system nie pokazuje ukrytych plików- chyba to trojan amvo

[marmasl]

Jestem trochę zielony w tych logach więc proszę o dokładną instrukcję co mam zrobić.


ComboFix 08-03-17.1 - RAZEM 2008-03-18 20:34:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.170 [GMT 1:00]
Running from: C:\Documents and Settings\RAZEM\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
E:\Autorun.inf
F:\Autorun.inf
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-18 20:10 . 2008-03-18 20:09 99,735 -r-hs---- C:\h6o0re.cmd
2008-03-12 11:44 . 2008-01-21 13:17 106,358 -r-hs---- C:\xn1i9x.com
2008-03-12 11:44 . 2008-03-12 11:44 100,791 -r-hs---- C:\v.cmd
2008-03-02 14:35 . 2008-03-02 12:36 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-02 14:35 . 2008-03-02 14:35 2,549 --a------ C:\WINDOWS\unins000.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 19:12 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-18 19:08 16,978,373 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-18 15:32 77,312 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-10 21:21 --------- d-----w C:\Documents and Settings\RAZEM\Dane aplikacji\Skype
2008-03-07 17:45 131,584 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-07 13:56 --------- d-----w C:\Documents and Settings\RAZEM\Dane aplikacji\XnView
2008-03-02 13:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-02-28 15:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 15:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nokia
2008-02-13 15:43 --------- d-----w C:\Program Files\Nokia
2008-02-13 15:42 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-13 15:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-02-02 19:40 --------- d-----w C:\Program Files\Pierwsza pomoc
2008-01-24 20:54 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-18 11:42 --------- d-----w C:\Program Files\Seagate
2008-01-18 10:50 --------- d-----w C:\Documents and Settings\RAZEM\Dane aplikacji\Ceedo
2007-12-20 09:41 29,440 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2007-02-26 15:47 22,026,348 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_26_14_06_03_full.dmp.zip
2007-02-23 23:55 21,998,610 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_00_29_25_full.dmp.zip
2003-12-31 23:02 22,006,538 -c--a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_00_55_09_full.dmp.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="E:\ANTYWI~1\ashDisp.exe" [2007-10-25 17:20 79224]
"ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 14:29 919280]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:44 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:44 15360]
"Picasa Media Detector"="E:\Picasa\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-----c--- 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TUWinStylerThemeSvc"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=E:\NOKIA\Nokia PC Suite 6\PcSync2.exe /NoDialog
"Mmm"="E:\Mmm 2.02\Mmm.exe"
"SpybotSD TeaTimer"=E:\Spybot\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe
"SunJavaUpdateSched"="E:\jre-6\bin\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"HotKeyz.exe Startup"=E:\HotKeyz\HotKeyz.exe Startup
"LanguageShortcut"=E:\PowerDVD\Language\Language.exe
"RemoteControl"=E:\PowerDVD\PDVDServ.exe
"Norton Ghost 10.0"="E:\Norton Ghost 10\Agent\GhostTray.exe"
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"PCSuiteTrayApplication"=E:\NOKIA\NOKIAP~1\LAUNCH~1.EXE -startup
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
"V0470Mon.exe"=C:\WINDOWS\V0470Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2006-08-01 19:20]
R2 Seagate Sync Service;Seagate Sync Service;"C:\Program Files\Seagate\Sync\SeaSyncServices.exe" [2007-01-18 13:20]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:44]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys [2003-08-08 09:07]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 VF0470Vid;Live! Cam Notebook (VF0470);C:\WINDOWS\system32\DRIVERS\V0470Vid.sys [2007-04-20 18:00]
S3 WebSTARXP;Scientific Atlanta WebSTAR 100 & 200 series Cable Modem;C:\WINDOWS\system32\DRIVERS\SACMXP1.sys [2003-07-10 10:46]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\AutoRun.exe TMM50PRO TMM50

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60d74084-6e80-11db-b758-00c09f5be313}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64336ac0-7fb4-11dc-99e5-00c09f5be313}]
\Shell\AutoRun\command - H:\xn1i9x.com
\Shell\explore\Command - H:\xn1i9x.com
\Shell\open\Command - H:\xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a617d2-bb46-11db-b7cd-00c09f5be313}]
\Shell\AutoRun\command - G:\autorun.exe
\Shell\directx\command - G:\DirectX9\dxsetup.exe
\Shell\setup\command - G:\setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 20:35:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-18 20:36:20
ComboFix-quarantined-files.txt 2008-03-18 19:36:05

[Maciak]

Pierw, Panel Sterowania Opcje Folderów Widok Ukryte Pliki i Foldery Pokaż ukryte pliki i foldery, co do logu to nie wiem.

[marmasl]

dzięki za chęć pomocy.To oczywiście zrobiłem ale mimo tego komputer nie pokazuje plików. W uruchomionych procesach znalazłem amvo.exe(jakiś syf) i podejrzewam,że to przez to nie można wyświetlić plików ukrytych. Jeszcze raz proszę o pomoc osoby które wiedzą co zrobić.

