Log z Combofixa do sprawdzenia

kaukazz · 29 Kwiecień 2008 18:22

Mam log z Combofixa ale nie weim co dalej, pomózcie

ComboFix 08-04-27.2 - andrzej 2008-04-28 11:17:22.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1033.18.888 [GMT 1:00]

Running from: E:\Programy\Programy pod Viste\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\KBL.LOG

C:\Windows\system32\WinSpooler.exe

.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))

.

2008-04-28 10:56 . 2008-04-28 10:56

2008-04-28 10:56 . 2008-04-28 10:58

2008-04-28 10:56 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys

2008-04-28 10:56 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys

2008-04-28 10:56 . 2008-02-01 12:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys

2008-04-28 10:56 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys

2008-04-28 10:56 . 2008-04-28 10:56 2,560 --a------ C:\Windows\System32\drivers\mchInjDrv.sys

2008-04-28 09:59 . 2008-04-28 11:11

2008-04-28 09:59 . 2008-04-28 10:07 37,888 --a------ C:\Windows\System32\rar.exe

2008-04-28 07:20 . 2008-04-28 07:20

2008-04-28 07:20 . 2008-04-28 07:20 728 --a------ C:\Windows{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini

2008-04-27 20:19 . 2008-04-28 08:04

2008-04-27 20:19 . 2008-04-27 20:19 32 --a------ C:\Users\All Users\ezsid.dat

2008-04-27 20:19 . 2008-04-27 20:19 32 --a------ C:\ProgramData\ezsid.dat

2008-04-27 20:12 . 2008-04-28 11:21

2008-04-27 20:11 . 2008-04-27 20:12

2008-04-27 20:11 . 2008-04-27 20:11

2008-04-27 18:39 . 2008-04-27 18:39 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-04-27 18:39 . 2008-04-27 18:39 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

2008-04-27 18:37 . 2008-04-27 18:37 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-04-27 18:36 . 2008-04-27 18:36 1,327,104 --a------ C:\Windows\System32\quartz.dll

2008-04-27 18:35 . 2008-04-27 18:35 2,027,008 --a------ C:\Windows\System32\win32k.sys

2008-04-27 18:35 . 2008-04-27 18:35 296,448 --a------ C:\Windows\System32\gdi32.dll

2008-04-27 18:35 . 2008-04-27 18:35 223,232 --a------ C:\Windows\System32\WMASF.DLL

2008-04-27 18:35 . 2008-04-27 18:35 9,728 --a------ C:\Windows\System32\LAPRXY.DLL

2008-04-27 18:35 . 2008-04-27 18:35 2,048 --a------ C:\Windows\System32\asferror.dll

2008-04-27 18:34 . 2008-04-27 18:34 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-04-27 18:34 . 2008-04-27 18:34 1,686,528 --a------ C:\Windows\System32\gameux.dll

2008-04-27 18:34 . 2008-04-27 18:34 737,792 --a------ C:\Windows\System32\inetcomm.dll

2008-04-27 18:34 . 2008-04-27 18:34 84,480 --a------ C:\Windows\System32\INETRES.dll

2008-04-27 18:34 . 2008-04-27 18:34 11,776 --a------ C:\Windows\System32\sbunattend.exe

2008-04-27 18:33 . 2008-04-27 18:33 558,080 --a------ C:\Windows\System32\oleaut32.dll

2008-04-27 18:31 . 2008-04-27 18:31 788,992 --a------ C:\Windows\System32\rpcrt4.dll

2008-04-27 18:31 . 2008-04-27 18:31 130,048 --a------ C:\Windows\System32\drivers\srv2.sys

2008-04-27 18:31 . 2008-04-27 18:31 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys

2008-04-27 18:31 . 2008-04-27 18:31 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

2008-04-27 18:31 . 2008-04-27 18:31 83,968 --a------ C:\Windows\System32\dnsrslvr.dll

2008-04-27 18:31 . 2008-04-27 18:31 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys

2008-04-27 18:31 . 2008-04-27 18:31 24,576 --a------ C:\Windows\System32\dnscacheugc.exe

2008-04-27 18:30 . 2008-04-27 18:30 826,368 --a------ C:\Windows\System32\wininet.dll

2008-04-27 18:28 . 2008-04-27 18:28

2008-04-27 18:28 . 2008-04-27 18:28 99,840 --a------ C:\Windows\System32\poqexec.exe

2008-04-27 18:28 . 2008-04-27 18:28 2,048 --a------ C:\Windows\System32\tzres.dll

2008-04-27 18:27 . 2008-04-27 18:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll

2008-04-27 10:23 . 2008-04-27 10:23

2008-04-27 09:48 . 2008-04-27 09:48 1,712,984 --a------ C:\Windows\System32\wuaueng.dll

