ComboFix.txt

Wirus? Czy coś z kompem? Monitor się wyłącza.

Znowu ten sam problem. Daje loga.


ComboFix 08-10-27.05 - Tadziu 2008-10-28 14:22:21.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.838 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\Tadziu\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-28 )))))))))))))))))))))))))))))))
.

2008-10-28 09:24 . 2008-10-02 10:07 453,152 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-10-28 09:24 . 2008-10-07 13:33 453,152 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-10-26 23:12 . 2008-10-27 09:31 & lt; DIR & gt; d-------- C:\Program Files\Winamp
2008-10-26 23:12 . 2008-10-27 09:31 & lt; DIR & gt; d-------- C:\Documents and Settings\Tadziu\Dane aplikacji\Winamp
2008-10-26 23:06 . 2008-10-26 23:06 & lt; DIR & gt; d-------- C:\Program Files\Java
2008-10-26 12:58 . 2008-10-26 12:58 & lt; DIR & gt; d-------- C:\Documents and Settings\Tadziu\Dane aplikacji\skypePM
2008-10-26 12:58 . 2008-10-26 12:58 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-26 12:57 . 2008-10-27 09:32 & lt; DIR & gt; d-------- C:\Documents and Settings\Tadziu\Dane aplikacji\Skype
2008-10-26 12:56 . 2008-10-27 09:32 & lt; DIR & gt; d-------- C:\Program Files\Skype
2008-10-26 12:56 . 2008-10-27 09:32 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-10-26 09:16 . 2008-10-27 09:32 & lt; DIR & gt; d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-10-26 09:09 . 2008-10-27 09:32 & lt; DIR & gt; d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-10-26 09:05 . 2008-10-27 09:32 & lt; DIR & gt; d-------- C:\WINDOWS\NewSoft
2008-10-26 09:05 . 2008-10-27 09:32 & lt; DIR & gt; d-------- C:\Program Files\ScannerU
2008-10-26 09:05 . 2008-10-27 09:32 & lt; DIR & gt; d-------- C:\My PageManager
2008-10-25 04:51 . 2008-10-28 14:27 196,647 --a------ C:\WINDOWS\system32\nvapps.xml
2008-10-25 04:51 . 2008-10-07 13:33 18,477 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-10-25 04:50 . 2008-10-25 04:50 & lt; DIR & gt; d-------- C:\NVIDIA
2008-10-24 22:03 . 2008-10-24 22:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-24 22:03 . 2008-10-24 22:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-24 22:01 . 2008-10-24 22:03 & lt; DIR & gt; d-------- C:\Documents and Settings\Tadziu\Dane aplikacji\PC Suite
2008-10-24 22:01 . 2008-10-24 22:03 & lt; DIR & gt; d-------- C:\Documents and Settings\Tadziu\Dane aplikacji\Nokia
2008-10-24 22:01 . 2008-10-24 22:01 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-10-24 21:57 . 2008-10-24 21:57 & lt; DIR & gt; d-------- C:\Program Files\PC Connectivity Solution
2008-10-24 21:57 . 2008-10-24 21:57 & lt; DIR & gt; d-------- C:\Program Files\DIFX
2008-10-24 21:57 . 2008-10-24 21:57 & lt; DIR & gt; d-------- C:\Program Files\Common Files\PCSuite
2008-10-24 21:57 . 2008-10-24 21:57 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Nokia
2008-10-24 21:57 . 2007-09-17 14:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-10-24 21:56 . 2008-10-24 21:57 & lt; DIR & gt; d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-24 21:56 . 2008-05-07 06:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-10-24 21:56 . 2008-05-07 06:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-10-24 21:56 . 2008-05-07 06:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-10-24 21:55 . 2008-10-24 21:57 & lt; DIR & gt; d-------- C:\Program Files\Nokia
2008-10-24 21:55 . 2008-05-07 06:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-10-24 21:53 . 2008-10-24 21:53 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-10-24 18:48 . 2008-10-24 18:48 & lt; DIR & gt; d-------- C:\Documents and Settings\Tadziu\Dane aplikacji\Gadu-Gadu
2008-10-24 17:23 . 2008-10-24 17:23 & lt; DIR & gt; d-------- C:\Program Files\Gadu-Gadu
2008-10-24 14:04 . 2008-10-24 14:04 & lt; DIR & gt; d-------- C:\Documents and Settings\Tadziu\Dane aplikacji\Tibia
2008-10-24 14:04 . 2008-10-27 23:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-24 13:47 . 2008-10-25 14:08 & lt; DIR & gt; d-------- C:\Documents and Settings\Tadziu\Gadu-Gadu
2008-10-24 08:52 . 2008-10-15 17:36 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 20:50 . 2008-10-23 20:50 & lt; DIR & gt; d-------- C:\WINDOWS\system32\LogFiles
2008-10-23 20:45 . 2008-10-23 20:45 & lt; DIR & gt; d-------- C:\Program Files\Microsoft ActiveSync
2008-10-23 20:30 . 2008-10-23 20:30 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Adobe
2008-10-23 20:17 . 2008-10-23 20:17 & lt; DIR & gt; d-------- C:\Program Files\xat.com JPEG Optimizer
2008-10-23 20:13 . 2008-10-23 20:13 & lt; DIR & gt; d-------- C:\Documents and Settings\Tadziu\Dane aplikacji\OpenOffice.org
