1x Moje dokumenty przy starcie.

Witam serdecznie jestem przeciętnym użytkowniekiem komputera i internetu. Przy starcie pokazuje mi się 1x moje dokumenty. Wyczytalem w różnych forach, że należy sprawdzić logi. ZaINSTALOWALEM PROGRAM I ŚCIĄGNEŁEM LOGI. pODAJĘ JE I SERDECZNIE PROSZĘ O SPRAWDZENIE I MOŻLIWĄ POMOC. pozdrawiam Patryk

Kod:

ComboFix 08-11-12.01 - Biuro 2008-11-13 21:12:30.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.110 [GMT 1:00]
Uruchomiony z: c:documents and settingsBiuroPulpitComboFix.exe
 * Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:windowssystem32AutoRun.inf
c:windowssystem32setup.ini

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-10-13 do 2008-11-13  )))))))))))))))))))))))))))))))
.

2008-11-13 21:01 . 2008-11-13 21:01    285    --a------    C:FIX.REG
2008-11-13 01:40 . 2008-10-24 12:10    453,632    ---------    c:windowssystem32dllcachemrxsmb.sys
2008-10-30 08:15 . 2008-10-30 08:15    <DIR>    d--------    c:program filesAlwil Software
2008-10-25 18:17 . 2008-10-25 18:17    998    --a------    c:windowssystem32syswinan.vbs
2008-10-19 19:47 . 2008-10-19 19:47    <DIR>    d--------    c:program filesRealLoader
2008-10-16 12:10 . 2008-08-14 15:46    2,181,632    ---------    c:windowssystem32dllcachentoskrnl.exe
2008-10-16 12:10 . 2008-08-14 15:46    2,137,600    ---------    c:windowssystem32dllcachentkrnlmp.exe
2008-10-16 12:10 . 2008-08-14 15:46    2,059,008    ---------    c:windowssystem32dllcachentkrnlpa.exe
2008-10-16 12:10 . 2008-08-14 15:46    2,017,280    ---------    c:windowssystem32dllcachentkrpamp.exe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:10    453,632    ----a-w    c:windowssystem32driversmrxsmb.sys
2008-10-15 18:00    332,800    ----a-w    c:windowssystem32dllcachenetapi32.dll
2008-10-08 17:31    47,312    ----a-w    c:windowssystem32driversMiniIcpt.sys
2008-10-08 17:31    ---------    d-----w    c:documents and settingsAll UsersDane aplikacjiG DATA
2008-10-03 18:26    6,066,176    ------w    c:windowssystem32dllcacheieframe.dll
2008-10-03 07:54    ---------    d-----w    c:program filesPTU SA
2008-09-30 15:43    1,286,152    ----a-w    c:windowssystem32msxml4.dll
2008-09-21 18:29    0    ---ha-w    c:windowssystem32driversMsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-21 18:29    0    ---ha-w    c:windowssystem32driversMsft_Kernel_ccdcmb_01005.Wdf
2008-09-18 08:26    ---------    d-----w    c:program filesMSBuild
2008-09-18 08:22    ---------    d-----w    c:program filesReference Assemblies
2008-09-18 08:04    ---------    d-----w    c:documents and settingsAll UsersDane aplikacjiInstallations
2008-09-18 07:48    ---------    d-----w    c:documents and settingsAll UsersDane aplikacjiNokia
2008-09-18 07:47    ---------    d-----w    c:documents and settingsAll UsersDane aplikacjiPC Suite
2008-09-18 07:46    ---------    d-----w    c:documents and settingsBiuroDane aplikacjiNokia
2008-09-18 07:45    ---------    d-----w    c:program filesPC Connectivity Solution
2008-09-18 07:45    ---------    d-----w    c:program filesNokia
2008-09-18 07:45    ---------    d-----w    c:program filesDIFX
2008-09-18 07:45    ---------    d-----w    c:documents and settingsBiuroDane aplikacjiPC Suite
2008-09-15 16:40    1,846,272    ----a-w    c:windowssystem32win32k.sys
2008-09-15 16:40    1,846,272    ----a-w    c:windowssystem32dllcachewin32k.sys
2008-09-05 22:31    267,816    ------w    c:windowssystem32dllcachewgaLogon.dll
2008-09-05 22:30    952,872    ------w    c:windowssystem32dllcacheWgaTray.exe
2008-09-04 16:46    1,106,944    ----a-w    c:windowssystem32msxml3.dll
2008-09-04 16:46    1,106,944    ----a-w    c:windowssystem32dllcachemsxml3.dll
