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
*Newly Created Service* - CATCHME
*Newly Created Service* - CSISCANNER
*Newly Created Service* - PXARK
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 12:58:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-25 13:03:28
ComboFix-quarantined-files.txt 2008-06-25 11:03:06
Pre-Run: 905,670,656 bajtów wolnych
Post-Run: 1,098,924,032 bajtów wolnych
120 — E O F — 2008-06-20 19:44:17