nie moge się dostać do dysku

**Posty:** 6 · przez **krzysneo11** 01 Maj 2008, 18:13

Hej, gdy probuje uruchomić dysk C dostaje komunikat że przez jaki program mam go otworzyć ??. Co mam zrobić w tym wypadku i skąd ten błąd się u mnie wzioł ???

**Posty:** 8001 · przez **Okocza** 01 Maj 2008, 18:35

daj log z combofixa

http://www.forum.programosy.pl/jak-generujemy-logi-z-combofixa-oraz-dssa-vt95026.html

**Posty:** 7838 · przez **Lukesh** 01 Maj 2008, 18:56

okocza - nie na kazdy problem standardowym lekarstwem jest combofix :roll:

Otworz notatnik >> wklej to:

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [-HKEY_CLASSES_ROOT\*\shell\OpenAs] [HKEY_CLASSES_ROOT\Unknown\shell] @="openas" [HKEY_CLASSES_ROOT\Unknown\shell\openas] @="Otwórz za pomocą..." [HKEY_CLASSES_ROOT\Unknown\shell\openas\command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\ 6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,25,00,53,\ 00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,\ 79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,65,00,6c,00,6c,\ 00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,4f,00,70,00,65,00,6e,00,41,00,\ 73,00,5f,00,52,00,75,00,6e,00,44,00,4c,00,4c,00,20,00,25,00,31,00,00,00 [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With] @="{09799AFB-AD67-11d1-ABCD-00C04FC30936}" [HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}] @="Open With Context Menu Handler" [HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\InProcServer32] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,00,48,00,\ 45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00 "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\shellex] @="" [HKEY_CLASSES_ROOT\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\shellex\MayChangeDefaultMenu] @=""

zapisz jako >> "fix.reg" >> odpal i dodaj do rejestru. Nastepnie restart i powiedz, czy pomoglo.

**Posty:** 8001 · przez **Okocza** 01 Maj 2008, 18:57

Lukesh napisał(a):okocza - nie na kazdy problem lekarstwem jest combofix Rolling Eyes

tylko że ten problem bardzo często jest spowodowany plikiem "autorun.inf" ;]

