combo fix log.txt

Same włączaja strony z grami i reklamami w internet explorer

Dołączam logi, prośba o wgląd. Dzięki z góry.


ComboFix 10-11-02.06 - Józek 2010-11-03 18:38:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.498 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Józek\Pulpit\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Usuni?to )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Us?ugi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Pliki utworzone od 2010-10-03 do 2010-11-03 )))))))))))))))))))))))))))))))
.

2010-11-03 16:47 . 2010-11-03 16:47 580096 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-11-03 16:45 . 2010-11-03 16:45 -------- d-----w- c:\windows\ERUNT
2010-11-03 16:35 . 2010-11-03 17:06 -------- d-----w- C:\SDFix
2010-11-03 16:26 . 2010-11-03 16:27 -------- d-----w- c:\documents and settings\Administrator
2010-11-02 21:34 . 2010-11-02 21:34 -------- d-----w- c:\documents and settings\Józek\Dane aplikacji\Avira
2010-11-02 16:51 . 2010-11-02 16:15 217088 ----a-w- c:\windows\Nkalub.exe
2010-11-02 16:14 . 2010-11-02 16:14 217088 ----a-w- c:\windows\Nkalua.exe
2010-11-01 20:38 . 2010-11-01 20:41 -------- d-----w- c:\program files\ABBYY FineReader 8.0 Professional Edition
2010-10-31 20:40 . 2010-10-31 20:40 -------- d-----w- c:\documents and settings\Józek\Dane aplikacji\ABBYY
2010-10-31 20:36 . 2010-10-31 20:36 -------- d-----w- c:\program files\Common Files\ABBYY
2010-10-31 20:35 . 2010-10-31 20:45 -------- d-----w- c:\documents and settings\Józek\Ustawienia lokalne\Dane aplikacji\ABBYY
2010-10-31 20:35 . 2010-10-31 20:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ABBYY
2010-10-31 20:35 . 2010-10-31 20:38 -------- d-----w- c:\program files\ABBYY FineReader 9.0
2010-10-28 18:35 . 2010-10-28 18:35 -------- d-----w- c:\documents and settings\Józek\Dane aplikacji\eClicto
2010-10-28 18:35 . 2010-10-28 18:35 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\eclicto
2010-10-28 18:34 . 2010-05-05 10:02 9663584 ----a-w- c:\windows\system32\VSPDFViewerX.ocx
2010-10-24 19:49 . 2010-10-24 19:49 -------- d-----w- c:\documents and settings\Józek\Ustawienia lokalne\Dane aplikacji\VideoDownloader
2010-10-24 19:45 . 2010-10-24 19:45 -------- d-----w- c:\documents and settings\Józek\Ustawienia lokalne\Dane aplikacji\RMF RDS
2010-10-24 18:55 . 2010-10-30 17:26 -------- d-----w- c:\documents and settings\Józek\Dane aplikacji\GetRightToGo
2010-10-22 18:22 . 2010-10-22 18:23 -------- d-----w- c:\program files\SC
2010-10-07 19:53 . 2010-10-07 19:55 -------- d-----w- c:\program files\Screamer Radio
2010-10-06 18:27 . 2010-10-31 20:41 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 19:47 . 2009-05-12 19:45 7349752 ----a-w- c:\program files\FLV PlayerATBSetup.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid?owe wpisy nie s? pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
" {ba14329e-9550-4989-b3f2-9732e92d17cc} " = " c:\program files\Vuze_Remote\tbVuze.dll " [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 13:02 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2010-06-06 14:38 392112 ----a-w- c:\program files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-09-12 13:02 3863136 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
" {0974BA1E-64EC-11DE-B2A5-E43756D89593} " = " c:\program files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll " [2009-12-20 87480]
" {ba14329e-9550-4989-b3f2-9732e92d17cc} " = " c:\program files\Vuze_Remote\tbVuze.dll " [2010-09-12 3863136]
" {30F9B915-B755-4826-820B-08FBA6BD249D} " = " c:\program files\ConduitEngine\ConduitEngine.dll " [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
" {BA14329E-9550-4989-B3F2-9732E92D17CC} " = " c:\program files\Vuze_Remote\tbVuze.dll " [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" NeroFilterCheck " = " c:\program files\Common Files\Ahead\Lib\NeroCheck.exe " [2007-03-01 153136]
" avgnt " = " c:\program files\Avira\AntiVir Desktop\avgnt.exe " [2010-08-02 281768]
" ISUSPM Startup " = " c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe " [2004-06-16 221184]
" ISUSScheduler " = " c:\program files\Common Files\InstallShield\UpdateService\issch.exe " [2004-06-16 81920]
" ISTray " = " c:\program files\Spyware Doctor\pctsTray.exe " [2008-08-25 1168264]
" SunJavaUpdateSched " = " c:\program files\Common Files\Java\Java Update\jusched.exe " [2010-02-18 248040]
" Malwarebytes' Anti-Malware " = " c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe " [2010-04-29 437584]
" DataMngr " = " c:\progra~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe " [2010-06-06 796600]
" Adobe Reader Speed Launcher " = " c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe " [2010-09-23 35760]
" Adobe ARM " = " c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe " [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\CTFMON.EXE " [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@= " "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@= " "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microtek Scanner Finder.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microtek Scanner Finder.lnk
backup=c:\windows\pss\Microtek Scanner Finder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Józek^Menu Start^Programy^Autostart^Rejestrowanie produktów Corela.lnk]
path=c:\documents and settings\Józek\Menu Start\Programy\Autostart\Rejestrowanie produktów Corela.lnk
backup=c:\windows\pss\Rejestrowanie produktów Corela.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Józek^Menu Start^Programy^Autostart^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk]
path=c:\documents and settings\Józek\Menu Start\Programy\Autostart\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
" EnableFirewall " = 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\Opera\\opera.exe " =
" c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE " =
" c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE " =
" c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE " =
" c:\\Program Files\\uTorrent\\uTorrent.exe " =
" c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe " =
" c:\\Program Files\\Vuze\\Azureus.exe " =
" c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe " =
" c:\\Program Files\\eMule\\emule.exe " =