[pp3088]

start>>uruchom>>wpisujesz "regedit">>odnajdujesz klucz
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\
i usuwasz go.

[marmasl]

dzięki bardzo!!! Już widzę te pliki. Czy to wystarczy,czy jeszcze muszę coś zrobić aby problem nie powrócił? Pozdrawiam

[pp3088]

Log kontrolny.

[marmasl]

Z góry dzięki! Jeżeli jest coś nie tak, to proszę o wyjaśnienie co mam zrobić.

ComboFix 08-03-17.1 - RAZEM 2008-03-18 22:20:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.175 [GMT 1:00]
Running from: C:\Documents and Settings\RAZEM\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-18 20:10 . 2008-03-18 20:09 99,735 -r-hs---- C:\h6o0re.cmd
2008-03-12 11:44 . 2008-01-21 13:17 106,358 -r-hs---- C:\xn1i9x.com
2008-03-12 11:44 . 2008-03-12 11:44 100,791 -r-hs---- C:\v.cmd
2008-03-02 14:35 . 2008-03-02 12:36 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-02 14:35 . 2008-03-02 14:35 2,549 --a------ C:\WINDOWS\unins000.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 19:12 19,456 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-03-18 19:08 16,978,373 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-18 15:32 77,312 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-03-10 21:21 --------- d-----w C:\Documents and Settings\RAZEM\Dane aplikacji\Skype
2008-03-07 17:45 131,584 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-07 13:56 --------- d-----w C:\Documents and Settings\RAZEM\Dane aplikacji\XnView
2008-03-02 13:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-02-28 15:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 15:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nokia
2008-02-13 15:43 --------- d-----w C:\Program Files\Nokia
2008-02-13 15:42 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-13 15:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-02-02 19:40 --------- d-----w C:\Program Files\Pierwsza pomoc
2008-01-24 20:54 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-18 11:42 --------- d-----w C:\Program Files\Seagate
2008-01-18 10:50 --------- d-----w C:\Documents and Settings\RAZEM\Dane aplikacji\Ceedo
2007-12-20 09:41 29,440 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2007-02-26 15:47 22,026,348 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_26_14_06_03_full.dmp.zip
2007-02-23 23:55 21,998,610 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_00_29_25_full.dmp.zip
2003-12-31 23:02 22,006,538 -c--a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_02_24_00_55_09_full.dmp.zip
.

((((((((((((((((((((((((((((( snapshot@2008-03-18_20.35.57,24 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-18 19:17:23 52,962 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-18 20:50:24 52,962 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-18 19:17:23 67,276 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-03-18 20:50:24 67,276 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-03-18 19:17:23 380,548 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-18 20:50:24 380,548 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-18 19:17:23 436,216 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-03-18 20:50:24 436,216 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-03-18 20:46:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_108.dat
+ 2008-03-18 20:46:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_70c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="E:\ANTYWI~1\ashDisp.exe" [2007-10-25 17:20 79224]
"ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 14:29 919280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:44 15360]
"Picasa Media Detector"="E:\Picasa\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-----c--- 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TUWinStylerThemeSvc"=3 (0x3)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"=E:\NOKIA\Nokia PC Suite 6\PcSync2.exe /NoDialog
"Mmm"="E:\Mmm 2.02\Mmm.exe"
"SpybotSD TeaTimer"=E:\Spybot\Spybot - Search & Destroy\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe
"SunJavaUpdateSched"="E:\jre-6\bin\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Tweak UI"=RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
"HotKeyz.exe Startup"=E:\HotKeyz\HotKeyz.exe Startup
"LanguageShortcut"=E:\PowerDVD\Language\Language.exe
"RemoteControl"=E:\PowerDVD\PDVDServ.exe
"Norton Ghost 10.0"="E:\Norton Ghost 10\Agent\GhostTray.exe"
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
"PCSuiteTrayApplication"=E:\NOKIA\NOKIAP~1\LAUNCH~1.EXE -startup
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
"V0470Mon.exe"=C:\WINDOWS\V0470Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2006-08-01 19:20]
R2 Seagate Sync Service;Seagate Sync Service;"C:\Program Files\Seagate\Sync\SeaSyncServices.exe" [2007-01-18 13:20]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:44]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys [2003-08-08 09:07]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 VF0470Vid;Live! Cam Notebook (VF0470);C:\WINDOWS\system32\DRIVERS\V0470Vid.sys [2007-04-20 18:00]
S3 WebSTARXP;Scientific Atlanta WebSTAR 100 & 200 series Cable Modem;C:\WINDOWS\system32\DRIVERS\SACMXP1.sys [2003-07-10 10:46]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 22:22:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-18 22:22:51
ComboFix-quarantined-files.txt 2008-03-18 21:22:42

[pp3088]

Wklej do Notatnika:

File::
C:\h6o0re.cmd
C:\v.cmd
C:\xn1i9x.com
C:\WINDOWS\Internet Logs\xDB1.tmp
C:\WINDOWS\Internet Logs\xDB2.tmp
C:\WINDOWS\Internet Logs\xDB3.tmp
C:\WINDOWS\system32\amvo.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po tym nowy log z Combofix.