**Posty:** 6 · przez **krzysneo11** 01 Maj 2008, 19:00

ComboFix 08-04-29.5 - Krzysiek 2008-05-01 18:48:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.881 [GMT 2:00]
Running from: C:\Documents and Settings\Krzysiek\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-05-01 13:07 . 2008-05-01 13:12 <DIR> d-------- C:\Program Files\Qonquer Online Client
2008-04-30 18:33 . 2008-04-30 18:33 <DIR> d-------- C:\Program Files\KeePass Password Safe
2008-04-28 17:01 . 2008-04-28 17:01 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-04-28 17:01 . 2008-05-01 10:55 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\MegauploadToolbar
2008-04-28 16:27 . 2008-04-28 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-04-28 16:12 . 2008-04-28 16:12 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-28 16:05 . 2008-04-28 16:24 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-27 13:29 . 2008-04-27 13:29 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Soldat
2008-04-24 17:14 . 2008-04-24 17:14 <DIR> d-------- C:\WINDOWS\Sun
2008-04-24 12:35 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-24 12:32 . 2008-04-24 12:32 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-23 12:52 . 2008-04-23 12:52 <DIR> d-------- C:\Program Files\Real Alternative
2008-04-23 12:52 . 2008-04-23 12:52 <DIR> d-------- C:\Program Files\Media Player Classic
2008-04-23 12:52 . 2008-04-23 12:52 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Media Player Classic
2008-04-20 14:28 . 2008-04-20 14:28 <DIR> d-------- C:\WINDOWS\Twierdza Krzyżowiec (Warchest)
2008-04-20 14:28 . 2008-04-20 14:28 <DIR> d-------- C:\Program Files\Firefly Studios
2008-04-20 11:37 . 2008-05-01 14:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-20 11:37 . 2008-04-20 11:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-20 11:36 . 2008-04-20 11:36 <DIR> d-------- C:\Program Files\iTunes
2008-04-20 11:36 . 2008-04-20 11:36 <DIR> d-------- C:\Program Files\iPod
2008-04-20 11:36 . 2008-04-20 11:36 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Apple Computer
2008-04-20 11:35 . 2008-04-20 11:35 <DIR> d-------- C:\Program Files\Bonjour
2008-04-20 11:32 . 2008-04-20 11:34 <DIR> d-------- C:\Program Files\QuickTime
2008-04-20 11:32 . 2008-04-20 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-20 11:29 . 2008-04-20 11:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-20 11:29 . 2008-04-20 11:29 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-20 11:26 . 2008-04-20 11:26 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-04-20 11:26 . 2008-04-20 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-04-20 08:46 . 2008-04-24 12:09 <DIR> d-------- C:\Documents and Settings\Krzysiek\.jpi_cache
2008-04-20 08:46 . 2008-04-20 08:46 <DIR> d-------- C:\Documents and Settings\Krzysiek\.java
2008-04-19 10:09 . 2008-04-19 10:09 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-19 10:09 . 2006-07-14 17:41 332,288 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-04-17 20:05 . 2008-04-26 13:23 <DIR> d-------- C:\Program Files\Stronghold Crusader
2008-04-17 20:04 . 2008-04-18 08:23 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-04-17 19:54 . 2008-04-17 19:54 <DIR> d-------- C:\Documents and Settings\Krzysiek\.javaws
2008-04-17 19:26 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-17 19:26 . 2008-03-19 18:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-04-17 19:22 . 2008-04-17 19:28 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-17 17:31 . 2003-07-20 20:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-04-17 17:31 . 2005-01-04 11:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-04-17 17:28 . 2008-04-17 17:28 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-04-17 17:21 . 2008-04-17 17:25 <DIR> d-------- C:\Program Files\Webzen
2008-04-17 11:47 . 2008-04-17 11:47 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-17 11:47 . 2008-05-01 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-17 11:47 . 2008-05-01 18:52 3,144,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-17 11:47 . 2008-05-01 14:54 240,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-17 11:47 . 2008-04-17 16:29 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-17 11:47 . 2008-04-17 16:29 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-17 11:47 . 2008-05-01 14:54 40,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-17 11:47 . 2008-05-01 14:54 22,604 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-17 11:46 . 2008-04-17 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-16 20:56 . 2008-04-16 20:56 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu
2008-04-16 20:32 . 2008-04-16 20:32 <DIR> d-------- C:\Program Files\Multimedia Mouse Driver
2008-04-16 16:37 . 1997-07-19 17:01 376,592 --a------ C:\WINDOWS\system32\msrdo20.dll
2008-04-16 16:37 . 1997-07-19 17:00 129,808 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-04-16 16:37 . 1997-01-13 10:49 97,552 --a------ C:\WINDOWS\system32\rdocurs.dll
2008-04-16 16:37 . 2000-08-06 01:51 32,830 --a------ C:\WINDOWS\system32\dbmsshrn.dll
2008-04-16 16:36 . 2000-08-06 01:51 274,489 --a------ C:\WINDOWS\system32\ntwdblib.dll
2008-04-16 16:36 . 2000-08-06 01:51 192,569 --a------ C:\WINDOWS\system32\msrpjt40.dll
2008-04-16 16:36 . 2008-04-17 17:07 2,611 --a------ C:\WINDOWS\sql.MIF
2008-04-16 16:35 . 2008-04-17 17:07 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-04-16 16:35 . 2000-07-07 12:20 81,920 --a------ C:\WINDOWS\system32\mdt2fw95.dll
2008-04-16 16:35 . 2000-07-13 23:15 1,296 --a------ C:\WINDOWS\setup~0.iss
2008-04-16 16:06 . 2008-04-16 16:07 <DIR> d-------- C:\x86
2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\msolap
2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\MSEQ
