prosze o sprawdzenie loga

[pantik]

Kod: Zaznacz wszystko

ComboFix 09-04-04.01 - Programy 2009-04-11 18:14:49.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1535.984 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Programy\Moje dokumenty\Moje wideo\ComboFix.exe
 * Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\Programy\USTAWI~1\Temp\[u]0[/u].EXE
C:\ij.bat
c:\windows\system32\drivers\ntndis.exe
c:\windows\system32\gasretyw0.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\pthreadGC2.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\tmpPrst.dll
c:\windows\system32\UACetytyjwy.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACrivpmoto.dll
c:\windows\system32\UACuxjettkk.dll
D:\Autorun.inf
D:\ij.bat
E:\Autorun.inf
E:\ij.bat
F:\Autorun.inf
F:\ij.bat
G:\Autorun.inf
G:\ij.bat

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-03-11 do 2009-04-11  )))))))))))))))))))))))))))))))
.

2009-04-11 17:56 . 2009-04-11 17:56   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-04-11 16:06 . 2007-09-21 02:52   118,784   --a------   c:\windows\system32\ac3acm.acm
2009-04-11 13:08 . 2009-04-11 17:57   8   --a------   c:\windows\system32\nvModes.dat
2009-04-11 12:29 . 2008-12-07 20:08   795,648   --a------   c:\windows\system32\xvidcore.dll
2009-04-11 12:29 . 2006-04-02 14:47   630,784   --a------   c:\windows\system32\vp7vfw.dll
2009-04-11 12:29 . 2004-01-25 18:18   217,088   --a------   c:\windows\system32\yv12vfw.dll
2009-04-11 12:29 . 2008-09-16 21:23   168,448   --a------   c:\windows\system32\unrar.dll
2009-04-11 12:29 . 2008-12-07 20:08   130,048   --a------   c:\windows\system32\xvidvfw.dll
2009-04-11 12:29 . 2009-03-02 20:10   67,584   --a------   c:\windows\system32\ff_vfw.dll
2009-04-11 12:29 . 2004-05-18 20:16   39,936   --a------   c:\windows\system32\huffyuv.dll
2009-04-11 12:29 . 2007-07-10 18:10   547   --a------   c:\windows\system32\ff_vfw.dll.manifest
2009-04-11 12:29 . 2008-10-03 14:30   414   --a------   c:\windows\system32\lame_acm.xml
2009-04-05 11:21 . 2009-04-05 11:21   <DIR>   d--------   c:\program files\NCH Software
2009-04-05 11:21 . 2009-04-05 11:21   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\NCH Swift Sound
2009-04-05 11:21 . 2009-04-05 11:21   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\NCH Swift Sound
2009-04-05 11:21 . 2009-04-05 11:21   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\NCH Software
2009-04-05 11:21 . 2009-04-05 11:21   27,136   --a------   c:\windows\system32\drivers\nchssvad.sys
2009-04-05 11:20 . 2009-04-05 11:21   <DIR>   d--------   c:\program files\NCH Swift Sound
2009-04-05 10:21 . 2009-04-05 10:21   <DIR>   d--------   c:\program files\Astroburn
2009-04-05 10:21 . 2009-04-05 10:22   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\Astroburn
2009-04-05 09:52 . 2009-04-05 10:12   <DIR>   d--------   c:\program files\Aurora DVD Copy
2009-04-05 09:52 . 2009-04-05 10:12   <DIR>   d--------   c:\program files\AoA DVD Copy
2009-04-05 09:52 . 2009-04-05 09:52   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\dvdcss
2009-04-04 22:37 . 2009-04-04 22:44   <DIR>   d--------   C:\videooutput
2009-04-04 22:37 . 2009-04-04 22:37   <DIR>   d--------   c:\program files\Free FLV to AVI Converter
2009-04-04 22:37 . 2007-03-07 00:45   3,086,336   --a------   c:\windows\system32\NCMedia.dll
2009-04-04 22:37 . 2007-03-07 00:45   3,086,336   --a------   c:\windows\system32\flvvideo.dll
2009-04-04 22:37 . 2007-02-25 15:36   383,238   --a------   c:\windows\system32\libmp3lame-0.dll
2009-03-30 22:35 . 2009-03-30 22:35   84   --a------   c:\windows\avrack.ini
2009-03-30 16:43 . 2009-03-30 16:43   38   --a------   c:\windows\system32\fun.bat
2009-03-26 22:18 . 2009-03-26 00:19   38,517   --a------   c:\windows\system32\725288650.b56ff4.exe
2009-03-26 19:12 . 2009-04-05 07:25   194   --a------   c:\windows\apdfpr.ini
2009-03-26 00:05 . 2009-03-26 00:06   163   --a------   c:\windows\AIMPR.INI
2009-03-25 19:13 . 2009-03-25 19:13   60,416   --a------   c:\windows\ALCFDRTM.EXE
2009-03-25 18:58 . 2009-03-25 18:58   <DIR>   d--------   c:\windows\system32\RTCOM