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
" 6881:TCP " = 6881:TCP:azureus port

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-06 135336]
R2 BjsPort;Canon BJ Scanner Port Driver;c:\windows\system32\drivers\BjsPort.sys [2010-03-17 14656]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-11-03 304464]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2010-06-19 3608]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-02-08 356920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-03 20952]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-10-03 450560]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys -- & gt; c:\windows\system32\Drivers\e4ldr.sys [?]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys -- & gt; c:\windows\system32\DRIVERS\e4usbaw.sys [?]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS -- & gt; c:\program files\WinFast\WFDTV\WFIOCTL.SYS [?]

--- Inne Us?ugi/Sterowniki w Pami?ci ---

*Deregistered* - mchInjDrv
.
Zawartoœae folderu 'Zaplanowane zadania'
.
.
------- Skan uzupe?niaj?cy -------
.
uStart Page = hxxp://search.bearshare.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E & ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - USUNI?TO PUSTE WPISY - - - -

MSConfigStartUp-WinFast Schedule - c:\program files\WinFast\WFDTV\WFWIZ.exe
MSConfigStartUp-WinFastDTV - c:\program files\WinFast\WFDTV\DTVSchdl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-03 18:50
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyœlnie uko?czone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= " FlashBroker "
" LocalizedString " = " @c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
" Enabled " =dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= " c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= " {FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= " IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= " {00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= " {FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
" Version " = " 1.0 "
.
------------------------ Pozosta?e uruchomione procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas uko?czenia: 2010-11-03 18:56:45 - komputer zosta? uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-11-03 17:56
ComboFix2.txt 2009-07-28 09:47
ComboFix3.txt 2009-07-06 19:46

Przed: 3 136 847 872 bajtów wolnych
Po: 4 568 006 656 bajtów wolnych

- - End Of File - - 512459E3719DECE452921D1A35BD729E


Pobierz plik - link do postu