proszę o sprawdzenie loga (błąd amvo.exe)

[pari]

Podłączyłam wczoraj pendrive'a , po ponownym uruchomieniu komputera pojawiły się typowe uszkodzenia wyrządzone przez amvo : błąd przy uruchamianiu, uszkodzona opcja pokazywania ukrytych folderów, wolna praca komputera i jego uruchomienie (Windows xp). Bardzo proszę o pomoc. Oto log:

ComboFix 08-03-14.4 - Pari 2008-03-16 13:19:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.161 [GMT 1:00]
Running from: C:\Documents and Settings\Pari\Pulpit\combo-fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions)))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Program Files\autorun.inf
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\npf


((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-16 13:09 . 2008-03-16 13:11 <DIR> d-------- C:\ComboFix
2008-03-15 20:17 . 2008-03-09 18:55 103,516 -r-hs---- C:\b.com
2008-03-15 20:17 . 2008-03-15 20:17 101,140 -r-hs---- C:\3o.exe
2008-03-08 16:08 . 2004-11-04 09:19 7,207 -ra------ C:\WINDOWS\Disktool.INI
2008-03-08 16:08 . 2004-11-04 09:19 6,399 -ra------ C:\WINDOWS\fwupgrade.ini
2008-03-08 16:08 . 2004-05-12 03:28 3,677 -ra------ C:\WINDOWS\PlaySnd.INI
2008-03-08 16:07 . 2008-03-08 16:07 <DIR> d-------- C:\WINDOWS\system32\recover
2008-03-08 15:56 . 2008-03-08 16:32 72 --a------ C:\WINDOWS\MediaManager.INI
2008-03-01 13:27 . 2008-03-01 13:27 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-27 11:59 . 2008-03-15 19:58 8,704 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 12:26 --------- d-----w C:\Program Files\DialNet
2008-03-15 11:57 --------- d-----w C:\Documents and Settings\Pari\Dane aplikacji\foobar2000
2008-03-13 21:48 --------- d-----w C:\Documents and Settings\Pari\Dane aplikacji\Skype
2008-03-13 21:24 --------- d-----w C:\Documents and Settings\Pari\Dane aplikacji\skypePM
2008-03-11 20:01 --------- d-----w C:\Program Files\Java
2008-03-04 15:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-02-29 12:18 --------- d-----w C:\Documents and Settings\Bogo\Dane aplikacji\Skype
2008-02-29 10:55 --------- d-----w C:\Documents and Settings\Bogo\Dane aplikacji\skypePM
2008-02-09 14:45 --------- d-----w C:\Program Files\Skype
2008-02-09 14:45 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-09 14:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-02-09 14:20 3,417,600 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-01-31 14:55 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-30 11:31 3,242,496 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-30 11:31 1,543,680 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-01-19 10:23 454,656 ----a-w C:\Program Files\putty.exe
2008-01-19 10:21 375 ----a-w C:\Program Files\putty.log
2008-01-16 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 19:38 --------- d-----w C:\Program Files\Common Files\snp325
2008-01-13 14:33 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-03 19:54 1,170,432 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-01-03 17:59 4,537,856 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-03 17:59 1,477,632 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-12-20 13:31 2,166,898 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-18 21:06 0 ----a-w C:\Program Files\rew2.log
2007-12-18 21:06 0 ----a-w C:\Program Files\landgen.log
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-11-25 22:20 8,535 ----a-w C:\Program Files\Pari.Theme
2007-11-25 22:02 8,280 ----a-w C:\Program Files\Moja ulubiona kompozycja.theme
2007-11-06 23:26 3,161,600 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-11-01 19:38 3,530,240 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-10-26 05:31 4,167,168 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-10-02 07:07 2,979,840 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-10-02 07:07 1,282,560 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-09-25 09:41 881 ----a-w C:\Program Files\pari87.prv
2005-10-11 22:14 3,043 ----a-w C:\Program Files\autorun.apm
2002-08-12 10:00 1,126,400 ----a-w C:\Program Files\autorun.exe
2007-10-12 18:16 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 12:58 495616]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-09-25 21:51 2119104]
"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" [2007-01-18 12:18 483328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 13:06 716800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 10:56 122880]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 04:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 17:46 761948]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17 118784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 09:49 454656]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 19:12 17920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 08:56 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 13:35 172094]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 15:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 16:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 16:43 892928]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 10:59 184320]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 08:20 372736]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-21 13:27 180269]
"NeroFilterCheck"="c:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-01-18 09:26 405504]
"z-wrdialer"="C:\Program Files\DialNet\wrdialer.exe" [2007-01-18 12:18 483328]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-12 14:50 20480]
"tsnp325"="C:\WINDOWS\tsnp325.exe" [2006-10-10 15:49 270336]
"snp325"="C:\WINDOWS\vsnp325.exe" [2006-10-10 14:11 827392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

