Problem windows security

VANPAULO · 3 Styczeń 2008 09:13

MAM PROBLEM PROSZę O POMOC

ComboFix 07-12-31.4 - PAWEŁ 2008-01-03 9:37:27.10 - FAT32 x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.57 [GMT 1:00]

Running from: C:\Documents and Settings\PAWEŁ\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))

.

2008-01-03 09:41 . 2008-01-03 09:41 39,882 --a------ C:\WINDOWS\system32\spywarewarning.mht

2008-01-02 17:38 . 2008-01-02 17:38

2008-01-02 17:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-02 16:05 . 2008-01-02 16:05

2007-12-31 09:21 . 2007-12-31 09:21

2007-12-28 10:13 . 2007-12-28 10:13

2007-12-27 15:11 . 2007-12-27 15:11

2007-12-20 13:52 . 2007-12-20 13:52

2007-12-11 14:38 . 2007-12-11 14:38

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-28 15:30 --------- d-----w C:\Program Files\PITy

2007-11-28 13:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft

2007-11-06 11:58 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\AVSystemCare

2007-10-23 13:46 57,041 ----a-w C:\RVAXO.reg

2004-10-04 16:28 266 --sh–w C:\Program Files\desktop.ini

2004-10-04 16:28 11,232 —h–w C:\Program Files\folder.htt

1999-05-17 11:58 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL

1998-12-09 00:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL

1998-12-09 00:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL

1998-12-09 00:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL

1998-12-09 00:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL

1998-12-09 00:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL

2007-09-24 10:54 371 --sha-w C:\WINDOWS\system32\2352653251.dat

2007-10-01 09:45 48,128 --sh–r C:\WINDOWS\system32\ikhcorec.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-10-04 22:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36 2111176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Cmaudio”=“cmicnfg.cpl” []

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51 39792]

“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 10:25 6731312]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32]

Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2006-10-11 11:04:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

“DisableRegistryTools”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

“NoResolveSearch”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConfidentSurf]

C:\Program Files\ConfidentSurf\GDC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2004-08-04 00:44 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2003-10-23 19:51 233472 --a------ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

2003-11-07 22:06 176128 --a------ C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netsv32]

C:\WINDOWS\sv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netzip]

C:\WINDOWS\svzip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor]

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runsql]

C:\WINDOWS\runsql.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedX]

C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\supelek bogiego]

supb.exe -spr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperRam]

C:\Program Files\SuperRam\SuperRam.exe /start

R2 MSSQL$INSERTGT;MSSQL$INSERTGT;C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe [2002-12-17 16:26]

R2 TrkWksNtmsSvc;Klient śledzenia łączy rozproszonych TrkWksNtmsSvc;C:\WINDOWS\system32\ikhcorec.exe srv []

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]

S2 CryptSvcCryptSvc;Usługi kryptograficzne CryptSvcCryptSvc;C:\WINDOWS\system32\ikhcorep.exe srv []

S2 ProtectedStorageSSDPSRV;Magazyn chroniony ProtectedStorageSSDPSRV;C:\WINDOWS\system32\nslookupj.exe srv []

S2 SwPrvAudioSrv;MS Software Shadow Copy Provider SwPrvAudioSrv;C:\WINDOWS\system32\wbemj.exe srv []

S3 SQLAgent$INSERTGT;SQLAgent$INSERTGT;C:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlagent.EXE [2002-12-17 16:23]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-03 09:43:34

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-03 9:47:06 - machine was rebooted [PAWEť]

C:\qoobox\ComboFix2.txt 2007-10-08 12:07:26

C:\qoobox\ComboFix3.txt 2007-09-25 12:18:46