Proszę bardzo
ComboFix 08-08-14.03 - Ja 2008-08-15 15:32:56.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1579 [GMT 2:00]
Running from: C:\Documents and Settings\Ja\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Antivirus XP 2008
C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users.WINDOWS1\Menu Start\Programy\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\All Users.WINDOWS1\Pulpit\Antivirus XP 2008.lnk
C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport
C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Ania\Dane aplikacji\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Ania\Pulpit\Antivirus XP 2008.lnk
C:\Documents and Settings\Ania\Pulpit\Error Cleaner.url
C:\Documents and Settings\Ania\Pulpit\Privacy Protector.url
C:\Documents and Settings\Ania\Pulpit\SpywareMalware Protection.url
C:\Documents and Settings\Ania\Pulpit\SystemDefender.lnk
C:\Documents and Settings\Ania\Ulubione\Error Cleaner.url
C:\Documents and Settings\Ania\Ulubione\Privacy Protector.url
C:\Documents and Settings\Ania\Ulubione\SpywareMalware Protection.url
C:\Documents and Settings\Ja\Cookies\ja@yourminis[2].txt
C:\Documents and Settings\Ja\Dane aplikacji\rhcn3kj0evfr
C:\Documents and Settings\MasterAdmin\Pulpit\Antivirus XP 2008.lnk
C:\Documents and Settings\MasterAdmin\Pulpit\SystemDefender.lnk
C:\Program Files\rhcn3kj0evfr
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\sprof
C:\WINDOWS1\system32\a.exe
C:\WINDOWS1\system32\A.tmp
C:\WINDOWS1\system32\actskn43.ocx
C:\WINDOWS1\system32\blphcj3kj0evfr.scr
C:\WINDOWS1\system32\kdbaq.exe
C:\WINDOWS1\system32\lphcj3kj0evfr.exe
C:\WINDOWS1\system32\phcj3kj0evfr.bmp
C:\WINDOWS1\system32\pphcj3kj0evfr.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.
2008-08-15 15:25 . 2008-08-15 15:32
2008-08-15 14:45 . 2008-08-15 14:45
2008-08-13 10:27 . 2008-08-13 10:28
2008-08-13 10:27 . 2005-12-05 07:12 20,640 --------- C:\WINDOWS1\system32\drivers\PxHelp20.sys
2008-08-12 10:34 . 2008-08-12 10:35
2008-08-12 10:33 . 2008-08-12 10:34
2008-08-09 21:11 . 2008-08-13 11:15
2008-08-07 22:05 . 2008-08-07 22:05
2008-08-06 22:55 . 2008-08-14 19:17 141,612 --a------ C:\WINDOWS1\system32\drivers\dump_wmimmc.sys
2008-08-05 23:46 . 2008-08-05 23:49
2008-08-05 22:25 . 2008-08-05 22:25
2008-08-03 21:54 . 2008-08-03 21:54
2008-08-02 10:49 . 2004-08-18 10:34 442,368 -ra------ C:\WINDOWS1\system32\vp6vfw.dll
2008-07-31 23:21 . 2008-07-31 23:21
2008-07-31 23:21 . 2008-07-31 23:21
2008-07-31 23:21 . 2008-07-31 23:21 98,304 --a------ C:\WINDOWS1\system32\CmdLineExt.dll
2008-07-31 23:20 . 2008-07-31 23:20 3,092 --a------ C:\WINDOWS1\system32\ealregsnapshot1.reg
2008-07-30 23:50 . 2008-08-13 12:02
2008-07-30 23:50 . 2008-07-30 23:50
2008-07-30 23:16 . 2008-08-13 12:02
2008-07-24 21:30 . 2008-07-31 10:52 50 --a------ C:\WINDOWS1\GunzLauncher.INI
2008-07-24 21:13 . 2008-07-24 22:06
2008-07-16 17:49 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS1\system32\javacpl.cpl
2008-07-16 11:47 . 2008-07-16 11:47
2008-07-16 11:47 . 2007-04-23 16:54 108,680 -ra------ C:\WINDOWS1\system32\drivers\s115mdm.sys
2008-07-16 11:47 . 2007-04-23 16:54 100,488 -ra------ C:\WINDOWS1\system32\drivers\s115mgmt.sys
2008-07-16 11:47 . 2007-04-23 16:54 98,568 -ra------ C:\WINDOWS1\system32\drivers\s115obex.sys
2008-07-16 11:47 . 2007-04-23 16:54 15,112 -ra------ C:\WINDOWS1\system32\drivers\s115mdfl.sys
2008-07-16 11:47 . 2007-04-23 16:54 12,424 -ra------ C:\WINDOWS1\system32\drivers\s115cmnt.sys