C:\Documents and Settings\Pari\Menu Start\Programy\Autostart\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-28 11:41:42 106496]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-18 13:25:02 581693]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-09-21 11:50:31 184320]
RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2007-09-21 15:09:24 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 19:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12455:TCP"= 12455:TCP:BitComet 12455 TCP
"12455:UDP"= 12455:UDP:BitComet 12455 UDP

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2004-09-16 16:56]
R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2003-04-04 14:07]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2004-09-16 16:56]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 16:42]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys []
S3 SEM43XX;Sony Ericsson 802.11 sterownik sieciowego adaptera SEM43XX;C:\WINDOWS\system32\DRIVERS\semwl5.sys [2005-08-25 15:15]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-08-25 15:15]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-08-25 15:15]
S3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-04-03 13:55]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GCXXSC.sys [2005-08-25 15:15]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b856808-6872-11dc-99fe-aeb2ccf0e294}]
\Shell\AutoRun\command - F:\b.com
\Shell\explore\Command - F:\b.com
\Shell\open\Command - F:\b.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{186331bf-6c30-11dc-9a17-c66971a1fccb}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - G:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fbe8e96-c02b-11dc-9b25-001708330f3d}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb8f88bd-816b-11dc-9a67-001708330f3d}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 13:25:30
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????^??3?9?4?2??????? ??4B??????????????hB? ????^?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\DialNet\WrOS.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2008-03-16 13:29:20 - machine was rebooted [Pari]
ComboFix-quarantined-files.txt 2008-03-16 12:29:15
.
2008-03-11 21:34:10 --- E O F ---

[Kapucino]

log w tagi, edytuj post, zaznacz treść loga i daj "quote" z paska narzędzi

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\b.com
C:\3o.exe
C:\Program Files\putty.exe
C:\Program Files\putty.log
C:\Program Files\autorun.exe
C:\Program Files\pari87.prv
C:\Program Files\autorun.apm

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b856808-6872-11dc-99fe-aeb2ccf0e294}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{186331bf-6c30-11dc-9a17-c66971a1fccb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fbe8e96-c02b-11dc-9b25-001708330f3d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb8f88bd-816b-11dc-9a67-001708330f3d}]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

[pari]

Nowy log

ComboFix 08-03-14.4 - Pari 2008-03-16 18:02:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.108 [GMT 1:00]
Running from: C:\Documents and Settings\Pari\Pulpit\combo-fix.exe
Command switches used :: C:\Documents and Settings\Pari\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\3o.exe
C:\b.com
C:\Program Files\autorun.apm
C:\Program Files\autorun.exe
C:\Program Files\pari87.prv
C:\Program Files\putty.exe
C:\Program Files\putty.log
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\3o.exe
C:\b.com
C:\Program Files\autorun.apm
C:\Program Files\autorun.exe
C:\Program Files\pari87.prv
C:\Program Files\putty.exe
C:\Program Files\putty.log

