Proszę o sprawdzenie loga

przez **kamassss** » 15 Kwi 2008, 12:31

Witam. Nie chciałem zakładać nowego wątku nt. sprawdzania logów, bo widze, ze jest ich tu dosyc duzo.
Bardzo prosze o sprawdzenie mi loga, bo juz mnie trafia na ten moj komputer. Bardzo dziekuje za wszelkie zainteresowanie moim problemem.
Log z ComboFix:

ComboFix 08-04-14.2 - Natalia1 2008-04-15 12:19:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.218 [GMT 2:00]
Running from: C:\Documents and Settings\Natalia1\Desktop\combofix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Documents and Settings\Natalia1\Desktop\systemxpsp2.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\svohost.exe
C:\WINDOWS\system32\winscok.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-15 11:49 . 2008-04-15 11:49 <DIR> d-------- C:\Program Files\Valve
2008-04-15 00:00 . 2008-04-15 00:00 <DIR> d-------- C:\Program Files\Mitaka
2008-04-15 00:00 . 2008-04-15 11:55 <DIR> d-------- C:\Program Files\Celestia
2008-04-14 23:59 . 2008-04-14 23:59 <DIR> d-------- C:\Program Files\Orbiter
2008-04-14 23:58 . 2008-04-14 23:58 <DIR> d-------- C:\Program Files\NASA
2008-04-14 23:19 . 2008-04-15 00:46 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-13 14:11 . 2008-04-13 14:11 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-13 14:11 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-13 14:11 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-13 14:11 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-13 14:09 . 2008-04-13 14:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-13 14:09 . 2008-04-13 14:10 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-13 14:01 . 2008-04-13 14:04 <DIR> d-------- C:\Program Files\Russkij Translator
2008-04-13 12:57 . 2008-04-13 13:18 <DIR> d-------- C:\Program Files\Picasa2
2008-04-12 17:05 . 2008-04-12 17:05 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-12 07:48 . 2008-04-12 07:48 <DIR> d-------- C:\Valve
2008-04-12 00:02 . 2008-04-12 00:02 <DIR> d-------- C:\Program Files\ffdshow
2008-04-10 22:35 . 2008-04-10 22:35 <DIR> d-------- C:\Program Files\Cream Software
2008-04-10 21:37 . 2008-04-12 17:05 1,291 --a------ C:\WINDOWS\mozver.dat
2008-04-10 21:33 . 2008-04-10 21:33 <DIR> d-------- C:\New Folder
2008-04-10 20:57 . 2008-04-10 20:57 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-04-10 20:54 . 2008-04-10 20:54 <DIR> d-------- C:\Documents and Settings\Natalia1\Application Data\DivX
2008-04-10 19:24 . 2008-04-10 19:24 <DIR> d-------- C:\Program Files\Easy Website
2008-04-09 19:22 . 2008-04-09 19:22 13 ---h----- C:\Documents and Settings\All Users\Application Data\sys.sys
2008-04-08 18:32 . 2008-04-09 19:24 13 --a------ C:\WINDOWS\system32\WinSys32.crc
2008-04-08 18:31 . 2008-04-08 18:31 <DIR> d-------- C:\WINDOWS\DHTML Menu Builder
2008-04-08 18:31 . 2008-04-08 18:31 <DIR> d-------- C:\Program Files\DHTML Menu Builder
2008-04-08 18:31 . 2008-04-08 18:31 1,384,448 --a------ C:\WINDOWS\system32\suf59B.tmp
2008-04-08 18:31 . 1998-06-17 04:00 18,944 --a------ C:\WINDOWS\system32\BORLNDMM.DLL
2008-04-08 18:20 . 2008-04-08 18:20 <DIR> d-------- C:\Program Files\WebSite PRO
2008-04-08 14:44 . 2008-04-11 22:32 301 --a------ C:\WINDOWS\elegancik.INI
2008-04-08 14:40 . 2008-04-08 14:40 <DIR> d-------- C:\zajc
2008-04-08 14:40 . 2008-04-08 14:41 <DIR> d-------- C:\Program Files\Zajaczek 4.1
2008-04-08 01:22 . 2001-07-06 06:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-04-08 01:22 . 2001-07-06 04:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-04-08 01:22 . 2001-07-06 10:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-08 01:22 . 2003-03-29 08:45 89,184 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-04-08 01:22 . 2003-05-26 06:12 57,344 --------- C:\WINDOWS\system32\ImageDrive.cpl
2008-04-08 01:22 . 2001-06-26 00:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-04-08 01:21 . 2008-04-08 01:22 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-08 01:21 . 2008-04-08 01:22 <DIR> d-------- C:\Program Files\Ahead
2008-04-08 01:21 . 2001-07-09 03:50 333,274 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-08 00:38 . 2008-04-08 21:15 3,449 --a------ C:\WINDOWS\nero.INI
2008-04-06 22:28 . 2008-04-10 22:27 <DIR> d-------- C:\Program Files\CoffeeCup Software
2008-04-06 22:28 . 2008-04-06 22:28 13 ---h----- C:\Documents and Settings\All Users\Application Data\ÝĂÄ›Ň3113›.sys
2008-04-05 21:35 . 2008-04-05 21:35 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-05 21:35 . 2008-04-05 21:35 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-05 21:35 . 2008-04-05 21:35 <DIR> d-------- C:\Program Files\MSBuild
2008-04-05 21:35 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-05 21:33 . 2008-04-05 21:33 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-05 17:04 . 2008-04-14 19:06 122 --a------ C:\WINDOWS\system32\noruns.reg
2008-04-05 14:58 . 2008-04-05 14:58 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-04-05 14:57 . 2008-04-05 14:57 <DIR> d-------- C:\Program Files\Macromedia
2008-04-04 21:47 . 2008-04-04 21:47 <DIR> d-------- C:\Program Files\Replay Media Catcher
2008-04-04 21:45 . 2008-04-04 21:45 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-04-04 20:43 . 2008-04-04 20:43 151,552 --a------ C:\WINDOWS\nvchost.exe
2008-04-04 20:15 . 2008-04-04 20:15 <DIR> d-------- C:\Program Files\3D Flash Animator 4.9.8.4
2008-04-04 20:15 . 2008-04-04 20:15 <DIR> d-------- C:\Documents and Settings\Natalia1\Application Data\3DFA
2008-04-04 20:15 . 1999-12-17 11:13 263,638 --a------ C:\WINDOWS\unvise32.exe
2008-04-04 20:09 . 2008-04-10 19:57 <DIR> d-------- C:\Documents and Settings\Natalia1\Application Data\Cream Software
2008-04-04 20:04 . 2008-04-04 20:04 <DIR> d-------- C:\Program Files\Mandomartis
2008-04-04 20:04 . 2008-04-04 20:06 <DIR> d-------- C:\Documents and Settings\Natalia1\vacprojects
2008-04-04 18:53 . 2008-04-04 18:53 3,128 --a------ C:\favicon.ico
2008-04-04 18:50 . 2008-04-04 18:50 <DIR> d-------- C:\Program Files\ESTsoft