2008-04-27 09:48 . 2008-04-27 09:48 1,524,224 --a------ C:\Windows\System32\wucltux.dll

2008-04-27 09:48 . 2008-04-27 09:48 53,080 --a------ C:\Windows\System32\wuauclt.exe

2008-04-27 09:48 . 2008-04-27 09:48 43,352 --a------ C:\Windows\System32\wups2.dll

2008-04-27 09:47 . 2008-04-27 09:47 549,720 --a------ C:\Windows\System32\wuapi.dll

2008-04-27 09:47 . 2008-04-27 09:47 163,000 --a------ C:\Windows\System32\wuwebv.dll

2008-04-27 09:47 . 2008-04-27 09:47 80,896 --a------ C:\Windows\System32\wudriver.dll

2008-04-27 09:47 . 2008-04-27 09:47 33,624 --a------ C:\Windows\System32\wups.dll

2008-04-27 09:47 . 2008-04-27 09:47 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-04-26 23:23 . 2008-04-27 20:10

2008-04-26 23:22 . 2008-04-26 23:22

2008-04-26 22:26 . 2008-04-27 10:24

2008-04-26 22:26 . 2008-04-26 22:26

2008-04-26 21:31 . 2008-04-28 09:48

2008-04-26 21:31 . 2008-04-26 21:31

2008-04-24 15:05 . 2008-04-24 15:05

2008-04-24 14:34 . 2008-04-24 14:34

2008-04-22 10:34 . 2008-04-22 10:34

2008-04-17 20:17 . 2008-04-17 20:17 20 --a------ C:\Windows\mafosav.INI

2008-04-14 09:55 . 2008-04-14 09:55

2008-04-14 09:54 . 2008-04-14 09:54

2008-04-14 09:50 . 2008-04-14 10:44

2008-04-14 09:50 . 2008-04-14 09:51

2008-04-14 09:50 . 2007-03-08 00:51 129,784 --------- C:\Windows\System32\pxafs.dll

2008-04-14 09:44 . 2008-04-14 09:44

2008-04-14 09:44 . 2008-04-14 09:45

2008-04-14 09:44 . 2008-04-14 09:44

2008-04-14 09:43 . 2008-04-22 18:38

2008-04-14 09:41 . 2008-04-14 09:42

2008-04-14 09:41 . 2008-04-14 09:41

2008-04-14 09:33 . 2008-04-14 09:33

2008-04-14 09:33 . 2007-09-14 07:02 545 --a------ C:\Windows\UC.PIF

2008-04-14 09:33 . 2007-09-14 07:02 545 --a------ C:\Windows\RAR.PIF

2008-04-14 09:33 . 2007-09-14 07:02 545 --a------ C:\Windows\PKZIP.PIF

2008-04-14 09:33 . 2007-09-14 07:02 545 --a------ C:\Windows\PKUNZIP.PIF

2008-04-14 09:33 . 2007-09-14 07:02 545 --a------ C:\Windows\NOCLOSE.PIF

2008-04-14 09:33 . 2007-09-14 07:02 545 --a------ C:\Windows\LHA.PIF

2008-04-14 09:33 . 2007-09-14 07:02 545 --a------ C:\Windows\ARJ.PIF

2008-04-12 17:59 . 2008-04-12 17:59

2008-04-12 16:42 . 2008-04-12 16:42

2008-04-11 18:13 . 2006-05-15 14:35 18,704 --a------ C:\Windows\System32\drivers\se27nd5.sys

2008-04-11 18:11 . 2006-05-15 14:35 90,800 --a------ C:\Windows\System32\drivers\se27unic.sys

2008-04-11 18:11 . 2006-05-15 14:35 4,128 --a------ C:\Windows\System32\drivers\se27cr.sys

2008-04-11 18:10 . 2006-05-15 14:35 88,688 --a------ C:\Windows\System32\drivers\SE27mgmt.sys

2008-04-11 18:07 . 2006-05-15 14:35 97,184 --a------ C:\Windows\System32\drivers\SE27mdm.sys

2008-04-11 18:07 . 2006-05-15 14:35 9,360 --a------ C:\Windows\System32\drivers\SE27mdfl.sys

2008-04-11 18:07 . 2006-05-15 14:35 6,240 --a------ C:\Windows\System32\drivers\SE27cmnt.sys

2008-04-11 18:07 . 2006-05-15 14:35 6,240 --a------ C:\Windows\System32\drivers\SE27cm.sys

2008-04-11 18:06 . 2006-05-15 14:35 61,600 --a------ C:\Windows\System32\drivers\SE27bus.sys

2008-04-11 18:06 . 2006-05-15 14:36 5,872 --a------ C:\Windows\System32\drivers\SE27whnt.sys