[tyszek]

Kolego. Mam ten sam problem. Moglbys jeszcze rzucic okiem na moj log? Jesli znalazlbys w nim cos jeszcze niedobrego, to tez bylbym wdzieczny za jakies sugestie. Z gory dziekuje!

ComboFix 08-03-18.1 - Tysiu 2008-03-20 20:59:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1286 [GMT 1:00]
Running from: C:\Documents and Settings\Tysiu\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 )))))))))))))))))))))))))))))))
.

2008-03-20 20:21 . 2008-03-20 20:20 100,031 -r-hs---- C:\n2de.cmd
2008-03-18 03:14 . 2008-03-18 03:14 100,836 -rahs---- C:\3o.exe
2008-03-16 19:50 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-03-16 19:49 . 2006-10-05 23:17 53,248 --------- C:\WINDOWS\Ctregrun.exe
2008-03-16 19:47 . 2008-03-16 19:47 417,792 --a------ C:\WINDOWS\system32\awrdscdc.ax
2008-03-16 19:42 . 2008-03-16 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-13 19:05 . 2008-03-13 19:05 <DIR> d-------- C:\Program Files\PITy2007
2008-03-06 18:33 . 2008-03-06 18:33 106,068 -r-hs---- C:\xpbkh.com
2008-03-04 08:32 . 2008-03-04 08:31 108,450 -r-hs---- C:\y82td3td.com
2008-03-04 08:32 . 2008-03-20 20:58 683 -r-hs---- C:\autorun.inf
2008-02-22 15:46 . 2004-05-03 17:15 119,568 --------- C:\WINDOWS\system32\VB6FR.DLL
2008-02-22 15:42 . 2001-02-22 15:26 467,904 --------- C:\WINDOWS\system32\Vsflex7u.ocx
2008-02-22 15:40 . 2008-02-22 20:59 5,270 --a------ C:\WINDOWS\mosswin.ini
2008-02-22 15:40 . 2005-06-23 22:37 3,047 --a------ C:\WINDOWS\mosswin.tpl
2008-02-22 15:40 . 2008-02-22 15:40 130 --a------ C:\WINDOWS\mfm.ini
2008-02-22 15:40 . 2008-02-22 18:44 25 --a------ C:\WINDOWS\mosswin.tmp
2008-02-22 15:40 . 1999-10-27 08:46 4 --a------ C:\WINDOWS\mxtips.ini
2008-02-22 15:40 . 2008-02-22 15:40 0 --a------ C:\WINDOWS\mfa.ini
2008-02-22 15:39 . 2008-02-22 15:42 <DIR> d-------- C:\Program Files\Common Files\Bentley Shared
2008-02-22 15:39 . 2008-02-22 15:39 <DIR> d-------- C:\Program Files\Bentley
2008-02-22 15:38 . 2008-02-22 15:47 <DIR> d-------- C:\WINDOWS\moss
2008-02-22 15:38 . 1998-11-13 12:10 307,200 --a------ C:\WINDOWS\IsUn0415.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 19:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 07:01 196,608 ----a-w C:\WINDOWS\system32\drivers\nVivid.bin
2008-03-19 22:38 --------- d-----w C:\Documents and Settings\Tysiu\Dane aplikacji\Creative
2008-03-18 02:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 02:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-03-16 20:28 --------- d--h--w C:\Program Files\Creative Installation Information
2008-03-16 20:28 --------- d-----w C:\Program Files\Creative
2008-03-06 17:35 --------- d-----w C:\Documents and Settings\Tysiu\Dane aplikacji\IEPro
2008-03-03 23:47 --------- d-----w C:\Documents and Settings\Tysiu\Dane aplikacji\Tlen.pl
2008-02-13 20:37 --------- d-----w C:\Documents and Settings\Tysiu\Dane aplikacji\MiniDm
2008-02-07 22:30 --------- d-----w C:\Documents and Settings\Tysiu\Dane aplikacji\fretsonfire
2008-02-06 19:32 --------- d-----w C:\Program Files\Java
2008-01-29 22:22 --------- d-----w C:\Program Files\Common Files\Real
2008-01-29 22:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-26 13:06 --------- d-----w C:\Documents and Settings\Tysiu\Dane aplikacji\Autodesk
2008-01-26 13:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-01-23 21:52 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-23 21:52 --------- d--h--r C:\Documents and Settings\Tysiu\Dane aplikacji\SecuROM
2008-01-21 20:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative Labs
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-04-02 20:16 1110016]
"Komunikator"="C:\Programy\Internet\Tlen.pl\tlen.exe" [2007-02-12 11:01 1149440]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12 729088]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 13:49 1423360]
"nwiz"="nwiz.exe" [2007-02-23 04:25 1622016 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-22 09:58 58984]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-07-17 21:45 100056]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-02-23 04:25 7774208]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programy\Internet\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"NWEReboot"="" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Picasa Media Detector"="C:\Programy\Grafika\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]
"CTCheck"="C:\Programy\Muzyka\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 11:08 397312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2007-07-17 20:37:16 987136]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-29 21:39:59 692224]
QuickTV.lnk - C:\Program Files\AVERTV2K\QuickTV.exe [2007-07-18 16:52:08 155648]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=C:\WINDOWS\pss\Przyspieszenie uruchomienia programu AutoCAD.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 01:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamerOSD]
--a------ 2007-02-14 08:42 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-04-13 10:09 49152 C:\Programy\Filmy\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-12-07 21:57 30208 C:\Programy\Filmy\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wsctf.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\gry\\Cyanide\\Loki\\Loki.exe"=
"D:\\gry\\Cyanide\\Loki\\Autorun\\AutoRun.exe"=
"D:\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programy\\Internet\\IEPro\\MiniDM.exe"=

