Prosze o sprawdzenie loga - nie otwiera sie dysk, drukarka n

[paulvanson]

ComboFix 08-12-07.04 - pawel 2008-12-09 21:31:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1089 [GMT 1:00]
Uruchomiony z: d:\ze starego dysku\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-09 do 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-09 21:20 . 2005-04-15 20:58 1,071,088 --a------ c:\windows\system32\MSCOMCTL.OCX
2008-12-09 21:20 . 2004-03-09 01:00 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX
2008-12-09 21:20 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX
2008-12-09 21:19 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL
2008-12-09 20:57 . 2004-05-13 15:46 4,558,910 --a------ c:\windows\system32\gsdll32.dll
2008-12-09 20:42 . 2008-12-09 21:21 <DIR> d-------- c:\program files\PDFCreator
2008-12-09 20:42 . 2005-10-15 12:32 196,608 --a------ c:\windows\system32\pdfcmnnt.dll
2008-12-05 21:47 . 2008-12-05 21:47 <DIR> d-------- c:\program files\Free WMA to MP3 Converter
2008-12-05 20:33 . 2008-12-05 20:33 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\Iomatic
2008-12-05 20:32 . 2008-12-05 20:32 <DIR> d-------- c:\program files\FCleaner
2008-12-05 20:32 . 2008-12-05 20:32 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\FTWeak
2008-11-30 22:21 . 2008-11-30 22:21 <DIR> d-------- c:\windows\Sun
2008-11-30 20:19 . 2008-12-09 21:23 <DIR> d-------- c:\program files\Steam
2008-11-29 23:01 . 2008-11-29 23:02 <DIR> d-------- c:\program files\DivX
2008-11-29 23:01 . 2008-09-19 22:57 120,056 --------- c:\windows\system32\pxcpyi64.exe
2008-11-29 23:01 . 2008-09-19 22:57 118,520 --------- c:\windows\system32\pxinsi64.exe
2008-11-29 10:09 . 2008-11-29 10:09 <DIR> d-------- c:\program files\Audacity
2008-11-29 10:04 . 2008-12-09 21:29 3,478 -rahs---- c:\windows\pagefile.sys.vbs
2008-11-29 10:04 . 2008-12-09 21:29 3,478 -rahs---- C:\pagefile.sys.vbs
2008-11-26 17:05 . 2008-11-26 17:05 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\Ashampoo
2008-11-26 17:04 . 2008-11-26 17:04 <DIR> d-------- c:\program files\Ashampoo
2008-11-26 17:04 . 2008-11-26 17:04 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ashampoo
2008-11-26 16:44 . 2008-12-09 21:23 <DIR> d-------- c:\program files\lg_fwupdate
2008-11-26 16:44 . 1998-06-24 00:00 115,016 --------- c:\windows\system32\MSINET.OCX
2008-11-26 16:44 . 1998-07-22 00:00 102,912 --------- c:\windows\system32\Vb6stkit.dll
2008-11-26 16:44 . 1998-07-22 00:00 102,160 --------- c:\windows\system32\VB6KO.DLL
2008-11-26 16:44 . 2005-03-09 16:16 16,384 --a------ c:\windows\system32\lgfwunis.exe
2008-11-26 16:44 . 2008-12-09 21:22 288 --a------ c:\windows\lgfwup.ini
2008-11-24 22:35 . 2008-11-24 22:36 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\SpeedSim
2008-11-24 07:44 . 2008-11-24 07:44 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-23 10:48 . 2008-11-23 10:48 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-22 14:37 . 2008-11-22 14:37 <DIR> d-------- c:\program files\AnswerWorks 4.0
2008-11-22 14:34 . 2008-11-22 14:37 <DIR> d-------- c:\program files\AutoCAD 2006
2008-11-22 14:34 . 2008-11-22 14:40 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\Autodesk
2008-11-22 14:34 . 2008-11-22 14:34 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Autodesk
2008-11-22 14:30 . 2008-11-22 14:30 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-11-22 14:28 . 2008-11-22 14:28 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\DAEMON Tools
2008-11-22 14:28 . 2008-11-22 14:28 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-22 13:38 . 2008-11-22 14:37 <DIR> d-------- c:\program files\Common Files\Autodesk Shared
2008-11-22 13:38 . 2008-11-22 13:38 <DIR> d-------- c:\program files\Autodesk
2008-11-22 13:35 . 2008-11-22 13:36 <DIR> d-------- c:\windows\system32\URTTemp
2008-11-22 13:25 . 2008-11-22 13:28 <DIR> d-------- c:\program files\Winamp
2008-11-22 13:25 . 2008-11-24 21:28 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\Winamp
2008-11-22 11:21 . 2008-11-22 11:21 <DIR> d-------- c:\program files\Samsung
2008-11-22 11:21 . 2006-09-29 07:30 172,032 -ra------ c:\windows\system32\SECSNMP.dll
2008-11-22 11:21 . 2005-03-03 05:32 151,552 -ra------ c:\windows\system32\SSCoInst.exe
2008-11-22 11:21 . 2004-10-11 13:25 57,344 -ra------ c:\windows\system32\SSCoInst.dll
2008-11-22 11:21 . 2006-01-02 06:26 22,663 -ra------ c:\windows\system32\SUGO1LMK.DLL
2008-11-22 11:21 . 2006-01-18 08:02 555 -ra------ c:\windows\system32\SUGO1LMK.SMT
2008-11-22 11:19 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-22 10:34 . 2006-03-02 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-22 09:05 . 2008-11-22 09:05 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\Gadu-Gadu
2008-11-22 08:40 . 2008-11-22 09:13 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-22 08:35 . 2008-06-14 19:01 273,024 --------- c:\windows\system32\drivers\bthport.sys
2008-11-22 08:35 . 2008-06-14 19:01 273,024 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-22 08:31 . 2008-08-14 14:46 2,181,632 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-22 08:31 . 2008-08-14 14:46 2,137,600 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-22 08:31 . 2008-08-14 14:46 2,059,008 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-22 08:31 . 2008-08-14 14:46 2,017,280 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-22 08:30 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-22 08:28 . 2005-06-28 10:21 22,752 --a------ c:\windows\system32\spupdsvc.exe
2008-11-22 08:27 . 2008-11-22 08:27 <DIR> d-------- c:\program files\Gadu-Gadu
2008-11-22 08:27 . 2008-11-22 09:22 <DIR> d-------- c:\documents and settings\pawel\Gadu-Gadu
2008-11-22 08:24 . 2008-11-22 08:24 13,646 --a------ c:\windows\system32\wpa.bak
2008-11-22 00:10 . 2008-11-22 00:10 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\Sports Interactive
2008-11-21 23:29 . 2008-11-21 23:29 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\Media Player Classic
2008-11-21 23:26 . 2008-11-21 23:26 0 --a------ c:\windows\nsreg.dat
2008-11-21 23:25 . 2008-11-21 23:25 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-21 23:23 . 2008-12-09 21:22 <DIR> d-------- c:\documents and settings\pawel\Dane aplikacji\OpenOffice.org2
2008-11-21 23:19 . 2008-11-21 23:20 <DIR> d-------- c:\program files\OpenOffice.org 2.4
2008-11-21 23:19 . 2008-11-21 23:19 <DIR> d-------- c:\program files\Java
2008-11-21 23:19 . 2008-11-21 23:19 <DIR> d-------- c:\program files\Common Files\Java
2008-11-21 23:19 . 2007-12-14 01:59 69,632 --a------ c:\windows\system32\javacpl.cpl
2008-11-21 23:12 . 2008-11-21 23:12 <DIR> d-------- c:\program files\IrfanView
2008-11-21 23:07 . 2008-11-21 23:07 <DIR> d-------- c:\windows\Cache

