prosba o sprawdzenie loga

[artibaj]

prosba o sprawdzenie loga z combofix

ComboFix 08-05-26.2 - artibaj 2008-06-01 13:24:20.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.952 [GMT 2:00]
Running from: C:\Documents and Settings\artibaj\Pulpit\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\msacm32.drv
C:\WINDOWS\system32\abqogloj.ini
C:\WINDOWS\system32\btkpteep.ini
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\drivers\tcpsr.sys
C:\WINDOWS\system32\dwowkijy.ini
C:\WINDOWS\system32\dxsbbuki.ini
C:\WINDOWS\system32\ehagigjr.ini
C:\WINDOWS\system32\hgjTBJlm.ini
C:\WINDOWS\system32\hgjTBJlm.ini2
C:\WINDOWS\system32\jxpsboup.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nvcftxtt.ini
C:\WINDOWS\system32\pxwdjefh.ini
C:\WINDOWS\system32\rmjovjnc.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_TCPSR
-------\Service_tcpsr
-------\Service_Binary file SvcDump matches


((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-06-18 01:49 . 2008-06-18 01:50 <DIR> d-------- C:\CmboFix
2008-06-18 00:59 . 2008-06-18 00:59 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-18 00:58 . 2008-06-18 01:38 <DIR> d-------- C:\SDFix
2008-06-18 00:55 . 2008-06-09 12:43 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\MxBoost
2008-06-18 00:54 . 2008-06-16 13:32 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-06-18 00:54 . 2008-06-16 13:32 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-06-18 00:54 . 2008-06-16 11:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-06-18 00:54 . 2008-06-09 12:32 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-06-18 00:54 . 2008-06-16 13:32 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-06-18 00:54 . 2008-06-16 13:32 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-06-18 00:54 . 2008-06-09 12:39 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-06-18 00:54 . 2008-06-18 00:54 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-17 23:24 . 2008-06-17 23:24 <DIR> d-------- C:\CoboFix
2008-06-17 23:01 . 2008-06-17 23:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-17 22:51 . 2002-03-01 21:01 8,192 --a------ C:\WINDOWS\system32\kbdpla.dll
2008-06-17 22:19 . 2008-06-17 22:19 94,080 --a------ C:\WINDOWS\system32\puobspxj.dll
2008-06-17 16:15 . 2008-06-17 16:15 322,432 --a------ C:\WINDOWS\system32\mlJBTjgh.dll
2008-06-17 16:06 . 2008-06-17 16:06 97,280 -r-hs---- C:\WINDOWS\system32\12520850e.exe
2008-06-17 16:06 . 2008-06-17 16:06 29,824 --a------ C:\WINDOWS\system32\iifecbcA.dll.vir
2008-06-17 16:05 . 2008-06-17 16:05 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adsl Software Limited
2008-06-17 16:05 . 2008-06-17 16:05 69,120 --a------ C:\qbnp.exe
2008-06-17 16:05 . 2008-06-01 13:40 30,208 --a------ C:\WINDOWS\system32\drivers\Nqt35.sys
2008-06-17 16:05 . 2008-06-17 16:05 25,600 --a------ C:\bkqhent.exe
2008-06-17 16:05 . 2004-09-09 15:49 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-17 15:48 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-06-17 15:48 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-06-17 15:16 . 2008-06-17 15:16 <DIR> d-------- C:\WINDOWS\system32\MTSLog
2008-06-17 15:16 . 2008-06-17 15:16 <DIR> d--h-c--- C:\Documents and Settings\All Users\Dane aplikacji\{ADE0B700-B0DC-4392-9D8F-2B87DA8B402C}
2008-06-17 11:50 . 2008-06-17 11:50 <DIR> d-------- C:\WINDOWS\system32\ShellDD
2008-06-17 11:50 . 2008-06-17 11:51 <DIR> d-------- C:\Documents and Settings\artibaj\Dane aplikacji\LogSys
2008-06-17 11:50 . 2008-06-17 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LogSys
2008-06-17 11:49 . 2008-06-17 11:50 <DIR> d--h-c--- C:\Documents and Settings\All Users\Dane aplikacji\{C63CBBF7-8137-4406-9AA1-7D75EC166ECA}
2008-06-17 10:32 . 2008-06-17 15:25 31 --a------ C:\WINDOWS\system32\bbcap.err
2008-06-17 10:30 . 2008-06-17 15:25 <DIR> d-------- C:\Documents and Settings\artibaj\Dane aplikacji\Blueberry
2008-06-17 10:30 . 2008-06-17 10:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Blueberry
2008-06-17 10:30 . 2008-06-17 10:30 27,776 --a------ C:\WINDOWS\system32\bbcap.dll
2008-06-17 10:30 . 2008-06-17 10:30 4,608 --a------ C:\WINDOWS\system32\bbchlp.dll
2008-06-17 10:30 . 2008-06-17 10:30 2,944 --a------ C:\WINDOWS\system32\drivers\bbcap.sys
2008-06-17 10:29 . 2008-06-17 15:16 <DIR> d-------- C:\Program Files\Common Files\Blueberry Software
2008-06-17 10:29 . 2008-06-17 15:16 <DIR> d-------- C:\Program Files\Blueberry Software