R0 pe3agqwc;Loki Environment Driver (pe3agqwc);C:\WINDOWS\system32\drivers\pe3agqwc.sys [2007-05-16 18:55]
R0 ps6agqwc;Loki Synchronization Driver (ps6agqwc);C:\WINDOWS\system32\drivers\ps6agqwc.sys [2007-08-02 18:48]
R2 BT848;AVerMedia, AVerTV WDM Video Capture;C:\WINDOWS\system32\drivers\BT848.sys [2001-12-07 18:59]
R2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-12-26 20:00]
R2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.sys [2001-08-21 23:43]
R2 Creative Audio Pack Licensing Service;Creative Audio Pack Licensing Service;"C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe" [2007-09-03 15:28]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:40]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 08:30]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 03:39]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 09:06]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 15:25]
S2 pr2agqwc;Loki Drivers Auto Removal (pr2agqwc);C:\WINDOWS\system32\pr2agqwc.exe svc []
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 10:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{380b9a18-3790-11dc-9ebd-0015af0d4b60}]
\Shell\AutoRun\command - J:\b.com
\Shell\explore\Command - J:\b.com
\Shell\open\Command - J:\b.com

*Newly Created Service* - SJYPKT
.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Skanuj komputer - Tysiu.job"
- C:\Programy\Internet\NORTON~1\NORTON~1\Navw32.exef/task:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 21:00:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-20 21:00:28
ComboFix-quarantined-files.txt 2008-03-20 20:00:20
.
2008-03-18 02:01:00 --- E O F ---

[pp3088]

start>>uruchom>>wpisujesz "regedit">>odnajdujesz klucz
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\
i usuwasz go.

[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\n2de.cmd
C:\3o.exe
C:\xpbkh.com
C:\y82td3td.com
C:\autorun.inf

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox

[m4rioo]

ja wczoraj zrobilem wg instrukcji co robic z combofixem, jeden dzien nie bylo i dzisiaj znowu. Po zrobieniu tego co mowiliscie combofix pokazal mi takiego loga