2008-09-02 08:00    60,416    ----a-w    c:windowsALCFDRTM.EXE
2008-08-29 19:06    1,350,664    ----a-w    c:windowssystem32msxml6.dll
2008-08-28 11:04    333,056    ----a-w    c:windowssystem32dllcachesrv.sys
2008-08-27 10:27    3,593,216    ------w    c:windowssystem32dllcachemshtml.dll
2008-08-26 09:27    826,368    ----a-w    c:windowssystem32wininet.dll
2008-08-26 09:27    826,368    ------w    c:windowssystem32dllcachewininet.dll
2008-08-26 09:27    671,232    ------w    c:windowssystem32dllcachemstime.dll
2008-08-26 09:27    52,224    ------w    c:windowssystem32dllcachemsfeedsbs.dll
2008-08-26 09:27    477,696    ------w    c:windowssystem32dllcachemshtmled.dll
2008-08-26 09:27    459,264    ------w    c:windowssystem32dllcachemsfeeds.dll
2008-08-26 09:27    44,544    ------w    c:windowssystem32dllcachepngfilt.dll
2008-08-26 09:27    233,472    ------w    c:windowssystem32dllcachewebcheck.dll
2008-08-26 09:27    193,024    ------w    c:windowssystem32dllcachemsrating.dll
2008-08-26 09:27    105,984    ------w    c:windowssystem32dllcacheurl.dll
2008-08-26 09:27    102,912    ------w    c:windowssystem32dllcacheoccache.dll
2008-08-26 09:27    1,159,680    ------w    c:windowssystem32dllcacheurlmon.dll
2008-08-26 09:26    63,488    ------w    c:windowssystem32dllcacheicardie.dll
2008-08-26 09:26    44,544    ------w    c:windowssystem32dllcacheiernonce.dll
2008-08-26 09:26    384,512    ------w    c:windowssystem32dllcacheiedkcs32.dll
2008-08-26 09:26    383,488    ------w    c:windowssystem32dllcacheieapfltr.dll
2008-08-26 09:26    347,136    ------w    c:windowssystem32dllcachedxtmsft.dll
2008-08-26 09:26    27,648    ------w    c:windowssystem32dllcachejsproxy.dll
2008-08-26 09:26    267,776    ------w    c:windowssystem32dllcacheiertutil.dll
2008-08-26 09:26    230,400    ------w    c:windowssystem32dllcacheieaksie.dll
2008-08-26 09:26    214,528    ------w    c:windowssystem32dllcachedxtrans.dll
2008-08-26 09:26    153,088    ------w    c:windowssystem32dllcacheieakeng.dll
2008-08-26 09:26    133,120    ------w    c:windowssystem32dllcacheextmgr.dll
2008-08-26 09:26    124,928    ------w    c:windowssystem32dllcacheadvpack.dll
2008-08-25 09:42    70,656    ------w    c:windowssystem32dllcacheie4uinit.exe
2008-08-25 09:38    13,824    ------w    c:windowssystem32dllcacheieudinit.exe
2008-08-23 06:56    635,848    ------w    c:windowssystem32dllcacheiexplore.exe
2008-08-23 06:54    161,792    ------w    c:windowssystem32dllcacheieakui.dll
2008-08-14 14:46    2,181,632    ----a-w    c:windowssystem32ntoskrnl.exe
2008-08-14 14:46    2,059,008    ----a-w    c:windowssystem32ntkrnlpa.exe
2008-08-14 10:51    138,368    ----a-w    c:windowssystem32dllcacheafd.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:program filesMessengermsmsgs.exe" [2004-08-04 1667584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:program filesCommon FilesAheadlibNMBgMonitor.exe" [2005-10-28 94208]
"EXPLORER.EXE"="EXPLORER.EXE" [2004-08-04 c:windowsexplorer.exe]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ALi5289"="c:program filesULI5289ALi5289.exe" [2004-09-16 405504]
"StatusClient"="c:program filesHewlett-PackardToolbox2.0Apache Tomcat 4.0webappsToolboxStatusClientStatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:program filesHewlett-PackardToolbox2.0hpbpsttp.exe" [2003-03-31 155648]
"NeroFilterCheck"="c:windowssystem32NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:program filesHPHP Software UpdateHPWuSchd2.exe" [2007-03-11 49152]
"avast!"="c:progra~1ALWILS~1Avast4ashDisp.exe" [2008-07-19 78008]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 c:windowsSOUNDMAN.EXE]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2004-08-04 15360]