2008-04-04 18:50 . 2008-04-04 18:50 <DIR> d-------- C:\Documents and Settings\Natalia1\Application Data\ESTsoft
2008-04-04 18:50 . 2008-04-04 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESTsoft
2008-04-04 14:31 . 2008-04-10 22:50 1,117 --a------ C:\WINDOWS\wcx_ftp.ini
2008-04-04 14:22 . 2008-04-04 14:22 <DIR> d-------- C:\Documents and Settings\Natalia1\Application Data\ENet
2008-04-04 14:22 . 2008-04-04 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\E-Net
2008-04-04 14:19 . 2008-04-04 14:21 <DIR> d-------- C:\Program Files\E-Net
2008-04-04 14:15 . 2008-04-04 14:15 <DIR> d-------- C:\Documents and Settings\Natalia1\A1SymCompressor
2008-04-04 14:01 . 2008-04-10 22:35 <DIR> d-------- C:\totalcmd
2008-04-04 14:01 . 2008-04-10 23:23 2,469 --a------ C:\WINDOWS\wincmd.ini
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-04 14:01 . 2008-04-04 14:01 214 --a------ C:\WINDOWS\VFO.VST
2008-04-04 13:28 . 2008-04-04 13:28 <DIR> d-------- C:\Program Files\CDisplay
2008-04-04 13:21 . 2008-04-08 01:12 <DIR> d-------- C:\WINDOWS\system32\AssassinsCreed 1 dir
2008-04-04 11:51 . 2008-04-04 11:56 <DIR> d-------- C:\Program Files\Cheating-Death
2008-04-04 11:28 . 2003-11-10 16:06 26,624 --------- C:\WINDOWS\system32\PSDrvCheck.JP
2008-04-04 11:28 . 2003-11-10 16:06 26,624 --------- C:\WINDOWS\system32\PSDrvCheck.IT
2008-04-04 11:28 . 2003-11-10 16:06 26,624 --------- C:\WINDOWS\system32\PSDrvCheck.FR
2008-04-04 11:28 . 2003-11-10 16:06 26,624 --------- C:\WINDOWS\system32\PSDrvCheck.ES
2008-04-04 11:28 . 2003-11-10 16:06 26,624 --------- C:\WINDOWS\system32\PSDrvCheck.DE
2008-04-04 11:28 . 2003-11-10 16:06 16,896 --------- C:\WINDOWS\system32\PSDrvCheck.NL
2008-04-04 11:28 . 2003-10-21 10:02 16,896 --------- C:\WINDOWS\system32\PSDrvCheck.KO
2008-04-04 11:11 . 2008-04-04 11:11 <DIR> d-------- C:\WINDOWS\Cache
2008-04-04 11:11 . 2003-03-19 04:04 765,952 --------- C:\WINDOWS\system32\msvcp71d.dll
2008-04-04 11:11 . 2003-03-19 04:03 544,768 --------- C:\WINDOWS\system32\msvcr71d.dll
2008-04-04 11:03 . 2008-04-04 11:03 <DIR> d-------- C:\Program Files\SmartSound Software
2008-04-04 11:03 . 2008-04-04 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-04-04 11:01 . 2008-04-04 11:02 <DIR> d-------- C:\Program Files\QuickTime
2008-04-04 11:01 . 2008-04-04 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-04 11:00 . 2004-02-24 13:04 222,688 --a------ C:\WINDOWS\RSETPATH.exe
2008-04-04 11:00 . 2003-11-25 06:02 196,096 --a------ C:\WINDOWS\system32\macd32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 09:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 19:47 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-31 19:47 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-27 08:49 --------- d-----w C:\Program Files\music_now
2008-03-26 22:08 --------- d-----w C:\Program Files\DivX
2008-03-24 17:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-18 23:58 --------- d-----w C:\Program Files\HPQ
2008-03-18 23:40 --------- d-----w C:\Program Files\Yahoo!
2008-03-18 23:40 --------- d-----w C:\Program Files\WildTangent
2008-03-18 23:40 --------- d-----w C:\Program Files\Synaptics
2008-03-18 23:40 --------- d-----w C:\Program Files\Sonic
2008-03-18 23:39 --------- d-----w C:\Program Files\Quickensetup
2008-03-18 23:38 --------- d-----w C:\Program Files\Quicken
2008-03-18 23:36 --------- d-----w C:\Program Files\NetWaiting
2008-03-18 23:36 --------- d-----w C:\Program Files\Netscape
2008-03-18 23:35 --------- d-----w C:\Program Files\muvee Technologies
2008-03-18 23:35 --------- d-----w C:\Program Files\Microsoft Works
2008-03-18 23:35 --------- d-----w C:\Program Files\Microsoft Office Trial Wizard
2008-03-18 23:34 --------- d-----w C:\Program Files\Microsoft Money 2006
2008-03-18 23:34 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-18 23:33 --------- d-----w C:\Program Files\Intel
2008-03-18 23:33 --------- d-----w C:\Program Files\HP Rhapsody
2008-03-18 23:33 --------- d-----w C:\Program Files\HP Games
2008-03-18 23:28 --------- d-----w C:\Program Files\HP
2008-03-18 23:27 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-18 23:26 --------- d-----w C:\Program Files\Encarta Online
2008-03-18 23:26 --------- d-----w C:\Program Files\CONEXANT
2008-03-18 23:26 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-03-18 23:26 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-03-18 23:26 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-03-18 23:26 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2008-03-18 23:26 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-03-18 23:25 --------- d-----w C:\Program Files\Common Files\Java
2008-03-18 23:25 --------- d-----w C:\Program Files\Common Files\Intuit
2008-03-18 23:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-18 23:25 --------- d-----w C:\Program Files\Common Files\HP
2008-03-18 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-03-18 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-18 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-03-18 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-03-18 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-18 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-18 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-18 17:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-18 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-18 16:50 --------- d-----w C:\Program Files\Java
2008-03-18 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-18 16:03 1,717 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario C300 (RL177UA#ABA)_YN_0Pres_QCND6400459_E433358001_46_I30C6_SHP_V78.08_BF.05_T060814_WXH2_L409_M503_J80_7Intel_8Celeron M 420_91.6_#080318_N10EC8139_(RL177UA#ABA)_XMOBILE_CN10_Z_2F.05.MRK
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2F7DB8D7-9BE7-4666-901E-F380555BCAC7}"= "C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll" [2008-02-07 17:14 364544]