2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\INSTALL
2008-04-16 16:06 . 2008-04-16 16:07 <DIR> d-------- C:\html
2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\devtools
2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\books
2008-04-16 16:05 . 2008-04-16 16:05 <DIR> d-------- C:\SQLEVAL
2008-04-16 13:26 . 2008-04-17 17:07 <DIR> d-------- C:\Program Files\MTA San Andreas
2008-04-16 13:08 . 2008-04-16 13:08 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-16 08:33 . 2008-04-16 08:33 <DIR> d-------- C:\Program Files\poleng
2008-04-15 21:49 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-14 22:09 . 2008-04-14 22:09 <DIR> d-------- C:\Program Files\Common Files\X10
2008-04-14 22:09 . 1999-06-25 09:56 127,184 --a------ C:\WINDOWS\Unwise.exe
2008-04-14 21:51 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\viaagp1.sys
2008-04-14 21:50 . 2008-04-14 21:50 <DIR> d-------- C:\Documents and Settings\Krzysiek\WINDOWS
2008-04-14 21:50 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-14 21:50 . 2000-10-25 14:27 3,000 -ra------ C:\WINDOWS\system32\SetupNT.sys
2008-04-14 21:50 . 2008-04-14 21:50 3 --a------ C:\WINDOWS\system32\BSETUP.TMP
2008-04-14 21:45 . 2008-04-28 22:02 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-14 21:35 . 2008-04-14 22:11 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-04-14 21:35 . 2004-09-03 13:31 2,596,864 --a------ C:\WINDOWS\system\cmicnfg.cpl
2008-04-14 21:33 . 2008-04-14 21:33 <DIR> d-------- C:\Program Files\Intel
2008-04-14 21:17 . 2008-04-14 21:17 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-14 21:17 . 2008-04-14 21:17 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-14 21:16 . 2008-04-14 21:16 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nero
2008-04-14 21:13 . 2008-04-14 21:13 <DIR> d-------- C:\Program Files\Nero
2008-04-14 21:13 . 2008-04-14 21:14 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-14 21:13 . 2008-04-14 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-14 20:17 . 2008-05-01 14:55 <DIR> d-------- C:\Program Files\Steam
2008-04-14 17:53 . 2008-05-01 12:58 <DIR> d-------- C:\Program Files\Conquer 2.0
2008-04-14 17:53 . 2008-04-14 17:53 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\InstallShield
2008-04-14 14:56 . 2008-04-14 14:56 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Talkback
2008-04-14 14:56 . 2008-04-14 14:56 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 14:53 . 2008-04-14 14:53 <DIR> d---s---- C:\Documents and Settings\Krzysiek\UserData
2008-04-14 14:36 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-04-14 14:35 . 2004-08-04 00:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-04-14 14:35 . 2004-08-04 00:44 77,312 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll
2008-04-14 14:35 . 2004-08-04 00:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 14:35 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-14 14:34 . 2008-04-17 11:46 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-14 14:34 . 2008-04-14 14:35 <DIR> d-------- C:\Documents and Settings\Krzysiek\Gadu-Gadu
2008-04-14 14:34 . 2008-04-14 14:34 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2008-04-14 14:34 . 2008-04-14 13:39 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2008-04-14 14:34 . 2008-04-14 14:34 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2008-04-14 14:34 . 2008-05-01 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2008-04-14 14:34 . 2008-04-17 17:06 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2008-04-14 14:34 . 2008-04-28 16:24 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-04-14 14:33 . 2008-04-14 14:34 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2008-04-14 14:33 . 2008-04-14 13:42 <DIR> d--h----- C:\Documents and Settings\Default User
2008-04-14 14:33 . 2008-04-28 16:27 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2008-04-14 14:33 . 2008-04-14 13:41 <DIR> d-------- C:\Documents and Settings\All Users
2008-04-14 14:33 . 2008-04-14 13:45 <DIR> d-------- C:\Documents and Settings
2008-04-14 14:30 . 2008-04-14 14:30 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-14 14:23 . 2003-10-16 18:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-04-14 14:22 . 2008-04-14 14:22 <DIR> d-------- C:\Program Files\Thomson
2008-04-14 14:22 . 2003-09-05 06:58 70,624 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 15:09 --------- d-----w C:\Program Files\free-downloads.net
2008-04-17 15:09 --------- d-----w C:\Program Files\Conduit
2008-04-14 13:50 --------- d-----w C:\Program Files\Alcohol Soft
2008-04-14 13:44 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-14 11:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 11:39 --------- d-----w C:\Program Files\Usługi online
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-14 20:18 1271032]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]
"wsctf.exe"="wsctf.exe" []
"EXPLORER.EXE"="EXPLORER.EXE" [2004-08-04 00:44 1033728 C:\WINDOWS\explorer.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 06:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 06:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 06:26 86016]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"Cmaudio"="cmicnfg.cpl" []
"KMConfig"="C:\Program Files\Multimedia Mouse Driver\V5\StartAutorun.exe" [2007-03-06 14:51 212992]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57f19572-0b12-11dd-b4d9-000e5091e7a6}]
\Shell\AutoRun\command - E:\8de.bat
\Shell\explore\Command - E:\8de.bat
\Shell\open\Command - E:\8de.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57f19573-0b12-11dd-b4d9-000e5091e7a6}]
\Shell\AutoRun\command - F:\8de.bat
\Shell\explore\Command - F:\8de.bat
\Shell\open\Command - F:\8de.bat