2009-03-25 18:58 . 2007-12-20 17:47   16,860,672   --a------   c:\windows\RTHDCPL.exe
2009-03-25 18:58 . 2007-03-23 20:19   9,715,200   --a------   c:\windows\RTLCPL.exe
2009-03-25 18:58 . 2007-12-20 19:00   4,637,696   --a------   c:\windows\system32\drivers\RtkHDAud.sys
2009-03-25 18:58 . 2006-05-04 17:26   2,808,832   --a------   c:\windows\alcwzrd.exe
2009-03-25 18:58 . 2007-06-28 17:44   2,165,760   --a------   c:\windows\MicCal.exe
2009-03-25 18:58 . 2007-11-20 19:15   1,826,816   --a------   c:\windows\SkyTel.exe
2009-03-25 18:58 . 2007-11-07 18:31   1,191,936   --a------   c:\windows\RtlUpd.exe
2009-03-25 18:58 . 2006-08-18 07:58   282,624   --a------   c:\windows\system32\RTSndMgr.cpl
2009-03-25 18:58 . 2005-05-03 19:43   69,632   --a------   c:\windows\Alcmtr.exe
2009-03-25 18:58 . 2006-08-01 16:02   49,152   --a------   c:\windows\system32\ChCfg.exe
2009-03-25 18:58 . 2007-11-14 16:18   553   --a------   c:\windows\USetup.iss
2009-03-25 18:57 . 2009-03-25 18:57   <DIR>   d--------   c:\program files\Realtek
2009-03-25 18:57 . 2007-07-26 18:09   520,192   --a------   c:\windows\RtlExUpd.dll
2009-03-25 18:57 . 2009-03-25 18:57   315,392   --a------   c:\windows\HideWin.exe
2009-03-23 22:46 . 2009-03-23 22:46   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\Broad Intelligence
2009-03-23 22:41 . 2009-03-23 23:07   <DIR>   d--------   c:\program files\MediaCoder
2009-03-21 16:05 . 2004-05-04 11:53   1,645,320   --a------   c:\windows\system32\gdiplus.dll
2009-03-15 20:32 . 2009-03-15 20:44   <DIR>   d--------   c:\windows\Icons
2009-03-15 20:22 . 2004-06-18 14:07   656,542   --a------   C:\271_icol.dll
2009-03-15 20:20 . 2009-03-15 20:20   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\FindeXer
2009-03-15 20:08 . 2009-03-15 20:08   152,175   --a------   c:\windows\BricoPackUninst.cmd
2009-03-15 20:06 . 2009-03-15 20:06   <DIR>   d--------   c:\program files\RK Launcher
2009-03-15 20:06 . 2009-03-15 20:11   <DIR>   d--------   c:\program files\iColorFolder
2009-03-15 20:06 . 2009-03-15 20:59   <DIR>   d--------   c:\program files\CursorXP
2009-03-15 20:05 . 2009-03-15 20:05   3,936,310   --a------   c:\windows\BricoPack Wallpaper.bmp
2009-03-15 20:02 . 2009-03-15 20:08   8,206   --a------   c:\windows\BricoPackFoldersDelete.cmd
2009-03-15 20:01 . 2009-03-15 20:01   <DIR>   d--------   c:\windows\BricoPacks
2009-03-15 14:52 . 2009-03-15 14:52   8,294,454   --a------   c:\windows\startup.bmp
2009-03-15 14:50 . 2004-08-04 01:39   2,182,272   --a------   c:\windows\system32\ntoskrnl.exe.zottel
2009-03-15 14:50 . 2004-08-04 01:54   2,058,112   --a------   c:\windows\system32\ntkrnlpa.exe.zottel
2009-03-15 11:31 . 2009-03-15 19:39   25   --a------   c:\windows\mixerdef.ini
2009-03-12 19:04 . 2009-03-12 20:38   <DIR>   d--------   c:\documents and settings\growe\Dane aplikacji\BSplayer
2009-03-12 16:27 . 2004-12-10 10:03   438,272   --a------   c:\windows\system32\vp6vfw.dll
2009-03-12 00:36 . 2009-03-12 00:36   <DIR>   d--------   c:\documents and settings\growe\Dane aplikacji\Media Player Classic
2009-03-12 00:34 . 2009-03-12 00:34   <DIR>   d--------   c:\documents and settings\growe\Dane aplikacji\DivX
2009-03-12 00:23 . 2009-04-11 18:17   <DIR>   d--h-----   c:\documents and settings\growe\Ustawienia lokalne
2009-03-12 00:23 . 2009-03-12 00:23   <DIR>   dr-------   c:\documents and settings\growe\Ulubione
2009-03-12 00:23 . 2008-07-25 20:46   <DIR>   d--h-----   c:\documents and settings\growe\Szablony
2009-03-12 00:23 . 2009-03-12 17:43   <DIR>   d--------   c:\documents and settings\growe\Pulpit
2009-03-12 00:23 . 2009-03-13 18:18   <DIR>   dr-------   c:\documents and settings\growe\Moje dokumenty
2009-03-12 00:23 . 2008-07-25 22:39   <DIR>   dr-------   c:\documents and settings\growe\Menu Start
2009-03-12 00:23 . 2009-04-05 07:31   <DIR>   dr-h-----   c:\documents and settings\growe\Dane aplikacji
2009-03-12 00:23 . 2009-04-05 07:27   <DIR>   d--------   c:\documents and settings\growe
2009-03-11 09:08 . 2009-03-11 09:08   <DIR>   d--------   c:\windows\Pocket Tanks

