Your system is infected with dangerous virus!

Witam …

mam problem z komputerem gdy klikam na jakiś folder wyskakuje mi:

Your system is infected with dangerous virus! Note: strongly recomended to instal antispyware program to clean you system and avoid total crash of your computer.

Może mi ktos powiedzieć co ja mam zrobic z tym dalej???

Podaj log z Combofix

ComboFix 08-05-11.1 - dominika 2008-05-12 20:42:02.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.621 [GMT 2:00]

Running from: C:\Documents and Settings\dominika\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\smp.bat

.

((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))

.

2008-05-12 19:04 . 2008-05-12 19:04

2008-05-09 18:57 . 2008-05-09 21:02

2008-05-08 13:38 . 2007-11-22 17:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx

2008-05-07 13:49 . 2008-05-07 13:49 216,064 --a------ C:\WINDOWS\tsokru.dll

2008-05-07 13:46 . 2008-05-07 13:46 211,968 --a------ C:\WINDOWS\fas64.dll

2008-05-06 11:25 . 2008-03-01 15:02 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2008-05-06 11:25 . 2007-04-17 11:32 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-05-06 11:25 . 2007-03-08 07:11 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-05-06 11:25 . 2008-03-01 15:02 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-05-06 11:25 . 2008-03-01 15:02 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-05-06 11:25 . 2008-03-01 15:02 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2008-05-06 11:25 . 2008-03-01 15:02 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2008-05-06 11:25 . 2008-03-01 15:02 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-05-06 11:25 . 2008-02-22 12:00 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-05-05 23:34 . 2008-05-11 19:35

2008-04-20 23:01 . 2008-04-20 23:01

2008-04-18 00:01 . 2008-04-18 00:01 98,927 --a------ C:\WINDOWS\hpqins16.dat

2008-04-17 22:37 . 2008-04-17 22:37

2008-04-17 22:37 . 2004-12-07 07:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll

2008-04-17 22:37 . 2006-01-30 09:32 5,632 --a------ C:\WINDOWS\system32\pxc25pm.dll

2008-04-17 22:36 . 2008-05-07 13:36

2008-04-14 14:50 . 2008-04-14 14:54

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-12 14:27 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\BearShare

2008-05-12 14:12 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\Skype

2008-05-12 14:00 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\skypePM

2008-05-09 18:54 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\AdobeUM

2008-05-07 12:04 --------- d-----w C:\Program Files\SkanerOnline

2008-05-07 11:37 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-05-07 11:16 --------- d-----w C:\Program Files\BearShare applications

2008-05-05 20:28 --------- d-----w C:\Program Files\Opera

2008-04-20 10:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-04-13 20:47 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\Nokia Multimedia Player

2008-04-11 09:48 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\Corel

2008-04-11 09:40 --------- d-----w C:\Program Files\Common Files\Corel

2008-04-06 21:15 --------- d-----w C:\Program Files\AMS Photo Effects

2008-04-06 17:32 --------- d–h--w C:\Documents and Settings\All Users\Dane aplikacji{8D875FC5-7147-49C8-8D56-7682E8D71C9C}

2008-03-27 09:09 --------- d-----w C:\Program Files\Google

2008-03-20 13:54 --------- d-----w C:\Program Files\Java

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-14 20:36 --------- d-----w C:\Program Files\Combined Community Codec Pack

2008-03-14 20:29 --------- d-----w C:\Program Files\AVIcodec

2008-03-14 18:50 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-01-19 10:21 0 —h–w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLds.DAT

2007-11-26 19:39 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2007-09-09 15:43 20 —h–w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT

2007-03-30 09:31 11,320,957 ----a-w C:\Documents and Settings\dominika\St2007.EXE

2007-02-13 07:48 13,494,026 ----a-w C:\Documents and Settings\dominika\FP2007.EXE

2006-07-28 10:27 2,585,872 ----a-w C:\Documents and Settings\dominika\InstMsiW.exe

2006-07-28 09:59 1,709,160 ----a-w C:\Documents and Settings\dominika\InstMsi.exe

2006-07-04 14:05 5,739,102 ----a-w C:\Documents and Settings\dominika\PDFX3SA_sm.exe

2005-09-23 07:34 2,648,768 ----a-w C:\Documents and Settings\dominika\vcredist_x86.exe

2002-12-17 17:09 10,467,232 ----a-w C:\Documents and Settings\dominika\Sqlredis.exe

