Witam
mam problem jak w temacie. Proszę o pomoc .poniżej log z combofixa
ComboFix 08-07-26.1 - User 2008-07-26 21:00:16.1 - FAT32 x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.59 [GMT 2:00]
Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\User\Dane aplikacji.#
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\3.bin\MGSBAR.DLL
C:\Program Files\outlook
C:\WINDOWS\system32_000005_.tmp.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
.
((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.
2008-07-26 20:52 . 2008-07-26 20:52
2008-07-26 20:52 . 2008-07-26 20:52 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-07-26 20:50 . 2008-07-26 20:50
2008-07-26 20:36 . 2008-07-26 20:36
2008-07-26 20:07 . 2008-07-26 20:07
2008-07-16 16:55 . 2008-07-16 16:55
2008-07-06 22:54 . 2008-07-06 22:54
2008-07-06 11:42 . 2008-07-06 11:42
2008-07-05 19:40 . 2008-07-05 19:40
2008-07-05 15:23 . 2008-07-05 15:23
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 17:42 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 17:41 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 17:41 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-22 16:39 --------- d-----w C:\Documents and Settings\Pudzianek\Dane aplikacji\AVGTOOLBAR
2008-06-22 14:23 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL
2008-06-22 12:14 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\ScanSoft
2008-06-22 09:33 --------- d-----w C:\Program Files\AVG
2008-06-22 09:33 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\AVGTOOLBAR
2008-06-22 09:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\avg8
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:42 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-08-29 18:32 92,064 ----a-w C:\Documents and Settings\User\mqdmmdm.sys
2007-08-29 18:32 9,232 ----a-w C:\Documents and Settings\User\mqdmmdfl.sys
2007-08-29 18:32 79,328 ----a-w C:\Documents and Settings\User\mqdmserd.sys
2007-08-29 18:32 66,656 ----a-w C:\Documents and Settings\User\mqdmbus.sys
2007-08-29 18:32 6,208 ----a-w C:\Documents and Settings\User\mqdmcmnt.sys
2007-08-29 18:32 5,936 ----a-w C:\Documents and Settings\User\mqdmwhnt.sys
2007-08-29 18:32 4,048 ----a-w C:\Documents and Settings\User\mqdmcr.sys
2007-08-29 18:32 25,600 ----a-w C:\Documents and Settings\User\usbsermptxp.sys
2007-08-29 18:32 22,768 ----a-w C:\Documents and Settings\User\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00 15360]
“FreeRAM XP”=“C:\FreeRAM XP Pro\FreeRAM XP Pro 1.40.exe” [2003-11-30 23:13 1354240]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-07-02 17:10 23237416]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39 2119104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AudioDeck”=“C:\Program Files\VIAudioi\SBADeck\ADeck.exe” [2004-04-19 10:44 7916032]
“LogitechCommunicationsManager”=“C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” [2006-12-22 12:27 497176]
“LogitechQuickCamRibbon”=“C:\Program Files\Logitech\QuickCam10\QuickCam10.exe” [2006-12-22 12:28 756248]
“AVG8_TRAY”=“C:\PROGRA~1\AVG\AVG8\avgtray.exe” [2008-07-04 19:42 1232152]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-30 15:13:16 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.ffds”= C:\Program Files\ffdshow\ffdshow.ax
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\WINDOWS\System32\dpnsvr.exe”=
“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“D:\Program Files\BearShare\BearShare.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“D:\Program Files\Gadu-Gadu\gg.exe”=
“D:\Program Files\Worms\frontend.exe”=
“C:\Program Files\AVG\AVG8\avgupd.exe”=
“C:\Program Files\AVG\AVG8\avgemc.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-07-26 20:52]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 19:41]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 19:42]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 19:42]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 19:42]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-07-26 20:52]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0727c29e-b93e-11db-8085-0004615367ed}]
\Shell\AutoRun\command - F:\oufddh.exe
\Shell\explore\Command - F:\oufddh.exe
\Shell\open\Command - F:\oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a2bdec1b-48cc-11dc-822a-0004615367ed}]
\Shell\AutoRun\command - oq.cmd
\Shell\explore\Command - oq.cmd
\Shell\open\Command - oq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{af605368-d684-11dc-8313-0004615367ed}]
\Shell\AutoRun\command - oq.cmd
\Shell\explore\Command - oq.cmd
\Shell\open\Command - oq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f1986222-4a91-11dc-8234-0004615367ed}]
\Shell\AutoRun\command - oq.cmd
\Shell\explore\Command - oq.cmd
\Shell\open\Command - oq.cmd
*Newly Created Service* - CATCHME
*Newly Created Service* - CSISCANNER
*Newly Created Service* - PROCEXP90
*Newly Created Service* - PXARK
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}sourceid=ie7rls=com.microsoft:en-USie=utf8oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Search - ?p=ZRxdm427YYPL
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 21:03:34
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-26 21:04:50
ComboFix-quarantined-files.txt 2008-07-26 19:04:46
Pre-Run: 2,798,870,528 bajtów wolnych
Post-Run: 3,048,636,416 bajtów wolnych
160 — E O F — 2008-07-09 17:24:40