prosze o sprawdzenie loga z comboFix

[arek85]

http://www.wklej.eu/index.php?id=758ebc7bd8

[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\hdssgfhf.exe
c:\windows\system32\nnq.exe
c:\windows\system32\nqf.exe
c:\windows\system32\cmk.exe
c:\windows\system32\sox.exe
c:\windows\system32\lch.exe
c:\windows\system32\tbe.exe
c:\windows\system32\avk.exe
c:\windows\system32\gyk.exe
c:\windows\system32\hjn.exe
c:\windows\system32\her.exe
c:\windows\system32\aae.exe
c:\windows\system32\mvg.exe
c:\windows\system32\irl.exe
c:\windows\system32\Instaler.exe
C:\jhdgjhs.exe
c:\windows\system32\feqs.exe
C:\mstsc.exe
c:\windows\system32\iylkzlsw.exe
c:\windows\system32\xwiad.exe
c:\windows\system32\wonyhan.exe
c:\windows\system32\TFTP4016
c:\windows\system32\o
c:\windows\system32\i

Folder::
C:\FOUND.000

Driver::
hotfix.microsoft.com
NET Runtime Optimization Service v2.1.41329_X86
Windows Software Readers
SetupNTGLM7X

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=-
"HP Software Update"=-
"FineReader7NewsReaderPro"=-
"NeroFilterCheck"=-
"AdslTaskBar"=-


Plik zapisz jako CFScript.txt.
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://www.wklej.eu a w poście dajesz tylko link

[arek85]

ComboFix 08-11-29.03 - ar 2008-11-30 13:25:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.466 [GMT 1:00]
Uruchomiony z: e:\pobrane\ComboFix.exe
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\MS32DLL.dll.vbs
c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
c:\windows\MS32DLL.dll.vbs
D:\Autorun.inf
D:\MS32DLL.dll.vbs
E:\Autorun.inf
E:\MS32DLL.dll.vbs