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 14:07   ---------   d-----w   c:\program files\K-Lite Codec Pack
2009-04-11 13:35   20   ---h--w   c:\documents and settings\All Users\Dane aplikacji\PKP_DLdw.DAT
2009-04-11 10:27   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\DivX
2009-04-10 18:56   138,512   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-04-10 18:55   201,440   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-04-08 19:36   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\FileZilla
2009-04-06 20:43   2,734   ----a-w   c:\documents and settings\Programy\Dane aplikacji\wklnhst.dat
2009-04-05 14:19   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-20 19:53   20   ---h--w   c:\documents and settings\All Users\Dane aplikacji\PKP_DLdu.DAT
2009-03-19 16:00   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\BSplayer
2009-03-15 21:21   ---------   d-----w   c:\program files\Google
2009-03-15 18:36   163,712   ----a-w   c:\windows\system32\drivers\vidstub.sys
2009-03-15 13:14   ---------   d-----w   c:\program files\Opera
2009-03-15 12:52   219,648   ----a-w   c:\windows\system32\uxtheme.dll
2009-03-08 23:09   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\skypePM
2009-03-08 22:36   13,312   ----a-w   c:\windows\system32\lsass.exe
2009-03-08 22:36   108,544   ----a-w   c:\windows\system32\services.exe
2009-03-08 22:32   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Lavasoft
2009-03-08 21:44   ---------   d-----w   c:\program files\Porta2
2009-03-08 20:09   ---------   d-----w   c:\program files\Porta
2009-03-08 14:20   ---------   d-----w   c:\program files\APOD
2009-03-02 18:04   176,640   ----a-w   c:\windows\Max_delete.exe
2009-03-02 15:01   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Locktime
2009-03-02 15:00   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Locktime
2009-03-01 10:03   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Ashampoo Photo Commander 4
2009-03-01 10:02   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Samsung
2009-02-28 21:33   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Morpheus Software
2009-02-28 16:24   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Skype
2009-02-28 11:55   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\HTML Executable
2009-02-28 11:55   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Desktopicon
2009-02-27 14:59   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-02-27 14:49   ---------   d-----w   c:\program files\Common Files\Adobe
2009-02-27 14:49   ---------   d-----w   c:\program files\Bonjour
2009-02-27 14:36   ---------   d-----w   c:\program files\Common Files\Macrovision Shared
2009-02-25 16:17   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-24 19:08   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\ipla
2009-02-24 19:08   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ipla
2009-02-22 17:02   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Pinnacle
2009-02-11 17:34   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Nowe Gadu-Gadu
2009-02-05 20:52   68,096   ----a-w   c:\windows\system32\ckmsulfq.dll
2009-02-04 15:46   46,454   ----a-w   c:\windows\system32\opnnnnnm.dll
2009-01-22 21:19   43,698   ----a-w   c:\windows\system32\xvid-uninstall.exe
2009-01-03 08:03   72,696   ----a-w   c:\documents and settings\Programy\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-12-13 16:35   20   ---h--w   c:\documents and settings\All Users\Dane aplikacji\PKP_DLdy.DAT
.

------- Sigcheck -------

2004-08-04 01:44  803840  fa593fc36ac2ed005c1ec09a3e991ec4   c:\windows\system32\Wininet.dll
2004-08-04 01:44  2392064  61b2f9979436aec1fd262e1ef613a054   c:\windows\system32\dllcache\Wininet.dll

2004-08-04 01:44  544256  87d414eba254e42649f4d0a00bb653c6   c:\windows\system32\winlogon.exe
2004-08-04 01:44  544256  87d414eba254e42649f4d0a00bb653c6   c:\windows\system32\dllcache\winlogon.exe

2004-08-04 01:44  1551872  fe6ddf00b672c3647b9f20e09b7774ee   c:\windows\explorer.exe
2004-08-04 01:44  3189248  1b6381c9ad4231a0e450963997c115ae   c:\windows\system32\dllcache\explorer.exe

2004-08-04 01:44  25088  36eab91ffd244d3202830e417c45e0a5   c:\windows\system32\ctfmon.exe
2004-08-04 01:44  25088  36eab91ffd244d3202830e417c45e0a5   c:\windows\system32\dllcache\ctfmon.exe

