Proszę o sprawdzenie loga z combofixa

ComboFix 07-11-08.3 - dargry 2007-11-01 21:36:33.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.424 [GMT 0:00]

Running from: C:\Documents and Settings\dargry\Desktop\ComboFix.exe

* Created a new restore point

.

ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\FunWebProducts

C:\Program Files\FunWebProducts\ScreenSaver\Images\006409FC.urr

C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\icons\CM.ICO

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO

C:\Program Files\MyWebSearch\bar\icons\Thumbs.db

C:\Program Files\MyWebSearch\bar\icons\WB.ICO

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\bar\Settings\setting2.htm

C:\Program Files\MyWebSearch\bar\Settings\settings.dat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\nm

((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))

.

2007-11-20 10:26 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-20 07:58 6,058,496 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2007-11-20 07:58 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-11-20 07:58 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-11-20 07:58 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-11-20 07:58 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2007-11-20 07:58 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2007-11-20 07:58 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-11-20 07:58 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-11-20 07:35 33,792 --a–c— C:\WINDOWS\system32\dllcache\custsat.dll

2007-11-20 07:31

2007-11-16 17:53

2007-11-16 17:53

2007-11-14 22:40

2007-11-14 13:41 16,008 --ah----- C:\WINDOWS\system32\mlfcache.dat

2007-11-14 09:19

2007-11-14 09:18 45,768 --a------ C:\WINDOWS\system32\drivers\MiniIcpt.sys

2007-11-14 09:18 41,928 --a------ C:\WINDOWS\system32\drivers\GDTdiIcpt.sys

2007-11-14 09:18 32,072 --a------ C:\WINDOWS\system32\drivers\HookCentre.sys

2007-11-14 09:15

2007-11-14 09:15

2007-11-14 09:14

2007-11-07 13:16

2007-11-04 19:47

2007-11-04 19:47

2007-11-04 19:46 583,493 --a------ C:\WINDOWS\system32\TMSSReport.zip

2007-11-04 19:46 21,538 --a------ C:\WINDOWS\system32\TMSSUninstall.zip

2007-10-15 19:16

2007-10-15 19:15

2007-10-15 19:15

2007-10-15 19:15

2007-10-14 12:04

2007-10-13 21:33 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-20 07:38 --------- d-----w C:\Program Files\Spyware Doctor

2007-11-17 08:04 --------- d-----w C:\Documents and Settings\dargry\Application Data\Vidalia

2007-11-16 15:54 --------- d-----w C:\Documents and Settings\dargry\Application Data\OpenOffice.ux.pl2

2007-11-14 13:29 --------- d-----w C:\Program Files\Picasa2

2007-11-14 09:15 --------- d–h--w C:\Program Files\InstallShield Installation Information

2007-10-14 20:04 --------- d-----w C:\Program Files\BearShare Applications

2007-10-14 12:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-10-14 12:20 --------- d-----w C:\Documents and Settings\dargry\Application Data\Symantec

2007-10-14 12:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-10-14 12:18 --------- d-----w C:\Program Files\Symantec

2007-09-28 21:44 --------- d-----w C:\Program Files\SkanerOnline

2007-09-27 13:47 --------- d-----w C:\Documents and Settings\dargry\Application Data\BearShare

2007-09-27 06:41 --------- d-----w C:\Documents and Settings\dargry\Application Data\Ahead

2007-09-27 06:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe

2007-09-27 06:36 --------- d-----w C:\Program Files\Common Files\LightScribe

2007-09-27 06:35 --------- d-----w C:\Program Files\Common Files\Ahead

2007-09-27 06:23 --------- d-----w C:\Program Files\Nero

2007-09-27 06:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero

2007-09-27 06:04 --------- d-----w C:\Program Files\FinePixViewer

2007-09-23 23:31 --------- d-----w C:\Documents and Settings\dargry\Application Data\PC Tools

2007-09-20 05:30 --------- d-----w C:\Program Files\Java

2007-09-16 20:56 --------- d-----w C:\Program Files\NASA

2007-09-15 07:40 --------- d-----w C:\Documents and Settings\dargry\Application Data\Image Zone Express

2007-09-14 20:54 --------- d-----w C:\Program Files\Common Files\AOL

2007-09-14 20:36 --------- d-----w C:\Program Files\Privoxy

2007-09-14 20:35 --------- d-----w C:\Program Files\Vidalia

2007-09-14 20:35 --------- d-----w C:\Program Files\TrueCrypt

2007-09-14 11:37 --------- d-----w C:\Documents and Settings\dargry\Application Data\Spamihilator

2007-09-14 11:01 --------- d-----w C:\Documents and Settings\dargry\Application Data\Tor

2007-09-11 15:04 --------- d-----w C:\Program Files\Common Files\Adobe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Symantec PIF AlertEng”=“C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” [2007-03-12 17:30]

“SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-08-14 16:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-07-21 17:22]

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t

“swg”=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

“Picasa Media Detector”=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVKTray]

“C:\Program Files\G DATA AntiVirus Trial\AVKTray\AVKTray.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

“C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]

ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]

“C:\Program Files\Norton Ghost\Agent\GhostTray.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]

C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]

C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

“C:\Program Files\Spyware Doctor\SDTrayApp.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 3]

“C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe” /Stationary

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

“C:\Program Files\Windows Defender\MSASCui.exe” -hide

R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys

R1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys

R2 AVKProxy;G DATA AntiVirus Proxy;“C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe”

R2 AVKService;G DATA Scheduler;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKService.exe

R2 AVKWCtl;AntiVirus Monitor;C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe

R2 GDTdiInterceptor;GDTdiInterceptor;??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB

R3 GDMnIcpt;GDMnIcpt;??\C:\WINDOWS\system32\drivers\MiniIcpt.sys

R3 HookCentre;HookCentre;??\C:\WINDOWS\system32\drivers\HookCentre.sys

S3 commiwi;[CommView] Intel® PRO/Wireless 2200BG Network Connection Driver for Windows 2000;C:\WINDOWS\system32\DRIVERS\commiwi.sys

S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{63ce1211-3d36-11dc-b10c-00166fa6fd60}]

\Shell\AutoRun\command - H:\USBNB.exe

.

Contents of the ‘Scheduled Tasks’ folder

“2007-11-08 21:48:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job”

  • C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-08 21:46:25

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-08 21:50:30 - machine was rebooted

.

— E O F —

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580