2008-04-11 18:06 . 2006-05-15 14:36 5,872 --a------ C:\Windows\System32\drivers\SE27wh.sys

2008-04-10 19:30 . 2008-04-10 19:30

2008-04-10 18:34 . 2008-04-10 18:34

2008-04-09 20:00 . 2008-04-09 21:10

2008-04-09 19:57 . 2008-04-09 19:57

2008-04-09 11:14 . 2008-04-14 09:41

2008-04-09 10:19 . 2008-04-09 10:20

2008-04-09 09:58 . 2008-04-10 19:24

2008-04-09 09:58 . 2008-04-11 18:29

2008-04-08 15:57 . 2008-04-17 20:38 27,525 --a------ C:\Users\andrzej\AppData\Roaming\nvModes.dat

2008-04-08 15:52 . 2008-04-08 15:52

2008-04-08 15:30 . 2008-04-08 15:30

2008-04-08 15:29 . 2008-04-08 15:29

2008-04-08 15:29 . 2008-04-08 15:29 81 --a------ C:\Windows\System32\LOG

2008-04-08 15:29 . 2008-04-08 15:29 44 --a------ C:\Windows\system\hpsysdrv.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-28 08:55 --------- d-----w C:\ProgramData\Microsoft Help

2008-04-28 06:30 --------- d-----w C:\ProgramData\Symantec

2008-04-27 18:05 --------- d-----w C:\Program Files\Windows Sidebar

2008-04-27 18:05 --------- d-----w C:\Program Files\Windows Mail

2008-04-27 17:38 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2008-04-27 17:38 7,680 ----a-w C:\Windows\System32\spwmp.dll

2008-04-27 17:38 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-04-27 17:38 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2008-04-27 17:38 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2008-04-27 17:38 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-04-27 17:38 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-04-27 17:38 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-04-27 17:38 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-04-27 17:38 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-04-27 17:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-04-27 17:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-04-27 17:34 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-04-27 17:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-04-27 17:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-04-27 17:30 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-04-27 17:29 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-04-27 17:29 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-04-26 20:27 --------- d-----w C:\Program Files\Norton Internet Security

2008-04-26 20:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-04-26 20:23 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2008-04-26 20:23 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS

2008-04-26 20:23 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2008-04-26 20:23 --------- d-----w C:\Program Files\Symantec

2008-04-14 15:03 --------- d-----w C:\ProgramData\WildTangent

2008-04-14 08:55 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-04-08 14:30 --------- d-----w C:\ProgramData\NVIDIA

2008-04-08 13:56 --------- d-----w C:\Program Files\HPQ

2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe

2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll

2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll

2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll

2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll

2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll

2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll

2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll

2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll

2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll

2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll

2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll

2008-03-20 15:51 --------- d-----w C:\ProgramData\Hewlett-Packard

2008-03-20 15:51 --------- d-----w C:\Program Files\HP Games

2008-03-20 15:48 --------- d-----w C:\Program Files\CyberLink

2008-03-20 15:44 --------- d-----w C:\Program Files\Hewlett-Packard

2008-03-20 15:43 --------- d-----w C:\ProgramData\CyberLink

2008-03-20 15:41 --------- d-----w C:\Program Files\Hp

2008-03-20 15:40 1,585,152 ----a-w C:\Windows\System32\setupapi.dll

2008-03-20 15:38 --------- d-----w C:\Program Files\WinTV

2008-03-20 15:37 --------- d-----w C:\ProgramData\Atheros

2008-03-20 15:37 --------- d-----w C:\Program Files\CONEXANT

2008-03-20 15:37 --------- d-----w C:\Program Files\Atheros

2008-03-20 15:35 --------- d-----w C:\Program Files\NetWaiting

2008-03-20 15:34 0 —ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

2008-03-20 15:34 --------- d-----w C:\Program Files\Synaptics

2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat

2007-10-24 16:24 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-25 02:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-04-26 21:12 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}”= “c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll” [2007-08-25 02:51 316784]

[HKEY_CLASSES_ROOT\clsid{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-04-27 18:34 1232896]

“WindowsWelcomeCenter”=“oobefldr.dll” [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]

“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2006-11-02 13:35 125440]

“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-11-02 13:36 201728]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-01 17:26 22014760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2007-09-19 21:05 86016]

“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2007-09-19 21:05 8497696]

“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2007-09-19 21:05 81920]

“SynTPStart”=“C:\Program Files\Synaptics\SynTP\SynTPStart.exe” [2007-09-15 09:29 102400]

“QPService”=“C:\Program Files\HP\QuickPlay\QPService.exe” [2007-10-01 03:34 181544]

“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-09-19 22:31 202032]

“OnScreenDisplay”=“C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe” [2007-09-04 21:54 554320]