2004-08-04 01:44  112128  0e83c0f3d9594854e83df1051e694966   c:\windows\system32\wuauclt.exe
2004-08-04 01:44  762880  ceecca1f0ba939c1eeb850956f57a8ca   c:\windows\system32\dllcache\wuauclt.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 25088]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"Nowe Gadu-Gadu"="d:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-06 9302632]
"Odkurzacz-MCD"="e:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
"H/PC Connection Agent"="e:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 25088]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
--a------ 2004-03-04 05:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2007-03-02 18:55 159744 d:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
--a------ 2006-07-18 16:15 49152 c:\windows\VMSnap3.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"d:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"d:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"d:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\Common Files\\Smarthome\\Device Manager\\SDM3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"d:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2008-10-25 27704]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-12-27 4096]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S2 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [2008-09-08 15104]
S2 gupdate1c98635d09fa2a2;Google Update Service (gupdate1c98635d09fa2a2);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S3 3xHybrid;TV-Station DVR service;c:\windows\system32\drivers\3xHybrid.sys [2008-07-28 1121536]
S3 als4k;Avance Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [2008-09-10 28919]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\g:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt --> g:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt [?]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-08-06 428160]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2008-09-13 475136]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [2008-09-13 1474560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f316c72d-72ec-11dd-a93e-0050045641d3}]
\Shell\AutoRun\command - M:\USBNB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.bsplayer-search.com/startpage
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download All by FlashGet - d:\programy p2p i akceleratory\FlashGet\jc_all.htm
IE: Download using FlashGet - d:\programy p2p i akceleratory\FlashGet\jc_link.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 18:17:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\EverestDriver]
"ImagePath"="\??\g:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,14,d4,2c,d6,be,
   31,d5,29,c8,28,51,af,b0,29,a3,98,a4,1f,b7,78,d9,80,05,33,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,e0,57,c3,4b,f4,
   cc,39,13,71,3b,04,66,8b,46,0d,96,fd,71,19,28,8a,1a,67,5f,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,59,d6,cd,1e,
   0b,93,01,25,da,ec,7e,55,20,c9,26,b7,1d,8c,78,07,be,0a,9d,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,74,90,e1,b4,32,
   75,a1,68,3e,1e,9e,e0,57,5a,93,61,38,d8,e4,20,84,3f,ed,41,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,39,99,5e,7d,2c,
   5f,b5,d3,cd,44,cd,b9,a6,33,6c,cd,30,fa,1e,32,56,ff,81,2f,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,63,2e,3c,90,d4,
   b1,27,0c,b0,18,ed,a7,3f,8d,37,a4,bd,85,26,24,87,d8,92,75,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,da,d8,4c,74,e4,
   ad,83,b6,31,77,e1,ba,b1,f8,68,02,2a,51,03,00,d5,ef,fd,25,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,0e,2c,fb,fb,da,
   66,bb,83,83,6c,56,8b,a0,85,96,ab,a2,ab,f5,d5,28,9e,02,16,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b3,be,df,9f,32,
   85,0c,3e,51,fa,6e,91,28,9e,14,cc,5b,47,f5,78,15,7a,b4,04,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,1f,aa,4e,fc,38,
   94,73,b3,b1,cd,45,5a,a8,c4,f8,b9,36,36,8e,7b,97,a2,3e,b3,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,08,54,5e,2c,44,
   37,97,a6,e3,0e,66,d5,eb,bc,2f,6b,ef,0b,a2,6a,76,17,9f,e8,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,3d,62,78,7c,d6,
   45,d4,8a,fa,ea,66,7f,d4,3b,6b,70,af,2e,54,c6,12,5c,d5,d7,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Xanthic\{EAC0842F-9764-03DD-A0B6-5FFFB48AD6EB}*_]
"fr"="078F5055595543"
"lr"="078F4C755A5253"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
Czas ukończenia: 2009-04-11 18:20:13
ComboFix-quarantined-files.txt  2009-04-11 16:19:45

Przed: 1 933 393 920 bajtów wolnych
Po: 2,133,954,560 bajtów wolnych

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
343

jaki byscie mi polecili dobry darmowy antyvirus, oczywiście poza avastem i avira bo avira jakos zawsze mi duzo znajduje ale niewiele kasuje lub naprawia

[AJAN]

Wylecz pendriva lub kartę pamięci
Perlovga Removal Tool
Flash Disinfector
lub format
Pobierz ComboFix, ale nie uruchamiaj

Zaznacz, wklej do notatnika, i zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe
Na czas skanowania proszę wyłączyć wszelkie zapory i antyvirusy