2008-10-23 20:12 . 2008-10-23 20:12 & lt; DIR & gt; d-------- C:\Program Files\OpenOffice.org 3
2008-10-23 20:01 . 2008-10-23 20:01 & lt; DIR & gt; d-------- C:\Program Files\IPSPI
2008-10-23 20:01 . 2008-10-23 13:30 2,596 --a------ C:\WINDOWS\system32\CONFIG.NT.ORGIPS
2008-10-23 20:01 . 2006-03-02 13:00 1,734 --a------ C:\WINDOWS\system32\AUTOEXEC.NT.ORGIPS
2008-10-23 19:59 . 2008-10-23 19:59 & lt; DIR & gt; d-------- C:\Program Files\GIMP-2.0
2008-10-23 19:59 . 2008-10-23 20:00 & lt; DIR & gt; d-------- C:\Documents and Settings\Tadziu\.gimp-2.4
2008-10-23 19:07 . 2008-10-23 19:07 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-10-23 18:06 . 2008-10-23 18:06 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Borland Shared
2008-10-23 18:06 . 1999-01-20 04:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2008-10-23 18:06 . 1999-06-21 04:10 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL
2008-10-23 18:06 . 2008-10-23 19:54 13,030 --a------ C:\PDOXUSRS.NET
2008-10-23 18:05 . 2008-10-23 18:05 & lt; DIR & gt; d-------- C:\Program Files\ASoft
2008-10-23 17:37 . 2008-10-23 17:37 & lt; DIR & gt; d-------- C:\Program Files\My Company Name
2008-10-23 17:36 . 2008-10-07 13:33 201,157 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-10-23 17:35 . 2008-10-23 17:38 & lt; DIR & gt; d-------- C:\WINDOWS\NV8083856.TMP
2008-10-23 17:35 . 2008-10-07 13:33 6,133,856 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-10-23 17:35 . 2008-10-07 13:33 6,133,856 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-10-23 17:35 . 2008-10-07 13:33 6,058,112 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-10-23 17:35 . 2008-10-07 13:33 6,058,112 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-10-23 16:59 . 2008-10-23 16:59 & lt; DIR & gt; d-------- C:\WINDOWS\system32\pl
2008-10-23 16:59 . 2008-10-23 16:59 & lt; DIR & gt; d-------- C:\WINDOWS\system32\bits
2008-10-23 16:59 . 2008-10-23 16:59 & lt; DIR & gt; d-------- C:\WINDOWS\l2schemas
2008-10-23 16:58 . 2008-10-23 17:00 & lt; DIR & gt; d-------- C:\WINDOWS\ServicePackFiles
2008-10-23 16:31 . 2008-10-28 09:34 & lt; DIR & gt; d-------- C:\WINDOWS\nview
2008-10-23 16:24 . 2008-10-23 16:48 & lt; DIR & gt; d-------- C:\WINDOWS\EHome
2008-10-23 16:21 . 2006-06-14 06:56 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2008-10-23 15:27 . 2008-10-23 20:47 & lt; DIR & gt; d-------- C:\WINDOWS\system32\pl-pl
2008-10-23 15:12 . 2006-03-02 13:00 184,137 -----c--- C:\WINDOWS\system32\dllcache\compact.wmz
2008-10-23 15:12 . 2006-03-02 13:00 9,585 -----c--- C:\WINDOWS\system32\dllcache\controls.css
2008-10-23 15:12 . 2006-03-02 13:00 999 -----c--- C:\WINDOWS\system32\dllcache\bktrh.gif
2008-10-23 15:12 . 2006-03-02 13:00 773 -----c--- C:\WINDOWS\system32\dllcache\cnth.gif
2008-10-23 15:12 . 2006-03-02 13:00 773 -----c--- C:\WINDOWS\system32\dllcache\cnt.gif
2008-10-23 15:12 . 2006-03-02 13:00 772 -----c--- C:\WINDOWS\system32\dllcache\cntd.gif
2008-10-23 15:12 . 2006-03-02 13:00 760 -----c--- C:\WINDOWS\system32\dllcache\cloapph.gif
2008-10-23 15:12 . 2006-03-02 13:00 717 -----c--- C:\WINDOWS\system32\dllcache\cloapp.gif
2008-10-23 15:04 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-10-23 15:03 . 2004-08-03 23:41 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2008-10-23 15:03 . 2004-08-03 23:41 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2008-10-23 15:03 . 2004-08-03 23:41 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2008-10-23 15:03 . 2004-07-17 23:55 129,045 --a------ C:\WINDOWS\system32\drivers\cxthsfS2.cty
2008-10-23 15:03 . 2004-08-03 23:41 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-10-23 15:01 . 2008-10-28 09:24 & lt; DIR & gt; d-------- C:\WINDOWS\system32\CatRoot2
2008-10-23 15:01 . 2008-10-23 15:01 & lt; DIR & gt; dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-10-23 15:01 . 2008-10-23 15:01 & lt; DIR & gt; d-------- C:\Documents and Settings\Default User\Ulubione
2008-10-23 15:01 . 2008-10-23 13:25 & lt; DIR & gt; d--h----- C:\Documents and Settings\Default User\Szablony
2008-10-23 15:01 . 2008-10-23 15:01 & lt; DIR & gt; d-------- C:\Documents and Settings\Default User\Pulpit
2008-10-23 15:01 . 2008-10-23 15:01 & lt; DIR & gt; d-------- C:\Documents and Settings\Default User\Moje dokumenty
2008-10-23 15:01 . 2008-10-23 15:01 & lt; DIR & gt; dr------- C:\Documents and Settings\Default User\Menu Start
2008-10-23 15:01 . 2008-10-23 15:01 & lt; DIR & gt; dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2008-10-23 15:01 . 2008-10-23 15:01 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Ulubione