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 09:29:52 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 18:52:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-01 18:54:15
ComboFix-quarantined-files.txt 2008-05-01 16:53:29

Pre-Run: 136,930,254,848 bajtów wolnych
Post-Run: 138,525,532,160 bajtów wolnych

225

**Posty:** 8001 · przez **Okocza** 01 Maj 2008, 19:00

log umieść w tagach :idea:

**Posty:** 7838 · przez **Lukesh** 01 Maj 2008, 19:02

Tak, masz racje, chociaz czesciej obiawia sie to odmową dostępu, np. brakiem uprawnień, a podany przeze mnie fix powinien rozwiazac wszelakie problemy zwiazane z 'otworz za pomoca...'

**Posty:** 6 · przez **krzysneo11** 01 Maj 2008, 19:03

Jak w tagach ????

[ Dodano: Dzisiaj o 19:04 ]
Czyli co mam zrobić ??

**Posty:** 7838 · przez **Lukesh** 01 Maj 2008, 19:04

Zrob edycje swojego postu z logiem >> kliknij [EDYTU] >> zaznacz caly log >> kliknij na [CODE] lub [QUOTE] :wink:

**Posty:** 8001 · przez **Okocza** 01 Maj 2008, 19:04

Lukesh napisał(a):Tak, masz racje, chociaz czesciej obiawia sie to odmową dostępu, np. brakiem uprawnień Razz

wiec sam sobie odpowiedziales na swoje zarzuty ;]

Jak w tagach ????