.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-28 do 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-30 12:01 . 2008-11-30 12:01 860 --a------ c:\windows\wininit.ini
2008-11-30 11:21 . 2008-11-30 11:21 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-30 11:21 . 2008-11-30 11:32 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-11-28 10:14 . 2008-11-28 10:14 <DIR> d-------- c:\program files\Lavalys
2008-11-27 22:29 . 1998-09-02 09:02 194,320 --a------ c:\windows\system32\qcut.dll
2008-11-27 22:29 . 1998-08-27 05:51 182,032 --a------ c:\windows\system32\dxtmsft3.dll
2008-11-27 22:29 . 1998-08-20 12:02 140,800 --a------ c:\windows\system32\tm20dec.ax
2008-11-27 22:29 . 1998-09-02 09:28 63,488 --a------ c:\windows\system32\unam4ie.exe
2008-11-27 22:29 . 1998-09-02 09:28 38,160 --a------ c:\windows\system32\LMRTREND.dll
2008-11-27 22:29 . 1998-08-17 10:21 11,776 --a------ c:\windows\system32\mciqtz.drv
2008-11-27 22:29 . 1998-08-17 10:21 10,240 --a------ c:\windows\system32\vidx16.dll
2008-11-27 22:29 . 1998-08-17 10:21 5,672 --a------ c:\windows\system32\quartz.vxd
2008-11-27 22:29 . 2008-11-27 22:29 4,608 --a------ c:\windows\system32\w95inf32.dll
2008-11-27 22:29 . 2008-11-27 22:29 2,272 --a------ c:\windows\system32\w95inf16.dll
2008-11-27 22:29 . 2008-11-28 10:43 11 --a------ C:\trace.ini
2008-11-27 22:28 . 2008-11-27 22:28 <DIR> d-------- c:\program files\Auralog
2008-11-27 15:44 . 2008-11-27 15:44 <DIR> d-------- c:\documents and settings\ar\Dane aplikacji\skypePM
2008-11-27 15:44 . 2008-11-27 15:44 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-27 15:41 . 2008-11-27 15:41 <DIR> d-------- c:\program files\Skype
2008-11-27 15:41 . 2008-11-27 15:41 <DIR> d-------- c:\program files\Common Files\Skype
2008-11-27 15:41 . 2008-11-28 21:23 <DIR> d-------- c:\documents and settings\ar\Dane aplikacji\Skype
2008-11-27 15:41 . 2008-11-27 15:41 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype
2008-11-27 15:34 . 2008-11-27 22:18 563 --a------ c:\windows\system\CmcnfgU.ini
2008-11-27 15:33 . 2008-11-27 15:33 <DIR> d-------- c:\program files\COSONIC USB 3D AUDIO
2008-11-27 15:32 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-11-27 15:32 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-11-27 15:32 . 2004-08-04 00:44 21,504 --a------ c:\windows\system32\hidserv.dll
2008-11-27 15:32 . 2004-08-04 00:44 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-11-20 19:52 . 2008-11-20 19:58 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-18 10:49 . 2008-11-18 10:49 <DIR> d-------- c:\program files\iTunes
2008-11-18 10:49 . 2008-11-18 10:49 <DIR> d-------- c:\program files\iPod
2008-11-18 10:49 . 2008-11-21 12:00 <DIR> d-------- c:\documents and settings\ar\Dane aplikacji\Apple Computer
2008-11-18 10:49 . 2008-11-18 10:49 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-18 10:49 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-11-18 10:49 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-18 10:48 . 2008-11-18 10:48 <DIR> d-------- c:\program files\QuickTime
2008-11-18 10:48 . 2008-11-18 10:48 <DIR> d-------- c:\program files\Bonjour
2008-11-18 10:48 . 2008-11-18 10:49 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2008-11-18 10:47 . 2008-11-18 10:47 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-18 10:47 . 2008-11-18 10:47 <DIR> d-------- c:\program files\Apple Software Update
2008-11-18 10:47 . 2008-11-18 10:47 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple
2008-11-17 19:30 . 2008-11-17 19:30 <DIR> d-------- c:\program files\ChrisTV_Add-on
2008-11-17 19:24 . 2008-11-17 20:19 <DIR> d-------- c:\program files\Conduit
2008-11-17 19:24 . 2008-11-17 20:29 <DIR> d-------- c:\program files\ChrisTV Lite
2008-11-14 01:26 . 2008-11-14 01:26 <DIR> d-------- c:\program files\AC3Filter
2008-11-14 01:26 . 2008-07-09 09:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2008-11-13 16:00 . 2008-11-13 16:00 <DIR> d-------- c:\documents and settings\ar\Dane aplikacji\MSPWNOUP2006
2008-11-13 15:44 . 2001-04-04 14:00 245,760 --------- c:\windows\system32\DECO_32.DLL
2008-11-13 15:43 . 2008-11-13 15:43 <DIR> d-------- c:\program files\PWN
2008-11-12 10:43 . 2008-11-12 10:43 <DIR> d-------- c:\program files\Switch Off
2008-11-12 09:08 . 2008-11-27 22:46 <DIR> d-------- C:\Szybki kurs francuskiego
2008-11-12 09:08 . 2008-11-12 09:08 <DIR> d-------- c:\documents and settings\ar\WINDOWS
2008-11-12 09:08 . 1998-11-13 14:10 307,200 --a------ c:\windows\IsUn0415.exe
2008-11-12 09:06 . 2008-11-12 09:06 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-11-12 09:06 . 2008-11-12 10:47 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-11-12 09:03 . 2008-11-12 09:03 <DIR> d-------- c:\documents and settings\ar\Dane aplikacji\DAEMON Tools
2008-11-12 06:33 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-07 11:38 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-07 11:38 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-07 11:38 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-07 08:25 . 2008-11-07 08:25 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-11-06 10:55 . 2008-11-17 23:49 <DIR> d-------- c:\program files\Odkurzacz
2008-10-30 23:32 . 2008-11-11 19:03 <DIR> d-------- c:\documents and settings\ar\Dane aplikacji\gtk-2.0
2008-10-30 23:31 . 2008-10-30 23:31 <DIR> d-------- c:\documents and settings\ar\.thumbnails
2008-10-30 23:30 . 2008-10-30 23:30 <DIR> d-------- c:\program files\GIMP-2.0
2008-10-30 23:30 . 2008-11-11 19:03 <DIR> d-------- c:\documents and settings\ar\.gimp-2.4
2008-10-30 19:35 . 2008-10-30 19:35 <DIR> d-------- c:\program files\Any Video Converter
2008-10-30 19:35 . 2008-10-30 22:30 <DIR> d-------- c:\documents and settings\ar\Dane aplikacji\Any Video Converter
2008-10-28 13:04 . 2008-10-28 13:04 <DIR> d-------- c:\program files\7-Zip
2008-10-22 19:07 . 2008-10-22 19:07 20 --a------ c:\windows\naglos.INI
2008-10-19 09:50 . 2008-10-19 09:50 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Avg7
2008-10-17 22:24 . 2008-08-14 14:46 2,181,632 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-17 22:24 . 2008-08-14 14:46 2,137,600 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-17 22:24 . 2008-08-14 14:46 2,059,008 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-17 22:24 . 2008-08-14 14:46 2,017,280 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-04 23:45 . 2008-10-04 23:45 50 --a------ c:\windows\cdplayer.ini
2008-10-03 09:57 . 2008-10-03 09:57 <DIR> dr------- c:\documents and settings\ar\Dane aplikacji\Brother
2008-10-03 09:46 . 2004-08-03 22:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-10-03 09:46 . 2004-08-03 22:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-10-03 09:46 . 2008-10-03 10:05 462 --a------ c:\windows\BRWMARK.INI
2008-10-03 09:46 . 2008-10-03 09:46 184 --a------ c:\windows\system32\brsvc01a.bsi
2008-10-03 09:46 . 2008-10-03 09:46 30 --a------ c:\windows\system32\brss01a.ini
2008-10-03 09:46 . 2008-10-03 09:46 27 --a------ c:\windows\BRPP2KA.INI
2008-10-03 09:45 . 2001-02-05 10:16 258,048 --a------ c:\windows\system32\bsplmf01.dll
2008-10-03 09:45 . 2003-12-23 23:00 131,072 --a------ c:\windows\system32\bsplmf01.exe
2008-10-03 09:45 . 2005-03-02 10:35 121,856 --a------ c:\windows\system32\BrWia05a.dll
2008-10-03 09:45 . 2002-04-11 23:00 57,344 --a------ c:\windows\system32\brsvc01a.exe
2008-10-03 09:45 . 2005-05-09 10:38 52,224 --------- c:\windows\system32\brinsstr.dll
2008-10-03 09:45 . 2001-12-12 23:01 45,056 --a------ c:\windows\system32\brss01a.exe
2008-10-03 09:45 . 2005-03-02 12:14 37,888 --a------ c:\windows\system32\BrUSi05a.dll
2008-10-03 09:45 . 2004-10-15 11:50 15,295 --a------ c:\windows\system32\drivers\BrScnUsb.sys
2008-10-03 09:45 . 2008-10-03 09:45 50 --a------ c:\windows\system32\bridf05a.dat
2008-10-03 09:44 . 2008-10-03 09:45 <DIR> d-------- c:\program files\Brother
2008-10-03 09:44 . 2008-10-03 09:44 <DIR> d-------- C:\Brother
2008-10-03 09:44 . 2004-12-03 00:26 188,416 --------- c:\windows\system32\PDRVINST.DLL
2008-10-03 09:44 . 2004-12-10 15:35 147,456 --------- c:\windows\brunin03.dll
2008-10-03 09:44 . 2002-10-31 00:09 81,920 --------- c:\windows\system32\BrWebIns.dll
2008-10-03 09:44 . 2003-07-03 00:08 65,536 --------- c:\windows\system32\BRWEBUP.EXE
2008-10-03 09:44 . 2001-11-15 00:00 6,224 --------- c:\windows\CVRPAGE.BMP
2008-10-03 09:42 . 2008-10-03 09:42 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\InstallShield
2008-10-03 09:42 . 2003-09-24 10:36 27,019 --a------ c:\windows\maxlink.ini
2008-10-03 09:41 . 2008-10-03 09:41 <DIR> d-------- c:\program files\ScanSoft
2008-10-03 09:41 . 2008-10-03 09:41 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2008-10-03 09:41 . 2008-10-03 09:41 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ScanSoft
2008-10-03 09:40 . 2008-10-03 09:40 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Brother