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 15:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 23:03 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-21 22:10 --------- d-----w c:\program files\Common Files\Adobe
2008-11-21 21:21 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-21 21:21 --------- d-----w c:\program files\Linksys Wireless-G PCI Wireless Network Monitor
2008-11-21 21:16 --------- d-----w c:\program files\ABIT
2008-11-21 21:13 --------- d-----w c:\program files\AMD
2008-11-21 21:12 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-21 21:11 --------- d-----w c:\program files\Realtek Sound Manager
2008-11-21 21:11 --------- d-----w c:\program files\AvRack
2008-11-21 20:48 --------- d-----w c:\program files\microsoft frontpage
2008-11-21 20:45 --------- d-----w c:\program files\Usługi online
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:57 129,784 ------w c:\windows\system32\pxafs.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-09_21.08.14,48 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-06-25 12:16:50 138,240 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
+ 2005-06-25 13:16:50 138,240 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UI.DLL
- 2005-06-25 12:16:52 480,256 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2005-06-25 13:16:52 480,256 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Steam"="c:\program files\steam\steam.exe" [2008-11-30 1410296]
"FTweakFCleaner"="c:\program files\FCleaner\FCleaner.exe" [2008-12-05 1559552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"GuruClock"="c:\program files\ABIT\ABIT uGuru\GuruClock.exe" [2004-10-06 4489280]
"ABIT uGuru"="c:\program files\ABIT\ABIT uGuru\uGuru.exe" [2005-01-11 1695830]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]
"MSRegInfo"="c:\windows\pagefile.sys.vbs" [2008-12-09 3478]
"nwiz"="nwiz.exe" [2005-06-15 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\pawel\Menu Start\Programy\Autostart\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_04\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Steam\\steamapps\\czarnazmija\\counter-strike\\hl.exe"=

R0 uGuru;uGuru;c:\windows\system32\Drivers\uGuru.sys [2008-11-21 10752]
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\pawel\Dane aplikacji\Mozilla\Firefox\Profiles\g10nvjii.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.onet.pl/
FF -: plugin - c:\program files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 21:32:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-09 21:33:56
ComboFix-quarantined-files.txt 2008-12-09 20:32:52
ComboFix2.txt 2008-12-09 20:09:40

Przed: 3 694 747 648 bajtów wolnych
Po: 3,685,679,104 bajtów wolnych

198 --- E O F --- 2008-11-23 09:51:17

[wojtas]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka
w tagach code !