c:documents and settingsAll UsersMenu StartProgramyAutostart
Microsoft Office.lnk - c:program filesMicrosoft OfficeOfficeOSA9.EXE [1999-02-17 65588]
HP Digital Imaging Monitor.lnk - c:program filesHPDigital Imagingbinhpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R0 aliidex;aliidex;c:windowssystem32driversaliidex.sys [2003-03-06 7040]
R0 aliperf;aliperf;c:windowssystem32driversaliperf.sys [2003-01-16 7168]
R0 m5289;m5289;c:windowssystem32DRIVERSm5289.sys [2004-12-01 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:windowssystem32DRIVERSagpkx.sys [2004-07-08 44928]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:windowssystem32DRIVERSaswFsBlk.sys [2008-07-19 20560]
R2 MSSQL$PEGAZ_NET;SQL Server (PEGAZ_NET);c:program filesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe [2007-02-10 29178224]
R3 ULI5261;ULi Based Ethernet NT Driver;c:windowssystem32DRIVERSULILAN.SYS [2004-07-26 29696]
S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};c:windowsTEMP13B.tmp [ ]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{04c7397c-6e36-11dd-8d33-00138f1b463f}]
ShellAutoRuncommand - F:EXPLORER.EXE
ShellexploreCommand - F:EXPLORER.EXE
ShellopenCommand - F:EXPLORER.EXE

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{164bd968-7b8e-11dd-8d38-00138f1b463f}]
ShellAutoRuncommand - F:EXPLORER.EXE
ShellexploreCommand - F:EXPLORER.EXE
ShellopenCommand - F:EXPLORER.EXE

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{3579adea-8563-11dd-8d3f-00138f1b463f}]
ShellAutoRuncommand - F:EXPLORER.EXE
ShellexploreCommand - F:EXPLORER.EXE
ShellopenCommand - F:EXPLORER.EXE

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{82c85174-9b9c-11dd-8d4e-00138f1b463f}]
ShellAutoRuncommand - EXPLORER.EXE
ShellexploreCommand - EXPLORER.EXE
ShellopenCommand - EXPLORER.EXE

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{a1d6c33a-7e95-11dd-8d39-00138f1b463f}]
ShellAutoRuncommand - F:EXPLORER.EXE
ShellexploreCommand - F:EXPLORER.EXE
ShellopenCommand - F:EXPLORER.EXE

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d0a0ab2d-88a4-11dd-8d43-00138f1b463f}]
ShellAutoRuncommand - G:EXPLORER.EXE
ShellexploreCommand - G:EXPLORER.EXE
ShellopenCommand - G:EXPLORER.EXE

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d0a0ab2e-88a4-11dd-8d43-00138f1b463f}]
ShellAutoRuncommand - F:EXPLORER.EXE
ShellexploreCommand - F:EXPLORER.EXE
ShellopenCommand - F:EXPLORER.EXE

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e0f803bc-9de4-11dd-8d50-00138f1b463f}]
ShellAutoRuncommand - EXPLORER.EXE
ShellexploreCommand - EXPLORER.EXE
ShellopenCommand - EXPLORER.EXE

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{e0f803c0-9de4-11dd-8d50-00138f1b463f}]
ShellAutoRuncommand - EXPLORER.EXE
ShellexploreCommand - EXPLORER.EXE
ShellopenCommand - EXPLORER.EXE

*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-wsctf.exe - wsctf.exe
HKLM-Run-Adobe Photo Downloader - c:program filesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe


.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:documents and settingsBiuroDane aplikacjiMozillaFirefoxProfileso65ck7ez.default
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://WWW.WP.PL
FF -: plugin - c:program filesAdobeAcrobat 6.0 CEReaderbrowsernppdf32.dll
FF -: plugin - c:program filesMozilla FirefoxpluginsnpGoogleGadgetPluginFirefoxWin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 21:13:38
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINEsystemControlSet001Services{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath"="??c:windowsTEMP13B.tmp"
.
Czas ukończenia: 2008-11-13 21:14:10
ComboFix-quarantined-files.txt  2008-11-13 20:14:08

Przed: 8 971 943 936 bajtów wolnych
Po: 9,016,623,104 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

202    --- E O F ---    2008-11-13 02:02:07

Uwaga: To jest stary temat Ta dyskusja jest starsza niż 90 dni. Informacje w niej zawarte mogą już nie być aktualne

Miałem podobny problem i podziałało tym spróbuj w rejestrze

Start-->Uruchom-->Regedit

Znalezione na innym forum

Znajdź w HKEY_LOCAL_MACHINE|SOFTWARE|Microsoft|Windows NT|CurrentVersion|Winlogon wpis Userinit i zobacz czy wyglada tak:
Cwindows|system32|userinit.exe,
Jak wygląda inaczej to zmień go i zostaw tylko wspomniane Cwindows|system32|userinit.exe,
(tam gdzie sa | powinny być backslash coś backslash nie wyświetla )

Obadaj jeszcze to

Kod:

The "My Documents" folder automatically opens every time that you log on to a Windows XP Service Pack 2-based computer

Chłopak dobrze ci doradza. Jezeli dalej masz ten problem pisz na moje gg: 1524197

poszukaj tez przez msconfig czy nie masz gdzies dodanego tego... plus regedit...

Wylecz pendrive z wirusów

Kod:

  Usuwanie infekcji z pendrive