ComboFix 08-04-29.5 - mario 2008-05-01 23:00:05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1417 [GMT 2:00]
Running from: C:\Documents and Settings\mario\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\mario\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\MP Scheduled Scan.job
E:\ylr.exe
H:\2ifetri.cmd
H:\awda2.exe
I:\a3g3.bat
I:\ylr.exe
J:\fppg1.exe
J:\xo8wr9.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-05-01 16:24 . 2008-05-01 22:58 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-01 15:54 . 2008-05-01 22:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-01 15:54 . 2008-05-01 15:54 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\PC Tools
2008-05-01 15:54 . 2008-05-01 16:02 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-01 15:54 . 2008-05-01 16:02 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-01 15:54 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-01 15:54 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-01 15:53 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-05-01 15:25 . 2008-05-01 22:26 45,056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-04-30 17:36 . 2008-04-29 22:29 105,075 -r-hs---- C:\h0s2.bat
2008-04-24 14:24 . 2008-04-24 14:24 <DIR> d-------- C:\Program Files\Szkoła Hakerów - Odtwarzacz filmów instruktażowych
2008-04-24 14:24 . 2008-04-24 14:24 1,849 --a------ C:\WINDOWS\system32\odtwarzacz.csh
2008-04-21 21:36 . 2008-04-21 21:36 38 --a------ C:\WINDOWS\avisplitter.INI
2008-04-20 22:10 . 2008-04-20 22:10 <DIR> d-------- C:\Program Files\danny_kay1710
2008-04-19 09:26 . 2008-04-19 09:26 <DIR> d-------- C:\Program Files\VirtualDJ
2008-04-19 06:53 . 2008-04-19 06:53 <DIR> d-------- C:\WINDOWS\Sun
2008-04-18 22:23 . 2008-04-18 22:23 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Ashampoo
2008-04-18 22:22 . 2008-04-18 22:22 <DIR> d-------- C:\Program Files\Ashampoo
2008-04-18 22:22 . 2008-04-18 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2008-04-18 22:01 . 2008-04-18 22:01 0 --a------ C:\WINDOWS\Irremote.ini
2008-04-18 19:18 . 2008-04-18 19:19 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\InternetCalls
2008-04-18 19:16 . 2008-04-18 19:16 <DIR> d-------- C:\Program Files\InternetCalls.com
2008-04-15 15:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-15 15:28 . 2008-04-15 15:29 <DIR> d-------- C:\Program Files\Java
2008-04-15 15:26 . 2008-04-15 15:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-12 15:59 . 2008-04-12 15:59 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Media Player Classic
2008-04-10 19:03 . 2008-04-10 19:03 <DIR> d-------- C:\Program Files\MathSoft
2008-04-10 19:03 . 2008-04-10 19:03 <DIR> d-------- C:\Documents and Settings\mario\WINDOWS
2008-04-10 19:03 . 1997-04-23 09:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-04-09 20:59 . 2008-04-09 20:59 <DIR> d-------- C:\Program Files\Infogrames
2008-04-09 20:59 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-08 21:55 . 2008-04-08 21:55 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-08 21:54 . 2008-04-08 21:54 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Nero
2008-04-08 21:52 . 2008-04-08 21:52 <DIR> d-------- C:\Program Files\Nero
2008-04-08 21:52 . 2008-04-18 22:02 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-08 21:52 . 2008-04-18 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-07 21:22 . 2008-04-07 21:22 97 --a------ C:\WINDOWS\WirelessFTP.INI
2008-04-07 21:17 . 2008-04-07 21:30 17,608 --a------ C:\Documents and Settings\mario\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-04-07 17:01 . 2008-04-07 17:01 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\BESTplayer
2008-04-07 16:04 . 2008-04-29 17:39 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-04-07 15:54 . 2008-04-07 15:54 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Thunderbird
2008-04-06 21:56 . 2008-04-06 21:56 <DIR> d-------- C:\Program Files\Tlen.pl
2008-04-06 21:56 . 2008-04-23 23:25 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Tlen.pl
2008-04-06 21:54 . 2008-04-06 21:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Infineon
2008-04-06 21:51 . 2008-04-06 21:51 <DIR> d-------- C:\Program Files\Wireless Console 2
2008-04-06 21:51 . 2005-10-17 17:09 987,136 --a------ C:\WINDOWS\system32\wcourier.exe
2008-04-06 21:51 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-06 21:51 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-06 21:51 . 2004-08-04 00:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-06 21:51 . 2004-08-04 00:44 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-06 21:51 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-06 21:51 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-06 21:50 . 2008-04-06 21:50 0 --a------ C:\WINDOWS\tosOBEX.INI
2008-04-06 21:49 . 2005-07-06 15:43 155,648 --a------ C:\WINDOWS\system32\ACEngSvr.exe
2008-04-06 21:48 . 2008-04-06 21:48 <DIR> d-------- C:\Program Files\Infineon
2008-04-06 21:48 . 2008-04-06 21:48 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Infineon
2008-04-06 21:48 . 2008-04-06 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Infineon
2008-04-06 21:48 . 2005-10-21 05:19 36,352 -ra------ C:\WINDOWS\system32\drivers\ifxtpm.sys
2008-04-06 21:48 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-06 21:48 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-04-06 21:46 . 2008-04-06 21:46 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-06 21:46 . 2008-04-06 21:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel
2008-04-06 21:46 . 2008-04-06 21:46 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Intel
2008-04-06 21:46 . 2008-04-06 21:46 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Intel
2008-04-06 21:46 . 2008-04-06 21:46 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Intel
2008-04-06 21:46 . 2008-04-06 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Intel
2008-04-06 21:46 . 2006-07-28 02:46 2,732,032 --a------ C:\WINDOWS\system32\NETw3r32.dll
2008-04-06 21:46 . 2006-09-27 02:36 1,709,696 --a------ C:\WINDOWS\system32\drivers\NETw3x32.sys