[HKEY_CLASSES_ROOT\clsid\{2f7db8d7-9be7-4666-901e-f380555bcac7}]
[HKEY_CLASSES_ROOT\InternetTranslatorRusskij.TranslationFrameBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{138787BF-B420-48B7-82DB-1EA418EC3FE4}]
[HKEY_CLASSES_ROOT\InternetTranslatorRusskij.TranslationFrameBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1qaw3edr5"="C:\Documents and Settings\Natalia1\Desktop\plikus.pl_GTAIV_PACK.exe" [2008-03-29 17:25 289537]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 14:06 167368]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2311634]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 07:58 636382]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 17:02 239578 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 07:22 976344]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 226780]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-12 01:30 427486]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 01:30 259544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-03 00:21 312798]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 19:50 218590]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 19:23 1365470]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-09-12 13:17 521686]
"1qaw3edr5"="C:\Documents and Settings\Natalia1\Desktop\plikus.pl_GTAIV_PACK.exe" [2008-03-29 17:25 289537]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26 583634]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-04 11:02 460252]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"1qaw3edr5"= C:\Documents and Settings\Natalia1\Desktop\plikus.pl_GTAIV_PACK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 03:23 624090 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-06-23 23:43 280024 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-29 11:09 349150 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\ESTsoft\\ALFTP\\ALFTP.exe"=