zaznacz caly log i kliknij przycisk code

**Posty:** 6 · przez **krzysneo11** 01 Maj 2008, 19:05

Kod: Zaznacz wszystko: ComboFix 08-04-29.5 - Krzysiek 2008-05-01 18:48:18.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.881 [GMT 2:00] Running from: C:\Documents and Settings\Krzysiek\Pulpit\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))) . 2008-05-01 13:07 . 2008-05-01 13:12 <DIR> d-------- C:\Program Files\Qonquer Online Client 2008-04-30 18:33 . 2008-04-30 18:33 <DIR> d-------- C:\Program Files\KeePass Password Safe 2008-04-28 17:01 . 2008-04-28 17:01 <DIR> d-------- C:\Program Files\MegauploadToolbar 2008-04-28 17:01 . 2008-05-01 10:55 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\MegauploadToolbar 2008-04-28 16:27 . 2008-04-28 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2008-04-28 16:12 . 2008-04-28 16:12 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-04-28 16:05 . 2008-04-28 16:24 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-04-27 13:29 . 2008-04-27 13:29 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Soldat 2008-04-24 17:14 . 2008-04-24 17:14 <DIR> d-------- C:\WINDOWS\Sun 2008-04-24 12:35 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-24 12:32 . 2008-04-24 12:32 <DIR> d-------- C:\Program Files\Common Files\Java 2008-04-23 12:52 . 2008-04-23 12:52 <DIR> d-------- C:\Program Files\Real Alternative 2008-04-23 12:52 . 2008-04-23 12:52 <DIR> d-------- C:\Program Files\Media Player Classic 2008-04-23 12:52 . 2008-04-23 12:52 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Media Player Classic 2008-04-20 14:28 . 2008-04-20 14:28 <DIR> d-------- C:\WINDOWS\Twierdza Krzyżowiec (Warchest) 2008-04-20 14:28 . 2008-04-20 14:28 <DIR> d-------- C:\Program Files\Firefly Studios 2008-04-20 11:37 . 2008-05-01 14:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-20 11:37 . 2008-04-20 11:37 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-20 11:36 . 2008-04-20 11:36 <DIR> d-------- C:\Program Files\iTunes 2008-04-20 11:36 . 2008-04-20 11:36 <DIR> d-------- C:\Program Files\iPod 2008-04-20 11:36 . 2008-04-20 11:36 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Apple Computer 2008-04-20 11:35 . 2008-04-20 11:35 <DIR> d-------- C:\Program Files\Bonjour 2008-04-20 11:32 . 2008-04-20 11:34 <DIR> d-------- C:\Program Files\QuickTime 2008-04-20 11:32 . 2008-04-20 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-04-20 11:29 . 2008-04-20 11:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-04-20 11:29 . 2008-04-20 11:29 <DIR> d-------- C:\Program Files\Apple Software Update 2008-04-20 11:26 . 2008-04-20 11:26 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-04-20 11:26 . 2008-04-20 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-04-20 08:46 . 2008-04-24 12:09 <DIR> d-------- C:\Documents and Settings\Krzysiek\.jpi_cache 2008-04-20 08:46 . 2008-04-20 08:46 <DIR> d-------- C:\Documents and Settings\Krzysiek\.java 2008-04-19 10:09 . 2008-04-19 10:09 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-04-19 10:09 . 2006-07-14 17:41 332,288 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-04-17 20:05 . 2008-04-26 13:23 <DIR> d-------- C:\Program Files\Stronghold Crusader 2008-04-17 20:04 . 2008-04-18 08:23 <DIR> d-------- C:\Program Files\GameSpy Arcade 2008-04-17 19:54 . 2008-04-17 19:54 <DIR> d-------- C:\Documents and Settings\Krzysiek\.javaws 2008-04-17 19:26 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-04-17 19:26 . 2008-03-19 18:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-04-17 19:22 . 2008-04-17 19:28 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-04-17 17:31 . 2003-07-20 20:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-04-17 17:31 . 2005-01-04 11:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-04-17 17:28 . 2008-04-17 17:28 <DIR> d-------- C:\Program Files\Common Files\INCA Shared 2008-04-17 17:21 . 2008-04-17 17:25 <DIR> d-------- C:\Program Files\Webzen 2008-04-17 11:47 . 2008-04-17 11:47 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-04-17 11:47 . 2008-05-01 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-04-17 11:47 . 2008-05-01 18:52 3,144,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-17 11:47 . 2008-05-01 14:54 240,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-17 11:47 . 2008-04-17 16:29 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-04-17 11:47 . 2008-04-17 16:29 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-04-17 11:47 . 2008-05-01 14:54 40,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-17 11:47 . 2008-05-01 14:54 22,604 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-17 11:46 . 2008-04-17 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-04-16 20:56 . 2008-04-16 20:56 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu 2008-04-16 20:32 . 2008-04-16 20:32 <DIR> d-------- C:\Program Files\Multimedia Mouse Driver 2008-04-16 16:37 . 1997-07-19 17:01 376,592 --a------ C:\WINDOWS\system32\msrdo20.dll 2008-04-16 16:37 . 1997-07-19 17:00 129,808 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-04-16 16:37 . 1997-01-13 10:49 97,552 --a------ C:\WINDOWS\system32\rdocurs.dll 2008-04-16 16:37 . 2000-08-06 01:51 32,830 --a------ C:\WINDOWS\system32\dbmsshrn.dll 2008-04-16 16:36 . 2000-08-06 01:51 274,489 --a------ C:\WINDOWS\system32\ntwdblib.dll 2008-04-16 16:36 . 2000-08-06 01:51 192,569 --a------ C:\WINDOWS\system32\msrpjt40.dll 2008-04-16 16:36 . 2008-04-17 17:07 2,611 --a------ C:\WINDOWS\sql.MIF 2008-04-16 16:35 . 2008-04-17 17:07 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2008-04-16 16:35 . 2000-07-07 12:20 81,920 --a------ C:\WINDOWS\system32\mdt2fw95.dll 2008-04-16 16:35 . 2000-07-13 23:15 1,296 --a------ C:\WINDOWS\setup~0.iss 2008-04-16 16:06 . 2008-04-16 16:07 <DIR> d-------- C:\x86 2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\msolap 2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\MSEQ 2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\INSTALL 2008-04-16 16:06 . 