2008-04-06 21:46 . 2006-07-28 02:45 561,152 --a------ C:\WINDOWS\system32\NETw3c32.dll
2008-04-06 21:46 . 2008-04-06 21:46 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-06 21:44 . 2006-02-07 02:40 143,360 -ra------ C:\WINDOWS\system32\igfxres.dll
2008-04-06 21:19 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-06 21:19 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-06 21:14 . 2008-04-06 21:14 <DIR> d-------- C:\Program Files\Toshiba
2008-04-06 21:13 . 2008-04-06 21:13 <DIR> d-------- C:\Program Files\Synaptics
2008-04-06 21:13 . 2008-04-06 21:13 <DIR> d-------- C:\Program Files\Motorola
2008-04-06 21:13 . 2008-04-06 21:50 <DIR> d-------- C:\Program Files\Asus
2008-04-06 21:12 . 2008-04-06 21:12 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-06 21:12 . 2008-04-06 22:43 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-06 21:12 . 2008-04-06 21:48 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-06 21:11 . 2008-04-06 21:11 <DIR> d-------- C:\Program Files\Sigmatel
2008-04-06 21:11 . 2006-04-27 12:37 1,164,600 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-04-06 21:11 . 2006-04-20 08:12 1,069,056 --a------ C:\WINDOWS\system32\STLANG.DLL
2008-04-06 21:11 . 2006-05-04 10:50 208,896 --a------ C:\WINDOWS\system32\stacapi.dll
2008-04-06 21:11 . 2004-08-04 00:44 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-04-06 21:11 . 2004-08-04 00:44 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-04-06 21:11 . 2006-05-04 10:51 112,128 --a------ C:\WINDOWS\system32\staco.dll
2008-04-06 21:11 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-04-06 21:11 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-04-06 21:11 . 2004-08-04 00:44 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-04-06 21:11 . 2004-08-04 00:44 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2008-04-06 21:10 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-06 21:08 . 2008-04-06 21:46 <DIR> d-------- C:\Program Files\Intel
2008-04-06 21:06 . 2000-03-03 05:16 7,424 -ra------ C:\WINDOWS\system32\drivers\MMIOPORT.SYS
2008-04-06 21:04 . 2008-04-07 15:41 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2008-04-06 21:03 . 2008-04-06 21:03 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\DAEMON Tools Pro
2008-04-06 21:01 . 2008-04-06 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2008-04-06 21:00 . 2008-04-06 21:05 <DIR> d-------- C:\Program Files\DAEMON Tools Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 20:42 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-20 10:43 --------- d-----w C:\Program Files\Winamp Remote
2008-04-20 10:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-04-08 12:08 --------- d-----w C:\Documents and Settings\mario\Dane aplikacji\Winamp
2008-04-07 19:46 --------- d-----w C:\Program Files\Yahoo!
2008-04-07 19:46 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-07 19:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-06 20:40 --------- d-----w C:\Program Files\Samsung
2008-04-06 20:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-04-06 20:13 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-06 20:13 --------- d-----w C:\Documents and Settings\mario\Dane aplikacji\Yahoo!
2008-04-06 20:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LogiShrd
2008-04-06 20:08 --------- d-----w C:\Documents and Settings\mario\Dane aplikacji\Logitech
2008-04-06 20:07 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-06 20:07 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-06 20:06 --------- d-----w C:\Program Files\Logitech
2008-04-06 20:06 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-04-06 20:06 --------- d-----w C:\Documents and Settings\mario\Dane aplikacji\InstallShield
2008-04-06 20:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Logitech
2008-04-06 20:04 --------- d-----w C:\Program Files\Winamp Toolbar
2008-04-06 20:04 --------- d-----w C:\Program Files\Winamp
2008-04-06 20:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-04-06 20:02 --------- d-----w C:\Program Files\Alwil Software
2008-04-06 18:59 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-06 18:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-06 18:50 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 14:45 133576]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-10-16 12:53 6234112]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 16:22 110592]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 02:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 02:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 02:40 118784]
"SigmatelSysTrayApp"="stsystra.exe" []
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 07:11 573440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 14:02 786521]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 10:28 811008]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 17:46 90112]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 11:32 507904]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"winsock32"="C:\WINDOWS\system32:winsock32.exe" [2008-05-01 23:00 774241]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-05-24 14:16:14 49152]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-06 22:06:48 789008]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-03-10 09:20 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.CSCD"= camcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Infogrames\\Tactical Ops\\System\\TacticalOps.exe"=
"C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-11-29 12:50]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 05:19]
R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-08-09 08:15]
R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-08-09 08:15]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
C:\WINDOWS\system32:winsock32.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 23:00:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
winsock32 = C:\WINDOWS\system32:winsock32.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


