Log z combofix / Naprawda komputera po braku pliku NTLDR

[kamuflasz]

Kod: Zaznacz wszystko

ComboFix 08-05-12.1 - schab 2008-05-14 12:17:47.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1598 [GMT 2:00]
Running from: C:\Documents and Settings\schab\Pulpit\ComboFix.exe
 * Created a new restore point
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\WINDOWS\system32\_007367_.tmp.dll
C:\WINDOWS\system32\_007368_.tmp.dll
C:\WINDOWS\system32\_007369_.tmp.dll
C:\WINDOWS\system32\_007370_.tmp.dll
C:\WINDOWS\system32\_007377_.tmp.dll
C:\WINDOWS\system32\_007378_.tmp.dll
C:\WINDOWS\system32\_007379_.tmp.dll
C:\WINDOWS\system32\_007381_.tmp.dll
C:\WINDOWS\system32\_007382_.tmp.dll
C:\WINDOWS\system32\_007385_.tmp.dll
C:\WINDOWS\system32\_007386_.tmp.dll
C:\WINDOWS\system32\_007389_.tmp.dll
C:\WINDOWS\system32\_007390_.tmp.dll
C:\WINDOWS\system32\_007392_.tmp.dll
C:\WINDOWS\system32\_007395_.tmp.dll
C:\WINDOWS\system32\_007396_.tmp.dll
C:\WINDOWS\system32\_007401_.tmp.dll
C:\WINDOWS\system32\_007403_.tmp.dll
C:\WINDOWS\system32\_007406_.tmp.dll
C:\WINDOWS\system32\_007408_.tmp.dll
C:\WINDOWS\system32\_007409_.tmp.dll
C:\WINDOWS\system32\_007410_.tmp.dll
C:\WINDOWS\system32\_007411_.tmp.dll
C:\WINDOWS\system32\_007414_.tmp.dll
C:\WINDOWS\system32\_007415_.tmp.dll
C:\WINDOWS\system32\_007416_.tmp.dll
C:\WINDOWS\system32\_007417_.tmp.dll
C:\WINDOWS\system32\_007418_.tmp.dll
C:\WINDOWS\system32\_007423_.tmp.dll
C:\WINDOWS\system32\_007425_.tmp.dll
C:\WINDOWS\system32\system\
F:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-04-14 to 2008-05-14  )))))))))))))))))))))))))))))))
.