“UCam_Menu”=“C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” [2007-08-17 07:13 218408]

“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2007-10-24 16:47 1006264]

“ccApp”=“c:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2008-02-14 11:01 51048]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 11:06 40048]

“HP Health Check Scheduler”="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" []

“HP Software Update”=“C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-17 07:11 49152]

“hpWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-09-13 16:47 480560]

“WAWifiMessage”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2007-01-08 23:53 311296]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 12:00 132496]

“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2008-03-28 23:37 413696]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-04-01 19:49 36352]

“O2”=“C:\Program Files\O2\bin\sprtcmd.exe” [2008-03-28 22:47 198184]

“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-02-01 12:55 1103240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

“Windows Printing Driver”= WinSpooler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.l3codecp”= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“UacDisableNotify”=dword:00000001

“InternetSettingsDisableNotify”=dword:00000001

“AutoUpdateDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“{5191A9EB-D83B-46A2-A81C-07F66711C7C8}”= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader

“{715D1CA7-C01C-479C-9F71-DB42EE39C5C8}”= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader

“{88E6DF99-E159-4ABF-98B8-9B3A2E538CB9}”= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

“{4CAAE971-0114-479F-B15E-3579ADF55B91}”= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

“{5DFAF0BD-504C-495F-8BBE-5C79D95BF853}”= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

“{B533534A-05C1-4CD3-9B7D-6D8947E91681}”= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play

“{EB5A79B8-12A1-48AF-80E7-431208E731B0}”= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

“{DA0DAAE0-CE52-4809-A840-A140E74D7241}”= UDP:C:\Program Files\O2\bin\wificfg.exe:sprtcmd.exe

“{265B7623-15C5-40D2-8C78-FAE1338BDA7C}”= TCP:C:\Program Files\O2\bin\wificfg.exe:sprtcmd.exe

“{08B966BF-C304-43ED-90EA-F59CC85A7A4E}”= UDP:C:\Program Files\O2\agent\bin\bcont.exe:bcont.exe

“{DA9300FF-2E2B-42A5-B233-DA1383F59F0D}”= TCP:C:\Program Files\O2\agent\bin\bcont.exe:bcont.exe

“{E21790BF-75E4-4164-8E94-36FDA0F6519C}”= UDP:C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe:ssrc.exe

“{556D1A70-852D-4D42-A141-2DD847BACA5D}”= TCP:C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe:ssrc.exe

“{42D97512-84E9-46AB-B53E-51FC672E0EBE}”= UDP:C:\Program Files\O2\agent\bin\bcont_nm.exe:bcont_nm.exe

“{3EFA49D7-7C5F-49C3-AD21-2BCA29FB1171}”= TCP:C:\Program Files\O2\agent\bin\bcont_nm.exe:bcont_nm.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

“DFSR-1”= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

“EnableFirewall”= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080425.001\IDSvix86.sys [2008-03-20 21:37]

R2 LiveUpdate Notice;LiveUpdate Notice;“c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe” /h ccCommon []

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);“C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe” [2007-10-01 03:34]

R2 QPSched;QuickPlay Task Scheduler (QTS);“C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe” [2007-10-01 03:34]

R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);“C:\Program Files\O2\bin\sprtsvc.exe” /service /p O2 []

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 15:27]

R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 23:40]

R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 18:30]

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 22:50]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 19:50]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]

S3 GameConsoleService;GameConsoleService;“C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe” [2007-07-24 00:33]

S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist;C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe [2007-07-27 05:39]

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

*Newly Created Service* - IKFILESEC

*Newly Created Service* - IKSYSFLT

*Newly Created Service* - IKSYSSEC

*Newly Created Service* - MCHINJDRV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”

.

Contents of the ‘Scheduled Tasks’ folder

“2008-04-21 22:07:42 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - andrzej.job”

c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-28 11:21:47

Windows 6.0.6000 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

**************************************************************************

.

Completion time: 2008-04-28 11:24:36

ComboFix-quarantined-files.txt 2008-04-28 10:23:22

Pre-Run: 24,900,947,968 bytes free

Post-Run: 24,942,731,264 bytes free

323 — E O F — 2008-04-27 17:41:04

Agaton · 30 Kwiecień 2008 06:51

kaukazz ,

Zapoznaj się z tematem Ważny komunikat dotyczący tytułowania tematów - popraw tytuł na konkretny, mówiący o problemie, przedstaw również sam problem.

W celu dokonania zaleconej korekty - proszę użyć przycisku przy poście otwierającym ten temat.

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów w tym dziale, przeczytaj i zastosuj się do Tematu

Gutek · 30 Kwiecień 2008 20:51

Skan http://www.kaspersky.pl/virusscanner.html i wklej raport