Zrobiłem wszystko tak jak mówiłeś…
Wklejam log z tego całego Combofixa ( troche sie wystraszyłem jak go uruchomiłem bo różne rzeczy sie działy na kompie :-p)
ComboFix 08-03-10.1 - xp 2008-03-10 18:48:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.613 [GMT 1:00]
Running from: C:\Documents and Settings\xp\Pulpit\Combo-Fix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini2
.
((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))
.
2008-03-10 18:40 . 2008-03-10 18:40
2008-03-07 00:47 . 2008-03-07 00:47
2008-03-07 00:36 . 2008-03-07 00:36
2008-03-06 22:18 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-03-06 12:49 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-03-06 12:49 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-03-06 12:48 . 2008-03-06 12:48
2008-03-06 12:48 . 2008-03-06 12:48
2008-03-05 15:38 . 2008-03-05 15:38
2008-03-05 15:32 . 2008-03-05 15:32
2008-03-05 15:32 . 2008-03-05 15:32
2008-03-03 17:55 . 2008-03-05 15:28
2008-03-03 17:47 . 2008-03-04 00:22
2008-03-01 23:08 . 2008-03-07 00:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-01 23:08 . 2008-03-01 23:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-29 12:03 . 2008-03-10 14:17
2008-02-25 21:26 . 2008-02-25 21:27 145 --a------ C:\WINDOWS\notepad.ini
2008-02-23 12:30 . 2008-03-06 21:39 250 --a------ C:\WINDOWS\gmer.ini
2008-02-23 11:55 . 2008-02-23 11:55
2008-02-23 02:07 . 2008-03-05 14:51
2008-02-23 01:18 . 2008-03-10 18:36
2008-02-22 22:08 . 2008-02-22 22:08 2 --a------ C:\1022887592
2008-02-21 00:31 . 2008-02-21 00:26 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-21 00:31 . 2008-02-21 00:31 2,547 --a------ C:\WINDOWS\unins000.dat
2008-02-20 17:33 . 2008-03-10 15:30
2008-02-20 12:43 . 2008-02-20 12:48
2008-02-19 23:34 . 2008-02-19 23:34
2008-02-19 23:34 . 2008-02-19 23:34
2008-02-16 23:14 . 2008-02-16 23:14
2008-02-16 23:14 . 2008-02-16 23:15
2008-02-16 15:31 . 2008-02-16 15:31 248 --a------ C:\WINDOWS\system32\winsys.lit
2008-02-16 15:31 . 2008-02-16 15:31 248 --a------ C:\WINDOWS\system32\mhi6uuvs.cv2
2008-02-16 15:31 . 2008-02-16 15:31 0 --a------ C:\WINDOWS\LingoLite.INI
2008-02-16 15:20 . 2008-02-24 18:18
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 14:33 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\Skype
2008-03-06 20:56 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-03-06 20:56 1,218,560 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-03-06 11:03 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-02-24 19:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy
2008-02-24 17:18 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-24 17:18 --------- d-----w C:\Program Files\Real Alternative
2008-02-24 17:18 --------- d-----w C:\Program Files\QuickTime
2008-02-24 17:18 --------- d-----w C:\Program Files\OpenAL
2008-02-24 17:18 --------- d-----w C:\Program Files\ooVoo
2008-02-24 17:18 --------- d-----w C:\Program Files\Malicious Software Removal Tool
2008-02-24 17:18 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2008-02-24 17:18 --------- d-----w C:\Program Files\Gadu-Gadu
2008-02-24 17:18 --------- d-----w C:\Program Files\Disc2Phone
2008-02-24 17:18 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-02-24 17:18 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-24 17:18 --------- d-----w C:\Program Files\Avant Browser
2008-02-19 23:41 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\uTorrent
2008-02-11 08:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 08:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-09 16:16 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\ooVoo Details
2008-02-09 16:15 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-02-08 13:35 --------- d-----w C:\Program Files\INTERIAPL
2008-02-08 12:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-08 10:06 --------- d-----w C:\Program Files\Skype
2008-02-07 23:21 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-07 23:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-02-07 22:02 --------- d-----w C:\Program Files\Vimicro
2008-02-05 07:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-08-01 08:37 120,649 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_31_19_11_21_small.dmp.zip
2007-07-06 18:05 21,461,881 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_06_17_44_28_full.dmp.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360]
“tray”=“D:\Program files\Pogoda\pogoda.exe” [2006-07-22 13:30 2364416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-12-09 20:06 7311360]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-12-09 20:06 86016]
“RTHDCPL”=“RTHDCPL.EXE” [2006-05-27 09:47 16208384 C:\WINDOWS\RTHDCPL.exe]
“SkyTel”=“SkyTel.EXE” [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-03-05 15:39 249896]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-08-29 20:36 155648]
“BigDog305”=“C:\WINDOWS\VM305_STI.exe” [2007-04-09 16:46 57344]
“ZoneAlarm Client”=“D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-11-14 16:05 919016]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44 15360]
“SSS6_Suite”=“D:\Program Files\Steganos Security Suite 6\sss.exe” [2004-01-29 17:46 827392]
“SSS6_SAFE”=“D:\Program Files\Steganos Security Suite 6\safe.exe” [2004-02-02 17:43 204800]
“SSS6_SPM”=“D:\Program Files\Steganos Security Suite 6\spm.exe” [2004-01-29 17:45 180224]
“Picasa Media Detector”=“D:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-09-28 02:17 443968]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
WL-8313 Configuration Utility.lnk - D:\Program Files\PLANET WL-8313\WLANMON.exe [2007-09-01 14:26:55 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoStrCmpLogical”= 1 (0x1)
“NoAutoTrayNotify”= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“ForceClassicControlPanel”= 1 (0x1)
“NoWelcomeScreen”= 1 (0x1)
“NoRecentDocsNetHood”= 1 (0x1)
“NoDesktopCleanupWizard”= 1 (0x1)
“NoAutoUpdate”= 1 (0x1)
“NoStartMenuPinnedList”= 1 (0x1)
“Start_NotifyNewApps”= 0 (0x0)
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“D:\Program files\BitComet\BitComet.exe”=
“D:\Program files\Tlen.pl\tlen.exe”=
“D:\Program files\uTorrent\utorrent.exe”=
“D:\Program files\Warcraft III\Warcraft III.exe”=
“D:\Program files\BearShare\BearShare.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\ooVoo\ooVoo.exe”=
“C:\WINDOWS\system32\dpvsetup.exe”=
“C:\WINDOWS\system32\rundll32.exe”=
“D:\Program files\Defcon\defcon.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“17710:TCP”= 17710:TCP:BitComet 17710 TCP
“17710:UDP”= 17710:UDP:BitComet 17710 UDP
“11812:TCP”= 11812:TCP:BitComet 11812 TCP
“11812:UDP”= 11812:UDP:BitComet 11812 UDP
“8543:TCP”= 8543:TCP:BitComet 8543 TCP
“8543:UDP”= 8543:UDP:BitComet 8543 UDP
“27318:TCP”= 27318:TCP:BitComet 27318 TCP
“27318:UDP”= 27318:UDP:BitComet 27318 UDP
“13683:TCP”= 13683:TCP:BitComet 13683 TCP
“13683:UDP”= 13683:UDP:BitComet 13683 UDP
“19067:TCP”= 19067:TCP:BitComet 19067 TCP
“19067:UDP”= 19067:UDP:BitComet 19067 UDP
“443:TCP”= 443:TCP:*:Disabled:ooVoo TCP port 443
“443:UDP”= 443:UDP:*:Disabled:ooVoo UDP port 443
“37674:TCP”= 37674:TCP:*:Disabled:ooVoo TCP port 37674
“37674:UDP”= 37674:UDP:*:Disabled:ooVoo UDP port 37674
“37675:UDP”= 37675:UDP:*:Disabled:ooVoo UDP port 37675
R2 SLEE_503_DRIVER;Steganos Live Encryption Engine (Version 503) [Driver];C:\WINDOWS\system32\drivers\SLEE503.sys [2002-11-28 09:10]
R3 W8100PCI;PLANET WL-8313;C:\WINDOWS\system32\DRIVERS\MRV8K51.sys [2004-01-19 10:09]
R3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 10:24]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-08-29 15:26]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-08-29 15:26]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-08-29 15:26]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-08-29 15:26]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-08-29 15:26]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:49:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???0???@???
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-10 18:50:06
ComboFix-quarantined-files.txt 2008-03-10 17:49:58