Pomocy mam ten sam problem
ComboFix 08-06-20.4 - Mary 2008-06-29 14:50:51.12 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.406 [GMT 2:00]
Running from: C:\Documents and Settings\Mary\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\4.tmp
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
2008-06-28 15:51 . 2008-06-29 14:51 654 —hs---- C:\WINDOWS\system32\txdrturs.ini
2008-06-28 14:07 . 2008-06-28 14:07 92,032 --a------ C:\WINDOWS\system32\srutrdxt.dll
2008-06-28 14:01 . 2008-06-28 14:01
2008-06-28 14:01 . 2008-06-28 15:13
2008-06-28 13:33 . 2008-06-28 13:33
2008-06-28 13:20 . 2008-06-28 13:26
2008-06-27 15:33 . 2008-06-27 15:33
2008-06-27 15:33 . 2008-06-27 15:33
2008-06-27 15:33 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-27 14:39 . 2008-06-27 14:39
2008-06-27 14:23 . 2008-06-27 15:28 706 —hs---- C:\WINDOWS\system32\aajnvfww.ini
2008-06-27 13:47 . 2008-06-28 15:57
2008-06-27 13:47 . 2008-06-27 13:47
2008-06-27 13:47 . 2008-06-27 13:50 466 —hs---- C:\WINDOWS\system32\qcsgbnuf.ini
2008-06-27 12:29 . 2008-06-27 12:29 92,032 --a------ C:\WINDOWS\system32\funbgscq.dll
2008-06-27 11:47 . 2008-06-27 11:47
2008-06-27 11:27 . 2008-06-27 14:39
2008-06-26 11:25 . 2008-06-26 11:40 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-26 11:25 . 2008-06-26 11:40 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-26 11:22 . 2008-06-27 11:09
2008-06-26 11:22 . 2008-06-29 14:56 5,877,792 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-26 11:22 . 2008-06-28 22:04 79,508 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-26 11:22 . 2008-06-29 14:55 43,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-26 11:22 . 2008-06-28 22:04 5,012 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-26 11:15 . 2007-03-09 20:52 200,768 --a------ C:\WINDOWS\system32\klogon.dll
2008-06-26 11:11 . 2008-06-26 11:11
2008-06-26 10:55 . 2008-06-26 10:55
2008-06-26 10:55 . 2008-06-29 14:47 94,208 --a------ C:\WINDOWS\system32\pphc9n5j0eg4t.exe
2008-06-26 10:55 . 2008-06-26 10:55 28,800 --a------ C:\WINDOWS\system32\nnnoMFwX.dll
2008-06-26 10:54 . 2008-06-26 06:57 245,760 --a------ C:\WINDOWS\gfetqaxstgm.dll
2008-06-26 10:54 . 2008-06-26 10:54 109,056 --a------ C:\WINDOWS\system32\lphc9n5j0eg4t.exe
2008-06-26 10:54 . 2008-06-29 14:47 90,838 --a------ C:\WINDOWS\system32\phc9n5j0eg4t.bmp
2008-06-26 10:54 . 2008-06-26 06:57 81,920 --a------ C:\WINDOWS\tovafrnm.exe
2008-06-26 10:54 . 2008-06-29 14:47 60,928 --a------ C:\WINDOWS\system32\blphc9n5j0eg4t.scr
2008-06-20 13:06 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-20 13:06 . 2008-06-14 20:01 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-01 09:07 . 2008-06-01 09:07
2008-06-01 09:06 . 2008-06-01 09:06
2008-06-01 09:05 . 2008-06-01 09:05
2008-06-01 09:04 . 2008-06-01 09:04
2008-06-01 09:04 . 2008-06-01 09:04
2008-06-01 09:04 . 2008-06-01 09:04
2008-06-01 09:04 . 2008-06-01 09:04
2008-06-01 09:04 . 2008-06-01 09:04
2008-06-01 09:04 . 2008-06-01 09:04
2008-06-01 09:04 . 2008-06-01 09:04
2008-06-01 09:04 . 2008-06-01 09:06
2008-06-01 09:04 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-06-01 09:04 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-06-01 09:04 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-06-01 09:04 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-06-01 09:04 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-06-01 09:04 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-06-01 09:01 . 2008-06-01 09:01
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 12:48 --------- d-----w C:\Documents and Settings\Mary\Dane aplikacji\Skype
2008-06-26 09:22 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-01 09:02 --------- d-----w C:\Program Files\Picasa2
2008-06-01 09:01 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-11-29 18:03 9,474 ----a-w C:\Documents and Settings\Mary\Dane aplikacji\wklnhst.dat
2007-01-28 12:16 138 ----a-w C:\Program Files\INSTALL.LOG
2006-10-26 18:29 25,600 ----a-w C:\Documents and Settings\Mary\usbsermptxp.sys
2006-10-26 18:29 22,768 ----a-w C:\Documents and Settings\Mary\usbsermpt.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-27_14.35.36,39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 12:15:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
-
2008-06-29 12:45:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
-
2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
-
2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
-
