Prosze o sprawdzenie loga

[madziula]

ComboFix 08-05-01.3 - m@reczek 2008-05-05 22:33:46.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.240 [GMT 2:00]
Running from: C:\Documents and Settings\m@reczek\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-05 22:20 . 2008-05-05 22:20 <DIR> d-------- C:\Program Files\Ontrack
2008-05-05 22:00 . 2008-05-05 22:00 <DIR> d-------- C:\Documents and Settings\m@reczek\Dane aplikacji\Lavasoft
2008-05-05 21:53 . 2008-05-05 21:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-05 21:53 . 2008-05-05 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-05-05 21:34 . 2008-05-05 21:34 <DIR> d-------- C:\Program Files\PowerQuest
2008-05-05 21:13 . 2008-05-05 21:13 <DIR> d-------- C:\Program Files\Runtime Software
2008-05-05 21:13 . 2008-05-05 21:13 <DIR> d-------- C:\Documents and Settings\m@reczek\WINDOWS
2008-05-05 21:13 . 1999-03-23 09:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-20 15:36 . 2008-04-20 15:36 <DIR> d-------- C:\Program Files\Sun
2008-04-20 15:35 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-20 15:34 . 2008-04-20 15:34 <DIR> d-------- C:\Program Files\Java
2008-04-20 15:33 . 2008-04-20 15:33 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-20 00:09 . 2008-04-20 00:09 <DIR> d-------- C:\Documents and Settings\m@reczek\Dane aplikacji\CyberLink
2008-04-20 00:09 . 2008-04-20 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-04-20 00:08 . 2008-04-20 00:08 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-04-20 00:07 . 2008-04-20 00:07 <DIR> d-------- C:\Program Files\CyberLink
2008-04-20 00:06 . 2008-04-20 00:06 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-04-16 17:01 . 2008-04-16 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\StatSoft
2008-04-16 16:58 . 1999-09-09 11:28 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll
2008-04-16 16:58 . 2001-03-05 12:11 98,304 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-04-16 16:57 . 2008-04-16 16:57 <DIR> d-------- C:\Program Files\StatSoft
2008-04-14 20:43 . 2008-04-14 20:43 <DIR> d-------- C:\Documents and Settings\m@reczek\Dane aplikacji\ACD Systems
2008-04-14 20:42 . 2008-04-14 20:42 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-04-14 20:42 . 2008-04-14 20:42 <DIR> d-------- C:\Program Files\ACD Systems
2008-04-14 20:42 . 2008-04-14 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
2008-04-13 20:27 . 2008-04-13 20:27 <DIR> d-------- C:\Documents and Settings\m@reczek\Dane aplikacji\Apple Computer
2008-04-13 20:26 . 2008-04-13 20:26 <DIR> d-------- C:\Program Files\QuickTime
2008-04-13 20:26 . 2008-04-29 22:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-13 20:26 . 2008-04-13 20:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-13 20:25 . 2008-04-13 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-04-11 11:57 . 2008-04-11 11:57 <DIR> dr-h----- C:\Documents and Settings\m@reczek\Dane aplikacji\SecuROM
2008-04-11 11:57 . 2008-04-11 11:57 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-11 10:39 . 2007-04-05 00:39 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-11 09:51 . 2008-04-11 09:51 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-10 22:02 . 2008-04-10 22:02 <DIR> d-------- C:\Documents and Settings\m@reczek\Dane aplikacji\Thunderbird
2008-04-10 22:02 . 2008-04-10 22:02 <DIR> d-------- C:\Documents and Settings\m@reczek\Dane aplikacji\Talkback
2008-04-10 22:02 . 2008-04-10 22:02 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-10 22:01 . 2008-04-10 22:01 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-04-10 16:52 . 2008-04-10 16:52 <DIR> dr------- C:\Documents and Settings\m@reczek\Dane aplikacji\Brother
2008-04-10 16:15 . 2008-04-10 16:15 <DIR> d-------- C:\Program Files\NewSoft
2008-04-10 16:15 . 2008-04-10 16:15 <DIR> d-------- C:\Program Files\Common Files\NewSoft
2008-04-10 16:15 . 2008-04-10 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Newsoft
2008-04-10 16:15 . 2008-04-10 16:15 1,845 --a------ C:\WINDOWS\if42le.ini
2008-04-10 16:15 . 2008-04-10 16:15 308 --a------ C:\WINDOWS\Pexplore.ini
2008-04-10 15:56 . 2008-04-10 15:57 404 --a------ C:\WINDOWS\BRWMARK.INI
2008-04-10 15:56 . 2008-04-10 15:56 50 --a------ C:\WINDOWS\system32\bridf07a.dat
2008-04-10 15:56 . 2008-04-10 15:57 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-04-10 15:55 . 2008-04-10 15:55 <DIR> d-------- C:\Program Files\Brother
2008-04-10 15:54 . 2008-04-10 15:54 <DIR> d-------- C:\Program Files\Nuance
2008-04-10 15:54 . 2008-04-10 15:54 <DIR> d-------- C:\Documents and Settings\m@reczek\Dane aplikacji\InstallShield
2008-04-10 15:53 . 2008-04-10 15:53 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-04-10 15:53 . 2008-04-10 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-04-10 15:53 . 2006-10-24 15:34 31,567 --a------ C:\WINDOWS\maxlink.ini
2008-04-10 15:52 . 2008-04-10 15:52 <DIR> d-------- C:\Program Files\ScanSoft
2008-04-10 15:52 . 2008-04-10 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft
2008-04-10 15:51 . 2008-04-10 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Brother
2008-04-10 10:29 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-10 10:29 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-10 10:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-10 10:29 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-09 23:39 . 2008-04-09 23:39 <DIR> d-------- C:\localtexmf
2008-04-09 23:33 . 2008-04-09 23:33 <DIR> d-------- C:\texmf
2008-04-09 14:40 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-09 14:40 . 2008-04-09 14:40 421 --a------ C:\WINDOWS\ODBC.INI
2008-04-09 14:38 . 2008-04-09 14:38 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-09 13:38 . 2008-04-09 13:38 <DIR> d-------- C:\Documents and Settings\m@reczek\Dane aplikacji\skypePM
2008-04-09 13:38 . 2008-04-09 13:38 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-09 13:36 . 2008-04-09 13:36 <DIR> d-------- C:\Documents and Settings\m@reczek\Dane aplikacji\Skype
2008-04-09 13:35 . 2008-04-09 13:35 <DIR> d-------- C:\Program Files\Skype
2008-04-09 13:35 . 2008-04-09 13:35 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-09 13:35 . 2008-04-09 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-08 21:38 . 2008-04-08 21:38 <DIR> d-------- C:\Program Files\BitLord
2008-04-08 14:18 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-04-08 14:00 . 2008-04-08 14:00 <DIR> d-------- C:\Documents and Settings\m@reczek\Dane aplikacji\AdobeUM
2008-04-08 13:03 . 2008-04-08 13:03 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-08 12:06 . 2008-04-17 18:30 156 --a------ C:\WINDOWS\matlab.ini
2008-04-08 12:03 . 2008-04-08 12:03 <DIR> d-a------ C:\MATLAB6p5
2008-04-08 11:39 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-07 21:38 . 2008-04-07 21:38 <DIR> d-------- C:\Documents and Settings\m@reczek\Dane aplikacji\Media Player Classic
2008-04-07 21:34 . 2008-04-07 21:34 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2008-04-07 17:29 . 2008-04-07 17:29 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-07 17:26 . 2008-04-07 17:26 <DIR> d-------- C:\Program Files\Kyodai Mahjongg 2006
2008-04-07 17:26 . 2008-04-07 17:26 32 --a------ C:\WINDOWS\CD_Start.INI
2008-04-07 17:17 . 2008-04-07 17:17 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-04-07 17:17 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-04-07 17:17 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-04-07 17:15 . 2008-04-07 17:15 <DIR> d-------- C:\totalcmd
2008-04-07 17:15 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\UC.PIF
2008-04-07 17:15 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-07 17:15 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-07 17:15 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-07 17:15 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-07 17:15 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-07 17:15 . 2006-02-16 06:54 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-07 17:15 . 2008-05-05 21:53 406 --a------ C:\WINDOWS\wincmd.ini
2008-04-07 17:14 . 2008-04-07 17:14 <DIR> d-------- C:\Program Files\Damian Pasternak
2008-04-07 17:07 . 2008-04-07 17:07 <DIR> d-------- C:\Program Files\Winamp
2008-04-07 17:07 . 2008-05-01 08:15 95 --a------ C:\WINDOWS\winamp.ini
2008-04-07 17:04 . 2008-04-07 17:04 <DIR> d-------- C:\Documents and Settings\m@reczek\Dane aplikacji\Gadu-Gadu
2008-04-07 17:03 . 2008-04-07 17:03 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-07 17:03 . 2008-04-07 17:03 <DIR> d-------- C:\Documents and Settings\m@reczek\Gadu-Gadu
2008-04-07 16:50 . 2008-04-07 16:50 <DIR> d-------- C:\Program Files\MarBit
2008-04-07 16:46 . 2008-04-07 16:46 <DIR> d-------- C:\Program Files\Real Alternative
2008-04-07 16:46 . 2008-04-07 16:46 <DIR> d-------- C:\Program Files\Media Player Classic
2008-04-07 16:40 . 2008-04-07 16:40 <DIR> d-------- C:\Program Files\Opera
2008-04-07 16:35 . 2008-04-07 16:35 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-07 16:31 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-07 16:30 . 2008-04-07 16:30 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-07 16:30 . 2008-04-07 16:30 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-07 16:29 . 2008-04-07 16:29 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-07 16:29 . 2008-04-07 16:29 <DIR> d-------- C:\ATI
2008-04-07 15:47 . 2008-04-07 15:47 <DIR> d--hs---- C:\Recycled
2008-04-07 15:09 . 2008-04-07 15:09 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-07 15:06 . 2008-04-07 15:06 <DIR> d---s---- C:\Documents and Settings\m@reczek\UserData
2008-04-07 15:02 . 2008-04-07 14:29 <DIR> d--h----- C:\Documents and Settings\m@reczek\Ustawienia lokalne
2008-04-07 15:02 . 2008-04-07 15:02 <DIR> dr------- C:\Documents and Settings\m@reczek\Ulubione
2008-04-07 15:02 . 2008-04-07 14:29 <DIR> d--h----- C:\Documents and Settings\m@reczek\Szablony
2008-04-07 15:02 . 2008-04-07 14:29 <DIR> d-------- C:\Documents and Settings\m@reczek\Pulpit
2008-04-07 15:02 . 2008-04-07 15:02 <DIR> dr------- C:\Documents and Settings\m@reczek\Moje dokumenty
2008-04-07 15:02 . 2008-04-07 14:29 <DIR> dr------- C:\Documents and Settings\m@reczek\Menu Start
2008-04-07 15:02 . 2008-04-07 14:29 <DIR> dr-h----- C:\Documents and Settings\m@reczek\Dane aplikacji
2008-04-07 15:02 . 2008-04-07 15:02 <DIR> d-------- C:\Documents and Settings\m@reczek
2008-04-07 15:02 . 2008-05-05 22:32 700,416 --ah----- C:\Documents and Settings\m@reczek\NTUSER.DAT.LOG
2008-04-07 15:02 . 2008-04-07 15:02 13,588 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-07 15:02 . 2008-04-07 15:02 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 12:18 155,995 ----a-w C:\WINDOWS\java\Packages\3FTJD3TZ.ZIP
2008-04-07 12:52 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-07 12:49 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:11 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:35 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 21:12 30248]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 21:10 46632]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 13:46 255528]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 14:51 663552]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 15:58 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-13 20:26 155648]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 12:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 12:50]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 18:00:02 C:\WINDOWS\Tasks\At1.job"
- C:\Documents
"2008-04-11 16:34:18 C:\WINDOWS\Tasks\At2.job"
- C:\Documents
"2008-04-11 16:34:18 C:\WINDOWS\Tasks\At3.job"
- C:\Documents
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 22:35:34
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
?:\WINDOWS\System32\CSCDLL.dll
.
Completion time: 2008-05-05 22:36:19
ComboFix-quarantined-files.txt 2008-05-05 20:36:14