2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

2006-08-13 13:40 88 --sh–r C:\WINDOWS\system32\1732224642.sys

2006-09-01 15:05 104 --sh–r C:\WINDOWS\system32\4246223217.sys

2006-09-01 15:50 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]

2008-04-17 09:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{95E1D855-9232-48F7-80D9-1ADB65B7939C}]

2008-05-07 13:49 216064 --a------ C:\WINDOWS\tsokru.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{CF9146DB-16F1-4B79-8DA1-EE14C55D5B06}]

2008-05-07 13:46 211968 --a------ C:\WINDOWS\fas64.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2005-04-14 16:56 1957888]

“AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” []

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 17:22 21898024]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“CTZDetec.exe”=“D:\Creative Media Lite\CTZDetec.exe” [2007-12-18 15:20 401408]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]

“antispy”=“C:\Program Files\IEAntiVirus\ANTIVIRUS.exe” []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\Program Files\Alwil Software\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]

“Cmaudio”=“cmicnfg.cpl” []

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-09-09 15:41 282624]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” []

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016]

“VirtualCloneDrive”=“C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” [2006-04-29 15:21 94208]

“PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-03-23 14:20 227328]

“Adobe Photo Downloader”=“C:\Program Files\Nokia\3.0\Apps\apdproxy.exe” [2005-06-07 00:46 57344]

“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-12 00:12 49152]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]

“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-03-27 16:58 1744896]

“Picasa Media Detector”=“E:\Picasa2\PicasaMediaDetector.exe” [2008-02-26 03:23 443968]

C:\Documents and Settings\dominika\Menu Start\Programy\Autostart\

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-07-17 21:50:42 217180]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]

Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 01:35:22 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.DIV3”= DivXc32.dll

“vidc.DIV4”= DivXc32f.dll

“vidc.DVX4”= DivX4.dll

“msacm.divxa32”= DivXa32.acm

“VIDC.YV12”= yv12vfw.dll

“msacm.ac3filter”= ac3filter.acm

“msacm.dvacm”= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

“msacm.ulmp3acm”= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

“vidc.ffds”= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“FirewallOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“D:\eMule\emule.exe”=

“E:\Ares\Ares.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=

“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=

“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

S2 BulkUsb;USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys []

S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0f0c9cec-d192-11dc-b95b-000b6a6c4b87}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(0)\command - Recycled\ctfmon.exe

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-12 20:44:23

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-12 20:45:42

ComboFix-quarantined-files.txt 2008-05-12 18:45:29

Pre-Run: 10,938,540,032 bajtów wolnych

Post-Run: 11,853,479,936 bajtów wolnych

181 — E O F — 2008-05-11 17:35:47

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\tsokru.dll

C:\WINDOWS\fas64.dll


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95E1D855-9232-48F7-80D9-1ADB65B7939C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF9146DB-16F1-4B79-8DA1-EE14C55D5B06}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"-

"HP Software Update"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Gdt zrobiłam to co napisałaeś cos tam sie zaczęło dziać a potem po jakimś zasie zrestartował mi sie komputer. Mam wiec uruchomić ComboFix raz jeszcze?

Tak powinnas

nie mogę wkleić tego loga bo za każdym razem jak sie on wygeneruje to restartuje mi sie komputer

Jeśli jest on już na dysku to go wyszukaj:

Start --> wyszukaj --> ComboFix.txt

ComboFix 08-05-11.1 - dominika 2008-05-12 21:26:43.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.657 [GMT 2:00]

Running from: C:\Documents and Settings\dominika\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\fas64.dll

C:\WINDOWS\tsokru.dll

.

((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))

.

2008-05-12 19:04 . 2008-05-12 19:04

2008-05-09 18:57 . 2008-05-09 21:02

2008-05-08 13:38 . 2007-11-22 17:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx

2008-05-06 11:25 . 2008-03-01 15:02 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2008-05-06 11:25 . 2007-04-17 11:32 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-05-06 11:25 . 2007-03-08 07:11 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-05-06 11:25 . 2008-03-01 15:02 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-05-06 11:25 . 2008-03-01 15:02 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-05-06 11:25 . 2008-03-01 15:02 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2008-05-06 11:25 . 2008-03-01 15:02 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2008-05-06 11:25 . 2008-03-01 15:02 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-05-06 11:25 . 2008-02-22 12:00 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-05-05 23:34 . 2008-05-11 19:35

