ComboFix.txt

Prośba o sprawdzenie loga z combofix

Witam! Swego czasu walczyłem z wirusem Satelity,miałem dużo zainfekowanych plików .exe obyło się bez formatu wszystkich partycji, sformatowałem tylko dysk C. Od kilku dniu mam problem z instalacją progamów, w związku z czym proszę o sprawdzenie loga z combofixa. Nadmienię że dr.wed, adw cleaner i tddskiller nie wykrywają żadnych zagrożeń.


.
ComboFix 12-12-12.01 - Simplusik 2012-12-13 12:46:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1527.964 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Simplusik\Pulpit\ComboFix.exe
AV: AVG update module *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Usuni?to )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\fhmd.pif
C:\gwyndv.exe
C:\rpph.exe
C:\uvuwru.pif
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\89f005447b864a60.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\slbiop.dll.tmp
D:\gjxva.pif
D:\hknlmg.exe
D:\jvlwp.pif
D:\lrgmy.pif
D:\ufki.pif
D:\xwmq.pif
F:\bxsmq.pif
G:\chda.exe
G:\hiby.pif
G:\mnfqel.pif
G:\ovwg.exe
G:\pgpj.pif
G:\wvxbnn.pif
G:\xlmu.exe
H:\elhlr.pif
H:\hoel.exe
H:\iihwh.pif
H:\mmakf.pif
I:\cgxq.exe
I:\kvyut.pif
I:\lspf.exe
I:\ummd.exe
I:\xasm.exe
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Us?ugi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Legacy_XPROTECTOR
-------\Service_amsint32
-------\Service_XPROTECTOR
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-11-13 do 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-13 12:03 . 2012-12-13 12:03 -------- d-----w- c:\documents and settings\Simplusik\Dane aplikacji\Gadu-Gadu
2012-12-12 09:27 . 2012-12-12 14:20 -------- d-----w- c:\program files\Gadu-Gadu
2012-12-12 09:09 . 2012-12-12 09:09 -------- d-----w- c:\documents and settings\Simplusik\Dane aplikacji\AVG2013
2012-12-12 09:08 . 2012-12-12 09:08 -------- d-----w- C:\$AVG
2012-12-11 14:33 . 2012-12-12 09:21 -------- d-----w- c:\documents and settings\Simplusik\Ustawienia lokalne\Dane aplikacji\Avg2013
2012-12-11 13:35 . 2010-05-22 13:48 26880 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-12-11 13:35 . 2010-05-22 13:48 70656 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-12-11 13:35 . 2010-05-22 13:48 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-12-11 13:35 . 2010-05-22 13:48 51584 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-12-11 13:35 . 2010-06-01 13:07 117504 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-12-11 13:35 . 2010-03-25 09:08 105728 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-12-11 13:35 . 2010-03-20 11:06 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-12-11 13:35 . 2007-08-09 03:13 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-12-11 13:35 . 2010-03-20 10:56 101504 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-12-11 10:39 . 2012-12-11 10:41 -------- d-s---w- c:\documents and settings\Simplusik\GG dysk
2012-12-11 10:34 . 2012-12-11 10:34 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\GG
2012-12-11 10:34 . 2012-12-12 14:16 -------- d-----w- c:\documents and settings\Simplusik\Dane aplikacji\GG
2012-12-11 10:33 . 2012-12-11 13:44 -------- d-----w- c:\documents and settings\Simplusik\Ustawienia lokalne\Dane aplikacji\GG
2012-12-11 09:47 . 2012-12-11 09:47 41984 ----a-w- c:\windows\system32\drivers\Xprotector.sys
2012-12-10 14:49 . 2012-12-10 14:50 -------- d-----w- c:\program files\Mobile Phone Manager
2012-12-10 14:32 . 2012-12-10 14:32 99044 --sh--r- C:\hugwm.exe
2012-12-10 14:31 . 2012-12-10 14:31 99044 --sh--r- C:\mjelqg.exe
2012-12-03 13:24 . 2009-11-26 07:32 87424 ----a-w- c:\windows\system32\drivers\BMserNmea.sys
2012-12-03 13:24 . 2009-11-26 07:32 87424 ----a-w- c:\windows\system32\drivers\BMserDiag.sys
2012-12-03 13:24 . 2009-11-26 07:32 87424 ----a-w- c:\windows\system32\drivers\BMusbmdm.sys
2012-12-03 09:09 . 2012-12-03 09:09 -------- d-----w- c:\documents and settings\Simplusik\Dane aplikacji\Nokia
2012-12-03 09:08 . 2012-12-03 09:08 -------- d-----w- c:\windows\system32\LogFiles
2012-11-22 11:05 . 2012-11-22 11:05 -------- d-----w- c:\windows\Downloaded Installations