2008-06-17 10:29 . 2008-06-17 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\{1125ADE1-D617-4AFC-A2BB-E9DE22F436B6}
2008-06-17 10:17 . 2008-06-17 10:17 583 --a------ C:\WINDOWS\QIII.INI
2008-06-17 09:31 . 2008-06-17 09:31 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-17 09:29 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-17 09:20 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-17 09:20 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-17 09:18 . 2007-02-28 18:04 2,181,632 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-06-17 09:18 . 2007-02-28 18:04 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-06-17 09:18 . 2007-02-28 18:04 2,058,880 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-06-17 09:18 . 2007-02-28 18:04 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-06-17 09:05 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-16 21:29 . 2008-06-16 21:29 <DIR> d-------- C:\WINDOWS\Sun
2008-06-16 21:29 . 2008-06-16 21:29 <DIR> d-------- C:\Program Files\Sun
2008-06-16 21:28 . 2008-06-16 21:28 <DIR> d-------- C:\Program Files\Java
2008-06-16 21:28 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 21:25 . 2008-06-16 21:25 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-16 21:21 . 2008-06-16 21:21 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-16 17:24 . 2008-06-09 11:54 <DIR> d-------- C:\Downloads
2008-06-16 17:16 . 2008-06-16 17:17 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-16 16:41 . 2008-06-16 16:41 <DIR> d---s---- C:\Documents and Settings\artibaj\UserData
2008-06-16 14:39 . 2008-06-16 14:39 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-06-16 14:31 . 2008-06-16 14:32 <DIR> d-------- C:\Program Files\Babylon
2008-06-16 14:31 . 2008-05-18 00:30 <DIR> d-------- C:\Documents and Settings\artibaj\Dane aplikacji\Babylon
2008-06-16 14:31 . 2008-06-09 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
2008-06-16 14:24 . 2008-06-16 14:25 <DIR> d-------- C:\Program Files\FontExplorerL.M
2008-06-16 14:22 . 2008-06-16 14:22 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-06-16 14:22 . 2008-06-16 14:22 37 --a------ C:\WINDOWS\SWFConverter.INI
2008-06-16 14:21 . 2008-06-16 14:22 <DIR> d-------- C:\Program Files\SourceTec
2008-06-16 14:21 . 2007-02-05 12:00 413,760 --a------ C:\WINDOWS\system32\MPG4c32.dll
2008-06-16 14:21 . 2007-02-05 12:00 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-16 14:06 . 2008-06-16 14:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-16 14:04 . 2008-06-16 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-06-16 12:59 . 2008-06-16 12:59 <DIR> d-------- C:\Documents and Settings\artibaj\Dane aplikacji\Nero
2008-06-16 12:58 . 2006-03-17 02:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-06-16 12:55 . 2008-06-17 09:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-16 12:55 . 2008-06-16 12:55 <DIR> d-------- C:\Program Files\Stardock
2008-06-16 12:55 . 2008-06-16 12:55 <DIR> d-------- C:\Program Files\Nero
2008-06-16 12:55 . 2008-06-16 12:55 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-06-16 12:55 . 2008-06-16 12:57 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-16 12:55 . 2008-06-16 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-06-16 12:42 . 2008-06-16 12:42 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-06-16 12:42 . 2008-06-16 12:42 <DIR> d-------- C:\Program Files\Winamp Remote
2008-06-16 12:42 . 2008-06-01 13:22 <DIR> d-------- C:\Documents and Settings\artibaj\Dane aplikacji\MxBoost
2008-06-16 12:42 . 2008-06-16 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-06-16 12:42 . 2008-06-16 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-06-16 12:36 . 2008-06-16 12:44 <DIR> d-------- C:\Program Files\Winamp
2008-06-16 12:36 . 2008-06-16 19:40 <DIR> d-------- C:\Documents and Settings\artibaj\Dane aplikacji\Winamp
2008-06-16 12:35 . 2004-08-03 23:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-06-16 12:34 . 2008-06-09 11:54 <DIR> d-------- C:\Program Files\FlashGet
2008-06-16 12:27 . 2008-06-16 12:29 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-16 12:27 . 2008-06-16 12:29 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-16 12:26 . 2008-06-16 12:42 <DIR> d-------- C:\Program Files\Maxthon2
2008-06-16 12:25 . 2008-06-16 12:25 666 --a------ C:\WINDOWS\unins000.dat
2008-06-16 12:24 . 2008-06-16 12:24 <DIR> d-------- C:\Program Files\Lavalys
2008-06-16 12:24 . 2008-06-16 14:02 <DIR> d-------- C:\Program Files\BitLord
