Prosze o sprawdzenie loga

[Anusiek]

ComboFix 08-09-20.05 - Anka 2008-09-21 14:30:16.1 - NTFSx86
Running from: C:\Users\Anka\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\Packet.dll
C:\Windows\system32\pthreadVC.dll
C:\Windows\system32\WanPacket.dll
C:\Windows\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-21 to 2008-09-21 )))))))))))))))))))))))))))))))
.

2008-09-17 00:10 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-17 00:10 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-17 00:10 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-17 00:10 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-17 00:10 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-17 00:10 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-17 00:10 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-17 00:09 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-17 00:09 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-09 23:14 . 2008-07-31 01:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 23:14 . 2008-07-31 05:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-09 23:14 . 2008-06-26 05:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 23:14 . 2008-07-31 05:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-02 22:28 . 2008-09-02 22:28 <DIR> d-------- C:\C
2008-08-23 19:49 . 2008-08-23 19:52 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-23 19:49 . 2008-08-23 19:52 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-23 19:49 . 2008-08-23 19:49 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-23 19:49 . 2008-08-23 19:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 09:11 . 2008-08-22 09:11 <DIR> d-------- C:\B

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 10:10 184,152 ----a-w C:\Users\Anka\AppData\Roaming\nvModes.dat
2008-09-13 22:00 --------- d-----w C:\Users\Anka\AppData\Roaming\Skype
2008-09-12 16:51 --------- d-----w C:\Users\Anka\AppData\Roaming\skypePM
2008-08-25 18:51 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs
2008-08-22 22:32 --------- d-----w C:\Program Files\Google
2008-08-22 07:51 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-08-22 07:48 --------- d-----w C:\Users\Anka\AppData\Roaming\OpenOffice.org2
2008-08-22 07:32 --------- d---a-w C:\ProgramData\TEMP
2008-08-22 07:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-14 08:39 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-25 18:32 --------- d-----w C:\ProgramData\Logishrd
2008-07-23 19:00 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-07-23 18:45 --------- d-----w C:\ProgramData\Logitech
2008-07-23 18:45 --------- d-----w C:\Program Files\Logitech
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-09 21:12 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-01-18 15:42 32 ------w C:\Users\All Users\ezsid.dat
2008-01-18 15:42 32 ------w C:\ProgramData\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-06 820520]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"PWMTRV"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-06-18 321072]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2007-06-18 214576]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-09 536576]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-10 1261568]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-25 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-25 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-25 81920]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-11 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"TpShocks"="TpShocks.exe" [2007-03-30 C:\Windows\System32\TpShocks.exe]

C:\Users\Anka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - C:\Program Files\Logitech\QuickCam\eReg.exe [2008-02-13 493832]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-08-03 245760]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 719664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-20 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 07:17 89600 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{1AD13B02-6247-4759-8CA7-D3795C4A3C77}C:\\cygwin\\usr\\x11r6\\bin\\xwin.exe"= UDP:C:\cygwin\usr\x11r6\bin\xwin.exe:XWin
"UDP Query User{93254941-5A1A-4FB7-901F-B130916B5316}C:\\cygwin\\usr\\x11r6\\bin\\xwin.exe"= TCP:C:\cygwin\usr\x11r6\bin\xwin.exe:XWin
"{0DAFC2E6-1013-491C-88D9-11AAB6975424}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A82D86AF-4190-4B19-9349-24AA3B8AE464}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{94C460ED-B4F8-45A5-AF11-9DA75BDD7FF4}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7215835D-277A-4C25-8DFD-791403BDF23B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0C27DDDD-C4D1-427A-9628-360E974E9AB5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E8622B9C-1BC3-4260-9B1B-76F164C765C2}"= UDP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{ACA2E9F4-3E02-437A-AC76-A37CC418D009}"= TCP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete
"{4B85E0CD-81C6-48FE-B36F-E8451A957ECB}"= UDP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{4C1F00A9-4879-473B-AB50-1057DF1DE01D}"= TCP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords
"{5834181E-55B2-4393-B824-018705BE5BA2}"= UDP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"{3D7109BD-3A3F-4B2D-9EE0-DA03E0419EC9}"= TCP:C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword
"TCP Query User{DCB48177-B1F2-47FE-B31D-51CF6B3A064B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D0E7EC33-A1BD-4D3C-B44E-1D6F9F814FB7}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{03C6A967-68AE-4BF6-BFBA-A7E057B8C4CB}C:\\program files\\online tv player\\tvplayer.exe"= UDP:C:\program files\online tv player\tvplayer.exe:TVPlayer
"UDP Query User{56EE7A3A-19EC-401B-BFAE-9D29C169F30B}C:\\program files\\online tv player\\tvplayer.exe"= TCP:C:\program files\online tv player\tvplayer.exe:TVPlayer
"TCP Query User{D18D546D-ACE8-4085-92CD-197451922F2F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8B9A9502-6BB6-4DE9-89C0-F58D501E010D}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{1AE1D9BB-D5AA-4F8A-86EA-34181C2BC092}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{C148E66C-DE68-4DCA-B448-9B1368F5E3C5}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{CCA7B4DE-1230-40EB-AE73-07DCE1D7ADC7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E5892237-FDEE-48B9-AA1C-E716BEC0C6F9}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{8D600FF6-F7B3-4D30-BA51-F710428CC928}C:\\program files\\microsoft office\\office12\\outlook.exe"= UDP:C:\program files\microsoft office\office12\outlook.exe:Microsoft Office Outlook
"UDP Query User{FA441AAC-5604-4056-AA17-17532DF8F9A6}C:\\program files\\microsoft office\\office12\\outlook.exe"= TCP:C:\program files\microsoft office\office12\outlook.exe:Microsoft Office Outlook
"{2583D1C3-9D5A-49EC-AD57-8F1C7F24590F}"= UDP:990:LocalSubnet:LocalSubnet|IF={C254B258-C75C-4923-8BAE-E2DBC13707E7}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 Shockprf;Shockprf;C:\Windows\system32\DRIVERS\Apsx86.sys [2007-03-03 100656]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM86.sys [2007-03-03 19760]
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-09 28120]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys [2007-11-13 81216]
R1 TPPWRIF;TPPWRIF;C:\Windows\system32\drivers\Tppwr32v.sys [2007-06-18 12080]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-05 69632]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-15 11152]
R2 TPHKSVC;On Screen Display;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]
R2 TVT Backup Protection Service;TVT Backup Protection Service;C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-09 569344]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 LVRS;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs.sys [2008-02-06 628760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Mp4 Player - C:\Program Files\Mp4 Player\Mp4Player.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Anka\AppData\Roaming\Mozilla\Firefox\Profiles\nzdswozw.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 14:48:48
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\ibmpmsvc.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\lpremove.exe
C:\Windows\System32\lpksetup.exe
C:\Windows\System32\dllhost.exe
C:\Windows\System32\wercon.exe
.
**************************************************************************
.
Completion time: 2008-09-21 14:57:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-21 12:57:00

Pre-Run: 29'127'081'984 bytes free
Post-Run: 29,425,635,328 bytes free

230 --- E O F --- 2008-09-18 21:37:39

[Okocza]

Anusiek, zastosuj się:

przeczytaj-zanim-wstawisz-logi-na-forum-vt93842.html

[Anusiek]

ok, sorry, nie zauwazylam