2012-11-22 11:04 . 2012-11-22 11:04 65536 ----a-r- c:\documents and settings\Simplusik\Dane aplikacji\Microsoft\Installer\{DFE970EE-419F-4C5A-91D8-655CF82E90F1}\SCout.exe_418B3CF798C2432386FBA0DC644B1474_1.exe
2012-11-22 11:04 . 2012-11-22 11:04 65536 ----a-r- c:\documents and settings\Simplusik\Dane aplikacji\Microsoft\Installer\{DFE970EE-419F-4C5A-91D8-655CF82E90F1}\ARPPRODUCTICON.exe
2012-11-22 11:03 . 2012-11-22 11:03 -------- d-----w- c:\documents and settings\Simplusik\Ustawienia lokalne\Dane aplikacji\GsmServer
2012-11-22 10:54 . 2005-08-03 15:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2012-11-22 10:54 . 2005-08-03 15:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2012-11-22 10:41 . 2012-11-22 10:41 99044 --sh--r- C:\lowryq.exe
2012-11-22 10:41 . 2001-12-27 09:59 716800 ----a-w- c:\windows\system32\Wibuke32.cpl
2012-11-22 10:41 . 2001-12-27 09:59 57552 ----a-w- c:\windows\system32\WKDOS.EXE
2012-11-22 10:41 . 2001-12-27 09:59 29696 ----a-w- c:\windows\system32\drivers\Wibukey2.sys
2012-11-22 10:41 . 2001-12-27 09:59 52736 ----a-w- c:\windows\system\WkWin.dll
2012-11-22 10:41 . 2001-12-27 09:59 139264 ----a-w- c:\windows\system32\WkWin32.dll
2012-11-22 10:41 . 2001-12-27 09:59 67072 ----a-w- c:\windows\system32\drivers\Wibukey.sys
2012-11-22 10:41 . 2012-11-22 10:41 -------- d-----w- c:\program files\WIBUKEY
2012-11-22 10:41 . 2012-11-22 10:41 -------- d-----w- c:\program files\WIBU-SYSTEMS
2012-11-22 10:37 . 2012-11-22 10:37 -------- d-----w- C:\Binaries
2012-11-22 10:37 . 2012-11-22 11:24 -------- d-----w- c:\program files\Motorola
2012-11-22 10:33 . 2012-11-22 10:37 237568 ----a-w- c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IScript8.dll
2012-11-22 10:33 . 2012-11-22 10:37 32768 ----a-w- c:\program files\Common Files\InstallShield\Driver\8\Intel 32\objps8.dll
2012-11-22 10:33 . 2012-11-22 10:37 327680 ----a-w- c:\program files\Common Files\InstallShield\Driver\8\Intel 32\ISRT.dll
2012-11-22 10:33 . 2012-11-22 10:37 188416 ----a-w- c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IUser8.dll
2012-11-22 10:33 . 2012-11-22 10:37 647168 ----a-w- c:\program files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe
2012-11-22 10:33 . 2012-11-22 10:37 290816 ----a-w- c:\program files\Common Files\InstallShield\Driver\8\Intel 32\_ISRES1033.dll
2012-11-22 09:51 . 2009-07-14 11:27 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-11-16 09:12 . 2012-11-16 09:13 -------- d-----w- c:\documents and settings\Simplusik\Ustawienia lokalne\Dane aplikacji\Nokia
2012-11-16 09:12 . 2012-12-03 09:08 -------- d-----w- c:\documents and settings\Simplusik\Dane aplikacji\PC Suite
2012-11-16 09:12 . 2012-12-03 09:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PC Suite
2012-11-16 09:08 . 2012-11-16 09:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nokia
2012-11-16 09:06 . 2012-06-27 14:18 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-11-16 09:05 . 2012-11-16 09:05 -------- d-----w- c:\program files\PC Connectivity Solution
2012-11-16 09:05 . 2012-06-11 13:17 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2012-11-16 09:05 . 2012-06-11 13:17 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2012-11-16 09:05 . 2012-06-11 13:17 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2012-11-16 09:05 . 2012-06-11 13:17 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2012-11-16 09:04 . 2012-06-11 13:17 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2012-11-16 09:04 . 2012-06-11 13:17 18560 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2012-11-16 08:56 . 2012-11-16 08:56 -------- d-----w- c:\program files\MSXML 6.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-10 10:04 . 2012-09-15 16:39 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-10 10:04 . 2012-09-15 16:39 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-09 14:16 . 2012-11-09 14:16 3567 ----a-w- c:\windows\system32\drivers\PortTalk.sys
2012-11-03 08:56 . 2012-11-03 08:56 106496 ----a-r- c:\documents and settings\Simplusik\Dane aplikacji\Microsoft\Installer\{935C0E2B-CCC7-4424-ADB3-5A27D527F1D6}\NewShortcut1_935C0E2BCCC74424ADB35A27D527F1D6.exe
