Prosze o sprawdzenie loga

zbyszko1979 · 13 Czerwiec 2008 19:20

ComboFix 08-06-11.7 - ZBYCHU 2008-06-13 21:16:31.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1312 [GMT 2:00]

Running from: C:\Documents and Settings\ZBYCHU\Moje dokumenty\Downloads\Programs\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\IEAntiVirus

C:\Program Files\IEAntiVirus\ieav.db2

C:\Program Files\IEAntiVirus\ieav.db3

C:\Program Files\IEAntiVirus\ieav.db6

C:\WINDOWS\Fonts\CALIBRIB.TTF

.

((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))

.

2008-06-13 20:12 . 2008-06-13 20:12

2008-06-13 20:06 . 2001-08-17 21:28 794,654 --a–c— C:\WINDOWS\system32\dllcache\usr1801.sys

2008-06-13 20:05 . 2001-10-26 17:01 899,530 --a–c— C:\WINDOWS\system32\dllcache\r2mdkxga.sys

2008-06-13 20:04 . 2008-04-14 21:59 2,067,200 --a–c— C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-06-13 20:03 . 2008-04-14 22:36 13,463,552 --a–c— C:\WINDOWS\system32\dllcache\OLD70B.tmp

2008-06-13 20:02 . 2001-10-26 20:28 1,677,824 --a–c— C:\WINDOWS\system32\dllcache\OLD4FF.tmp

2008-06-13 20:01 . 2001-08-17 21:28 871,388 --a–c— C:\WINDOWS\system32\dllcache\bcmdm.sys

2008-06-13 20:00 . 2008-06-13 20:07

2008-06-13 16:46 . 2008-06-13 16:46 281,088 --a------ C:\WINDOWS\tosant32.dll

2008-06-13 16:19 . 2008-06-13 16:25

2008-06-13 16:19 . 2008-06-13 16:19

2008-06-13 16:19 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-06-13 16:19 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-06-13 16:19 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-06-13 16:19 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-06-12 19:32 . 2008-06-12 19:32 503,809 --a------ C:\WINDOWS\system32\DHCPServer

2008-06-12 19:12 . 2008-06-12 19:32 339,456 --a------ C:\WINDOWS\system32\DHCPServer.dll

2008-06-12 19:12 . 2008-06-12 19:32 251 --a------ C:\WINDOWS\system32\DHCPServer.dat

2008-06-08 21:13 . 2008-06-08 21:13

2008-06-07 22:56 . 2008-06-07 22:56

2008-06-03 18:26 . 2008-06-03 18:26

2008-05-30 16:01 . 2008-05-30 16:02

2008-05-30 16:01 . 2008-06-13 19:39

2008-05-23 17:32 . 2008-05-23 17:32

2008-05-15 21:04 . 2008-06-03 17:57 394 --a------ C:\WINDOWS\capture.ini

2008-05-15 21:00 . 2008-05-15 21:00

2008-05-15 20:59 . 2008-05-15 20:59

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-13 19:16 --------- d-----w C:\Documents and Settings\ZBYCHU\Dane aplikacji\DMCache

2008-06-13 19:09 --------- d-----w C:\Documents and Settings\ZBYCHU\Dane aplikacji\uTorrent

2008-06-13 17:55 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-06-13 15:33 --------- d-----w C:\Program Files\Elaborate Bytes

2008-06-13 14:23 --------- d-----w C:\Documents and Settings\ZBYCHU\Dane aplikacji\The Bat!

2008-06-08 18:30 --------- d-----w C:\Documents and Settings\ZBYCHU\Dane aplikacji\skypePM

2008-06-08 18:30 --------- d-----w C:\Documents and Settings\ZBYCHU\Dane aplikacji\Skype

2008-06-07 21:01 --------- d-----w C:\Program Files\CDex_170b2

2008-06-07 20:55 --------- d-----w C:\Program Files\Easy CD-DA Extractor 11

2008-06-04 13:26 --------- d-----w C:\Program Files\Your Uninstaller 2008

2008-05-16 18:48 --------- d-----w C:\Program Files\eMule

2008-05-15 19:00 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-05-15 18:59 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-05-14 11:01 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-05-12 17:07 --------- d-----w C:\Documents and Settings\ZBYCHU\Dane aplikacji\DVDFab

2008-05-12 16:50 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys

2008-05-12 16:50 --------- d-----w C:\Program Files\DVDFab Platinum 5

2008-05-12 13:32 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-04 15:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink

2008-05-04 15:24 --------- d-----w C:\Program Files\DVD Shrink

2008-05-02 11:47 --------- d-----w C:\Program Files\Common Files\Skype

2008-04-30 17:37 --------- d-----w C:\Program Files\uTorrent

2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-17 17:13 --------- d-----w C:\Program Files\Java

2008-04-14 21:16 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 20:56 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 20:52 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll

2008-04-14 20:52 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll

2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 20:52 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 20:52 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 20:52 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll

2008-04-14 20:52 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 20:50 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-04-14 20:49 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 20:48 5,632 ----a-w C:\WINDOWS\system32\wmi.dll

2008-04-14 20:48 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll

2008-04-14 20:47 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll

2008-04-14 20:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll

2008-04-14 20:43 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll

2008-04-14 20:42 3,584 ----a-w C:\WINDOWS\system32\msafd.dll

2008-04-14 20:36 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 20:35 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 20:35 569,856 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 20:33 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 20:33 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 20:31 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 20:30 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 20:04 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 20:03 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 20:03 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 20:03 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 19:59 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 19:59 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 19:55 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 19:52 89,600 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 19:52 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 19:52 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 19:50 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 19:50 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 19:47 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 19:46 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 19:45 49,664 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 19:43 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 19:41 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 19:41 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 19:39 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 19:37 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 19:35 67,584 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 19:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 19:35 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 19:33 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 19:31 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 19:30 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-04-14 19:30 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 19:30 327,040 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys

2008-04-14 19:28 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 19:28 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 19:25 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 19:24 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 19:24 188,544 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-14 16:00 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-13 22:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 22:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 22:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 22:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 22:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 22:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 22:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 22:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 22:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 22:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 22:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{E913BA95-1ADE-4D25-AC0E-E27BD8E1E43D}]

2008-06-13 16:46 281088 --a------ C:\WINDOWS\tosant32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 12:43 2097488]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-04-21 14:47 68856]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 22:51 15360]

“IDMan”=“C:\Program Files\Internet Download Manager\IDMan.exe” [2008-05-30 16:02 2594224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-06-29 01:43 8466432]

“nwiz”=“nwiz.exe” [2007-06-29 01:43 1626112 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-06-29 01:43 81920]

“RTHDCPL”=“RTHDCPL.EXE” [2007-06-13 08:49 16377344 C:\WINDOWS\RTHDCPL.exe]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]

“OODefragTray”=“C:\WINDOWS\system32\oodtray.exe” [2007-05-11 03:08 2512392]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2007-08-24 08:00 33648]

“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-04-10 15:14 1107848]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 22:51 15360]

“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-06-19 11:17 1241088]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-03-16 00:59:30 1205840]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

“{93994DE8-8239-4655-B1D1-5F4E91300429}”= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.I420”= i263_32.drv

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Photosmart Premier - Szybkie uruchomienie.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Photosmart Premier - Szybkie uruchomienie.lnk

backup=C:\WINDOWS\pss\HP Photosmart Premier - Szybkie uruchomienie.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

–a------ 2007-05-11 14:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

–a------ 2008-02-22 17:58 217544 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

–a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

–a------ 2007-07-09 09:39 2119104 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

–a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

–a------ 2008-02-28 18:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 22:51 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

–a------ 2008-02-18 17:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2008-02-28 10:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

–a------ 2007-06-18 16:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-04-23 17:45 22058792 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

–a------ 2006-09-07 19:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe”

“CorelDRAW Graphics Suite 11b”=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=053008 serial=DR12WEL-6341663-NKM lang=EN

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=

“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=

“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=

“C:\Program Files\uTorrent\uTorrent.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe”=

“C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 16:18]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 14:48]

S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 14:47]

*Newly Created Service* - CATCHME

*Newly Created Service* - WINDEFEND

.

Contents of the ‘Scheduled Tasks’ folder

“2008-06-13 18:15:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job”

C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-13 21:17:59

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-06-13 21:18:37

ComboFix-quarantined-files.txt 2008-06-13 19:18:34

Pre-Run: 9,326,837,760 bajtów wolnych

Post-Run: 9,361,387,520 bajtów wolnych

275 — E O F — 2008-05-14 11:01:49

JNJN · 14 Czerwiec 2008 09:13

Przeczytaj tematy przyklejone w tym dziale i popraw posta, opcja edytuj.JNJN

huber2t · 14 Czerwiec 2008 10:53

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\tosant32.dll


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E913BA95-1ADE-4D25-AC0E-E27BD8E1E43D}]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.org a w poście dajesz tylko link