2008-06-16 12:23 . 2008-06-16 19:28 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-16 12:21 . 2008-06-16 12:22 <DIR> d-------- C:\Program Files\TweakNow PowerPack 2006
2008-06-16 12:21 . 2008-06-16 12:21 <DIR> d-------- C:\Documents and Settings\artibaj\Dane aplikacji\TweakNow PowerPack
2008-06-16 12:19 . 2008-06-16 12:19 <DIR> d-------- C:\Program Files\The Bat!
2008-06-16 12:19 . 2008-06-18 01:43 <DIR> d-------- C:\Documents and Settings\artibaj\Dane aplikacji\The Bat!
2008-06-16 12:16 . 2008-06-16 12:18 <DIR> d-------- C:\Program Files\TC UP
2008-06-16 12:16 . 2008-06-16 12:16 <DIR> d-------- C:\Documents and Settings\artibaj\Dane aplikacji\HEXelon
2008-06-16 12:14 . 2008-06-16 12:14 <DIR> d-------- C:\Program Files\IrfanView
2008-06-16 12:10 . 2008-06-16 12:10 <DIR> d-------- C:\Program Files\CDCheck
2008-06-16 12:01 . 2008-06-16 12:33 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-06-16 12:00 . 2008-06-16 12:29 <DIR> d-------- C:\Program Files\Symantec
2008-06-16 12:00 . 2008-06-17 22:31 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-16 12:00 . 2008-06-11 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-06-16 12:00 . 2008-06-16 12:29 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-16 12:00 . 2008-06-16 12:29 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-11 12:59 . 2008-06-11 12:59 93,568 --a------ C:\WINDOWS\system32\yjikwowd.dll
2008-06-09 12:46 . 2008-06-09 12:47 3,544 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-09 12:07 . 2008-06-09 12:07 <DIR> d-------- C:\VundoFix Backups
2008-06-01 13:40 . 2008-06-01 13:40 294 ---hs---- C:\WINDOWS\system32\dxsbbuki.ini
2008-05-26 12:52 . 2008-06-11 13:07 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 16:44 --------- d-----w C:\Program Files\The KMPlayer
2008-06-16 12:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-16 11:59 --------- d-----w C:\Program Files\PS Tray Factory
2008-06-16 11:52 --------- d-----w C:\Program Files\Bonjour
2008-06-16 11:44 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-06-16 11:26 --------- d-----w C:\Program Files\Desktop Sidebar
2008-06-16 11:25 --------- d-----w C:\Program Files\SubEdit-Player
2008-06-16 11:24 --------- d-----w C:\Program Files\TextPad 5
2008-06-16 11:24 --------- d-----w C:\Documents and Settings\artibaj\Dane aplikacji\Helios
2008-06-16 11:22 --------- d-----w C:\Program Files\QuickTime
2008-06-16 11:22 --------- d-----w C:\Program Files\DVD Region+CSS Free
2008-06-16 11:21 --------- d-----w C:\Program Files\Apple Software Update
2008-06-16 11:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-06-16 11:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-06-16 11:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-16 11:10 --------- d-----w C:\Program Files\Creative
2008-06-16 11:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 10:25 72,748 ----a-w C:\WINDOWS\unins000.exe
2008-06-16 09:54 --------- d-----w C:\Program Files\PowerISO
2008-06-16 09:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-06-16 09:43 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-16 09:41 --------- d-----w C:\Program Files\Usługi online
2008-06-09 09:54 --------- d-----w C:\Documents and Settings\artibaj\Dane aplikacji\Desktop Sidebar
2008-06-01 11:21 93,568 ----a-w C:\WINDOWS\system32\ikubbsxd.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49CA7B6B-4966-497D-A825-C25DC671F538}]
2008-06-17 16:15 322432 --a------ C:\WINDOWS\system32\mlJBTjgh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= "C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" [2008-03-06 13:14 267488]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Gadu-Gadu"="E:\Gadu-Gadu\gg.exe" [2005-09-15 16:43 1712128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 09:05 217088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 02:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22 26248]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-12-16 15:57 425472]
"0c72cc87"="C:\WINDOWS\system32\ikubbsxd.dll" [2008-06-01 13:21 93568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"TrayFactory"="C:\Program Files\PS Tray Factory\PSTrayFactory.exe" [2006-12-16 15:57 425472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"IEUpdate"="C:\WINDOWS\system32\12520850e.exe" [2008-06-17 16:06 97280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 15:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\nqt35.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\WINDOWS\\Explorer.EXE"=