2008-10-23 15:01 . 2008-10-23 20:12 & lt; DIR & gt; d--h----- C:\Documents and Settings\All Users\Szablony
2008-10-23 15:01 . 2008-10-27 09:32 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Pulpit
2008-10-23 15:01 . 2008-10-23 17:00 & lt; DIR & gt; dr------- C:\Documents and Settings\All Users\Menu Start
2008-10-23 15:01 . 2008-10-23 13:26 & lt; DIR & gt; dr------- C:\Documents and Settings\All Users\Dokumenty
2008-10-23 15:01 . 2008-10-26 12:56 & lt; DIR & gt; dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2008-10-23 15:00 . 2008-10-23 17:05 & lt; DIR & gt; d--h----- C:\Documents and Settings\Default User
2008-10-23 15:00 . 2008-10-23 13:29 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users
2008-10-23 15:00 . 2008-10-23 13:37 & lt; DIR & gt; d-------- C:\Documents and Settings
2008-10-23 15:00 . 2008-10-23 13:32 261 --a------ C:\WINDOWS\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 13:27 475,168 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-28 13:27 4,800 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-28 12:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-10-28 10:52 4,587,552 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-28 10:52 39,016 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-27 08:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-26 08:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-23 13:24 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-10-23 13:24 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-10-23 13:23 --------- d-----w C:\Program Files\Kaspersky Lab
2008-10-23 13:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-10-23 12:44 --------- d-----w C:\Program Files\Realtek
2008-10-23 12:41 --------- d-----w C:\Program Files\Intel
2008-10-23 12:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-23 12:29 --------- d-----w C:\Program Files\Us3ugi online
2008-09-15 15:27 1,846,656 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:26 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-29 18:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid3owe wpisy nie s1 pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\ctfmon.exe " [2008-04-14 15360]
" H/PC Connection Agent " = " C:\Program Files\Microsoft ActiveSync\Wcescomm.exe " [2006-11-13 1289000]
" Nokia.PCSync " = " C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe " [2008-06-17 1249280]
" PC Suite Tray " = " C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe " [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" Adobe Reader Speed Launcher " = " C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe " [2008-01-11 39792]
" NvCplDaemon " = " C:\WINDOWS\system32\NvCpl.dll " [2008-10-07 13574144]
" NvMediaCenter " = " C:\WINDOWS\system32\NvMcTray.dll " [2008-10-07 86016]
" AVP " = " C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe " [2008-07-29 206088]
" RTHDCPL " = " RTHDCPL.EXE " [2006-07-21 C:\WINDOWS\RTHDCPL.exe]
" SkyTel " = " SkyTel.EXE " [2006-05-16 C:\WINDOWS\SkyTel.exe]
" nwiz " = " nwiz.exe " [2008-10-07 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\CTFMON.EXE " [2008-04-14 15360]

C:\Documents and Settings\Tadziu\Menu Start\Programy\Autostart\
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
" DisableMonitoring " =dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
" EnableFirewall " = 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" %windir%\\Network Diagnostic\\xpnetdiag.exe " =
" C:\Program Files\Microsoft ActiveSync\rapimgr.exe " = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
" C:\Program Files\Microsoft ActiveSync\wcescomm.exe " = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
" C:\Program Files\Microsoft ActiveSync\WCESMgr.exe " = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
" 26675:TCP " = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
.
.
------- Skan uzupe3niaj1cy -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 14:27:22
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


**************************************************************************
.
------------------------ Pozosta3e uruchomione procesy ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Czas ukonczenia: 2008-10-28 14:29:03 - komputer zosta3 uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-10-28 13:29:01

Przed: 26 664 853 504 bajtów wolnych
Po: 26,645,401,600 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT= " Microsoft Windows Recovery Console " /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= " Microsoft Windows XP Home Edition " /noexecute=optin /fastdetect

214 --- E O F --- 2008-10-24 08:19:10


Download file - link to post