2008-05-14 12:02 . 2008-05-14 12:02   12,626   --a------   C:\WINDOWS\system32\wpa.bak
2008-05-14 11:51 . 2004-08-04 12:00   13,463,552   --a--c---   C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-14 11:50 . 2004-08-04 12:00   1,677,824   --a--c---   C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-05-14 11:48 . 2004-08-04 12:00   16,384   --a--c---   C:\WINDOWS\system32\dllcache\isignup.exe
2008-05-14 11:48 . 2008-05-14 11:48   749   -rah-----   C:\WINDOWS\WindowsShell.Manifest
2008-05-14 11:48 . 2008-05-14 11:48   749   -rah-----   C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-14 11:48 . 2008-05-14 11:48   749   -rah-----   C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-14 11:48 . 2008-05-14 11:48   749   -rah-----   C:\WINDOWS\system32\nwc.cpl.manifest
2008-05-14 11:48 . 2008-05-14 11:48   749   -rah-----   C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-14 11:48 . 2008-05-14 11:48   488   -rah-----   C:\WINDOWS\system32\logonui.exe.manifest
2008-05-14 11:37 . 2004-08-03 22:31   20,992   --a------   C:\WINDOWS\system32\drivers\RTL8139.sys
2008-05-14 11:31 . 2008-05-14 11:31   <DIR>   d--------   C:\Documents and Settings\Default User\Ulubione
2008-05-14 11:31 . 2008-05-14 11:31   <DIR>   d--------   C:\Documents and Settings\Default User\Pulpit
2008-05-14 11:31 . 2008-05-14 11:31   <DIR>   d--------   C:\Documents and Settings\Default User\Moje dokumenty
2008-05-14 00:34 . 2008-05-14 12:17   <DIR>   d--------   C:\Program Files\ESET
2008-05-14 00:15 . 2008-05-14 00:15   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-05-13 17:42 . 2008-05-13 17:42   754   --a------   C:\WINDOWS\WORDPAD.INI
2008-05-11 22:40 . 2008-05-11 22:40   <DIR>   d--------   C:\Program Files\Opera 9.5 beta
2008-05-11 09:48 . 2008-05-13 12:50   <DIR>   d--------   C:\Program Files\Spyware Doctor
2008-05-11 09:48 . 2008-05-11 09:48   <DIR>   d--------   C:\Documents and Settings\schab\Dane aplikacji\PC Tools
2008-05-11 09:48 . 2007-12-10 14:53   81,288   --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-11 09:48 . 2007-12-10 14:53   66,952   --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-11 09:48 . 2008-02-01 12:55   42,376   --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-11 09:48 . 2007-12-10 14:53   29,576   --a------   C:\WINDOWS\system32\drivers\kcom.sys
2008-05-10 19:21 . 2008-05-10 19:21   <DIR>   d--------   C:\Program Files\Common Files\PCSuite
2008-05-10 19:21 . 2008-05-10 19:21   <DIR>   d--------   C:\Program Files\Common Files\Nokia
2008-05-09 06:36 . 2006-10-05 04:42   2,560   --a------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-09 06:36 . 2006-10-05 04:42   2,432   --a------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-08 21:32 . 2008-05-09 06:36   <DIR>   d--------   C:\Program Files\Picasa2
2008-05-08 14:21 . 2008-05-08 14:21   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-05-08 14:17 . 2006-12-29 00:31   19,569   --a------   C:\WINDOWS\[u]0[/u]02900_.tmp
2008-05-08 08:40 . 2006-12-29 00:31   19,569   --a------   C:\WINDOWS\[u]0[/u]05787_.tmp
2008-05-08 08:38 . 2004-08-04 12:00   949,248   --a------   C:\WINDOWS\system32\msdtctm.dll
2008-05-08 07:37 . 2008-05-08 07:37   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\VistaCodecs
2008-05-07 15:06 . 2008-05-07 15:06   <DIR>   d--------   C:\Program Files\Intuwave Ltd
2008-05-07 15:03 . 1999-09-29 20:04   1,238,288   --a------   C:\WINDOWS\system32\msjt4jlt.dll