Kod: Zaznacz wszystko

File::
c:\windows\system32\vp7vfw.dll
c:\windows\system32\yv12vfw.dll
c:\windows\system32\huffyuv.dll
c:\windows\system32\fun.bat
c:\windows\system32\725288650.b56ff4.exe
c:\windows\apdfpr.ini
c:\windows\AIMPR.INI
C:\271_icol.dll
c:\windows\system32\vp6vfw.dll
c:\windows\system32\ckmsulfq.dll
c:\windows\system32\opnnnnnm.dll
M:\USBNB.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]



Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum
- jak na obrazku

Loga wklejasz na WKLEJ EU lub WKLEJ a w poście daj linka

[pantik]

wynik

Kod: Zaznacz wszystko

ComboFix 09-04-04.01 - Programy 2009-04-11 23:29:25.7 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1535.962 [GMT 2:00]
Uruchomiony z: D:\ComboFix.exe
Użyto następujących komend :: D:\CFScript.txt
 * Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::
C:\271_icol.dll
c:\windows\AIMPR.INI
c:\windows\apdfpr.ini
c:\windows\system32\725288650.b56ff4.exe
c:\windows\system32\ckmsulfq.dll
c:\windows\system32\fun.bat
c:\windows\system32\huffyuv.dll
c:\windows\system32\opnnnnnm.dll
c:\windows\system32\vp6vfw.dll
c:\windows\system32\vp7vfw.dll
c:\windows\system32\yv12vfw.dll
M:\USBNB.exe
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-03-11 do 2009-04-11  )))))))))))))))))))))))))))))))
.