2008-04-16 16:07 <DIR> d-------- C:\html 2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\devtools 2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\books 2008-04-16 16:05 . 2008-04-16 16:05 <DIR> d-------- C:\SQLEVAL 2008-04-16 13:26 . 2008-04-17 17:07 <DIR> d-------- C:\Program Files\MTA San Andreas 2008-04-16 13:08 . 2008-04-16 13:08 <DIR> d-------- C:\Program Files\Rockstar Games 2008-04-16 08:33 . 2008-04-16 08:33 <DIR> d-------- C:\Program Files\poleng 2008-04-15 21:49 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-04-14 22:09 . 2008-04-14 22:09 <DIR> d-------- C:\Program Files\Common Files\X10 2008-04-14 22:09 . 1999-06-25 09:56 127,184 --a------ C:\WINDOWS\Unwise.exe 2008-04-14 21:51 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\viaagp1.sys 2008-04-14 21:50 . 2008-04-14 21:50 <DIR> d-------- C:\Documents and Settings\Krzysiek\WINDOWS 2008-04-14 21:50 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-04-14 21:50 . 2000-10-25 14:27 3,000 -ra------ C:\WINDOWS\system32\SetupNT.sys 2008-04-14 21:50 . 2008-04-14 21:50 3 --a------ C:\WINDOWS\system32\BSETUP.TMP 2008-04-14 21:45 . 2008-04-28 22:02 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-04-14 21:35 . 2008-04-14 22:11 <DIR> d-------- C:\Program Files\C-Media 3D Audio 2008-04-14 21:35 . 2004-09-03 13:31 2,596,864 --a------ C:\WINDOWS\system\cmicnfg.cpl 2008-04-14 21:33 . 2008-04-14 21:33 <DIR> d-------- C:\Program Files\Intel 2008-04-14 21:17 . 2008-04-14 21:17 <DIR> d-------- C:\Program Files\NeroInstall.bak 2008-04-14 21:17 . 2008-04-14 21:17 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG 2008-04-14 21:16 . 2008-04-14 21:16 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nero 2008-04-14 21:13 . 2008-04-14 21:13 <DIR> d-------- C:\Program Files\Nero 2008-04-14 21:13 . 2008-04-14 21:14 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-04-14 21:13 . 2008-04-14 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-04-14 20:17 . 2008-05-01 14:55 <DIR> d-------- C:\Program Files\Steam 2008-04-14 17:53 . 2008-05-01 12:58 <DIR> d-------- C:\Program Files\Conquer 2.0 2008-04-14 17:53 . 2008-04-14 17:53 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\InstallShield 2008-04-14 14:56 . 2008-04-14 14:56 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Talkback 2008-04-14 14:56 . 2008-04-14 14:56 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-14 14:53 . 2008-04-14 14:53 <DIR> d---s---- C:\Documents and Settings\Krzysiek\UserData 2008-04-14 14:36 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-04-14 14:35 . 2004-08-04 00:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2008-04-14 14:35 . 2004-08-04 00:44 77,312 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll 2008-04-14 14:35 . 2004-08-04 00:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 14:35 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2008-04-14 14:34 . 2008-04-17 11:46 <DIR> d-------- C:\Program Files\Gadu-Gadu 2008-04-14 14:34 . 2008-04-14 14:35 <DIR> d-------- C:\Documents and Settings\Krzysiek\Gadu-Gadu 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione 2008-04-14 14:34 . 2008-04-14 13:39 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony 2008-04-14 14:34 . 2008-05-01 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit 2008-04-14 14:34 . 2008-04-17 17:06 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start 2008-04-14 14:34 . 2008-04-28 16:24 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty 2008-04-14 14:33 . 2008-04-14 14:34 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji 2008-04-14 14:33 . 2008-04-14 13:42 <DIR> d--h----- C:\Documents and Settings\Default User 2008-04-14 14:33 . 2008-04-28 16:27 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji 2008-04-14 14:33 . 2008-04-14 13:41 <DIR> d-------- C:\Documents and Settings\All Users 2008-04-14 14:33 . 2008-04-14 13:45 <DIR> d-------- C:\Documents and Settings 2008-04-14 14:30 . 2008-04-14 14:30 13,646 --a------ C:\WINDOWS\system32\wpa.bak 2008-04-14 14:23 . 2003-10-16 18:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll 2008-04-14 14:22 . 2008-04-14 14:22 <DIR> d-------- C:\Program Files\Thomson 2008-04-14 14:22 . 2003-09-05 06:58 70,624 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-17 15:09 --------- d-----w C:\Program Files\free-downloads.net 2008-04-17 15:09 --------- d-----w C:\Program Files\Conduit 2008-04-14 13:50 --------- d-----w C:\Program Files\Alcohol Soft 2008-04-14 13:44 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-14 11:42 --------- d-----w C:\Program Files\microsoft frontpage 2008-04-14 11:39 --------- d-----w C:\Program Files\Usługi online 2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-14 20:18 1271032] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136] "wsctf.exe"="wsctf.exe" [] "EXPLORER.EXE"="EXPLORER.EXE" [2004-08-04 00:44 1033728 C:\WINDOWS\explorer.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 06:26 7700480] "nwiz"="nwiz.exe" [2007-04-19 06:26 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 06:26 86016] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "Cmaudio"="cmicnfg.cpl" [] "KMConfig"="C:\Program Files\Multimedia Mouse Driver\V5\StartAutorun.exe" [2007-03-06 14:51 212992] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57f19572-0b12-11dd-b4d9-000e5091e7a6}] \Shell\AutoRun\command - E:\8de.bat \Shell\explore\Command - E:\8de.bat \Shell\open\Command - E:\8de.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57f19573-0b12-11dd-b4d9-000e5091e7a6}] \Shell\AutoRun\command - F:\8de.bat \Shell\explore\Command - F:\8de.bat \Shell\open\Command - F:\8de.bat *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-04-20 09:29:52 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 18:52:15 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-01 18:54:15 ComboFix-quarantined-files.txt 2008-05-01 16:53:29 Pre-Run: 136,930,254,848 bajtów wolnych Post-Run: 138,525,532,160 bajtów wolnych 225