.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-16 13:09 . 2008-03-16 13:11 <DIR> d-------- C:\ComboFix
2008-03-08 16:08 . 2004-11-04 09:19 7,207 -ra------ C:\WINDOWS\Disktool.INI
2008-03-08 16:08 . 2004-11-04 09:19 6,399 -ra------ C:\WINDOWS\fwupgrade.ini
2008-03-08 16:08 . 2004-05-12 03:28 3,677 -ra------ C:\WINDOWS\PlaySnd.INI
2008-03-08 16:07 . 2008-03-08 16:07 <DIR> d-------- C:\WINDOWS\system32\recover
2008-03-08 15:56 . 2008-03-08 16:32 72 --a------ C:\WINDOWS\MediaManager.INI
2008-03-01 13:27 . 2008-03-01 13:27 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-27 11:59 . 2008-03-15 19:58 8,704 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 16:15 --------- d-----w C:\Program Files\DialNet
2008-03-15 11:57 --------- d-----w C:\Documents and Settings\Pari\Dane aplikacji\foobar2000
2008-03-13 21:48 --------- d-----w C:\Documents and Settings\Pari\Dane aplikacji\Skype
2008-03-13 21:24 --------- d-----w C:\Documents and Settings\Pari\Dane aplikacji\skypePM
2008-03-11 20:01 --------- d-----w C:\Program Files\Java
2008-03-04 15:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-02-29 12:18 --------- d-----w C:\Documents and Settings\Bogo\Dane aplikacji\Skype
2008-02-29 10:55 --------- d-----w C:\Documents and Settings\Bogo\Dane aplikacji\skypePM
2008-02-09 14:45 --------- d-----w C:\Program Files\Skype
2008-02-09 14:45 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-09 14:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-02-09 14:20 3,417,600 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-01-31 14:55 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-30 11:31 3,242,496 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-30 11:31 1,543,680 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-01-16 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 19:38 --------- d-----w C:\Program Files\Common Files\snp325
2008-01-13 14:33 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-01-03 19:54 1,170,432 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-01-03 17:59 4,537,856 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-03 17:59 1,477,632 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-12-20 13:31 2,166,898 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-18 21:06 0 ----a-w C:\Program Files\rew2.log
2007-12-18 21:06 0 ----a-w C:\Program Files\landgen.log
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-11-25 22:20 8,535 ----a-w C:\Program Files\Pari.Theme
2007-11-25 22:02 8,280 ----a-w C:\Program Files\Moja ulubiona kompozycja.theme
2007-11-06 23:26 3,161,600 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-11-01 19:38 3,530,240 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-10-26 05:31 4,167,168 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-10-02 07:07 2,979,840 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-10-02 07:07 1,282,560 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-10-12 18:16 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-03-16_13.29.05.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-16 11:39:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5dc.dat
+ 2008-03-16 16:13:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 12:58 495616]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-09-25 21:51 2119104]
"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" [2007-01-18 12:18 483328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 13:06 716800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 10:56 122880]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 04:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 17:46 761948]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17 118784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 09:49 454656]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 19:12 17920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 08:56 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 13:35 172094]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 15:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 16:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 16:43 892928]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 10:59 184320]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 08:20 372736]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-21 13:27 180269]
"NeroFilterCheck"="c:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-01-18 09:26 405504]
"z-wrdialer"="C:\Program Files\DialNet\wrdialer.exe" [2007-01-18 12:18 483328]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-12 14:50 20480]
"tsnp325"="C:\WINDOWS\tsnp325.exe" [2006-10-10 15:49 270336]
"snp325"="C:\WINDOWS\vsnp325.exe" [2006-10-10 14:11 827392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

C:\Documents and Settings\Pari\Menu Start\Programy\Autostart\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-28 11:41:42 106496]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-18 13:25:02 581693]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-09-21 11:50:31 184320]
RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2007-09-21 15:09:24 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 19:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12455:TCP"= 12455:TCP:BitComet 12455 TCP
"12455:UDP"= 12455:UDP:BitComet 12455 UDP

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2004-09-16 16:56]
R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2003-04-04 14:07]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2004-09-16 16:56]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 16:42]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys []
S3 SEM43XX;Sony Ericsson 802.11 sterownik sieciowego adaptera SEM43XX;C:\WINDOWS\system32\DRIVERS\semwl5.sys [2005-08-25 15:15]
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-08-25 15:15]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-08-25 15:15]
S3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-04-03 13:55]
S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GCXXSC.sys [2005-08-25 15:15]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 18:06:17
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????^????7????|?????? ??4B??????????????hB? ????^?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-16 18:06:59
ComboFix-quarantined-files.txt 2008-03-16 17:06:57
ComboFix2.txt 2008-03-16 12:29:20
.
2008-03-11 21:34:10 --- E O F ---

[wojtas]

C:\Program Files\rew2.log
C:\Program Files\landgen.log

skasuj te 2 pliki zrob reset kompa i powiedz jak sytuacja z kompem

[pari]

Komp działa szybciej,możliwe jest już otwieranie ukrytych plików, jednak tak teraz myślę,że usunięcie pliku pari87.prv nie było konieczne... A co z katalogiem "Qoobox"?