2008-04-20 23:01 . 2008-04-20 23:01

2008-04-18 00:01 . 2008-04-18 00:01 98,927 --a------ C:\WINDOWS\hpqins16.dat

2008-04-17 22:37 . 2008-04-17 22:37

2008-04-17 22:37 . 2004-12-07 07:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll

2008-04-17 22:37 . 2006-01-30 09:32 5,632 --a------ C:\WINDOWS\system32\pxc25pm.dll

2008-04-17 22:36 . 2008-05-07 13:36

2008-04-14 14:50 . 2008-04-14 14:54

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-12 19:28 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\Skype

2008-05-12 19:02 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\skypePM

2008-05-12 14:27 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\BearShare

2008-05-09 18:54 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\AdobeUM

2008-05-07 12:04 --------- d-----w C:\Program Files\SkanerOnline

2008-05-07 11:37 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-05-07 11:16 --------- d-----w C:\Program Files\BearShare applications

2008-05-05 20:28 --------- d-----w C:\Program Files\Opera

2008-04-20 10:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-04-13 20:47 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\Nokia Multimedia Player

2008-04-11 09:48 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\Corel

2008-04-11 09:40 --------- d-----w C:\Program Files\Common Files\Corel

2008-04-06 21:15 --------- d-----w C:\Program Files\AMS Photo Effects

2008-04-06 17:32 --------- d–h--w C:\Documents and Settings\All Users\Dane aplikacji{8D875FC5-7147-49C8-8D56-7682E8D71C9C}

2008-03-27 09:09 --------- d-----w C:\Program Files\Google

2008-03-20 13:54 --------- d-----w C:\Program Files\Java

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-14 20:36 --------- d-----w C:\Program Files\Combined Community Codec Pack

2008-03-14 20:29 --------- d-----w C:\Program Files\AVIcodec

2008-03-14 18:50 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-01-19 10:21 0 —h–w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLds.DAT

2007-11-26 19:39 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2007-09-09 15:43 20 —h–w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT

2007-03-30 09:31 11,320,957 ----a-w C:\Documents and Settings\dominika\St2007.EXE

2007-02-13 07:48 13,494,026 ----a-w C:\Documents and Settings\dominika\FP2007.EXE

2006-07-28 10:27 2,585,872 ----a-w C:\Documents and Settings\dominika\InstMsiW.exe

2006-07-28 09:59 1,709,160 ----a-w C:\Documents and Settings\dominika\InstMsi.exe

2006-07-04 14:05 5,739,102 ----a-w C:\Documents and Settings\dominika\PDFX3SA_sm.exe

2005-09-23 07:34 2,648,768 ----a-w C:\Documents and Settings\dominika\vcredist_x86.exe

2002-12-17 17:09 10,467,232 ----a-w C:\Documents and Settings\dominika\Sqlredis.exe

2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

2006-08-13 13:40 88 --sh–r C:\WINDOWS\system32\1732224642.sys

2006-09-01 15:05 104 --sh–r C:\WINDOWS\system32\4246223217.sys

2006-09-01 15:50 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( snapshot@2008-05-12_20.45.14,71 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-05-12 13:29:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
  • 2008-05-12 19:18:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-05-12 19:01:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6d0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]

2008-04-17 09:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{95E1D855-9232-48F7-80D9-1ADB65B7939C}]

C:\WINDOWS\tsokru.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{CF9146DB-16F1-4B79-8DA1-EE14C55D5B06}]

C:\WINDOWS\fas64.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2005-04-14 16:56 1957888]

“AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” []

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 17:22 21898024]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“CTZDetec.exe”=“D:\Creative Media Lite\CTZDetec.exe” [2007-12-18 15:20 401408]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]

“antispy”=“C:\Program Files\IEAntiVirus\ANTIVIRUS.exe” []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\Program Files\Alwil Software\Avast4\ashDisp.exe” [2008-03-29 19:37 79224]

“Cmaudio”=“cmicnfg.cpl” []

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-09-09 15:41 282624]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” []

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016]

“VirtualCloneDrive”=“C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” [2006-04-29 15:21 94208]

“PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-03-23 14:20 227328]

“Adobe Photo Downloader”=“C:\Program Files\Nokia\3.0\Apps\apdproxy.exe” [2005-06-07 00:46 57344]

“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-12 00:12 49152]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]

“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-03-27 16:58 1744896]

“Picasa Media Detector”=“E:\Picasa2\PicasaMediaDetector.exe” [2008-02-26 03:23 443968]

