barteklagoda

Witam mam ten sam problem oto log proszę o pomoc ComboFix 09-01-21.04 - rasy 2009-01-30 10:54:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1015.439 [GMT 1:00] Uruchomiony z: c:\documents and settings\rasy\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . - TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI - . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-28 do 2009-01-30 ))))))))))))))))))))))))))))))) . 2009-01-26 14:50 . 2009-01-26 14:51 <DIR> d-------- c:\program files\PDFCreator 2009-01-26 14:50 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll 2009-01-26 14:50 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL 2008-12-29 22:26 . 2008-12-29 22:26 <DIR> d-------- c:\program files\PhotoMix 2008-12-12 08:14 . 2008-12-12 08:14 410,984 --a------ c:\windows\system32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-06 14:22 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-12-12 07:14 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-23 12:42 286,720 ------w c:\windows\system32\dllcache\gdi32.dll 2008-10-23 10:25 8,639,978 ----a-w c:\windows\java\Packages\eZzzzYfM.ZIP 2008-10-23 10:25 1,847,148 ----a-w c:\windows\java\Packages\2gzCzzdw.ZIP 2008-10-23 10:25 1,220,557 ----a-w c:\windows\java\Packages\ThvAwzZf.ZIP 2008-10-16 13:15 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-15 16:36 337,408 ------w c:\windows\system32\dllcache\netapi32.dll 2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe 2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll 2008-10-12 19:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008101220081013\index.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "EXPLORER.EXE"="EXPLORER.EXE" [2008-04-14 c:\windows\explorer.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768] "NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304] "Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514] "BEWINTERNET-PLSessionManager"="c:\program files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe" [2007-07-24 102400] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-08-31 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2007-02-07 02:30 74240 c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0] "Script"=plwar_Localadminrights.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1574795395-3947017569-2294527357-1835\Scripts\Logon\0\0] "Script"=ePO_Install.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1574795395-3947017569-2294527357-1835\Scripts\Logon\0\1] "Script"=lsweeper.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1574795395-3947017569-2294527357-19706\Scripts\Logon\0\0] "Script"=ACT_install.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1574795395-3947017569-2294527357-19706\Scripts\Logon\1\0] "Script"=ePO_Install.cmd [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\OrangeBS\\BEWInternet-PL\\Connectivity\\ConnectivityManager.exe"= R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-04-22 100095] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-09 44720] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-03-29 13696] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-03-06 59904] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-04-22 5808] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-09-19 36608] R4 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336] R4 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-22 221184] S3 GTF32BUS;GT F32 BUS;c:\windows\system32\drivers\gtf32bus.sys [2007-10-18 35200] S3 GTFFBUS;GT FF BUS;c:\windows\system32\drivers\gtffbus.sys [2008-09-17 17152] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2008-09-17 122240] S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-10-18 8064] S3 GTSCSER;GT SC SER;c:\windows\system32\drivers\gtscser.sys [2007-10-18 21248] S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2008-09-17 36992] S4 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - ENTDRV51 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2beab313-e519-11dc-9df1-001a4b6078ab}] \Shell\AutoRun\command - F:\EXPLORER.EXE \Shell\explore\Command - F:\EXPLORER.EXE \Shell\open\Command - F:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48063d30-98c9-11dc-9d82-001a4b6078ab}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c71aaf-eb4a-11dc-9dfa-001a4b6078ab}] \Shell\AutoRun\command - F:\EXPLORER.EXE \Shell\explore\Command - F:\EXPLORER.EXE \Shell\open\Command - F:\EXPLORER.EXE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Zawartość folderu 'Zaplanowane zadania' 2008-11-07 c:\windows\Tasks\Norton Security Scan for rasy.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-wsctf.exe - wsctf.exe HKLM-Run-OBSWATCH - c:\progra~1\OrangeBs\Watch.exe HKLM-Run-OBSKIT - c:\program files\OrangeBs\TaskbarIcon.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://intranet uInternet Settings,ProxyServer = 10.222.0.1:8080 uInternet Settings,ProxyOverride = *disagroup*;*.disacenter.com;192.168.*;172.16.*;disaint.com;disaintra;10.*;extra net;<local> DPF: Assens Sales Tool Box - hxxp://83.136.92.39/STB_DK/stb_qg.cab DPF: Assens Sales Tool Box Application Classes - hxxp://83.136.92.39/STB_DK/stb_application.cab DPF: Assens Sales Tool Box Data Files - hxxp://83.136.92.39/STB_DK/stb_qg_dataR.cab DPF: Assens Sales Tool Box Database Classes - hxxp://83.136.92.39/STB_DK/stb_databaseR.cab DPF: Assens Sales Tool Box Databases Classes - hxxp://83.136.92.39/STB_DK/stb_dbR.cab DPF: Assens Sales Tool Box Duct Designer Classes - hxxp://83.136.92.39/STB_DK/stb_dd.cab DPF: Assens Sales Tool Box Office Classes - hxxp://83.136.92.39/STB_DK/stb_qg_office.cab DPF: Assens Sales Tool Box Vendor Classes - hxxp://83.136.92.39/STB_DK/stb_qg_vendor.cab DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx DPF: {930A486A-F3B3-464D-8B79-A334FD16A0D1} - hxxp://83.136.92.39/STB_DK/setup.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-30 10:57:10 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@ skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(928) c:\windows\system32\APSHook.dll c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\windows\system32\xenroll.dll - - - - - - - > 'lsass.exe'(984) c:\windows\system32\APSHook.dll c:\windows\SbHpNp.dll c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\windows\system32\EntApi.dll . Czas ukończenia: 2009-01-30 10:59:00 ComboFix-quarantined-files.txt 2009-01-30 09:58:56 Przed: 56 366 424 064 bajtów wolnych Po: 57,085,321,216 bajtów wolnych 213 --- E O F --- 2009-01-14 07:04:02