2008-05-07 08:05 . 2008-05-07 08:04   720,896   --a------   C:\WINDOWS\iun6002.exe
2008-05-05 23:24 . 2008-05-08 21:44   <DIR>   d--------   C:\Program Files\Mp3 Knife
2008-05-05 23:24 . 2004-04-12 17:27   1,081,616   --a------   C:\WINDOWS\system32\mscomctl.ocx
2008-05-05 23:24 . 2004-04-12 17:27   152,848   --a------   C:\WINDOWS\system32\comdlg32.ocx
2008-05-04 12:28 . 2008-05-04 12:28   7,680   --a------   C:\WINDOWS\system32\ff_vfw.dll
2008-05-02 21:52 . 2007-04-24 17:30   60,273   --a------   C:\WINDOWS\system32\pthreadGC2.dll
2008-05-02 21:52 . 2008-03-28 19:40   6,144   --a------   C:\WINDOWS\system32\ff_acm.acm
2008-05-02 21:52 . 2007-07-10 18:10   547   --a------   C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-02 21:37 . 2008-05-02 21:42   <DIR>   d--------   C:\Program Files\Lonely Cat Games
2008-04-30 12:15 . 2008-05-02 14:17   114   --a------   C:\WINDOWS\VplayerINI.vpl
2008-04-30 11:33 . 2008-05-02 14:17   1,397   --a------   C:\WINDOWS\VPlayer.INI
2008-04-30 11:32 . 2008-04-30 11:32   <DIR>   d--------   C:\Program Files\Vplayer
2008-04-30 01:31 . 2008-04-30 01:31   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2008-04-30 01:31 . 2006-10-18 21:47   276,992   --a------   C:\WINDOWS\system32\audiodev.dll
2008-04-30 01:30 . 2008-04-30 01:30   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-04-30 01:30 . 2008-05-04 14:43   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2008-04-30 00:42 . 2008-04-14 22:51   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-04-30 00:37 . 2008-05-08 14:23   <DIR>   d--------   C:\WINDOWS\system32\pl
2008-04-30 00:37 . 2008-05-08 14:23   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-04-30 00:37 . 2008-05-08 14:23   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-04-30 00:30 . 2004-08-04 12:00   217,088   --a--c---   C:\WINDOWS\system32\dllcache\wordpad.exe
2008-04-30 00:30 . 2004-08-04 12:00   146,432   --a------   C:\WINDOWS\system\WINSPOOL.DRV
2008-04-30 00:30 . 2004-08-04 12:00   71,040   --a------   C:\WINDOWS\system32\drivers\_007345_.tmp.dll
2008-04-30 00:30 . 2004-08-04 12:00   11,776   --a------   C:\WINDOWS\system32\xolehlp.dll
2008-04-30 00:30 . 2004-08-04 12:00   11,776   --a--c---   C:\WINDOWS\system32\dllcache\xolehlp.dll
2008-04-28 01:36 . 2008-04-28 01:36   <DIR>   d--------   C:\Program Files\Incomplete
2008-04-28 00:35 . 2008-04-28 00:36   <DIR>   d--------   C:\Documents and Settings\schab\Shared
2008-04-28 00:35 . 2008-05-08 06:20   <DIR>   d--------   C:\Documents and Settings\schab\Incomplete
2008-04-28 00:35 . 2008-05-08 06:20   <DIR>   d--------   C:\Documents and Settings\schab\Dane aplikacji\LimeWire
2008-04-26 23:04 . 2008-02-22 02:33   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-04-25 15:37 . 2008-04-25 15:37   <DIR>   d--------   C:\WINDOWS\Sun
2008-04-25 15:36 . 2008-04-26 23:04   <DIR>   d--------   C:\Program Files\Java
2008-04-25 15:35 . 2008-04-25 15:35   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-04-25 13:41 . 2008-04-25 16:01   <DIR>   d--------   C:\Documents and Settings\schab\Dane aplikacji\skypePM
2008-04-25 13:41 . 2008-04-25 13:41   32   --a------   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-25 13:35 . 2008-04-25 13:35   <DIR>   d--------   C:\Program Files\Skype
2008-04-25 13:35 . 2008-04-25 13:35   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-04-25 13:35 . 2008-04-26 14:22   <DIR>   d--------   C:\Documents and Settings\schab\Dane aplikacji\Skype
2008-04-25 13:35 . 2008-04-25 13:35   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-24 23:37 . 2008-05-06 17:02   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-04-22 15:38 . 1998-06-18 01:00   89,360   --a------   C:\WINDOWS\system32\VB5DB.DLL
2008-04-22 15:38 . 1998-05-06 00:00   57,344   --a------   C:\WINDOWS\system32\VBAME.DLL
2008-04-22 15:38 . 2005-09-12 16:40   47,744   --a------   C:\WINDOWS\system32\drivers\vserial.sys
2008-04-20 19:09 . 2008-04-20 19:09   36,734   --a------   C:\WINDOWS\system32\OggDSuninst.exe
2008-04-20 15:06 . 2008-04-20 15:06   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-04-18 23:49 . 2008-04-18 23:49   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT
2008-04-18 08:46 . 2008-04-18 08:46   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\GRETECH
2008-04-18 08:45 . 2008-04-18 08:45   <DIR>   d--------   C:\Program Files\GRETECH
2008-04-18 08:45 . 2008-04-18 08:45   <DIR>   d--------   C:\Documents and Settings\schab\Dane aplikacji\GRETECH
2008-04-16 15:35 . 2008-05-14 12:18   <DIR>   d--------   C:\WINDOWS\system32\.
2008-04-16 09:07 . 2008-04-16 09:07   1,680   --a------   C:\WINDOWS\system32\esnecil.nlp
2008-04-16 09:07 . 2008-04-16 15:35   1,680   --a------   C:\WINDOWS\system32\esnecil.ind
2008-04-16 09:07 . 2008-04-16 09:07   4   --a------   C:\WINDOWS\vx86036.dat
2008-04-16 09:05 . 2008-04-16 09:05   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\WorkshopData
2008-04-16 09:05 . 1999-06-18 23:49   165,888   --a------   C:\WINDOWS\Ckconfig.exe
2008-04-16 09:05 . 2006-09-22 01:33   69,632   --a------   C:\WINDOWS\system32\Crypserv.exe
2008-04-16 09:05 . 2006-01-10 04:47   31,846   --a------   C:\WINDOWS\system32\Ckldrv.sys
2008-04-16 09:05 . 1996-05-03 19:21   27,648   -ra------   C:\WINDOWS\Setup_ck.exe
2008-04-16 09:05 . 1996-05-03 17:36   18,432   --a------   C:\WINDOWS\Setup_ck.dll
2008-04-16 09:05 . 1995-07-04 20:33   11,776   --a------   C:\WINDOWS\Ckrfresh.exe
2008-04-16 09:05 . 2008-04-16 09:05   83   --a------   C:\WINDOWS\Crypkey.ini
2008-04-16 08:57 . 2008-04-16 08:57   <DIR>   d--------   C:\Documents and Settings\schab\Dane aplikacji\Nero
2008-04-16 08:48 . 2008-04-16 08:48   <DIR>   d--h-----   C:\Documents and Settings\schab\InstallAnywhere
2008-04-16 08:22 . 2008-04-16 08:22   <DIR>   d--------   C:\Program Files\Lavasoft
2008-04-16 08:22 . 2008-04-16 08:22   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 06:52 . 2008-05-14 12:17   <DIR>   d-a------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-15 14:01 . 2004-08-04 00:44   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll
2008-04-15 14:01 . 2001-10-26 17:29   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll
2008-04-15 06:41 . 2008-04-15 06:41   <DIR>   d--------   C:\Documents and Settings\schab\Dane aplikacji\GlarySoft
2008-04-14 22:51 . 2008-04-14 22:51   20,992   --a------   C:\WINDOWS\system32\spupdwxp.exe
2008-04-14 22:51 . 2008-04-14 22:51   20,992   --a------   C:\WINDOWS\system32\faxpatch.exe
2008-04-14 22:51 . 2008-04-14 22:51   7,680   --a------   C:\WINDOWS\system32\spdwnwxp.exe
2008-04-14 22:35 . 2008-04-18 23:45   <DIR>   d--------   C:\Program Files\Total Video Converter
2008-04-14 22:35 . 2000-05-22 22:58   608,448   --a------   C:\WINDOWS\system32\comctl32.ocx
2008-04-14 22:05 . 2008-04-14 22:05   1,950   --a------   C:\WINDOWS\system32\pid.inf

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 10:20   ---------   d-----w   C:\Documents and Settings\schab\Dane aplikacji\uTorrent
2008-05-13 22:34   512,096   ----a-w   C:\WINDOWS\system32\drivers\amon.sys
2008-05-13 22:34   298,104   ----a-w   C:\WINDOWS\system32\imon.dll
2008-05-13 22:34   15,424   ----a-w   C:\WINDOWS\system32\drivers\nod32drv.sys
2008-05-13 21:42   ---------   d-----w   C:\Program Files\Registry Easy
2008-05-11 08:41   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-05-11 04:31   ---------   d-----w   C:\Program Files\Unlocker
2008-05-10 17:23   ---------   d-----w   C:\Documents and Settings\schab\Dane aplikacji\PC Suite
2008-05-10 17:21   ---------   d-----w   C:\Program Files\Nokia
2008-05-10 17:18   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-05-08 05:39   ---------   d-----w   C:\Program Files\VistaCodecPack
2008-05-07 13:06   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-04 12:43   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-04-27 22:18   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-04-25 13:34   ---------   d-----w   C:\Documents and Settings\schab\Dane aplikacji\IE7Pro
2008-04-22 13:38   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-04-15 04:42   ---------   d-----w   C:\Program Files\NSS
2008-04-14 20:51   33,792   ----a-w   C:\WINDOWS\system32\mmcperf.exe
2008-04-14 20:51   32,866   ----a-w   C:\WINDOWS\system32\slrundll.exe
2008-04-14 20:51   32,768   ----a-w   C:\WINDOWS\system32\setupn.exe
2008-04-14 20:51   28,672   ----a-w   C:\WINDOWS\system32\verclsid.exe
2008-04-14 20:51   276,992   ----a-w   C:\WINDOWS\system32\wmphoto.dll
2008-04-14 20:51   176,640   ----a-w   C:\WINDOWS\system32\napstat.exe
2008-04-14 20:49   39,424   ----a-w   C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 20:49   136,192   ----a-w   C:\WINDOWS\system32\aaclient.dll
2008-04-14 20:39   6,144   ----a-w   C:\WINDOWS\system32\kbdpash.dll
2008-04-14 20:39   6,144   ----a-w   C:\WINDOWS\system32\kbdnepr.dll
2008-04-14 20:39   6,144   ----a-w   C:\WINDOWS\system32\kbdiultn.dll
2008-04-14 20:39   6,144   ----a-w   C:\WINDOWS\system32\kbdbhc.dll
2008-04-14 19:52   89,600   ----a-w   C:\WINDOWS\system32\msxml6r.dll
2008-04-14 19:50   80,896   ----a-w   C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 19:30   701,440   ----a-w   C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 19:30   327,040   ----a-w   C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-13 22:13   9,728   ----a-w   C:\WINDOWS\system32\comsdupd.exe
2008-04-13 22:10   10,240   ----a-w   C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 21:53   95,424   ----a-w   C:\WINDOWS\system32\drivers\slnthal.sys
2008-04-13 21:53   685,056   ----a-w   C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-04-13 21:53   404,990   ----a-w   C:\WINDOWS\system32\drivers\slntamr.sys
2008-04-13 21:53   220,032   ----a-w   C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-04-13 21:53   180,360   ----a-w   C:\WINDOWS\system32\drivers\ntmtlfax.sys
2008-04-13 21:53   13,776   ----a-w   C:\WINDOWS\system32\drivers\recagent.sys
2008-04-13 21:53   13,240   ----a-w   C:\WINDOWS\system32\drivers\slwdmsup.sys
2008-04-13 21:53   129,535   ----a-w   C:\WINDOWS\system32\drivers\slnt7554.sys
2008-04-13 21:53   126,686   ----a-w   C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-04-13 21:53   11,868   ----a-w   C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-04-13 21:53   1,309,184   ----a-w   C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-04-13 21:53   1,041,536   ----a-w   C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-04-13 21:13   ---------   d-----w   C:\Program Files\IE7Pro
2008-04-13 20:18   ---------   d-----w   C:\Documents and Settings\schab\Dane aplikacji\Nokia
2008-04-13 20:06   144,384   ----a-w   C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-04-13 19:05   ---------   d-----w   C:\Program Files\MSXML 6.0
2008-04-12 14:37   0   ---ha-w   C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-12 14:37   0   ---ha-w   C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-12 05:41   180,224   ----a-w   C:\WINDOWS\system32\xvidvfw.dll
2008-04-12 05:30   765,952   ----a-w   C:\WINDOWS\system32\xvidcore.dll
2008-04-10 19:17   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2008-04-10 19:17   ---------   d-----w   C:\Program Files\Realtek
2008-04-10 16:07   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-10 13:41   ---------   d-----w   C:\Program Files\uTorrent
2008-04-10 12:33   ---------   d-----w   C:\Program Files\PC Connectivity Solution
2008-04-10 12:33   ---------   d-----w   C:\Program Files\DIFX
2008-04-10 12:28   ---------   d-----w   C:\Documents and Settings\schab\Dane aplikacji\Gadu-Gadu
2008-04-10 11:26   ---------   d-----w   C:\Program Files\Nero
2008-04-10 11:26   ---------   d-----w   C:\Program Files\Common Files\Nero
2008-04-10 11:10   ---------   d-----w   C:\Program Files\Your Uninstaller 2008
2008-04-10 11:08   ---------   d-----w   C:\Documents and Settings\schab\Dane aplikacji\URSoft
2008-04-10 11:03   ---------   d-----w   C:\Program Files\CCleaner
2008-04-10 10:52   ---------   d-----w   C:\Program Files\CursorXP
2008-04-10 10:40   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations
2008-04-10 10:21   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-04-10 10:19   ---------   d-----w   C:\Program Files\Usługi online
2008-03-06 16:29   966,656   ----a-w   C:\WINDOWS\system32\VSFilter.dll
2008-03-06 09:14   831,048   ----a-w   C:\WINDOWS\system32\WudfUpdate_01005.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-04-10 15:41 219952]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-04-23 18:19 1189104]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:44 140288]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 08:07 8491008]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-14 00:34 949376]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 14:31 16857600 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R3 usbstor;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 12:00]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 16:56]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 12:20:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\[u]0[/u].log 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2008-05-14 12:21:43 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-14 10:21:39

Pre-Run: 17,459,675,136 bajtów wolnych
Post-Run: 17,397,612,544 bajt˘w wolnych

303   --- E O F ---   2008-04-23 16:23:40

Zamieszczam log z Combofix gdyż sam mogę coś pominąć ( niezbyt świecę w logach z tego programu:) )

W HJT wszystko co zbędne usunąłem po za tym

Kod: Zaznacz wszystko

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

Nie chce mi tego sfixowac w HJT ani usunac w Combofix co z tym zrobić??

[huber2t]

Chyba nic ale daj log z hijackthis na forum

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\dllcache\hwxjpn.dll
C:\WINDOWS\system32\dllcache\chsbrkr.dll
C:\WINDOWS\002900_.tmp
C:\WINDOWS\005787_.tmp

Folder::
C:\WINDOWS\system32\.


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.