C:\WINDOWS\system32:winsock32.exe 774241 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-05-01 23:00:58
ComboFix-quarantined-files.txt 2008-05-01 21:00:55
ComboFix2.txt 2008-05-01 20:59:37
ComboFix3.txt 2008-05-01 20:53:28

Pre-Run: 23,070,695,424 bajtów wolnych
Post-Run: 23,061,815,296 bajtów wolnych

245

[pp3088]

Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\Program Files\DaemonTools_WhenUSave_Installer
C:\h0s2.bat

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winsock32"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox

Użyj ATF Cleanera.

[m4rioo]

po restarcie pokazal mi sie taki log:

ComboFix 08-04-29.5 - mario 2008-05-03 13:53:22.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1298 [GMT 2:00]
Running from: C:\Documents and Settings\mario\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\mario\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\h0s2.bat
C:\Program Files\DaemonTools_WhenUSave_Installer
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\h0s2.bat
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-03 to 2008-05-03 )))))))))))))))))))))))))))))))
.

2008-05-01 16:24 . 2008-05-01 22:58 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-01 15:54 . 2008-05-01 22:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-01 15:54 . 2008-05-01 15:54 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\PC Tools
2008-05-01 15:54 . 2008-05-01 16:02 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-01 15:54 . 2008-05-01 16:02 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-01 15:54 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-01 15:54 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-01 15:53 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-05-01 15:25 . 2008-05-03 13:56 45,056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-04-24 14:24 . 2008-04-24 14:24 <DIR> d-------- C:\Program Files\Szkoˆa Haker˘w - Odtwarzacz film˘w instruktaľowych
2008-04-24 14:24 . 2008-04-24 14:24 1,849 --a------ C:\WINDOWS\system32\odtwarzacz.csh
2008-04-21 21:36 . 2008-04-21 21:36 38 --a------ C:\WINDOWS\avisplitter.INI
2008-04-20 22:10 . 2008-04-20 22:10 <DIR> d-------- C:\Program Files\danny_kay1710
2008-04-19 09:26 . 2008-04-19 09:26 <DIR> d-------- C:\Program Files\VirtualDJ
2008-04-19 06:53 . 2008-04-19 06:53 <DIR> d-------- C:\WINDOWS\Sun
2008-04-18 22:23 . 2008-04-18 22:23 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Ashampoo
2008-04-18 22:22 . 2008-04-18 22:22 <DIR> d-------- C:\Program Files\Ashampoo
2008-04-18 22:22 . 2008-04-18 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2008-04-18 22:01 . 2008-04-18 22:01 0 --a------ C:\WINDOWS\Irremote.ini
2008-04-18 19:18 . 2008-04-18 19:19 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\InternetCalls
2008-04-18 19:16 . 2008-04-18 19:16 <DIR> d-------- C:\Program Files\InternetCalls.com
2008-04-15 15:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-15 15:28 . 2008-04-15 15:29 <DIR> d-------- C:\Program Files\Java
2008-04-15 15:26 . 2008-04-15 15:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-12 15:59 . 2008-04-12 15:59 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Media Player Classic
2008-04-10 19:03 . 2008-04-10 19:03 <DIR> d-------- C:\Program Files\MathSoft
2008-04-10 19:03 . 2008-04-10 19:03 <DIR> d-------- C:\Documents and Settings\mario\WINDOWS
2008-04-10 19:03 . 1997-04-23 09:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-04-09 20:59 . 2008-04-09 20:59 <DIR> d-------- C:\Program Files\Infogrames
2008-04-09 20:59 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-08 21:55 . 2008-04-08 21:55 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-08 21:54 . 2008-04-08 21:54 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Nero
2008-04-08 21:52 . 2008-04-08 21:52 <DIR> d-------- C:\Program Files\Nero
2008-04-08 21:52 . 2008-04-18 22:02 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-08 21:52 . 2008-04-18 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-07 21:22 . 2008-04-07 21:22 97 --a------ C:\WINDOWS\WirelessFTP.INI
2008-04-07 21:17 . 2008-04-07 21:30 17,608 --a------ C:\Documents and Settings\mario\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-04-07 17:01 . 2008-04-07 17:01 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\BESTplayer
2008-04-07 16:04 . 2008-05-02 23:41 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-04-07 15:54 . 2008-04-07 15:54 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Thunderbird
2008-04-06 21:56 . 2008-04-06 21:56 <DIR> d-------- C:\Program Files\Tlen.pl
2008-04-06 21:56 . 2008-04-23 23:25 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Tlen.pl
2008-04-06 21:54 . 2008-04-06 21:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Infineon
2008-04-06 21:51 . 2008-04-06 21:51 <DIR> d-------- C:\Program Files\Wireless Console 2
2008-04-06 21:51 . 2005-10-17 17:09 987,136 --a------ C:\WINDOWS\system32\wcourier.exe
2008-04-06 21:51 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-06 21:51 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-06 21:51 . 2004-08-04 00:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-06 21:51 . 2004-08-04 00:44 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-06 21:51 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-06 21:51 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-06 21:50 . 2008-04-06 21:50 0 --a------ C:\WINDOWS\tosOBEX.INI
2008-04-06 21:49 . 2005-07-06 15:43 155,648 --a------ C:\WINDOWS\system32\ACEngSvr.exe
2008-04-06 21:48 . 2008-04-06 21:48 <DIR> d-------- C:\Program Files\Infineon
2008-04-06 21:48 . 2008-04-06 21:48 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Infineon
2008-04-06 21:48 . 2008-04-06 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Infineon
2008-04-06 21:48 . 2005-10-21 05:19 36,352 -ra------ C:\WINDOWS\system32\drivers\ifxtpm.sys
2008-04-06 21:48 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-06 21:48 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-04-06 21:46 . 2008-04-06 21:46 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-06 21:46 . 2008-04-06 21:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Intel
2008-04-06 21:46 . 2008-04-06 21:46 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Intel
2008-04-06 21:46 . 2008-04-06 21:46 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\Intel
2008-04-06 21:46 . 2008-04-06 21:46 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Intel
2008-04-06 21:46 . 2008-04-06 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Intel
2008-04-06 21:46 . 2006-07-28 02:46 2,732,032 --a------ C:\WINDOWS\system32\NETw3r32.dll