R0 nqt35;nqt35;C:\WINDOWS\system32\Drivers\Nqt35.sys [2008-06-01 13:41]
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2008-06-17 10:30]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15:00]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-13 15:54]
R3 tcpsr;tcpsr;C:\WINDOWS\System32\drivers\tcpsr.sys []

*Newly Created Service* - COMHOST
*Newly Created Service* - TCPSR
.
Contents of the 'Scheduled Tasks' folder
"2008-06-16 10:07:59 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - artibaj.job"

[VampirLord]

Nie mam czasu za bardzo na przeanalizowanie tego teraz ale poloecam

skaner antywirusowy :

zalecam zrobic oba skanery (PEŁNE SKANOWANIA)

zagraniczny

http://www.kaspersky.pl/virusscanner.html

polski

http://mks.com.pl/skaner/

albo zainstalowac na 30dni najnowszy Kaspersky antywirus

link:

http://www.instalki.pl/programy/downloa ... -Virus.php

Skaner Spyware :

darmowy(dobry)

http://www.instalki.pl/programy/downloa ... estroy.php

pozdrawaim VampirLord

[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\kbdpla.dll
C:\WINDOWS\system32\puobspxj.dll
C:\WINDOWS\system32\mlJBTjgh.dll
C:\WINDOWS\system32\12520850e.exe
C:\WINDOWS\system32\iifecbcA.dll.vir
C:\qbnp.exe
C:\bkqhent.exe
C:\WINDOWS\system32\yjikwowd.dll
C:\WINDOWS\system32\dxsbbuki.ini
C:\WINDOWS\system32\cbOCR.dll
C:\WINDOWS\system32\mlJBTjgh.dll
C:\WINDOWS\system32\ikubbsxd.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49CA7B6B-4966-497D-A825-C25DC671F538}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"0c72cc87"=-


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.