2009-04-11 17:56 . 2009-04-11 17:56   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-04-11 16:06 . 2007-09-21 02:52   118,784   --a------   c:\windows\system32\ac3acm.acm
2009-04-11 13:08 . 2009-04-11 17:57   8   --a------   c:\windows\system32\nvModes.dat
2009-04-11 12:29 . 2008-12-07 20:08   795,648   --a------   c:\windows\system32\xvidcore.dll
2009-04-11 12:29 . 2008-09-16 21:23   168,448   --a------   c:\windows\system32\unrar.dll
2009-04-11 12:29 . 2008-12-07 20:08   130,048   --a------   c:\windows\system32\xvidvfw.dll
2009-04-11 12:29 . 2009-03-02 20:10   67,584   --a------   c:\windows\system32\ff_vfw.dll
2009-04-11 12:29 . 2007-07-10 18:10   547   --a------   c:\windows\system32\ff_vfw.dll.manifest
2009-04-11 12:29 . 2008-10-03 14:30   414   --a------   c:\windows\system32\lame_acm.xml
2009-04-05 11:21 . 2009-04-05 11:21   <DIR>   d--------   c:\program files\NCH Software
2009-04-05 11:21 . 2009-04-05 11:21   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\NCH Swift Sound
2009-04-05 11:21 . 2009-04-05 11:21   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\NCH Swift Sound
2009-04-05 11:21 . 2009-04-05 11:21   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\NCH Software
2009-04-05 11:21 . 2009-04-05 11:21   27,136   --a------   c:\windows\system32\drivers\nchssvad.sys
2009-04-05 11:20 . 2009-04-05 11:21   <DIR>   d--------   c:\program files\NCH Swift Sound
2009-04-05 10:21 . 2009-04-05 10:21   <DIR>   d--------   c:\program files\Astroburn
2009-04-05 10:21 . 2009-04-05 10:22   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\Astroburn
2009-04-05 09:52 . 2009-04-05 10:12   <DIR>   d--------   c:\program files\Aurora DVD Copy
2009-04-05 09:52 . 2009-04-05 10:12   <DIR>   d--------   c:\program files\AoA DVD Copy
2009-04-05 09:52 . 2009-04-05 09:52   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\dvdcss
2009-04-04 22:37 . 2009-04-04 22:44   <DIR>   d--------   C:\videooutput
2009-04-04 22:37 . 2009-04-04 22:37   <DIR>   d--------   c:\program files\Free FLV to AVI Converter
2009-04-04 22:37 . 2007-03-07 00:45   3,086,336   --a------   c:\windows\system32\NCMedia.dll
2009-04-04 22:37 . 2007-03-07 00:45   3,086,336   --a------   c:\windows\system32\flvvideo.dll
2009-04-04 22:37 . 2007-02-25 15:36   383,238   --a------   c:\windows\system32\libmp3lame-0.dll
2009-03-30 22:35 . 2009-03-30 22:35   84   --a------   c:\windows\avrack.ini
2009-03-25 19:13 . 2009-03-25 19:13   60,416   --a------   c:\windows\ALCFDRTM.EXE
2009-03-25 18:58 . 2009-03-25 18:58   <DIR>   d--------   c:\windows\system32\RTCOM
2009-03-25 18:58 . 2007-12-20 17:47   16,860,672   --a------   c:\windows\RTHDCPL.exe
2009-03-25 18:58 . 2007-03-23 20:19   9,715,200   --a------   c:\windows\RTLCPL.exe
2009-03-25 18:58 . 2007-12-20 19:00   4,637,696   --a------   c:\windows\system32\drivers\RtkHDAud.sys
2009-03-25 18:58 . 2006-05-04 17:26   2,808,832   --a------   c:\windows\alcwzrd.exe
2009-03-25 18:58 . 2007-06-28 17:44   2,165,760   --a------   c:\windows\MicCal.exe
2009-03-25 18:58 . 2007-11-20 19:15   1,826,816   --a------   c:\windows\SkyTel.exe
2009-03-25 18:58 . 2007-11-07 18:31   1,191,936   --a------   c:\windows\RtlUpd.exe
2009-03-25 18:58 . 2006-08-18 07:58   282,624   --a------   c:\windows\system32\RTSndMgr.cpl
2009-03-25 18:58 . 2005-05-03 19:43   69,632   --a------   c:\windows\Alcmtr.exe
2009-03-25 18:58 . 2006-08-01 16:02   49,152   --a------   c:\windows\system32\ChCfg.exe
2009-03-25 18:58 . 2007-11-14 16:18   553   --a------   c:\windows\USetup.iss
2009-03-25 18:57 . 2009-03-25 18:57   <DIR>   d--------   c:\program files\Realtek
2009-03-25 18:57 . 2007-07-26 18:09   520,192   --a------   c:\windows\RtlExUpd.dll
2009-03-25 18:57 . 2009-03-25 18:57   315,392   --a------   c:\windows\HideWin.exe
2009-03-23 22:46 . 2009-03-23 22:46   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\Broad Intelligence
2009-03-23 22:41 . 2009-03-23 23:07   <DIR>   d--------   c:\program files\MediaCoder
2009-03-21 16:05 . 2004-05-04 11:53   1,645,320   --a------   c:\windows\system32\gdiplus.dll
2009-03-15 20:32 . 2009-03-15 20:44   <DIR>   d--------   c:\windows\Icons
2009-03-15 20:20 . 2009-03-15 20:20   <DIR>   d--------   c:\documents and settings\Programy\Dane aplikacji\FindeXer
2009-03-15 20:08 . 2009-03-15 20:08   152,175   --a------   c:\windows\BricoPackUninst.cmd
2009-03-15 20:06 . 2009-03-15 20:06   <DIR>   d--------   c:\program files\RK Launcher
2009-03-15 20:06 . 2009-03-15 20:11   <DIR>   d--------   c:\program files\iColorFolder
2009-03-15 20:06 . 2009-03-15 20:59   <DIR>   d--------   c:\program files\CursorXP
2009-03-15 20:05 . 2009-03-15 20:05   3,936,310   --a------   c:\windows\BricoPack Wallpaper.bmp
2009-03-15 20:02 . 2009-03-15 20:08   8,206   --a------   c:\windows\BricoPackFoldersDelete.cmd
2009-03-15 20:01 . 2009-03-15 20:01   <DIR>   d--------   c:\windows\BricoPacks
2009-03-15 14:52 . 2009-03-15 14:52   8,294,454   --a------   c:\windows\startup.bmp
2009-03-15 14:50 . 2004-08-04 01:39   2,182,272   --a------   c:\windows\system32\ntoskrnl.exe.zottel
2009-03-15 14:50 . 2004-08-04 01:54   2,058,112   --a------   c:\windows\system32\ntkrnlpa.exe.zottel
2009-03-15 11:31 . 2009-03-15 19:39   25   --a------   c:\windows\mixerdef.ini
2009-03-12 19:04 . 2009-03-12 20:38   <DIR>   d--------   c:\documents and settings\growe\Dane aplikacji\BSplayer
2009-03-12 00:36 . 2009-03-12 00:36   <DIR>   d--------   c:\documents and settings\growe\Dane aplikacji\Media Player Classic
2009-03-12 00:34 . 2009-03-12 00:34   <DIR>   d--------   c:\documents and settings\growe\Dane aplikacji\DivX
2009-03-12 00:23 . 2009-04-11 23:31   <DIR>   d--h-----   c:\documents and settings\growe\Ustawienia lokalne
2009-03-12 00:23 . 2009-03-12 00:23   <DIR>   dr-------   c:\documents and settings\growe\Ulubione
2009-03-12 00:23 . 2008-07-25 20:46   <DIR>   d--h-----   c:\documents and settings\growe\Szablony
2009-03-12 00:23 . 2009-03-12 17:43   <DIR>   d--------   c:\documents and settings\growe\Pulpit
2009-03-12 00:23 . 2009-03-13 18:18   <DIR>   dr-------   c:\documents and settings\growe\Moje dokumenty
2009-03-12 00:23 . 2008-07-25 22:39   <DIR>   dr-------   c:\documents and settings\growe\Menu Start
2009-03-12 00:23 . 2009-04-05 07:31   <DIR>   dr-h-----   c:\documents and settings\growe\Dane aplikacji
2009-03-12 00:23 . 2009-04-05 07:27   <DIR>   d--------   c:\documents and settings\growe
2009-03-11 09:08 . 2009-03-11 09:08   <DIR>   d--------   c:\windows\Pocket Tanks