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 11:01 --------- d-----w c:\program files\BearShare
2008-11-30 09:27 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-30 09:26 --------- d-----w c:\program files\Norton Security Scan
2008-11-29 12:22 --------- d-----w c:\documents and settings\ar\Dane aplikacji\Ahead
2008-11-20 18:58 --------- d-----w c:\program files\Java
2008-11-12 08:03 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-06 10:08 --------- d-----w c:\program files\WinPVR
2008-11-06 10:08 --------- d-----w c:\program files\SopCast
2008-11-06 10:08 --------- d-----w c:\program files\NAPI-PROJEKT
2008-11-06 10:08 --------- d-----w c:\program files\BitComet
2008-11-06 10:08 --------- d-----w c:\program files\AVIcodec
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 17:26 --------- d-----w c:\program files\DScaler
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 08:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-03 08:44 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 12:35 --------- d-----w c:\program files\K!TV
2008-09-30 12:18 --------- d-----w c:\program files\DivXCodec
2008-09-30 12:17 --------- d-----w c:\program files\SVRemote
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-09 16:04 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-09-09 10:00 2,560 ----a-w c:\windows\system32\BitCometRes.dll
2008-09-09 00:24 253,116 ----a-w c:\windows\PDFCreator_Toolbar_Uninstaller_7796.exe
2008-09-09 00:24 14,290 ----a-w c:\program files\settings.dat
2008-09-09 00:11 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-09-08 23:55 315,392 ----a-w c:\windows\HideWin.exe
2008-09-08 23:52 356,352 ----a-w c:\windows\system32\AegisI5Installer.exe
2008-09-08 23:52 21,393 ----a-w c:\windows\AegisP.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 09:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:46 2,137,600 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:46 2,017,280 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1192a62b-4dbc-4d1f-b54e-d820a1be76be}"= "c:\program files\ChrisTV_Add-on\tbChr1.dll" [2008-11-17 1784856]