C:\Documents and Settings\dominika\Menu Start\Programy\Autostart\

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-07-17 21:50:42 217180]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]

Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 01:35:22 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.DIV3”= DivXc32.dll

“vidc.DIV4”= DivXc32f.dll

“vidc.DVX4”= DivX4.dll

“msacm.divxa32”= DivXa32.acm

“VIDC.YV12”= yv12vfw.dll

“msacm.ac3filter”= ac3filter.acm

“msacm.dvacm”= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

“msacm.ulmp3acm”= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

“vidc.ffds”= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“FirewallOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“D:\eMule\emule.exe”=

“E:\Ares\Ares.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=

“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=

“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

S2 BulkUsb;USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys []

S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0f0c9cec-d192-11dc-b95b-000b6a6c4b87}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(0)\command - Recycled\ctfmon.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-12 21:28:41

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-12 21:30:02

ComboFix-quarantined-files.txt 2008-05-12 19:29:53

ComboFix2.txt 2008-05-12 18:45:43

Pre-Run: 11,814,916,096 bajtów wolnych

Post-Run: 11,805,851,648 bajtów wolnych

188 — E O F — 2008-05-11 17:35:47

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S … Tool.shtml lub format

Flash Disinfector http://www.searchengines.pl/index.php?s … ntry369724

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:

zatrzymałam sie na Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S … Tool.shtml lub format

Flash Disinfector http://www.searchengines.pl/index.php?s … ntry369724

nie mam podłaczonego pendriva a co mam zrobić z tym Flash Disinfector nie bardzo rozumiem :frowning: :frowning:

podałem dwa programy do leczenia

Flash Disinfector tam wszystko pisze

wiadomo że trzeba podłączyć pendriva aby go leczyć

:slight_smile:

no a jak nie mam wogóle pendriva to tez mam to instalować?

Wiem dla ciebie to moze banalne…

ale dla mnie jakoś nie bardzo :smiley:

możesz zainstalować program stworzy specjalne pliki które mogą cię ochronić w przyszłości gdybyś podłączyła zainfekowanego pendriva lub inną kartę pamięci

:slight_smile:

ComboFix 08-05-11.1 - dominika 2008-05-12 22:10:20.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.644 [GMT 2:00]

Running from: C:\Documents and Settings\dominika\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\dominika\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_e4usbaw

-------\Service_IKANLOADER2

((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))

.

2008-05-12 19:04 . 2008-05-12 19:04

2008-05-09 18:57 . 2008-05-09 21:02

2008-05-08 13:38 . 2007-11-22 17:00 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx

2008-05-06 11:25 . 2008-03-01 15:02 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2008-05-06 11:25 . 2007-04-17 11:32 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-05-06 11:25 . 2007-03-08 07:11 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-05-06 11:25 . 2008-03-01 15:02 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-05-06 11:25 . 2008-03-01 15:02 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-05-06 11:25 . 2008-03-01 15:02 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2008-05-06 11:25 . 2008-03-01 15:02 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2008-05-06 11:25 . 2008-03-01 15:02 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-05-06 11:25 . 2008-02-22 12:00 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-05-05 23:34 . 2008-05-11 19:35

2008-04-20 23:01 . 2008-04-20 23:01

2008-04-18 00:01 . 2008-04-18 00:01 98,927 --a------ C:\WINDOWS\hpqins16.dat

2008-04-17 22:37 . 2008-04-17 22:37

2008-04-17 22:37 . 2004-12-07 07:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll

2008-04-17 22:37 . 2006-01-30 09:32 5,632 --a------ C:\WINDOWS\system32\pxc25pm.dll

2008-04-17 22:36 . 2008-05-07 13:36

2008-04-14 14:50 . 2008-04-14 14:54

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-12 20:14 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\Skype

2008-05-12 19:02 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\skypePM

2008-05-12 14:27 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\BearShare

2008-05-09 18:54 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\AdobeUM

2008-05-07 12:04 --------- d-----w C:\Program Files\SkanerOnline

2008-05-07 11:37 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-05-07 11:16 --------- d-----w C:\Program Files\BearShare applications

2008-05-05 20:28 --------- d-----w C:\Program Files\Opera

2008-04-20 10:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-04-13 20:47 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\Nokia Multimedia Player

2008-04-11 09:48 --------- d-----w C:\Documents and Settings\dominika\Dane aplikacji\Corel