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 14:07   ---------   d-----w   c:\program files\K-Lite Codec Pack
2009-04-11 13:35   20   ---h--w   c:\documents and settings\All Users\Dane aplikacji\PKP_DLdw.DAT
2009-04-11 10:27   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\DivX
2009-04-10 18:56   138,512   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-04-10 18:55   201,440   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-04-08 19:36   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\FileZilla
2009-04-06 20:43   2,734   ----a-w   c:\documents and settings\Programy\Dane aplikacji\wklnhst.dat
2009-04-05 14:19   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-03-20 19:53   20   ---h--w   c:\documents and settings\All Users\Dane aplikacji\PKP_DLdu.DAT
2009-03-19 16:00   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\BSplayer
2009-03-15 21:21   ---------   d-----w   c:\program files\Google
2009-03-15 18:36   163,712   ----a-w   c:\windows\system32\drivers\vidstub.sys
2009-03-15 13:14   ---------   d-----w   c:\program files\Opera
2009-03-15 12:52   219,648   ----a-w   c:\windows\system32\uxtheme.dll
2009-03-08 23:09   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\skypePM
2009-03-08 22:36   13,312   ----a-w   c:\windows\system32\lsass.exe
2009-03-08 22:36   108,544   ----a-w   c:\windows\system32\services.exe
2009-03-08 22:32   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Lavasoft
2009-03-08 21:44   ---------   d-----w   c:\program files\Porta2
2009-03-08 20:09   ---------   d-----w   c:\program files\Porta
2009-03-08 14:20   ---------   d-----w   c:\program files\APOD
2009-03-02 18:04   176,640   ----a-w   c:\windows\Max_delete.exe
2009-03-02 15:01   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Locktime
2009-03-02 15:00   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Locktime
2009-03-01 10:03   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Ashampoo Photo Commander 4
2009-03-01 10:02   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Samsung
2009-02-28 21:33   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Morpheus Software
2009-02-28 16:24   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Skype
2009-02-28 11:55   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\HTML Executable
2009-02-28 11:55   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Desktopicon
2009-02-27 14:59   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\FLEXnet
2009-02-27 14:49   ---------   d-----w   c:\program files\Common Files\Adobe
2009-02-27 14:49   ---------   d-----w   c:\program files\Bonjour
2009-02-27 14:36   ---------   d-----w   c:\program files\Common Files\Macrovision Shared
2009-02-25 16:17   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-24 19:08   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\ipla
2009-02-24 19:08   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ipla
2009-02-22 17:02   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Pinnacle
2009-02-11 17:34   ---------   d-----w   c:\documents and settings\Programy\Dane aplikacji\Nowe Gadu-Gadu
2009-01-22 21:19   43,698   ----a-w   c:\windows\system32\xvid-uninstall.exe
2009-01-03 08:03   72,696   ----a-w   c:\documents and settings\Programy\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-12-13 16:35   20   ---h--w   c:\documents and settings\All Users\Dane aplikacji\PKP_DLdy.DAT
.

------- Sigcheck -------

2004-08-04 01:44  803840  fa593fc36ac2ed005c1ec09a3e991ec4   c:\windows\system32\Wininet.dll
2004-08-04 01:44  2392064  61b2f9979436aec1fd262e1ef613a054   c:\windows\system32\dllcache\Wininet.dll

2004-08-04 01:44  544256  87d414eba254e42649f4d0a00bb653c6   c:\windows\system32\winlogon.exe
2004-08-04 01:44  544256  87d414eba254e42649f4d0a00bb653c6   c:\windows\system32\dllcache\winlogon.exe

2004-08-04 01:44  1551872  fe6ddf00b672c3647b9f20e09b7774ee   c:\windows\explorer.exe
2004-08-04 01:44  3189248  1b6381c9ad4231a0e450963997c115ae   c:\windows\system32\dllcache\explorer.exe

2004-08-04 01:44  25088  36eab91ffd244d3202830e417c45e0a5   c:\windows\system32\ctfmon.exe
2004-08-04 01:44  25088  36eab91ffd244d3202830e417c45e0a5   c:\windows\system32\dllcache\ctfmon.exe