2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-06-27 12:20:34 64,534 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-29 12:52:02 64,534 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-27 12:20:34 82,330 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-06-29 12:52:03 82,330 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-06-27 12:20:34 408,004 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-29 12:52:02 408,004 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-27 12:20:34 465,930 ----a-w C:\WINDOWS\system32\perfh015.dat
- 2008-06-29 12:52:03 465,930 ----a-w C:\WINDOWS\system32\perfh015.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{184746EC-9E9D-4C7D-B9E7-9039EBD801A9}]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{4B1DD1F9-BC8D-403A-A5E3-3F6B9E7AADFE}]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{514B017B-B3E4-437C-BE6F-595323D14060}]
2008-06-26 10:55 28800 --a------ C:\WINDOWS\system32\nnnoMFwX.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{8C0B4CB5-7BEE-4018-B7AB-4F283F6FA3D4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{3AF299A2-672C-4801-8D9F-025EE2C3BA66}”= “C:\WINDOWS\gxvpsafm.dll” []
[HKEY_CLASSES_ROOT\clsid{3af299a2-672c-4801-8d9f-025ee2c3ba66}]
[HKEY_CLASSES_ROOT\gxvpsafm.1]
[HKEY_CLASSES_ROOT\TypeLib{BD23BEF0-8F4C-41D0-B6CC-F939C09152C0}]
[HKEY_CLASSES_ROOT\gxvpsafm]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” []
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-09-25 18:50 20053544]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-07-31 17:01 68856]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-04-17 13:12 2113536]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00 15360]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Skrót do strony właściwości High Definition Audio”=“HDAShCut.exe” [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
“UMonit”=“C:\WINDOWS\system32\UMonit.exe” [2005-08-25 13:48 237568]
“RTHDCPL”=“RTHDCPL.EXE” [2005-09-07 10:52 14679552 C:\WINDOWS\RTHDCPL.EXE]
“PowerManager”=“C:\Program Files\Power Manager\PM.exe” [2005-08-18 15:52 163840]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50 155648]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-05-25 19:35 35328]
“BearFlix”=“C:\Program Files\BearFlix\BearFlix.exe” []
“Globe7”=“C:\Program Files\Globe7\Globe7.exe” []
“SMSERIAL”=“sm56hlpr.exe” [2004-12-29 07:01 544768 C:\WINDOWS\sm56hlpr.exe]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” [2006-11-09 16:07 49263]
“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 12:38 866816]
“PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-03-23 13:20 227328]
“lphc9n5j0eg4t”=“C:\WINDOWS\system32\lphc9n5j0eg4t.exe” [2008-06-26 10:54 109056]
“SMrhccn5j0eg4t”=“C:\Program Files\rhccn5j0eg4t\rhccn5j0eg4t.exe” [2008-06-27 19:06 1214976]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]
“f83889ca”=“C:\WINDOWS\system32\srutrdxt.dll” [2008-06-28 14:07 92032]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 14:00 15360]
“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-03-27 15:58 1744896]
“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-09-28 03:17 443968]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58 28672]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 01:35:22 10872]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{514B017B-B3E4-437C-BE6F-595323D14060}”= C:\WINDOWS\system32\nnnoMFwX.dll [2008-06-26 10:55 28800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“qegbdmwf”= {3CA4937F-1B23-41E9-8603-444D7BF9A5E1} - C:\WINDOWS\qegbdmwf.dll []
“pntqkflv”= {4A7FA087-2564-4CE9-8060-68D2772D5B31} - C:\WINDOWS\pntqkflv.dll []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoMFwX]
nnnoMFwX.dll 2008-06-26 10:55 28800 C:\WINDOWS\system32\nnnoMFwX.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.I420”= i263_32.drv
“vidc.yv12”= yv12vfw.dll
“VIDC.X264”= x264vfw.dll
“VIDC.3iv2”= 3ivxVfWCodec.dll
“msacm.l3fhg”= mp3fhg.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-07-28 10:53]
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys [2005-08-17 19:25]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{87992d12-3dd0-11dd-8d22-0014a58509c2}]
\Shell\AutoRun\command - F:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e14835e8-e5f6-11dc-8cf5-0014a58509c2}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - WINIO
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 14:55:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\nnnoMFwX.dll
.
Completion time: 2008-06-29 14:58:27
ComboFix-quarantined-files.txt 2008-06-29 12:58:18
ComboFix2.txt 2008-06-28 13:57:52
ComboFix3.txt 2008-06-28 11:59:28
ComboFix4.txt 2008-06-27 12:36:46
ComboFix5.txt 2008-06-27 12:30:47
Pre-Run: 48,342,867,968 bajtów wolnych
Post-Run: 48,327,294,976 bajtów wolnych
207 — E O F — 2008-06-21 12:06:52