S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2006-12-29 05:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2de58d63-f5c3-11dc-bbcc-0014a5f48fd9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - F:\Recycled\ctfmon.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 12:23:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???????????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Natalia1\LOCALS~1\Temp\mc24.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\Natalia1\Desktop\systemxpsp2.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
C:\Documents and Settings\Natalia1\Desktop\systemxpsp2.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
C:\Documents and Settings\Natalia1\Desktop\systemxpsp2.dll
.
Completion time: 2008-04-15 12:26:45
ComboFix-quarantined-files.txt 2008-04-15 10:26:27

Pre-Run: 4,875,931,648 bytes free
Post-Run: 7,553,933,312 bytes free
.
2008-04-07 01:01:59 --- E O F ---

Jak dopisujesz się do innego tematu to dopiero wtedy robi się chaos. Więc na przyszłość załóż nowy temat.
Edit by Bozz

przez **huber2t** » 15 Kwi 2008, 15:50

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko: File:: C:\Documents and Settings\All Users\Application Data\ÝĂÄ›Ň3113›.sys Registry:: [-HKEY_CLASSES_ROOT\TypeLib\{138787BF-B420-48B7-82DB-1EA418EC3FE4}] [-HKEY_CLASSES_ROOT\clsid\{2f7db8d7-9be7-4666-901e-f380555bcac7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "1qaw3edr5"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "1qaw3edr5"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "1qaw3edr5"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik

zapisz jako

CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox

przez **kamassss** » 15 Kwi 2008, 18:52

Podaje powstały log:
ale folderu nie dało sie usunąć.

ComboFix 08-04-14.2 - Natalia1 2008-04-15 18:42:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.233 [GMT 2:00]
Running from: C:\Documents and Settings\Natalia1\Desktop\combofix.exe
Command switches used :: C:\Documents and Settings\Natalia1\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Application Data\ÝĂÄ›Ň3113›.sys
.
The following files were disabled during the run:
C:\Documents and Settings\Natalia1\Desktop\systemxpsp2.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\ÝĂÄ›Ň3113›.sys