2008-04-06 21:46 . 2006-09-27 02:36 1,709,696 --a------ C:\WINDOWS\system32\drivers\NETw3x32.sys
2008-04-06 21:46 . 2006-07-28 02:45 561,152 --a------ C:\WINDOWS\system32\NETw3c32.dll
2008-04-06 21:46 . 2008-04-06 21:46 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-06 21:44 . 2006-02-07 02:40 143,360 -ra------ C:\WINDOWS\system32\igfxres.dll
2008-04-06 21:19 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-06 21:19 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-06 21:14 . 2008-04-06 21:14 <DIR> d-------- C:\Program Files\Toshiba
2008-04-06 21:13 . 2008-04-06 21:13 <DIR> d-------- C:\Program Files\Synaptics
2008-04-06 21:13 . 2008-04-06 21:13 <DIR> d-------- C:\Program Files\Motorola
2008-04-06 21:13 . 2008-04-06 21:50 <DIR> d-------- C:\Program Files\Asus
2008-04-06 21:12 . 2008-04-06 21:12 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-06 21:12 . 2008-04-06 22:43 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-06 21:12 . 2008-04-06 21:48 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-06 21:11 . 2008-04-06 21:11 <DIR> d-------- C:\Program Files\Sigmatel
2008-04-06 21:11 . 2006-04-27 12:37 1,164,600 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-04-06 21:11 . 2006-04-20 08:12 1,069,056 --a------ C:\WINDOWS\system32\STLANG.DLL
2008-04-06 21:11 . 2006-05-04 10:50 208,896 --a------ C:\WINDOWS\system32\stacapi.dll
2008-04-06 21:11 . 2004-08-04 00:44 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-04-06 21:11 . 2004-08-04 00:44 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-04-06 21:11 . 2006-05-04 10:51 112,128 --a------ C:\WINDOWS\system32\staco.dll
2008-04-06 21:11 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-04-06 21:11 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-04-06 21:11 . 2004-08-04 00:44 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-04-06 21:11 . 2004-08-04 00:44 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2008-04-06 21:10 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-06 21:08 . 2008-04-06 21:46 <DIR> d-------- C:\Program Files\Intel
2008-04-06 21:06 . 2000-03-03 05:16 7,424 -ra------ C:\WINDOWS\system32\drivers\MMIOPORT.SYS
2008-04-06 21:04 . 2008-04-07 15:41 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2008-04-06 21:03 . 2008-04-06 21:03 <DIR> d-------- C:\Documents and Settings\mario\Dane aplikacji\DAEMON Tools Pro
2008-04-06 21:01 . 2008-04-06 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2008-04-06 21:00 . 2008-04-06 21:05 <DIR> d-------- C:\Program Files\DAEMON Tools Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 09:57 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-24 12:24 --------- d-----w C:\Program Files\Szkoła Hakerów - Odtwarzacz filmów instruktażowych
2008-04-20 10:43 --------- d-----w C:\Program Files\Winamp Remote
2008-04-20 10:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-04-08 12:08 --------- d-----w C:\Documents and Settings\mario\Dane aplikacji\Winamp
2008-04-07 19:46 --------- d-----w C:\Program Files\Yahoo!
2008-04-07 19:46 --------- d-----w C:\Program Files\Common Files\Scanner
2008-04-07 19:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-06 20:40 --------- d-----w C:\Program Files\Samsung
2008-04-06 20:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-04-06 20:13 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-06 20:13 --------- d-----w C:\Documents and Settings\mario\Dane aplikacji\Yahoo!
2008-04-06 20:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LogiShrd
2008-04-06 20:08 --------- d-----w C:\Documents and Settings\mario\Dane aplikacji\Logitech
2008-04-06 20:07 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-06 20:07 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-04-06 20:06 --------- d-----w C:\Program Files\Logitech
2008-04-06 20:06 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-04-06 20:06 --------- d-----w C:\Documents and Settings\mario\Dane aplikacji\InstallShield
2008-04-06 20:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Logitech
2008-04-06 20:04 --------- d-----w C:\Program Files\Winamp Toolbar
2008-04-06 20:04 --------- d-----w C:\Program Files\Winamp
2008-04-06 20:04 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-04-06 20:02 --------- d-----w C:\Program Files\Alwil Software
2008-04-06 18:59 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-06 18:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-06 18:50 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 14:45 133576]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-10-16 12:53 6234112]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 16:22 110592]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 02:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 02:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 02:40 118784]
"SigmatelSysTrayApp"="stsystra.exe" []
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-08-07 07:11 573440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 14:02 786521]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 10:28 811008]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 17:46 90112]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 11:32 507904]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-05-24 14:16:14 49152]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-06 22:06:48 789008]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-03-10 09:20 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.CSCD"= camcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Infogrames\\Tactical Ops\\System\\TacticalOps.exe"=
"C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-11-29 12:50]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 05:19]
R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-08-09 08:15]
R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-08-09 08:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57b64c5b-0413-11dd-a101-001bfc134dc1}]
\Shell\AutoRun\command - G:\h0s2.bat
\Shell\explore\Command - G:\h0s2.bat
\Shell\open\Command - G:\h0s2.bat

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 13:56:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\acovcnt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Winamp\winamp.exe
.
**************************************************************************
.
Completion time: 2008-05-03 13:58:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-03 11:58:03

Pre-Run: 22,813,831,168 bajtów wolnych
Post-Run: 22,911,414,272 bajt˘w wolnych

272

[huber2t]

otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Z menu Notatnika Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer