prosze o sprawdzenie loga

[pantik]

Kod: Zaznacz wszystko

ComboFix 09-02-10.03 - Programy 2009-02-11 17:04:40.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1535.943 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Programy\Moje dokumenty\ComboFix.exe
 * Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\adxfaebh.dll
c:\windows\system32\ddcDsstu.dll
c:\windows\system32\efcATLbb.dll
c:\windows\system32\hbeafxda.ini
c:\windows\system32\IikTEfhk.ini
c:\windows\system32\IikTEfhk.ini2
c:\windows\system32\inxgacqa.ini
c:\windows\system32\khfETkiI.dll.vir
c:\windows\system32\lsprst7.dll
c:\windows\system32\rwvfpdqj.ini
c:\windows\system32\ssprs.dll
c:\windows\system32\tcifklme.ini
c:\windows\system32\tmpPrst.dll
c:\windows\system32\utssDcdd.ini
c:\windows\system32\utssDcdd.ini2
c:\windows\system32\yvyqhald.ini

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-11 do 2009-02-11  )))))))))))))))))))))))))))))))
.

2009-02-11 00:10 . 2009-02-11 00:10   <DIR>   d--------   c:\documents and settings\Programy\.gstreamer-0.10
2009-02-11 00:06 . 2009-02-11 00:11   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\Nowe Gadu-Gadu
2009-02-08 12:05 . 2009-02-08 12:06   <DIR>   d--------   c:\program files\BS.Player ControlBar
2009-02-08 12:05 . 2009-02-08 12:05   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\BSplayer Pro
2009-02-08 12:05 . 2009-02-08 12:08   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\BSplayer
2009-02-05 21:52 . 2009-02-05 21:52   68,096   --a------   c:\windows\system32\ckmsulfq.dll
2009-02-04 16:46 . 2009-02-04 16:46   46,454   --a------   c:\windows\system32\opnnnnnm.dll
2009-01-30 17:11 . 2009-01-30 17:11   <DIR>   d--------   c:\documents and settings\LocalService\Dane aplikacji\X10 Commander
2009-01-30 10:27 . 2009-01-30 10:27   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\Promixis
2009-01-30 10:27 . 2009-01-30 10:27   <DIR>   d-a------   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-30 10:04 . 2009-02-08 20:33   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\X10 Settings
2009-01-30 10:03 . 2009-01-30 10:03   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\CyberLink
2009-01-30 10:02 . 2009-01-30 10:03   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\CyberLink
2009-01-30 10:01 . 2007-03-02 17:55   44,544   --a------   c:\windows\system32\msxml4a.dll
2009-01-30 09:58 . 2009-01-30 09:58   <DIR>   d--------   c:\program files\Cyberlink
2009-01-30 09:56 . 2009-01-30 09:56   <DIR>   d--------   c:\program files\X10 Hardware
2009-01-30 09:56 . 2009-01-30 09:56   <DIR>   d--------   c:\program files\Common Files\X10
2009-01-30 09:56 . 1999-06-25 09:56   127,184   --a------   c:\windows\Unwise.exe
2009-01-30 09:56 . 2005-05-19 15:52   17,792   --a------   c:\windows\system32\drivers\x10ufx2.sys
2009-01-29 12:31 . 2009-01-29 12:31   <DIR>   d--------   c:\documents and settings\Programy\DoctorWeb
2009-01-26 13:54 . 2005-08-09 05:00   77,824   --a------   c:\windows\system32\mpfilecom.ax
2009-01-22 22:19 . 2009-01-22 22:19   43,698   --a------   c:\windows\system32\xvid-uninstall.exe
2009-01-22 22:18 . 2009-01-22 22:18   <DIR>   d--------   c:\program files\Gabest
2009-01-22 22:17 . 2009-01-22 22:19   <DIR>   d--------   c:\program files\AutoGK
2009-01-22 21:58 . 2009-01-22 22:04   <DIR>   d--------   C:\ConverterOutput
2009-01-22 21:57 . 2009-01-22 21:57   <DIR>   d--------   c:\program files\Common Files\Download Manager
2009-01-22 21:57 . 2004-01-16 15:50   516,096   --a------   c:\windows\system32\CLVSDS.ax

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 14:42   138,512   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-02-11 14:41   201,440   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-02-09 21:45   1,996   ----a-w   c:\documents and settings\Programy\Dane aplikacji\wklnhst.dat
2009-02-09 11:02   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ESTsoft
2009-02-07 19:53   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\FileZilla
2009-02-03 19:34   ---------   d-----w   c:\program files\Google
2009-01-31 14:05   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Skype
2009-01-31 12:14   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\skypePM
2009-01-30 08:58   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-22 21:18   ---------   d-----w   c:\program files\AviSynth 2.5
2009-01-06 16:15   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ESET
2009-01-06 16:08   ---------   d-----w   c:\program files\EsetOnlineScanner
2009-01-06 15:55   ---------   d-----w   c:\program files\Trend Micro
2009-01-03 08:03   72,696   ----a-w   c:\documents and settings\Programy\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-12-27 21:23   ---------   d-----w   c:\program files\Avira
2008-12-27 21:23   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Avira
2008-12-27 19:52   4,608   ----a-w   c:\windows\system32\bbchlp.dll
2008-12-27 19:52   4,096   ----a-w   c:\windows\system32\drivers\bbcap.sys
2008-12-27 19:52   30,720   ----a-w   c:\windows\system32\bbcap.dll
2008-12-27 19:52   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\LogSys
2008-12-27 19:52   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Blueberry
2008-12-27 19:51   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\LogSys
2008-12-24 19:51   20   ---h--w   c:\documents and settings\All Users\Dane aplikacji\PKP_DLdw.DAT
2008-12-21 20:15   ---------   d-----w   c:\program files\Opera
2008-12-20 18:52   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Thunderbird
2008-12-20 15:11   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\FastStone
2008-12-20 15:10   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\DonationCoder
2008-12-20 15:10   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\DonationCoder
2008-12-17 20:39   ---------   d-----w   c:\program files\AlsRack
2008-12-17 20:00   ---------   d-----w   c:\program files\ScannerU
2008-12-15 20:15   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\JAlbum
2008-12-13 17:07   ---------   d-----w   c:\program files\epson
2008-12-13 16:35   20   ---h--w   c:\documents and settings\All Users\Dane aplikacji\PKP_DLdy.DAT
2008-12-13 16:35   ---------   d-----w   c:\program files\Common Files\Nikon
2008-12-11 22:58   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Ultima_T15
2008-12-11 22:58   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\EnterNHelp
2008-12-10 16:26   73,216   ----a-w   c:\windows\ST6UNST.EXE
2008-12-10 16:26   249,856   ------w   c:\windows\Setup1.exe
2008-11-26 20:34   66,872   ----a-w   c:\windows\system32\PnkBstrA.exe
2008-11-24 17:59   20   ---h--w   c:\documents and settings\All Users\Dane aplikacji\PKP_DLdu.DAT
2008-11-23 15:05   106,496   ----a-w   c:\windows\system32\ATL71.DLL
2008-11-23 14:57   2,048   ----a-w   c:\windows\system32\sysprs7.dll
2008-11-21 21:47   524,288   ----a-w   c:\windows\system32\DivXsm.exe
2008-11-21 21:47   3,596,288   ----a-w   c:\windows\system32\qt-dx331.dll
2008-11-21 21:46   200,704   ----a-w   c:\windows\system32\ssldivx.dll
2008-11-21 21:46   1,044,480   ----a-w   c:\windows\system32\libdivx.dll
2008-11-21 21:44   161,096   ----a-w   c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44   12,288   ----a-w   c:\windows\system32\DivXWMPExtType.dll
.

------- Sigcheck -------

2004-08-04 00:44  803840  fa593fc36ac2ed005c1ec09a3e991ec4   c:\windows\system32\wininet.dll
2004-08-04 00:44  803840  fa593fc36ac2ed005c1ec09a3e991ec4   c:\windows\system32\dllcache\wininet.dll
2004-08-04 00:44  658944  d37dafb534ac8343d59a1b501abe852c   c:\windows\VistaMizer\old\wininet.dll

2004-08-04 00:44  544256  87d414eba254e42649f4d0a00bb653c6   c:\windows\system32\winlogon.exe
2004-08-04 00:44  544256  87d414eba254e42649f4d0a00bb653c6   c:\windows\system32\dllcache\winlogon.exe
2004-08-04 00:44  504832  0344407089b08548d4feba62bb0f32d0   c:\windows\VistaMizer\old\winlogon.exe

