Witam. Prosze o sprawdzenie loga z ComboFixa Komputer z firmy, System jak i wszystkie programy są oryginalne. ComboFix 08-01-10.2 - Marcin_firma 2008-01-10 8:11:36.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.493 [GMT 1:00] Running from: C:\Documents and Settings\Marcin_firma\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))) . 2008-01-10 08:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-10 08:00 . 2008-01-10 08:00 d-------- C:\Program Files\Trend Micro 2007-12-18 08:04 . 2007-12-18 08:04 d-------- C:\Program Files\Macromedia 2007-12-18 08:04 . 2007-12-18 08:04 d-------- C:\Program Files\Common Files\Vbox . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-10 06:56 --------- d-----w C:\Documents and Settings\Marcin_firma\Dane aplikacji\Skype 2008-01-10 06:55 --------- d-----w C:\Documents and Settings\Marcin_firma\Dane aplikacji\OpenOffice.org2 2007-12-18 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-10 07:39 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 07:25 68856] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-12 14:11 25448488] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2005-08-30 19:51 1708032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 20:10 344064] "ULiRaid"="C:\Program Files\ULI5287\ULiRaid.exe" [2005-02-15 10:43 401408] "Skrót do strony właściwości High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 16:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "AlcWzrd"="ALCWZRD.EXE" [2004-12-10 08:38 2749440 C:\WINDOWS\ALCWZRD.EXE] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816] "ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 15:39 147456] "Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 13:30 86016] "Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 09:55 32768] "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12 483328] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920] "QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-01-24 09:11 28672] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:44 15360] C:\Documents and Settings\Marcin_firma\Menu Start\Programy\AutostartOpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 19:42:22] Watch.lnk - C:\WINDOWS\twain_32\A4S2_600\watch.exe [2005-10-05 00:09:46] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-11-02 07:53 77824 C:\WINDOWS\SOUNDMAN.EXE R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-02-05 00:00] R3 A4S2600;A4S2600;C:\WINDOWS\system32\drivers\A4S2600.sys [1998-05-07 11:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19238424-bb3d-11db-a947-0011d8b93114}] \Shell\AutoRun\command - H:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62159206-62d7-11dc-a9fb-0011d8b93114}] \Shell\Auto\command - H:\Cn911.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6783239a-076c-11dc-a997-0011d8b93114}] \Shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d61e1cfb-8c4f-11dc-aa26-0011d8b93114}] \Shell\Auto\command - H:\Cn911.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6dbb76b-653d-11dc-a9fc-0011d8b93114}] \Shell\Auto\command - H:\Cn911.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6dbb76c-653d-11dc-a9fc-0011d8b93114}] \Shell\Auto\command - H:\Cn911.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-10 08:12:54 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-10 8:13:13 . 2008-01-10 06:43:37 --- E O F --- Pozdrawiam Paweł