**Posty:** 8001 · przez **Okocza** 01 Maj 2008, 19:07

otwierasz notatnik wklejasz do niego:

Kod: Zaznacz wszystko: Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57f19573-0b12-11dd-b4d9-000e5091e7a6}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57f19572-0b12-11dd-b4d9-000e5091e7a6}]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER). Rozpocznie się proces usuwania
Potem nowy log z hijacka oraz combofixa

**Posty:** 6 · przez **krzysneo11** 01 Maj 2008, 19:17

Kod: Zaznacz wszystko: ComboFix 08-04-29.5 - Krzysiek 2008-05-01 19:11:36.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.973 [GMT 2:00] Running from: C:\Documents and Settings\Krzysiek\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Krzysiek\Pulpit\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 ))))))))))))))))))))))))))))))) . 2008-05-01 13:07 . 2008-05-01 13:12 <DIR> d-------- C:\Program Files\Qonquer Online Client 2008-04-30 18:33 . 2008-04-30 18:33 <DIR> d-------- C:\Program Files\KeePass Password Safe 2008-04-28 17:01 . 2008-04-28 17:01 <DIR> d-------- C:\Program Files\MegauploadToolbar 2008-04-28 17:01 . 2008-05-01 10:55 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\MegauploadToolbar 2008-04-28 16:27 . 2008-04-28 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2008-04-28 16:12 . 2008-04-28 16:12 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-04-28 16:05 . 2008-04-28 16:24 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-04-27 13:29 . 2008-04-27 13:29 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Soldat 2008-04-24 17:14 . 2008-04-24 17:14 <DIR> d-------- C:\WINDOWS\Sun 2008-04-24 12:35 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-24 12:32 . 2008-04-24 12:32 <DIR> d-------- C:\Program Files\Common Files\Java 2008-04-23 12:52 . 2008-04-23 12:52 <DIR> d-------- C:\Program Files\Real Alternative 2008-04-23 12:52 . 2008-04-23 12:52 <DIR> d-------- C:\Program Files\Media Player Classic 2008-04-23 12:52 . 2008-04-23 12:52 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Media Player Classic 2008-04-20 14:28 . 2008-04-20 14:28 <DIR> d-------- C:\WINDOWS\Twierdza Krzyżowiec (Warchest) 2008-04-20 14:28 . 2008-04-20 14:28 <DIR> d-------- C:\Program Files\Firefly Studios 2008-04-20 11:37 . 2008-05-01 14:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-20 11:37 . 2008-04-20 11:37 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-20 11:36 . 2008-04-20 11:36 <DIR> d-------- C:\Program Files\iTunes 2008-04-20 11:36 . 2008-04-20 11:36 <DIR> d-------- C:\Program Files\iPod 2008-04-20 11:36 . 2008-04-20 11:36 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Apple Computer 2008-04-20 11:35 . 2008-04-20 11:35 <DIR> d-------- C:\Program Files\Bonjour 2008-04-20 11:32 . 2008-04-20 11:34 <DIR> d-------- C:\Program Files\QuickTime 2008-04-20 11:32 . 2008-04-20 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-04-20 11:29 . 2008-04-20 11:29 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-04-20 11:29 . 2008-04-20 11:29 <DIR> d-------- C:\Program Files\Apple Software Update 2008-04-20 11:26 . 2008-04-20 11:26 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-04-20 11:26 . 2008-04-20 11:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-04-20 08:46 . 2008-04-24 12:09 <DIR> d-------- C:\Documents and Settings\Krzysiek\.jpi_cache 2008-04-20 08:46 . 2008-04-20 08:46 <DIR> d-------- C:\Documents and Settings\Krzysiek\.java 2008-04-19 10:09 . 2008-04-19 10:09 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-04-19 10:09 . 2006-07-14 17:41 332,288 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-04-17 20:05 . 2008-04-26 13:23 <DIR> d-------- C:\Program Files\Stronghold Crusader 2008-04-17 20:04 . 2008-04-18 08:23 <DIR> d-------- C:\Program Files\GameSpy Arcade 2008-04-17 19:54 . 2008-04-17 19:54 <DIR> d-------- C:\Documents and Settings\Krzysiek\.javaws 2008-04-17 19:26 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-04-17 19:26 . 2008-03-19 18:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-04-17 19:22 . 2008-04-17 19:28 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-04-17 17:31 . 2003-07-20 20:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd 2008-04-17 17:31 . 2005-01-04 11:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2008-04-17 17:28 . 2008-04-17 17:28 <DIR> d-------- C:\Program Files\Common Files\INCA Shared 2008-04-17 17:21 . 2008-04-17 17:25 <DIR> d-------- C:\Program Files\Webzen 2008-04-17 11:47 . 2008-04-17 11:47 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-04-17 11:47 . 2008-05-01 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-04-17 11:47 . 2008-05-01 19:15 3,168,288 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-17 11:47 . 2008-05-01 14:54 240,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-17 11:47 . 2008-04-17 16:29 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-04-17 11:47 . 2008-04-17 16:29 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-04-17 11:47 . 2008-05-01 14:54 40,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-17 11:47 . 2008-05-01 14:54 22,604 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-17 11:46 . 2008-04-17 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-04-16 20:56 . 2008-04-16 20:56 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu 2008-04-16 20:32 . 2008-04-16 20:32 <DIR> d-------- C:\Program Files\Multimedia Mouse Driver 2008-04-16 16:37 . 1997-07-19 17:01 376,592 --a------ C:\WINDOWS\system32\msrdo20.dll 2008-04-16 16:37 . 1997-07-19 17:00 129,808 --a------ C:\WINDOWS\system32\comdlg32.ocx 2008-04-16 16:37 . 1997-01-13 10:49 97,552 --a------ C:\WINDOWS\system32\rdocurs.dll 2008-04-16 16:37 . 2000-08-06 01:51 32,830 --a------ C:\WINDOWS\system32\dbmsshrn.dll 2008-04-16 16:36 . 2000-08-06 01:51 274,489 --a------ C:\WINDOWS\system32\ntwdblib.dll 2008-04-16 16:36 . 2000-08-06 01:51 192,569 --a------ C:\WINDOWS\system32\msrpjt40.dll 2008-04-16 16:36 . 2008-04-17 17:07 2,611 --a------ C:\WINDOWS\sql.MIF 2008-04-16 16:35 . 2008-04-17 17:07 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2008-04-16 16:35 . 2000-07-07 12:20 81,920 --a------ C:\WINDOWS\system32\mdt2fw95.dll 2008-04-16 16:35 . 2000-07-13 23:15 1,296 --a------ C:\WINDOWS\setup~0.iss 2008-04-16 16:06 . 2008-04-16 16:07 <DIR> d-------- C:\x86 2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\msolap 2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\MSEQ 2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\INSTALL 2008-04-16 16:06 . 