Pre-Run: 4,982,775,808 bajtów wolnych
Post-Run: 5,068,480,512 bajtów wolnych

239 --- E O F --- 2008-04-11 07:51:56

[huber2t]

W logu nic nie widzę

Występują jakieś problemy?[/code]

[filu78]

czy też mógł byś mi sprawdzić loga
ComboFix 08-05-01.3 - Jasiu 2008-05-06 11:16:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.333 [GMT 2:00]
Running from: C:\Documents and Settings\Jasiu\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\install.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-04 19:27 . 2008-03-21 22:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-04 16:20 . 2008-05-04 16:20 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-08 16:26 . 2008-04-08 16:26 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-07 17:16 . 2008-04-07 17:23 <DIR> d-------- C:\Program Files\ALPHA99
2008-04-07 17:16 . 2008-04-07 17:16 <DIR> d-------- C:\LICOMDIR
2008-04-07 17:16 . 2008-04-07 17:16 <DIR> d-------- C:\LICOMDAT
2008-04-07 17:16 . 2008-04-07 17:16 <DIR> d-------- C:\LICOMCFG
2008-04-07 17:16 . 2008-04-07 17:16 <DIR> d-------- C:\CADFILES
2008-04-07 17:04 . 2008-04-07 17:07 156 --a------ C:\WINDOWS\matlab.ini
2008-04-07 16:54 . 1998-09-20 02:57 645,120 --a------ C:\WINDOWS\system32\config.gms
2008-04-07 16:51 . 2008-04-07 17:11 <DIR> d-a------ C:\MATLAB6p5
2008-04-06 21:59 . 2008-04-06 21:59 262 --a------ C:\WINDOWS\avwin.ini
2008-04-06 21:46 . 2008-04-06 21:46 0 --a------ C:\npcsi.ini
2008-04-06 21:39 . 2008-04-06 21:59 11 --a------ C:\WINDOWS\avx.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 09:19 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\Skype
2008-05-06 09:11 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-06 09:08 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-06 07:23 --------- d-----w C:\Program Files\Lx_cats
2008-05-06 07:23 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\skypePM
2008-05-04 17:27 --------- d-----w C:\Program Files\DivX
2008-05-04 16:06 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\ArcSoft
2008-04-26 06:46 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\AdobeUM
2008-04-06 19:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 09:44 --------- d-----w C:\Program Files\Common Files\Mikron Infrared
2008-03-13 07:03 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-03-13 07:03 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-13 07:01 --------- d-----w C:\Program Files\Java
2008-03-04 16:04 541 ---ha-w C:\os629005.bin
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-01 15:32 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"FreeCall"="c:\program files\freecall.com\freecall\freecall.exe" [ ]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 19:25 1961984]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-18 18:29 77824]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 13:27 497176]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 13:28 756248]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 15:44 73728]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 02:17 192512]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-02-18 18:26:30 57344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23676:TCP"= 23676:TCP:BitComet 23676 TCP
"23676:UDP"= 23676:UDP:BitComet 23676 UDP

R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 20:49]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 18:31]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys [2005-06-02 20:59]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys [2005-06-02 19:27]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 11:20:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-05-06 11:25:04 - machine was rebooted [Jasiu]
ComboFix-quarantined-files.txt 2008-05-06 09:24:59

Pre-Run: 66,230,738,944 bajtów wolnych
Post-Run: 66,529,566,720 bajt˘w wolnych

144 --- E O F --- 2008-04-09 13:14:42

[huber2t]

W logu nic nie widać

[filu78]

ale mam wirusa na pendrive wykrywa mi avast cały czads i nie moge go usunąć

[huber2t]

Podłącz pendrive do komputera i przeskanuj wtedy combofixem