2008-07-16 11:47 . 2007-04-23 16:54 12,424 -ra------ C:\WINDOWS1\system32\drivers\s115cm.sys
2008-07-16 11:47 . 2008-07-16 11:47 0 --a------ C:\WINDOWS1\mngui.INI
2008-07-16 11:46 . 2007-04-23 16:54 83,208 -ra------ C:\WINDOWS1\system32\drivers\s115bus.sys
2008-07-16 11:46 . 2007-04-23 16:54 12,424 -ra------ C:\WINDOWS1\system32\drivers\s115whnt.sys
2008-07-16 11:46 . 2007-04-23 16:54 12,424 -ra------ C:\WINDOWS1\system32\drivers\s115wh.sys
2008-07-16 11:45 . 2008-08-05 22:24
2008-07-16 11:45 . 2008-07-16 11:45
2008-07-16 11:44 . 2008-07-16 11:45
2008-07-16 11:44 . 2008-07-16 11:45
2008-07-16 11:26 . 2008-07-16 11:26
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 08:49 --------- d-----w C:\Program Files\EA Games
2008-08-02 08:47 --------- d-----w C:\Program Files\EA SPORTS
2008-08-01 12:41 --------- d-----w C:\Program Files\Electronic Arts
2008-07-16 15:49 --------- d-----w C:\Program Files\Java
2008-07-16 09:44 --------- d-----w C:\Program Files\Sony Ericsson
2008-07-16 09:26 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-07-16 07:22 --------- d-----w C:\Program Files\BitLord
2008-07-15 17:51 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\OpenOfficeT72
2008-07-14 11:00 96,520 ----a-w C:\WINDOWS1\system32\drivers\avgldx86.sys
2008-07-14 11:00 76,040 ----a-w C:\WINDOWS1\system32\drivers\avgtdix.sys
2008-07-14 11:00 10,520 ----a-w C:\WINDOWS1\system32\avgrsstx.dll
2008-07-14 08:07 --------- d-----w C:\Program Files\Real Alternative
2008-07-10 16:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\avg8
2008-07-09 18:04 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu
2008-07-09 15:51 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Media Player Classic
2008-07-09 14:41 --------- d-----w C:\Program Files\Valve
2008-07-07 15:13 315,392 ----a-w C:\WINDOWS1\HideWin.exe
2008-07-07 15:13 --------- d-----w C:\Program Files\Realtek
2008-07-07 15:13 --------- d-----w C:\Program Files\DIFX
2008-07-07 15:11 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\InstallShield
2008-07-07 15:10 14,656 ----a-w C:\WINDOWS1\gdrv.sys
2008-07-06 15:05 --------- d-----w C:\Program Files\OpenOfficeT7 2.4.0
2008-07-06 14:50 --------- d-----w C:\Documents and Settings\Ja\Dane aplikacji\Ahead
2008-07-06 14:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\Ahead
2008-07-06 14:49 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-06 14:48 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-06 14:46 --------- d-----w C:\Documents and Settings\All Users.WINDOWS1\Dane aplikacji\Nero
2008-07-02 09:54 --------- d-----w C:\Documents and Settings\Ania\Dane aplikacji\Skype
2008-07-02 09:51 --------- d-----w C:\Documents and Settings\MasterAdmin\Dane aplikacji\Teleca
2008-07-02 09:21 --------- d-----w C:\Documents and Settings\MasterAdmin\Dane aplikacji\Sony Ericsson
2008-07-02 08:22 --------- d-----w C:\Documents and Settings\Ania\Dane aplikacji\skypePM
2008-07-01 13:05 --------- d-----w C:\Program Files\AVG
2008-06-30 09:38 --------- d-----w C:\Program Files\Trojan Remover
2008-06-30 09:38 --------- d-----w C:\Documents and Settings\Ania\Dane aplikacji\Simply Super Software
2008-06-30 05:48 --------- d-----w C:\Documents and Settings\Ania\Dane aplikacji\TmpRecentIcons
2008-06-28 19:54 --------- d-----w C:\Program Files\Pantera
2008-06-27 20:48 --------- d-----w C:\Program Files\Emurayden PSX Emulator v2.2
2008-06-27 19:43 --------- d-----w C:\Program Files\UltraISO
2008-06-27 19:43 --------- d-----w C:\Program Files\Common Files\EZB Systems
2008-06-17 10:03 --------- d-----w C:\Program Files\Tales of Pirates Online
2008-05-28 12:30 999,936 ----a-w C:\WINDOWS1\system32\syssetup.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS1\system32\ctfmon.exe” [2008-04-14 22:51 15360]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-01 10:21 153136]
“Veoh”=“C:\Program Files\Veoh Networks\Veoh\VeohClient.exe” [2008-06-19 15:15 3664944]
“Nowe Gadu-Gadu”=“C:\Program Files\Nowe Gadu-Gadu\gg.exe” [2008-06-27 10:28 8798816]
“AdobeUpdater”=“C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe” [2007-03-01 11:37 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57 153136]
“AVG8_TRAY”=“C:\PROGRA~1\AVG\AVG8\avgtray.exe” [2008-07-14 13:00 1232152]
“NvCplDaemon”=“C:\WINDOWS1\system32\NvCpl.dll” [2007-05-11 00:03 8429568]
“NvMediaCenter”=“C:\WINDOWS1\system32\NvMcTray.dll” [2007-05-11 00:03 81920]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 23:16 39792]
“Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2007-06-13 09:16 528384]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-02-21 18:15 35328]
“nwiz”=“nwiz.exe” [2007-05-11 00:03 1626112 C:\WINDOWS1\system32\nwiz.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2007-01-30 12:54 16116224 C:\WINDOWS1\RTHDCPL.exe]
“SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 2879488 C:\WINDOWS1\SkyTel.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS1\system32\CTFMON.EXE” [2008-04-14 22:51 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12”= yv12vfw.dll
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“DisableNotifications”= 1 (0x1)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\AVG\AVG8\avgupd.exe”=
“C:\Program Files\AVG\AVG8\avgemc.exe”=
“C:\Ntreev\Grand Chase\main.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“29101:TCP”= 29101:TCP:??? ??
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS1\system32\Drivers\avgldx86.sys [2008-07-14 13:00]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-14 13:00]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-14 13:00]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS1\system32\Drivers\avgtdix.sys [2008-07-14 13:00]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS1\system32\DRIVERS\s115bus.sys [2007-04-23 16:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS1\system32\DRIVERS\s115mdfl.sys [2007-04-23 16:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS1\system32\DRIVERS\s115mdm.sys [2007-04-23 16:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS1\system32\DRIVERS\s115mgmt.sys [2007-04-23 16:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS1\system32\DRIVERS\s115obex.sys [2007-04-23 16:54]
S3 XDva120;XDva120;C:\WINDOWS1\system32\XDva120.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a57e2983-4b74-11dd-8462-806d6172696f}]
\Shell\AutoRun\command - E:\Run.exe
.
HKLM-Run-lphcj3kj0evfr - C:\WINDOWS1\system32\lphcj3kj0evfr.exe
HKLM-Run-SMrhcn3kj0evfr - C:\Program Files\rhcn3kj0evfr\rhcn3kj0evfr.exe
HKLM-Run-C:\WINDOWS1\system32\kdbaq.exe - C:\WINDOWS1\system32\kdbaq.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\lcwb2940.default\
FF -: plugin - C:\Program Files\BYOND\bin\npbyond.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 15:34:18
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
“C:\WINDOWS1\system32\kdbaq.exe”=“C:\WINDOWS1\system32\kdbaq.exe”
.
Completion time: 2008-08-15 15:34:52
ComboFix-quarantined-files.txt 2008-08-15 13:34:49
Pre-Run: 4,046,225,408 bajtów wolnych
Post-Run: 4,036,599,808 bajtów wolnych
216