2008-04-16 16:07 <DIR> d-------- C:\html 2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\devtools 2008-04-16 16:06 . 2008-04-16 16:06 <DIR> d-------- C:\books 2008-04-16 16:05 . 2008-04-16 16:05 <DIR> d-------- C:\SQLEVAL 2008-04-16 13:26 . 2008-04-17 17:07 <DIR> d-------- C:\Program Files\MTA San Andreas 2008-04-16 13:08 . 2008-04-16 13:08 <DIR> d-------- C:\Program Files\Rockstar Games 2008-04-16 08:33 . 2008-04-16 08:33 <DIR> d-------- C:\Program Files\poleng 2008-04-15 21:49 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-04-14 22:09 . 2008-04-14 22:09 <DIR> d-------- C:\Program Files\Common Files\X10 2008-04-14 22:09 . 1999-06-25 09:56 127,184 --a------ C:\WINDOWS\Unwise.exe 2008-04-14 21:51 . 2003-07-02 04:42 27,904 --a------ C:\WINDOWS\system32\drivers\viaagp1.sys 2008-04-14 21:50 . 2008-04-14 21:50 <DIR> d-------- C:\Documents and Settings\Krzysiek\WINDOWS 2008-04-14 21:50 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-04-14 21:50 . 2000-10-25 14:27 3,000 -ra------ C:\WINDOWS\system32\SetupNT.sys 2008-04-14 21:50 . 2008-04-14 21:50 3 --a------ C:\WINDOWS\system32\BSETUP.TMP 2008-04-14 21:45 . 2008-04-28 22:02 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-04-14 21:35 . 2008-04-14 22:11 <DIR> d-------- C:\Program Files\C-Media 3D Audio 2008-04-14 21:35 . 2004-09-03 13:31 2,596,864 --a------ C:\WINDOWS\system\cmicnfg.cpl 2008-04-14 21:33 . 2008-04-14 21:33 <DIR> d-------- C:\Program Files\Intel 2008-04-14 21:17 . 2008-04-14 21:17 <DIR> d-------- C:\Program Files\NeroInstall.bak 2008-04-14 21:17 . 2008-04-14 21:17 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG 2008-04-14 21:16 . 2008-04-14 21:16 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nero 2008-04-14 21:13 . 2008-04-14 21:13 <DIR> d-------- C:\Program Files\Nero 2008-04-14 21:13 . 2008-04-14 21:14 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-04-14 21:13 . 2008-04-14 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-04-14 20:17 . 2008-05-01 14:55 <DIR> d-------- C:\Program Files\Steam 2008-04-14 17:53 . 2008-05-01 12:58 <DIR> d-------- C:\Program Files\Conquer 2.0 2008-04-14 17:53 . 2008-04-14 17:53 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\InstallShield 2008-04-14 14:56 . 2008-04-14 14:56 <DIR> d-------- C:\Documents and Settings\Krzysiek\Dane aplikacji\Talkback 2008-04-14 14:56 . 2008-04-14 14:56 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-14 14:53 . 2008-04-14 14:53 <DIR> d---s---- C:\Documents and Settings\Krzysiek\UserData 2008-04-14 14:36 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-04-14 14:35 . 2004-08-04 00:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2008-04-14 14:35 . 2004-08-04 00:44 77,312 --a--c--- C:\WINDOWS\system32\dllcache\usbui.dll 2008-04-14 14:35 . 2004-08-04 00:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 14:35 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2008-04-14 14:34 . 2008-04-17 11:46 <DIR> d-------- C:\Program Files\Gadu-Gadu 2008-04-14 14:34 . 2008-04-14 14:35 <DIR> d-------- C:\Documents and Settings\Krzysiek\Gadu-Gadu 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione 2008-04-14 14:34 . 2008-04-14 13:39 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione 2008-04-14 14:34 . 2008-04-14 14:34 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony 2008-04-14 14:34 . 2008-05-01 11:50 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit 2008-04-14 14:34 . 2008-04-17 17:06 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start 2008-04-14 14:34 . 2008-04-28 16:24 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty 2008-04-14 14:33 . 2008-04-14 14:34 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji 2008-04-14 14:33 . 2008-04-14 13:42 <DIR> d--h----- C:\Documents and Settings\Default User 2008-04-14 14:33 . 2008-04-28 16:27 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji 2008-04-14 14:33 . 2008-04-14 13:41 <DIR> d-------- C:\Documents and Settings\All Users 2008-04-14 14:33 . 2008-04-14 13:45 <DIR> d-------- C:\Documents and Settings 2008-04-14 14:30 . 2008-04-14 14:30 13,646 --a------ C:\WINDOWS\system32\wpa.bak 2008-04-14 14:23 . 2003-10-16 18:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll 2008-04-14 14:22 . 2008-04-14 14:22 <DIR> d-------- C:\Program Files\Thomson 2008-04-14 14:22 . 2003-09-05 06:58 70,624 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-17 15:09 --------- d-----w C:\Program Files\free-downloads.net 2008-04-17 15:09 --------- d-----w C:\Program Files\Conduit 2008-04-14 13:50 --------- d-----w C:\Program Files\Alcohol Soft 2008-04-14 13:44 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-14 11:42 --------- d-----w C:\Program Files\microsoft frontpage 2008-04-14 11:39 --------- d-----w C:\Program Files\Usługi online 2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll 2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 18:46 217544] "Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-14 20:18 1271032] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136] "wsctf.exe"="wsctf.exe" [] "EXPLORER.EXE"="EXPLORER.EXE" [2004-08-04 00:44 1033728 C:\WINDOWS\explorer.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 06:26 7700480] "nwiz"="nwiz.exe" [2007-04-19 06:26 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 06:26 86016] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480] "WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352] "Cmaudio"="cmicnfg.cpl" [] "KMConfig"="C:\Program Files\Multimedia Mouse Driver\V5\StartAutorun.exe" [2007-03-06 14:51 212992] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-04-20 09:29:52 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-01 19:15:23 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-01 19:18:06 ComboFix-quarantined-files.txt 2008-05-01 17:17:22 ComboFix2.txt 2008-05-01 16:54:16 Pre-Run: 138,511,708,160 bajtów wolnych Post-Run: 138,503,036,928 bajtów wolnych 215

**Posty:** 8001 · przez **Okocza** 01 Maj 2008, 19:22

i jak dysk :?:

możesz się dostać :?:

**Posty:** 6 · przez **krzysneo11** 01 Maj 2008, 19:23

nie wiem dlaczego ale tak

. A co jest tego powodem ?? To jakis wirus

**Posty:** 8001 · przez **Okocza** 01 Maj 2008, 19:24

nie, powoduje to plik "Autorun.inf" w nim są zapisane informacje na temat tego jaka akcja ma być wykonana

nie moge się dostać do dysku

Nie moge się dostać do dysku

Kto jest na forum