[wojtas]

,że usunięcie pliku pari87.prv nie było konieczne.

jesli tak uwazasz przywróc go sobie w folderze Qoobox bedzie tylko moze nazywac sie tak: pari87.prv.vir to wtedy skasuj to .vir i wrzuc do C:\Program Files potem skasuj folder Qoobox

[pari]

dziękuję ślicznie za pomoc

[lucasmadi]

Witam jako ze mam podobny problem jak kolega wyzej podpinam sie pod jego temat.. co by nie zasmiecac forum.. tez mam problem z pendrive'ami.. cos jest nie tak bo ciagle gdy wywale tego amvo to on powraca.. dzisiaj na dodatek antyvirus wykryl mi trojana 3o.exe ktorego nie moge usunac.. daje nizej log z mojego kompa..

ComboFix 08-03-14.4 - Lucas 2008-03-17 17:38:36.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1669 [GMT 1:00]
Running from: C:\Documents and Settings\Lucas\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-11 09:58 . 2008-03-11 10:06 <DIR> d-------- C:\Program Files\Avi2Dvd
2008-03-07 20:47 . 2008-03-07 20:47 <DIR> d-------- C:\Program Files\SopCast
2008-03-07 13:31 . 2008-03-07 13:31 <DIR> d-------- C:\Program Files\LizardTech
2008-03-07 12:26 . 2008-03-07 12:26 <DIR> d-------- C:\Program Files\Native Instruments
2008-03-07 07:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-07 07:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-07 07:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-06 20:12 . 2008-03-06 20:12 <DIR> d-------- C:\Documents and Settings\Lucas\Contacts
2008-03-06 20:01 . 2008-03-06 20:11 <DIR> d-------- C:\Program Files\Windows Live
2008-03-06 20:01 . 2008-03-06 20:11 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-06 20:01 . 2008-03-06 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\WLInstaller
2008-03-06 17:59 . 2008-03-10 18:14 <DIR> d-------- C:\Documents and Settings\Lucas\Dane aplikacji\temp
2008-03-06 17:42 . 2008-03-06 17:42 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-03-06 17:40 . 2008-03-06 17:40 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-05 16:32 . 2008-03-05 16:47 <DIR> d-------- C:\Documents and Settings\Lucas\Dane aplikacji\Dev-Cpp
2008-03-04 16:22 . 2008-03-04 16:21 107,057 -r-hs---- C:\uisvkqr.exe
2008-03-04 16:15 . 2008-03-04 16:24 50 --a------ C:\WINDOWS\cdplayer.ini
2008-03-01 23:34 . 2008-03-01 23:34 <DIR> d-------- C:\Program Files\Foxit Software
2008-02-29 21:06 . 2008-02-29 21:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-29 21:06 . 2008-03-16 13:53 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-29 21:06 . 2008-02-29 21:06 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-29 21:06 . 2008-03-16 13:54 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-29 19:18 . 2008-03-17 10:01 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-29 19:15 . 2008-02-29 19:15 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-02-29 18:47 . 2008-02-29 18:47 <DIR> d-------- C:\Program Files\Real
2008-02-29 18:47 . 2008-02-29 18:47 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-29 18:47 . 2008-02-29 18:47 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-29 18:32 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-29 18:15 . 2008-02-29 18:15 <DIR> d-------- C:\Documents and Settings\Lucas\Dane aplikacji\Gadu-Gadu
2008-02-29 18:13 . 2008-02-29 18:13 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-02-29 18:13 . 2008-02-29 18:13 <DIR> d-------- C:\Documents and Settings\Lucas\Gadu-Gadu
2008-02-29 16:49 . 2008-02-29 16:49 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-29 16:49 . 2008-02-29 16:49 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-29 16:49 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-02-29 16:49 . 2008-02-29 16:49 421 --a------ C:\WINDOWS\ODBC.INI
2008-02-29 13:21 . 2008-02-29 13:21 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-29 12:51 . 2008-02-29 12:56 <DIR> d-------- C:\Program Files\uTorrent
2008-02-29 12:51 . 2008-03-17 09:43 <DIR> d-------- C:\Documents and Settings\Lucas\Dane aplikacji\uTorrent
2008-02-29 12:03 . 2008-02-29 12:03 <DIR> d-------- C:\Program Files\WapSter
2008-02-29 12:03 . 2008-02-29 12:03 <DIR> d-------- C:\Documents and Settings\Lucas\WapSter
2008-02-28 21:07 . 2008-03-06 20:46 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-28 18:32 . 2008-02-28 18:32 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-02-28 18:32 . 2008-02-28 18:32 <DIR> d-------- C:\Program Files\ACD Systems
2008-02-28 18:32 . 2008-02-28 18:32 <DIR> d-------- C:\Documents and Settings\Lucas\Dane aplikacji\ACD Systems
2008-02-28 18:32 . 2008-02-28 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
2008-02-28 17:22 . 2008-02-28 17:22 <DIR> d-------- C:\WINDOWS\Sun
2008-02-28 17:19 . 2008-02-28 17:19 <DIR> d-------- C:\Program Files\Java
2008-02-28 17:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-28 17:18 . 2008-02-28 17:18 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-28 16:57 . 2008-02-28 16:57 <DIR> d-------- C:\Program Files\Nero
2008-02-28 16:57 . 2008-02-28 16:58 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-02-28 16:57 . 2008-02-28 16:58 <DIR> d-------- C:\Documents and Settings\Lucas\Dane aplikacji\Ahead
2008-02-28 16:47 . 2008-02-28 16:48 <DIR> d-------- C:\Program Files\Konnekt
2008-02-28 16:47 . 2008-02-28 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\stamina