2012-11-03 08:56 . 2012-11-03 08:56 106496 ----a-r- c:\documents and settings\Simplusik\Dane aplikacji\Microsoft\Installer\{935C0E2B-CCC7-4424-ADB3-5A27D527F1D6}\ARPPRODUCTICON.exe
2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-22 11:54 . 2012-10-22 11:54 42752 ----a-w- c:\windows\system32\drivers\motodrv.sys
2012-10-22 11:54 . 2012-10-22 11:54 24576 ----a-w- c:\windows\system32\drivers\motmodem.sys
2012-10-22 11:54 . 2012-10-22 11:54 15616 ----a-w- c:\windows\system32\mot_ci.dll
2012-10-22 11:54 . 2011-07-20 15:23 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2012-10-15 02:48 . 2012-10-15 02:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-12 08:49 . 2012-10-12 08:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-12 08:49 . 2012-10-12 08:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-05 02:32 . 2012-10-05 02:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 02:30 . 2012-10-02 02:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-29 10:49 . 2012-09-29 10:49 26 ----a-w- c:\windows\fiupd.bat
2012-09-26 17:57 . 2008-04-15 11:00 510464 ----a-w- c:\windows\system32\winlogon.exe
2012-09-24 21:16 . 2012-10-26 14:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-21 02:46 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 02:45 . 2012-09-21 02:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-15 17:32 . 2012-09-15 17:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-15 17:32 . 2012-09-15 17:32 1060864 ----a-w- c:\windows\system32\mfc71.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-09-26 . 66ECFE388AD1BD281DD3391B756670CF . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid?owe wpisy nie s? pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay1]
@= " {E68D0A50-3C40-4712-B90D-DCFA93FF2534} "
[HKEY_CLASSES_ROOT\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay2]
@= " {E68D0A51-3C40-4712-B90D-DCFA93FF2534} "
[HKEY_CLASSES_ROOT\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay3]
@= " {E68D0A52-3C40-4712-B90D-DCFA93FF2534} "
[HKEY_CLASSES_ROOT\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GGDriveOverlay4]
@= " {E68D0A53-3C40-4712-B90D-DCFA93FF2534} "
[HKEY_CLASSES_ROOT\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534}]
2012-06-05 09:41 1232896 ----a-w- c:\documents and settings\All Users\Dane aplikacji\GG\ggdrive\ggdrive-overlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" Gadu-Gadu " = " c:\program files\Gadu-Gadu\gg.exe " [2008-03-20 2127296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" AVG_UI " = " c:\program files\AVG\AVG2013\avgui.exe " [2012-11-06 3143800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\CTFMON.EXE " [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-15 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GG]
2012-12-06 11:43 3377288 ----a-w- c:\documents and settings\Simplusik\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 10:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 10:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 10:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
" AntiVirusOverride " =dword:00000001
" FirewallOverride " =dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
" AntiVirusOverride " =dword:00000001
" AntiVirusDisableNotify " =dword:00000001
" FirewallDisableNotify " =dword:00000001
" FirewallOverride " =dword:00000001
" UpdatesDisableNotify " =dword:00000001
" UacDisableNotify " =dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
" EnableFirewall " = 0 (0x0)
" DisableNotifications " = 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\Network Diagnostic\\xpnetdiag.exe " =
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\uTorrent\\uTorrent.exe " =
" h:\\do kompa\\wrar380pl.exe " =
" c:\\Program Files\\Gadu-Gadu\\gg.exe " =
" c:\\Documents and Settings\\Simplusik\\Dane aplikacji\\PLAY ONLINE\\ouc.exe " =
" c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe " =
" c:\\WINDOWS\\system32\\igfxtray.exe " =
" c:\\WINDOWS\\system32\\muzapp.exe " =
" c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe " =
" c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe " =
" c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe " =
" c:\\Program Files\\Opera\\opera.exe " =
" h:\\GSM\\MOTO\\darmówki\\pst_717_working\\pst_717_working\\PST_7.1.7.exe " =
" h:\\GSM\\SIEMENS\\PapuaUtils\\x65PapuaSoft_v0.9.5\\x65PapuaSoft_v0.9.5\\x65PapuaSoft_s.exe " =
" c:\\Documents and Settings\\All Users\\Dane aplikacji\\DatacardService\\DataCard_Setup.exe " =
" h:\\GSM\\SIEMENS\\MPMSetup4.05.46.11.4.0_SmartSync_pl-PL\\SETUP.EXE " =
" h:\\GSM\\SIEMENS\\PapuaUtils\\x65PapuaUtilsV078\\x65PapuaUtilsV078.exe " =
" c:\\Program Files\\Cyclone Box\\Cyclone.exe " =
" c:\\Documents and Settings\\Simplusik\\Ustawienia lokalne\\Dane aplikacji\\GG\\Application\\gghub.exe " =
" c:\\Program Files\\PLAY ONLINE\\PLAY ONLINE.exe " =
" c:\\Program Files\\CCleaner\\CCleaner.exe " =
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-09-21 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-09-14 35552]
R0 firadisk;FiraDisk Virtual Disk Driver;c:\windows\system32\drivers\firadisk.sys [2011-02-21 21872]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-09-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-02 159712]
R3 cyclonebox;Cyclone Box Service;c:\windows\system32\drivers\cyclonebox.sys [2012-09-17 37184]
R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [2012-09-07 15328]
R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [2012-09-07 13440]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-12-11 117504]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-12-11 70656]
S3 BMserDiag;Global Wireless Application Port2;c:\windows\system32\drivers\BMserDiag.sys [2012-12-03 87424]
S3 BMserNmea;Global Wireless Application Port3;c:\windows\system32\drivers\BMserNmea.sys [2012-12-03 87424]
S3 BMusbmdm;Global Wireless USB Driver;c:\windows\system32\drivers\BMusbmdm.sys [2012-12-03 87424]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-10-02 83168]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2012-10-02 20032]
S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [2012-09-07 18880]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-12-11 101504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-09-17 12400]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys -- & gt; c:\windows\system32\drivers\massfilter.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2012-10-22 42752]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-11-16 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-11-16 8576]
.
--- Inne Us?ugi/Sterowniki w Pami?ci ---
.
*NewlyCreated* - WS2IFSL
.
Zawartoœae folderu 'Zaplanowane zadania'
.
2012-12-13 c:\windows\Tasks\User_Feed_Synchronization-{A1D46E3E-D84D-4B16-A92C-B1B1FE792576}.job
- c:\windows\system32\msfeedssync.exe [2012-07-11 21:45]
.
.
------- Skan uzupe?niaj?cy -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10025
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10025
Trusted Zone: gsmserver.com\www
TCP: DhcpNameServer = 89.108.195.21 89.108.202.21
DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} - hxxp://www.gsmserver.com/smartclip/SmartClip.cab
.
- - - - USUNI?TO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-HW_OPENEYE_OUC_PLAY ONLINE - c:\program files\PLAY ONLINE\UpdateDog\ouc.exe
AddRemove-{585C5E36-62B1-4CA1-827B-83C4A4486CA5} - c:\program files\InstallShield Installation Information\{585C5E36-62B1-4CA1-827B-83C4A4486CA5}\setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-{E22E26FA-575A-4122-BB39-90321F1CF19C} - c:\program files\InstallShield Installation Information\{E22E26FA-575A-4122-BB39-90321F1CF19C}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-13 13:31
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyœlnie uko?czone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - & gt; 'explorer.exe'(1648)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\WIBU-SYSTEMS\System\WibuShellExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
.
Czas uko?czenia: 2012-12-13 13:32:56
ComboFix-quarantined-files.txt 2012-12-13 12:32
ComboFix2.txt 2012-12-13 12:17
.
Przed: 69 744 930 816 bajtów wolnych
Po: 69 734 899 712 bajtów wolnych
.
- - End Of File - - D590F5AB82923D752FC805A3C528A687


Pobierz plik - link do postu