2004-08-04 01:44  112128  0e83c0f3d9594854e83df1051e694966   c:\windows\system32\wuauclt.exe
2004-08-04 01:44  762880  ceecca1f0ba939c1eeb850956f57a8ca   c:\windows\system32\dllcache\wuauclt.exe
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 25088]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-17 490952]
"Nowe Gadu-Gadu"="d:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-06 9302632]
"Odkurzacz-MCD"="e:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
"H/PC Connection Agent"="e:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 25088]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
--a------ 2004-03-04 05:00 98304 c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2007-03-02 18:55 159744 d:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
--a------ 2006-07-18 16:15 49152 c:\windows\VMSnap3.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"d:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"d:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"d:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\Common Files\\Smarthome\\Device Manager\\SDM3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"d:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2008-10-25 27704]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run --> c:\windows\system32\hasplms.exe  -run [?]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-12-27 4096]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S2 BulkUsb;Plustek USB Scanner;c:\windows\system32\drivers\usbscan.sys [2008-09-08 15104]
S2 gupdate1c98635d09fa2a2;Google Update Service (gupdate1c98635d09fa2a2);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S3 3xHybrid;TV-Station DVR service;c:\windows\system32\drivers\3xHybrid.sys [2008-07-28 1121536]
S3 als4k;Avance Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys [2008-09-10 28919]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\g:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt --> g:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt [?]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-08-06 428160]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2008-09-13 475136]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [2008-09-13 1474560]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.bsplayer-search.com/startpage
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download All by FlashGet - d:\programy p2p i akceleratory\FlashGet\jc_all.htm
IE: Download using FlashGet - d:\programy p2p i akceleratory\FlashGet\jc_link.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 23:32:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\EverestDriver]
"ImagePath"="\??\g:\test podzespołów\everestultimate_build_1180_y1obfjxk7ls\kerneld.wnt"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,14,d4,2c,d6,be,
   31,d5,29,c8,28,51,af,b0,29,a3,98,a4,1f,b7,78,d9,80,05,33,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,e0,57,c3,4b,f4,
   cc,39,13,71,3b,04,66,8b,46,0d,96,fd,71,19,28,8a,1a,67,5f,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,59,59,d6,cd,1e,
   0b,93,01,25,da,ec,7e,55,20,c9,26,b7,1d,8c,78,07,be,0a,9d,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,74,90,e1,b4,32,
   75,a1,68,3e,1e,9e,e0,57,5a,93,61,38,d8,e4,20,84,3f,ed,41,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,39,99,5e,7d,2c,
   5f,b5,d3,cd,44,cd,b9,a6,33,6c,cd,30,fa,1e,32,56,ff,81,2f,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,63,2e,3c,90,d4,
   b1,27,0c,b0,18,ed,a7,3f,8d,37,a4,bd,85,26,24,87,d8,92,75,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,da,d8,4c,74,e4,
   ad,83,b6,31,77,e1,ba,b1,f8,68,02,2a,51,03,00,d5,ef,fd,25,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,0e,2c,fb,fb,da,
   66,bb,83,83,6c,56,8b,a0,85,96,ab,a2,ab,f5,d5,28,9e,02,16,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b3,be,df,9f,32,
   85,0c,3e,51,fa,6e,91,28,9e,14,cc,5b,47,f5,78,15,7a,b4,04,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,1f,aa,4e,fc,38,
   94,73,b3,b1,cd,45,5a,a8,c4,f8,b9,36,36,8e,7b,97,a2,3e,b3,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,08,54,5e,2c,44,
   37,97,a6,e3,0e,66,d5,eb,bc,2f,6b,ef,0b,a2,6a,76,17,9f,e8,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,3d,62,78,7c,d6,
   45,d4,8a,fa,ea,66,7f,d4,3b,6b,70,af,2e,54,c6,12,5c,d5,d7,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Xanthic\{EAC0842F-9764-03DD-A0B6-5FFFB48AD6EB}*_]
"fr"="078F5055595543"
"lr"="078F4C755A5253"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
.
Czas ukończenia: 2009-04-11 23:34:21
ComboFix-quarantined-files.txt  2009-04-11 21:33:57
ComboFix2.txt  2009-04-11 20:56:01
ComboFix3.txt  2009-04-11 16:20:15

Przed: 2,105,921,536 bajtów wolnych
Po: 2,091,986,944 bajtów wolnych

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
321


[AJAN]

usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.

Wykonaj optymalizację autostartu

Pobierz CCleaner
lub
CleanGP
przeskanuj nim i wyczyść rejestr.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.INSTRUKCJA

[pantik]

wszystko było by fajnie ale teraz włączam combofixa zeny zeskanowac koma ale p pewnym czasie w okienku combo... pisze coś tam prosze czekać nastąpi ponowne uruchomienie komputera no to czekam i czekam a wiemz e mój komp wyłącza sie ponad 10 !!! minut wiec czekałem i czekał ponad 30 minut zeby w razie spowolnienie sie wyłączył i na tym sie kończy nic sie nie dzieje jak daje rędznie uruchomić komuter ponownie to po ponownym włączeniu juz sam sie ten combo z okienkiem nie wyświetla, i za kazdym razem jak go na nowo uruchamiam to ejst tak samo

[AJAN]

przeskanuj w takim razie:
Pobierz program SDFix

Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:\SDFix)
Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed startem Windowsa)
Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat
Wciśnij Y nastąpi proces usuwania.
Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.
Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.
Pokaż Report.txt znajdujący się w folderze SDFix.[/list]