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 20:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 14:13 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-28 13:53 --------- d-----w C:\Program Files\Alwil Software
2008-02-28 13:40 --------- d-----w C:\Program Files\Thomson
2008-02-28 13:36 --------- d-----w C:\Program Files\VDOTool
2008-02-28 13:34 --------- d-----w C:\Program Files\Realtek
2008-02-28 13:33 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-28 13:33 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-02-28 13:33 --------- d-----w C:\Documents and Settings\Lucas\Dane aplikacji\InstallShield
2008-02-28 13:31 --------- d-----w C:\Program Files\Intel
2008-02-28 13:30 --------- d-----w C:\Program Files\Thomson SpeedTouch
2008-02-28 13:25 32,000 ----a-w C:\WINDOWS\system32\drivers\stppp.sys
2008-02-28 13:25 30,464 ----a-w C:\WINDOWS\system32\drivers\st330.sys
2008-02-28 13:25 16,128 ----a-w C:\WINDOWS\system32\drivers\lpwdm.sys
2008-02-28 13:25 12,672 ----a-w C:\WINDOWS\system32\drivers\stbus.sys
2008-02-28 13:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-28 13:17 --------- d-----w C:\Program Files\Usługi online
2008-02-22 16:23 106,757 --sh--r C:\oufddh.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 12:30 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 13:08 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 16132608 C:\WINDOWS\RTHDCPL.EXE]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-06-26 14:58 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 03:34 8466432]
"nwiz"="nwiz.exe" [2007-07-23 03:34 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 03:34 81920]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-29 18:47 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Konnekt\\konnekt.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"E:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-28 14:33]
S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2008-02-28 14:25]
S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2008-02-28 14:25]
S3 stppp;Speedtouch PPP Adapter Adapter;C:\WINDOWS\system32\DRIVERS\stppp.sys [2008-02-28 14:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9ee90c9-e9fd-11dc-b9fc-000e501d1deb}]
\Shell\AutoRun\command - H:\uisvkqr.exe
\Shell\explore\Command - H:\uisvkqr.exe
\Shell\open\Command - H:\uisvkqr.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 17:39:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-17 17:39:23
ComboFix-quarantined-files.txt 2008-03-17 16:39:21
ComboFix2.txt 2008-03-15 20:36:47
.
2008-03-06 19:48:00 --- E O F ---

licze na pomoc z gory dziekuje

[Dzi@dek]

wyzej podpinam sie pod jego temat.. co by nie zasmiecac forum..

Załóż swój temat.