[HKEY_CLASSES_ROOT\clsid\{1192a62b-4dbc-4d1f-b54e-d820a1be76be}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1192a62b-4dbc-4d1f-b54e-d820a1be76be}]
2008-11-17 19:30 1784856 --a------ c:\program files\ChrisTV_Add-on\tbChr1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1192a62b-4dbc-4d1f-b54e-d820a1be76be}"= "c:\program files\ChrisTV_Add-on\tbChr1.dll" [2008-11-17 1784856]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-16 7557120]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-12 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"SVRemote"="c:\program files\SVRemote\USB20Remote.exe" [2007-04-09 28672]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-20 136600]
"nwiz"="nwiz.exe" [2006-02-16 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-09-09 69632]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-10-03 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21713:TCP"= 21713:TCP:BitComet 21713 TCP
"21713:UDP"= 21713:UDP:BitComet 21713 UDP
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

S3 cmudau;C-Media USB Sound Interface;c:\windows\system32\drivers\cmudau.sys [2008-11-27 1384576]
S3 TridVid;OEM 5600AI Analog plus Digital Video;c:\windows\system32\DRIVERS\TridVid.sys [2008-09-30 151936]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00e0eddc-9080-11dd-9a63-001b38421992}]
\Shell\Auto\command - G:\UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8027ef61-918d-11dd-9a66-001b38421992}]
\Shell\Auto\command - G:\UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb6c8710-b871-11dd-9afe-001b38421992}]
\Shell\Auto\command - I:\fun.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

*Newly Created Service* - PROCEXP90
.
Zawartość folderu 'Zaplanowane zadania'

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-26 c:\windows\Tasks\Norton Security Scan for ar.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-CmUsbSound - cmcnfgu.cpl


.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\ar\Dane aplikacji\Mozilla\Firefox\Profiles\1x9p9suc.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.wp.pl
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 13:27:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-30 13:28:18
ComboFix-quarantined-files.txt 2008-11-30 12:28:15

Przed: 664 006 656 bajtów wolnych
Po: 1,202,745,344 bajtów wolnych

279 --- E O F --- 2008-11-27 10:41:08

[arek85]

http://www.wklej.eu/index.php?id=6e6bc6d690

sorki za wklejenie całego loga rozpedziłem sie

[huber2t]

otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Z menu Notatnika Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

Do wyleczenia pendrive z wirusów użyj
Perlovg Removal Tool
Flash Disinfector
lub format

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!