2004-08-04 00:54  2315392  37e799d6050ae484152b039cc2f06e5d   c:\windows\system32\ntkrnlpa.exe
2004-08-04 00:54  2058112  44d1bc1b05e0c7c82e81687b79c653c7   c:\windows\VistaMizer\old\ntkrnlpa.exe

2004-08-04 00:39  2439552  c9d5b530332fe1f4c7c2189104da7ffd   c:\windows\system32\ntoskrnl.exe
2004-08-04 00:39  2182272  dcf53422b7edded3b7431fbae4a7ee3f   c:\windows\VistaMizer\old\ntoskrnl.exe

2004-08-04 00:44  1551872  fe6ddf00b672c3647b9f20e09b7774ee   c:\windows\explorer.exe
2004-08-04 00:44  1551872  fe6ddf00b672c3647b9f20e09b7774ee   c:\windows\system32\dllcache\explorer.exe
2004-08-04 00:44  1033728  379098a96e6c165b659de7e4328010ea   c:\windows\VistaMizer\old\explorer.exe

2004-08-04 00:44  25088  36eab91ffd244d3202830e417c45e0a5   c:\windows\system32\ctfmon.exe
2004-08-04 00:44  25088  36eab91ffd244d3202830e417c45e0a5   c:\windows\system32\dllcache\ctfmon.exe
2004-08-04 00:44  15360  cbfa30492d70ce3938d8a7783d0c0436   c:\windows\VistaMizer\old\ctfmon.exe

2004-08-04 00:44  112128  0e83c0f3d9594854e83df1051e694966   c:\windows\system32\wuauclt.exe
2004-08-04 00:44  112128  0e83c0f3d9594854e83df1051e694966   c:\windows\system32\dllcache\wuauclt.exe
2004-08-04 00:44  112128  ebf4ac22004504c422fc8b5ee5b6ffd1   c:\windows\VistaMizer\old\wuauclt.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 25088]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-03-09 61440]
"H/PC Connection Agent"="e:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"Nowe Gadu-Gadu"="d:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-06 9302632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"PCMService"="d:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-03-02 159744]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 184320]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 25088]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-25 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
--a------ 2004-03-04 04:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"g:\\GPS\\My Mobile\\MyMobiler\\MyMobiler.exe"=
"d:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"d:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"d:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"d:\\Program Files\\Promixis\\Girder5\\girder.exe"=
"d:\\Program Files\\Promixis\\Girder5\\grunt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2008-10-25 27704]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-12-27 4096]
S2 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [2008-09-08 15104]
S2 gupdate1c98635d09fa2a2;Google Update Service (gupdate1c98635d09fa2a2);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S3 3xHybrid;TV-Station DVR service;c:\windows\system32\drivers\3xHybrid.sys [2008-07-28 1121536]
S3 als4k;Avance Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [2008-09-10 28919]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\g:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt --> g:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt [?]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-08-06 428160]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2008-09-13 475136]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [2008-09-13 1474560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f316c72d-72ec-11dd-a93e-0050045641d3}]
\Shell\AutoRun\command - M:\USBNB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 20:29]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{67B22EC2-B18E-45FA-9074-2EA667E8E776} - c:\windows\system32\khfETkiI.dll
BHO-{6EF354A4-99C6-4DFB-B128-8AFFF517E583} - c:\windows\system32\ddcDsstu.dll
HKLM-Run-ec78b622 - c:\windows\system32\aqcagxni.dll
MSConfigStartUp-ec78b622 - c:\windows\system32\dlahqyvy.dll


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.bsplayer-search.com/startpage
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download All by FlashGet - d:\programy p2p i akceleratory\FlashGet\jc_all.htm
IE: Download using FlashGet - d:\programy p2p i akceleratory\FlashGet\jc_link.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 17:14:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EverestDriver]
"ImagePath"="\??\g:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
e:\progra~1\MICROS~1\rapimgr.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
d:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\hasplms.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-02-11 17:17:03 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-02-11 16:16:53
ComboFix2.txt  2009-01-07 15:38:47

Przed: 1 422 901 248 bajtów wolnych
Po: 1,447,153,664 bajtów wolnych

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
255


[djarta]

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
c:\windows\system32\ckmsulfq.dll
c:\windows\system32\opnnnnnm.dll


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.


=============
K.