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-15 11:49 . 2008-04-15 11:49 <DIR> d-------- C:\Program Files\Valve
2008-04-15 00:00 . 2008-04-15 00:00 <DIR> d-------- C:\Program Files\Mitaka
2008-04-15 00:00 . 2008-04-15 11:55 <DIR> d-------- C:\Program Files\Celestia
2008-04-14 23:59 . 2008-04-14 23:59 <DIR> d-------- C:\Program Files\Orbiter
2008-04-14 23:58 . 2008-04-14 23:58 <DIR> d-------- C:\Program Files\NASA
2008-04-14 23:19 . 2008-04-15 00:46 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-13 14:11 . 2008-04-13 14:11 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-13 14:11 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-13 14:11 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-13 14:11 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-13 14:09 . 2008-04-13 14:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-13 14:09 . 2008-04-13 14:10 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-13 14:01 . 2008-04-13 14:04 <DIR> d-------- C:\Program Files\Russkij Translator
2008-04-13 12:57 . 2008-04-13 13:18 <DIR> d-------- C:\Program Files\Picasa2
2008-04-12 17:05 . 2008-04-12 17:05 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-12 07:48 . 2008-04-12 07:48 <DIR> d-------- C:\Valve
2008-04-12 00:02 . 2008-04-12 00:02 <DIR> d-------- C:\Program Files\ffdshow
2008-04-10 22:35 . 2008-04-10 22:35 <DIR> d-------- C:\Program Files\Cream Software
2008-04-10 21:37 . 2008-04-12 17:05 1,291 --a------ C:\WINDOWS\mozver.dat
2008-04-10 21:33 . 2008-04-10 21:33 <DIR> d-------- C:\New Folder
2008-04-10 20:57 . 2008-04-10 20:57 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-04-10 20:54 . 2008-04-10 20:54 <DIR> d-------- C:\Documents and Settings\Natalia1\Application Data\DivX
2008-04-10 19:24 . 2008-04-10 19:24 <DIR> d-------- C:\Program Files\Easy Website
2008-04-09 19:22 . 2008-04-09 19:22 13 ---h----- C:\Documents and Settings\All Users\Application Data\sys.sys
2008-04-08 18:32 . 2008-04-09 19:24 13 --a------ C:\WINDOWS\system32\WinSys32.crc
2008-04-08 18:31 . 2008-04-08 18:31 <DIR> d-------- C:\WINDOWS\DHTML Menu Builder
2008-04-08 18:31 . 2008-04-08 18:31 <DIR> d-------- C:\Program Files\DHTML Menu Builder
2008-04-08 18:31 . 2008-04-08 18:31 1,384,448 --a------ C:\WINDOWS\system32\suf59B.tmp
2008-04-08 18:31 . 1998-06-17 04:00 18,944 --a------ C:\WINDOWS\system32\BORLNDMM.DLL
2008-04-08 18:20 . 2008-04-08 18:20 <DIR> d-------- C:\Program Files\WebSite PRO
2008-04-08 14:44 . 2008-04-11 22:32 301 --a------ C:\WINDOWS\elegancik.INI
2008-04-08 14:40 . 2008-04-08 14:40 <DIR> d-------- C:\zajc
2008-04-08 14:40 . 2008-04-08 14:41 <DIR> d-------- C:\Program Files\Zajaczek 4.1
2008-04-08 01:22 . 2001-07-06 06:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-04-08 01:22 . 2001-07-06 04:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-04-08 01:22 . 2001-07-06 10:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-08 01:22 . 2003-03-29 08:45 89,184 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-04-08 01:22 . 2003-05-26 06:12 57,344 --------- C:\WINDOWS\system32\ImageDrive.cpl
2008-04-08 01:22 . 2001-06-26 00:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-04-08 01:21 . 2008-04-08 01:22 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-08 01:21 . 2008-04-08 01:22 <DIR> d-------- C:\Program Files\Ahead
2008-04-08 01:21 . 2001-07-09 03:50 333,274 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-08 00:38 . 2008-04-08 21:15 3,449 --a------ C:\WINDOWS\nero.INI
2008-04-06 22:28 . 2008-04-10 22:27 <DIR> d-------- C:\Program Files\CoffeeCup Software
2008-04-05 21:35 . 2008-04-05 21:35 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-05 21:35 . 2008-04-05 21:35 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-05 21:35 . 2008-04-05 21:35 <DIR> d-------- C:\Program Files\MSBuild
2008-04-05 21:35 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-05 21:33 . 2008-04-05 21:33 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-05 17:04 . 2008-04-14 19:06 122 --a------ C:\WINDOWS\system32\noruns.reg
2008-04-05 14:58 . 2008-04-05 14:58 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-04-05 14:57 . 2008-04-05 14:57 <DIR> d-------- C:\Program Files\Macromedia
2008-04-04 21:47 . 2008-04-04 21:47 <DIR> d-------- C:\Program Files\Replay Media Catcher
2008-04-04 21:45 . 2008-04-04 21:45 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-04-04 20:43 . 2008-04-04 20:43 151,552 --a------ C:\WINDOWS\nvchost.exe
2008-04-04 20:15 . 2008-04-04 20:15 <DIR> d-------- C:\Program Files\3D Flash Animator 4.9.8.4
2008-04-04 20:15 . 2008-04-04 20:15 <DIR> d-------- C:\Documents and Settings\Natalia1\Application Data\3DFA
2008-04-04 20:15 . 1999-12-17 11:13 263,638 --a------ C:\WINDOWS\unvise32.exe
2008-04-04 20:09 . 2008-04-10 19:57 <DIR> d-------- C:\Documents and Settings\Natalia1\Application Data\Cream Software
2008-04-04 20:04 . 2008-04-04 20:04 <DIR> d-------- C:\Program Files\Mandomartis
2008-04-04 20:04 . 2008-04-04 20:06 <DIR> d-------- C:\Documents and Settings\Natalia1\vacprojects
2008-04-04 18:53 . 2008-04-04 18:53 3,128 --a------ C:\favicon.ico
2008-04-04 18:50 . 2008-04-04 18:50 <DIR> d-------- C:\Program Files\ESTsoft
2008-04-04 18:50 . 2008-04-04 18:50 <DIR> d-------- C:\Documents and Settings\Natalia1\Application Data\ESTsoft
2008-04-04 18:50 . 2008-04-04 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESTsoft
2008-04-04 14:31 . 2008-04-10 22:50 1,117 --a------ C:\WINDOWS\wcx_ftp.ini
2008-04-04 14:22 . 2008-04-04 14:22 <DIR> d-------- C:\Documents and Settings\Natalia1\Application Data\ENet
2008-04-04 14:22 . 2008-04-04 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\E-Net
2008-04-04 14:19 . 2008-04-04 14:21 <DIR> d-------- C:\Program Files\E-Net
2008-04-04 14:15 . 2008-04-04 14:15 <DIR> d-------- C:\Documents and Settings\Natalia1\A1SymCompressor
2008-04-04 14:01 . 2008-04-10 22:35 <DIR> d-------- C:\totalcmd
2008-04-04 14:01 . 2008-04-10 23:23 2,469 --a------ C:\WINDOWS\wincmd.ini
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-04 14:01 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-04 14:01 . 2008-04-04 14:01 214 --a------ C:\WINDOWS\VFO.VST
2008-04-04 13:28 . 2008-04-04 13:28 <DIR> d-------- C:\Program Files\CDisplay
2008-04-04 13:21 . 2008-04-08 01:12 <DIR> d-------- C:\WINDOWS\system32\AssassinsCreed 1 dir
2008-04-04 11:51 . 2008-04-04 11:56 <DIR> d-------- C:\Program Files\Cheating-Death
2008-04-04 11:28 . 2003-11-10 16:06 26,624 --------- C:\WINDOWS\system32\PSDrvCheck.JP
2008-04-04 11:28 . 2003-11-10 16:06 26,624 --------- C:\WINDOWS\system32\PSDrvCheck.IT
2008-04-04 11:28 . 2003-11-10 16:06 26,624 --------- C:\WINDOWS\system32\PSDrvCheck.FR
2008-04-04 11:28 . 2003-11-10 16:06 26,624 --------- C:\WINDOWS\system32\PSDrvCheck.ES
2008-04-04 11:28 . 2003-11-10 16:06 26,624 --------- C:\WINDOWS\system32\PSDrvCheck.DE
2008-04-04 11:28 . 2003-11-10 16:06 16,896 --------- C:\WINDOWS\system32\PSDrvCheck.NL
2008-04-04 11:28 . 2003-10-21 10:02 16,896 --------- C:\WINDOWS\system32\PSDrvCheck.KO
2008-04-04 11:11 . 2008-04-04 11:11 <DIR> d-------- C:\WINDOWS\Cache
2008-04-04 11:11 . 2003-03-19 04:04 765,952 --------- C:\WINDOWS\system32\msvcp71d.dll
2008-04-04 11:11 . 2003-03-19 04:03 544,768 --------- C:\WINDOWS\system32\msvcr71d.dll
2008-04-04 11:03 . 2008-04-04 11:03 <DIR> d-------- C:\Program Files\SmartSound Software
2008-04-04 11:03 . 2008-04-04 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-04-04 11:01 . 2008-04-04 11:02 <DIR> d-------- C:\Program Files\QuickTime
2008-04-04 11:01 . 2008-04-04 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-04 11:00 . 2004-02-24 13:04 222,688 --a------ C:\WINDOWS\RSETPATH.exe
2008-04-04 11:00 . 2003-11-25 06:02 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2008-04-04 11:00 . 2005-07-13 16:55 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 09:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 19:47 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-31 19:47 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-27 08:49 --------- d-----w C:\Program Files\music_now
2008-03-26 22:08 --------- d-----w C:\Program Files\DivX
2008-03-24 17:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-18 23:58 --------- d-----w C:\Program Files\HPQ
2008-03-18 23:40 --------- d-----w C:\Program Files\Yahoo!
2008-03-18 23:40 --------- d-----w C:\Program Files\WildTangent
2008-03-18 23:40 --------- d-----w C:\Program Files\Synaptics
2008-03-18 23:40 --------- d-----w C:\Program Files\Sonic
2008-03-18 23:39 --------- d-----w C:\Program Files\Quickensetup
2008-03-18 23:38 --------- d-----w C:\Program Files\Quicken
2008-03-18 23:36 --------- d-----w C:\Program Files\NetWaiting
2008-03-18 23:36 --------- d-----w C:\Program Files\Netscape
2008-03-18 23:35 --------- d-----w C:\Program Files\muvee Technologies
2008-03-18 23:35 --------- d-----w C:\Program Files\Microsoft Works
2008-03-18 23:35 --------- d-----w C:\Program Files\Microsoft Office Trial Wizard
2008-03-18 23:34 --------- d-----w C:\Program Files\Microsoft Money 2006
2008-03-18 23:34 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-18 23:33 --------- d-----w C:\Program Files\Intel
2008-03-18 23:33 --------- d-----w C:\Program Files\HP Rhapsody
2008-03-18 23:33 --------- d-----w C:\Program Files\HP Games
2008-03-18 23:28 --------- d-----w C:\Program Files\HP
2008-03-18 23:27 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-18 23:26 --------- d-----w C:\Program Files\Encarta Online
2008-03-18 23:26 --------- d-----w C:\Program Files\CONEXANT
2008-03-18 23:26 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-03-18 23:26 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-03-18 23:26 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-03-18 23:26 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2008-03-18 23:26 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-03-18 23:25 --------- d-----w C:\Program Files\Common Files\Java
2008-03-18 23:25 --------- d-----w C:\Program Files\Common Files\Intuit
2008-03-18 23:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-18 23:25 --------- d-----w C:\Program Files\Common Files\HP
2008-03-18 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-03-18 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-18 23:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-03-18 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-03-18 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-18 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-18 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-18 17:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-18 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-18 16:50 --------- d-----w C:\Program Files\Java
2008-03-18 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-18 16:03 1,717 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario C300 (RL177UA#ABA)_YN_0Pres_QCND6400459_E433358001_46_I30C6_SHP_V78.08_BF.05_T060814_WXH2_L409_M503_J80_7Intel_8Celeron M 420_91.6_#080318_N10EC8139_(RL177UA#ABA)_XMOBILE_CN10_Z_2F.05.MRK
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2F7DB8D7-9BE7-4666-901E-F380555BCAC7}"= "C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll" [2008-02-07 17:14 364544]