2008-04-11 09:40 --------- d-----w C:\Program Files\Common Files\Corel

2008-04-06 21:15 --------- d-----w C:\Program Files\AMS Photo Effects

2008-04-06 17:32 --------- d–h--w C:\Documents and Settings\All Users\Dane aplikacji{8D875FC5-7147-49C8-8D56-7682E8D71C9C}

2008-03-27 09:09 --------- d-----w C:\Program Files\Google

2008-03-20 13:54 --------- d-----w C:\Program Files\Java

2008-03-14 20:36 --------- d-----w C:\Program Files\Combined Community Codec Pack

2008-03-14 20:29 --------- d-----w C:\Program Files\AVIcodec

2008-03-14 18:50 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-01-19 10:21 0 —h–w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLds.DAT

2007-11-26 19:39 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2007-09-09 15:43 20 —h–w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLec.DAT

2007-03-30 09:31 11,320,957 ----a-w C:\Documents and Settings\dominika\St2007.EXE

2007-02-13 07:48 13,494,026 ----a-w C:\Documents and Settings\dominika\FP2007.EXE

2006-07-28 10:27 2,585,872 ----a-w C:\Documents and Settings\dominika\InstMsiW.exe

2006-07-28 09:59 1,709,160 ----a-w C:\Documents and Settings\dominika\InstMsi.exe

2006-07-04 14:05 5,739,102 ----a-w C:\Documents and Settings\dominika\PDFX3SA_sm.exe

2005-09-23 07:34 2,648,768 ----a-w C:\Documents and Settings\dominika\vcredist_x86.exe

2002-12-17 17:09 10,467,232 ----a-w C:\Documents and Settings\dominika\Sqlredis.exe

2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL

2006-08-13 13:40 88 --sh–r C:\WINDOWS\system32\1732224642.sys

2006-09-01 15:05 104 --sh–r C:\WINDOWS\system32\4246223217.sys

2006-09-01 15:50 6,686 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( snapshot@2008-05-12_20.45.14,71 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-05-12 13:29:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
  • 2008-05-12 20:13:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

  • 2008-05-12 20:13:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6dc.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]

2008-04-17 09:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2005-04-14 16:56 1957888]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 17:22 21898024]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“CTZDetec.exe”=“D:\Creative Media Lite\CTZDetec.exe” [2007-12-18 15:20 401408]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 12:54 2131392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-09-09 15:41 282624]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016]

“VirtualCloneDrive”=“C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” [2006-04-29 15:21 94208]

“PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-03-23 14:20 227328]

“Adobe Photo Downloader”=“C:\Program Files\Nokia\3.0\Apps\apdproxy.exe” [2005-06-07 00:46 57344]

“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-12 00:12 49152]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]

“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-03-27 16:58 1744896]

“Picasa Media Detector”=“E:\Picasa2\PicasaMediaDetector.exe” [2008-02-26 03:23 443968]

C:\Documents and Settings\dominika\Menu Start\Programy\Autostart\

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe [2003-07-17 21:50:42 217180]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]

Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 01:35:22 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.DIV3”= DivXc32.dll

“vidc.DIV4”= DivXc32f.dll

“vidc.DVX4”= DivX4.dll

“msacm.divxa32”= DivXa32.acm

“VIDC.YV12”= yv12vfw.dll

“msacm.ac3filter”= ac3filter.acm

“msacm.dvacm”= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

“msacm.ulmp3acm”= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

"msacm.mpegacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\mpegacm.acm

“vidc.ffds”= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“FirewallOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“D:\eMule\emule.exe”=

“E:\Ares\Ares.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=

“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=

“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

S2 BulkUsb;USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{64d0deeb-bca2-11dc-b916-000b6a6c4b87}]

\Shell\AutoRun\command - H:\SETUP.EXE

\Shell\configure\command - H:\SETUP.EXE

\Shell\install\command - H:\SETUP.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-12 22:14:17

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\CTSVCCDA.EXE

C:\Program Files\Creative\Shared Files\CTDevSrv.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2008-05-12 22:20:02 - machine was rebooted [dominika]

ComboFix-quarantined-files.txt 2008-05-12 20:19:39

ComboFix2.txt 2008-05-12 19:30:03

ComboFix3.txt 2008-05-12 18:45:43

Pre-Run: 13,745,709,056 bajtów wolnych

Post-Run: 13,645,721,600 bajt˘w wolnych

195 — E O F — 2008-05-11 17:35:47

Log wygląda na czysty

zrób optymalizacje uruchamiania http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

:slight_smile: