log z combofixa - prośba o sprawdzenie

przez **woffen** » 29 Cze 2008, 21:08

myślicie że wywalił już wszystko?

ComboFix 08-06-20.4 - lukas 2008-06-29 20:38:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.171 [GMT 2:00]
Running from: C:\Documents and Settings\lukas\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-13 18:38 . 2008-06-13 18:43 <DIR> d-------- C:\Nowy folder
2008-06-06 17:39 . 2008-06-06 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Corel
2008-06-06 17:39 . 2008-06-18 13:11 2,828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-06 17:39 . 2008-06-06 17:39 88 -r-hs---- C:\WINDOWS\system32\FA07BC988F.sys
2008-06-06 16:09 . 2008-06-06 16:12 <DIR> d-------- C:\PSPP12_Corel_TBYB_CZ_PL_ESD
2008-05-29 17:54 . 2008-05-29 17:54 <DIR> d-------- C:\Documents and Settings\lukas\SaveSets
2008-05-29 17:52 . 2008-05-29 17:52 <DIR> d-------- C:\Xerox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 18:44 18,190,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-29 18:15 --------- d-----w C:\Program Files\RMClock
2008-06-29 14:55 217,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-28 14:31 --------- d-----w C:\Program Files\Pomocnik aukcji
2008-06-26 14:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-06 15:39 --------- d-----w C:\Documents and Settings\lukas\Dane aplikacji\Corel
2008-06-06 15:37 --------- d-----w C:\Program Files\Common Files\Corel
2008-06-06 15:35 --------- d-----w C:\Program Files\Corel
2008-06-02 21:58 1,446,400 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-05-27 13:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\marwer.pl
2008-05-21 10:41 --------- d-----w C:\Program Files\Common Files\France Telecom
2008-05-19 20:57 3,278,336 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-05-08 17:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI
2008-05-08 17:08 10,880 ----a-w C:\WINDOWS\system32\drivers\pxark.sys
2008-05-08 16:59 2,206,123 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-08 16:15 2,865,152 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-05-08 10:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-05-08 09:31 --------- d-----w C:\Program Files\PrevxCSI
2008-04-29 09:01 --------- d-----w C:\Documents and Settings\lukas\Dane aplikacji\dvdcss
2008-04-26 21:21 2,058,240 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-04-26 21:21 1,537,024 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-04-21 07:55 334,848 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-04-18 21:25 2,190,336 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-04-08 22:47 3,141,120 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-04-04 07:29 544,768 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-04-04 07:29 1,480,704 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-04-03 22:10 9,728 ----a-w C:\WINDOWS\system32\prswfacc.dll
2008-04-03 00:25 1,607,680 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-04-03 00:25 1,472,512 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
.

------- Sigcheck -------

2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB884020$\tcpip.sys
2004-08-14 00:50 359040 4092c56967175f009dc8458dc434358e C:\WINDOWS\$NtUninstallKB889527$\tcpip.sys
2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-02-05 07:56 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-02-05 07:56 360576 0fb6743e937c7bb248b2530a5a77abc6 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-05-08_11.58.41,32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-08 09:15:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 18:13:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 15:37:33 394,534 ----a-r C:\WINDOWS\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\ARPPRODUCTICON.exe
+ 2008-06-06 15:37:33 22,486 ----a-r C:\WINDOWS\Installer\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}\NewShortcut1.73D5A293_D496_4B44_B535_AA8F98088895.exe
- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2006-10-23 09:57:38 92,160 ----a-w C:\WINDOWS\system32\drivers\nwusbmdm.sys
+ 2006-10-23 09:57:38 92,160 ----a-w C:\WINDOWS\system32\drivers\nwusbser.sys
+ 2007-12-14 11:35:40 1,101,824 ----a-r C:\WINDOWS\system32\mfc80.dll
+ 2007-12-14 11:35:40 548,864 ----a-r C:\WINDOWS\system32\msvcp80.dll
+ 2007-12-14 11:35:40 626,688 ----a-r C:\WINDOWS\system32\msvcr80.dll
+ 2007-06-05 11:20:30 1,459,752 ----a-w C:\WINDOWS\system32\PSIKey.dll
+ 2007-06-05 11:20:32 177,704 ----a-w C:\WINDOWS\system32\PSIService.exe
+ 2006-06-15 09:48:46 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\faxresm.dll
+ 2004-08-03 23:56:24 676,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pcl5eres.dll
+ 2003-03-25 00:45:28 169,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pclxl.dll
+ 2006-08-18 09:49:32 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ps8560ui.dll
+ 2006-08-30 08:35:10 112,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\psct8560.dll
+ 2006-01-06 12:09:18 107,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\psct8560.exe
+ 2006-05-18 12:23:12 31,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\x8560l.dll
+ 2006-04-26 14:35:46 1,173,504 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\x8560p.dll
+ 2006-09-20 09:44:08 30,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\x8560pcl.dll
+ 2006-05-11 13:19:04 132,096 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\x8560smu.dll
+ 2006-09-20 09:43:02 491,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\x8560ui.dll
+ 2006-09-20 09:44:36 95,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\x8560wm.dll
+ 2005-09-12 08:46:36 39,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\XCWCAS32.DLL
+ 2006-05-05 11:04:40 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\xdrvxmlp.dll
+ 2006-06-15 09:49:20 1,376,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\xfaxsm32.exe
+ 2004-09-30 13:16:00 831,488 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\xlibeay.dll
+ 2006-09-13 09:17:30 758,272 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\xnt8560u.dll
+ 2006-06-15 09:49:30 823,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\xphbkm01.exe
+ 2005-07-19 08:20:20 3,370,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\xrfont77.dll
+ 2005-12-08 12:23:28 161,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\xrx8560u.dll
+ 2006-01-06 12:12:02 18,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\xrxmerui.dll
+ 2006-06-15 09:48:46 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\faxresm.dll
+ 2004-08-03 23:56:24 676,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\pcl5eres.dll
+ 2003-03-25 00:45:28 169,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\pclxl.dll
+ 2006-08-18 09:49:32 131,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\ps8560ui.dll
+ 2006-08-30 08:35:10 112,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\psct8560.dll
+ 2006-01-06 12:09:18 107,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\psct8560.exe
+ 2004-08-03 23:56:46 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\unidrv.dll
+ 2004-08-03 23:56:46 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\unidrvui.dll
+ 2004-08-03 23:56:34 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\unires.dll
+ 2006-05-18 12:23:12 31,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\x8560l.dll
+ 2006-04-26 14:35:46 1,173,504 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\x8560p.dll
+ 2006-09-20 09:44:08 30,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\x8560pcl.dll
+ 2006-05-11 13:19:04 132,096 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\x8560smu.dll
+ 2006-09-20 09:43:02 491,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\x8560ui.dll
+ 2006-09-20 09:44:36 95,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\x8560wm.dll
+ 2005-09-12 08:46:36 39,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\XCWCAS32.DLL
+ 2006-05-05 11:04:40 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\xdrvxmlp.dll
+ 2006-06-15 09:49:20 1,376,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\xfaxsm32.exe
+ 2004-09-30 13:16:00 831,488 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\xlibeay.dll
+ 2006-09-13 09:17:30 758,272 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\xnt8560u.dll
+ 2006-06-15 09:49:30 823,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\xphbkm01.exe
+ 2005-07-19 08:20:20 3,370,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\xrfont77.dll
+ 2005-12-08 12:23:28 161,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\xrx8560u.dll
+ 2006-01-06 12:12:02 18,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\xeroxphaser_856053ad\xrxmerui.dll
+ 2008-05-21 10:19:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2f0.dat
+ 2008-06-06 15:37:05 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2007-11-06 23:19:32 161,784 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2007-11-06 18:23:58 224,768 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-06 23:19:34 568,832 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 23:19:34 655,872 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-06 23:19:38 1,156,600 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2007-11-06 23:19:38 1,162,744 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-06 20:51:08 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2007-11-06 20:51:08 59,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-06 23:19:16 41,472 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-06 23:19:16 41,984 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-06 23:19:28 60,928 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-06 23:19:22 54,272 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-06 23:19:22 59,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-06 23:19:22 59,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-06 23:19:28 60,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-06 23:19:28 59,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-06 23:19:16 47,104 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-06 23:19:16 46,592 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-06 23:19:22 54,272 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RMClock"="C:\Program Files\RMClock\RMClock.exe" [2006-11-15 20:29 601600]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2007-12-22 09:09 221056]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 21:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 10:48 761946]
"ESB"="C:\WINDOWS\system32\ESB.exe" [2006-05-29 07:40 266240]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 16:51 49263]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 17:21 169328]
"Norton Ghost 12.0"="E:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 21:41 2037352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"BEWINTERNET-PLSessionManager"="C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe" [2007-07-24 19:03 102400]
"Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-01-15 15:18 16200]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\lukas\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\OrangeBS\\BEWInternet-PL\\Connectivity\\ConnectivityManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8665:TCP"= 8665:TCP:BitComet 8665 TCP
"8665:UDP"= 8665:UDP:BitComet 8665 UDP
"8554:TCP"= 8554:TCP:BitComet 8554 TCP
"8554:UDP"= 8554:UDP:BitComet 8554 UDP
"9307:TCP"= 9307:TCP:BitComet 9307 TCP
"9307:UDP"= 9307:UDP:BitComet 9307 UDP
"9306:TCP"= 9306:TCP:BitComet 9306 TCP
"9306:UDP"= 9306:UDP:BitComet 9306 UDP
"9301:TCP"= 9301:TCP:BitComet 9301 TCP
"9301:UDP"= 9301:UDP:BitComet 9301 UDP
"11407:TCP"= 11407:TCP:BitComet 11407 TCP
"11407:UDP"= 11407:UDP:BitComet 11407 UDP
"11408:TCP"= 11408:TCP:BitComet 11408 TCP
"11408:UDP"= 11408:UDP:BitComet 11408 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundDestinationUnreachable"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)
"AllowOutboundParameterProblem"= 0 (0x0)
"AllowOutboundTimeExceeded"= 0 (0x0)
"AllowRedirect"= 0 (0x0)
"AllowOutboundPacketTooBig"= 0 (0x0)

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-05-08 19:08]
R2 Basics Service;Basics Service;"C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe" [2007-10-09 17:21]
R2 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service []
R2 MSSQL$INSERTGT;SQL Server (INSERTGT);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sINSERTGT []
R3 MTC0001_ESB;ESB driver;C:\WINDOWS\system32\ntesb.sys [2005-08-25 09:00]
S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2007-01-19 07:07]
S3 GTMMDMUSB;GT M 3G+ USB MDM;C:\WINDOWS\system32\DRIVERS\gtmmdmusb.sys [2007-01-19 07:07]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-01-19 07:07]
S3 GTMSERUSB;GT M 3G+ USB SER;C:\WINDOWS\system32\DRIVERS\gtmserusb.sys [2007-01-19 07:07]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-01-19 07:07]
S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2007-04-04 16:10]
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;C:\WINDOWS\system32\DRIVERS\GtVUsb.sys [2006-05-29 11:52]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3eb7dcc8-d487-11db-abbf-00400507e6f7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{988859fc-ed2d-11dc-a455-00400507e6f7}]
\Shell\AutoRun\command - G:\v.cmd
\Shell\explore\Command - G:\v.cmd
\Shell\open\Command - G:\v.cmd

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 20:44:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-29 20:46:14
ComboFix-quarantined-files.txt 2008-06-29 18:46:01
ComboFix2.txt 2008-05-08 09:59:11

Pre-Run: 1,208,082,432 bajtów wolnych
Post-Run: 1,328,218,112 bajtów wolnych

259

przez **bartisz** » 30 Cze 2008, 10:21

Pendrive wylecz programem Flash Disinfector
Wklej do Notatnika:

Kod: Zaznacz wszystko: File:: C:\WINDOWS\Internet Logs\xDB12.tmp C:\WINDOWS\Internet Logs\xDB13.tmp C:\WINDOWS\Internet Logs\xDB11.tmp C:\WINDOWS\Internet Logs\xDB10.tmp C:\WINDOWS\Internet Logs\xDBF.tmp C:\WINDOWS\Internet Logs\xDBD.tmp C:\WINDOWS\Internet Logs\xDBE.tmp C:\WINDOWS\Internet Logs\xDBB.tmp C:\WINDOWS\Internet Logs\xDBC.tmp C:\WINDOWS\Nircmd.exe G:\v.cmd Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik-->Zapisz jako... -->CFScript
Przeciągnij plik CFScript.txt na plik ComboFix.exe

Podczas usuwanie powstanie log. Wrzuć go na forum.
Po restarcie usuń folder C:\Qoobox.

log z combofixa - prośba o sprawdzenie

log z combofixa - prośba o sprawdzenie

Kto jest na forum