[HKEY_CLASSES_ROOT\clsid\{2f7db8d7-9be7-4666-901e-f380555bcac7}]
[HKEY_CLASSES_ROOT\InternetTranslatorRusskij.TranslationFrameBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{138787BF-B420-48B7-82DB-1EA418EC3FE4}]
[HKEY_CLASSES_ROOT\InternetTranslatorRusskij.TranslationFrameBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1qaw3edr5"="C:\Documents and Settings\Natalia1\Desktop\plikus.pl_GTAIV_PACK.exe" [2008-03-29 17:25 289537]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 14:06 167368]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2311634]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 07:58 636382]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 14:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 14:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 14:17 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 17:02 239578 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 07:22 976344]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 08:11 226780]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-12 01:30 427486]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 01:30 259544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-03 00:21 312798]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 19:50 218590]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 19:23 1365470]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-09-12 13:17 521686]
"1qaw3edr5"="C:\Documents and Settings\Natalia1\Desktop\plikus.pl_GTAIV_PACK.exe" [2008-03-29 17:25 289537]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 01:26 583634]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-04 11:02 460252]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"1qaw3edr5"= C:\Documents and Settings\Natalia1\Desktop\plikus.pl_GTAIV_PACK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 03:23 624090 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-06-23 23:43 280024 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-29 11:09 349150 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\ESTsoft\\ALFTP\\ALFTP.exe"=

S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2006-12-29 05:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2de58d63-f5c3-11dc-bbcc-0014a5f48fd9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - F:\Recycled\ctfmon.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 18:46:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???????????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\Natalia1\LOCALS~1\Temp\mc24.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\Natalia1\Desktop\systemxpsp2.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
C:\Documents and Settings\Natalia1\Desktop\systemxpsp2.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
C:\Documents and Settings\Natalia1\Desktop\systemxpsp2.dll
.
Completion time: 2008-04-15 18:49:10
ComboFix-quarantined-files.txt 2008-04-15 16:48:45
ComboFix2.txt 2008-04-15 10:26:45

Pre-Run: 7,592,181,760 bytes free
Post-Run: 7,580,090,368 bytes free
.
2008-04-07 01:01:59 --- E O F ---

[/quote]

przez **huber2t** » 15 Kwi 2008, 18:59

otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1qaw3edr5"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1qaw3edr5"=-[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"1qaw3edr5"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

zapisz jako typ wszystkie pliki i pod nazwą plik.reg

Uruchom ten plik, uruchom ponownie komputer

przez **kamassss** » 15 Kwi 2008, 19:26

OK. Dzięki za pomoc.

To co mi nie działało (czyszczenie kosza) powrociło do normy. Dzieki Ci.

przez **huber2t** » 16 Kwi 2008, 03:16

Jeszcze dodatkowo wykonaj to :

Przeskanuj komputer tym http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum

Usuń ręcznie folder C: \Qoobox
usuń instalkę Combofix z dysku.

przez **kamassss** » 06 Kwi 2009, 19:09

Witam.
Odkopuje swój temat, bo nie chce robic smietniku. Cały czas wyskakują mi blue screeny, każda, nawet najmniej wymagająca, gra sie tnie. Niby mam antywira NOD32, którego aktualizjue, ale to chyba nic nie daje . Gdyby ktoś mógł sprawdzić mi loga, co w tym systemie "siedzi" i mi go psuje, byłbym bardzo wdzięczny.
Przepraszam, ze zawracam Wam głowę. Oto log z Combofixa:

http://www.wklej.eu/index.php?id=687fef3929

przez **AJAN** » 07 Kwi 2009, 19:51

Wylecz pendriva lub kartę pamięci
Perlovga Removal Tool
Flash Disinfector
lub format

otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Z menu Notatnika :arrow:

Plik

Zapisz jako :arrow:

Zmień rozszerzenie z .txt na wszystkie pliki :arrow:

zapisz pod nazwą Fix.reg
Uruchom ten plik, uruchom ponownie komputer

usuń ręcznie folder C:\Qoobox oraz instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.Instrukcja

przeskanuj komputer Kaspersky
gdy będą wirusy pokaż raport lub Dr.WEB CureIt!

przez **kamassss** » 27 Kwi 2009, 16:03

Witam. Przepraszam, ze sie nie odzywałem, ale komputer, któego dotyczył skan uległ awarii

Prawdopodobnie przyczyną anomalii systemowych był RAM.
Dzisiaj znowu proszę o pomoc, gdyz siostra przywiozła laptopa, który jest mi bardzo potrzebny. Włączam system i oto co widze:

[url="http://odsiebie.com"]

[/url]
I tak z kazdą inną ikoną na pulpicie, a przy probie uruchomienia wyskakuje błąd

Zalączam log z Combofixa:

http://wklej.eu/index.php?id=9a7e7c7aa6

przez **AJAN** » 28 Kwi 2009, 23:23

widzę że pasek jest chyba z boku zamiast na "dole"
PPM o zobacz czy nie jest " zablokowany" jeśli tak to odblokuj o przenieść też w pożądane miejsce oraz usuń nie ptrzene ikony szybkiego uruchamiania

Proszę o sprawdzenie loga

Proszę o sprawdzenie loga

Re: Proszę o sprawdzenie loga

Re: Proszę o sprawdzenie loga

Re: Proszę o sprawdzenie loga

Re: Proszę o sprawdzenie loga

Kto jest na forum