Nie moge zobaczyć plików ukrytych i systemowych

[emilkawa]

po ostatnim skanowaniu combofixem, jeden dzień było ok ale znowu to samo, dlatego prosze o pomoc fachowców.

combofix

Kod: Zaznacz wszystko

ComboFix 09-01-21.04 - emil 2009-01-27 18:01:06.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1045.18.959.606 [GMT 1:00]
Running from: g:\cabs\ComboFix.exe
AV: mks_vir 2k7 *On-access scanning disabled* (Updated)
FW: Firewall mks_vir 2k7 *disabled*
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\uvsqfgwd.cmd
D:\uvsqfgwd.cmd
G:\uvsqfgwd.cmd

.
(((((((((((((((((((((((((   Files Created from 2008-12-27 to 2009-01-27  )))))))))))))))))))))))))))))))
.

2009-01-26 10:19 . 2009-01-26 10:19   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-01-23 17:37 . 2009-01-27 13:47   31,882,557   --a------   c:\windows\readm.htz
2009-01-23 15:34 . 2009-01-27 11:34   116   --a------   c:\windows\NeroDigital.ini
2009-01-22 10:04 . 2009-01-27 12:51   95,744   -r-hs----   c:\windows\system32\nmdfgds1.dll
2009-01-21 13:30 . 2009-01-21 13:30   <DIR>   d--------   c:\documents and settings\LocalService\Pulpit
2009-01-21 13:05 . 2009-01-27 12:50   108,512   -r-hs----   c:\windows\system32\olhrwef.exe
2009-01-21 13:05 . 2009-01-27 17:47   95,744   -r-hs----   c:\windows\system32\nmdfgds0.dll
2009-01-20 15:33 . 2009-01-20 15:33   0   --a------   C:\AcrF.tmp
2009-01-20 15:33 . 2009-01-20 15:33   0   --a------   C:\AcrD.tmp
2009-01-20 15:33 . 2009-01-20 15:33   0   --a------   C:\AcrB.tmp
2009-01-20 15:33 . 2009-01-20 15:33   0   --a------   C:\Acr9.tmp
2009-01-20 15:33 . 2009-01-20 15:33   0   --a------   C:\Acr13.tmp
2009-01-20 15:33 . 2009-01-20 15:33   0   --a------   C:\Acr11.tmp
2009-01-20 11:15 . 2004-07-20 17:24   1,568,768   ---------   c:\windows\system32\ImagX7.dll
2009-01-20 11:15 . 2004-07-20 17:24   476,320   ---------   c:\windows\system32\ImagXpr7.dll
2009-01-20 11:15 . 2004-07-20 17:24   471,040   ---------   c:\windows\system32\ImagXRA7.dll
2009-01-20 11:15 . 2004-07-09 09:43   364,544   ---------   c:\windows\system32\TwnLib4.dll
2009-01-20 11:15 . 2004-07-20 17:24   262,144   ---------   c:\windows\system32\ImagXR7.dll
2009-01-20 11:15 . 2000-06-26 11:45   106,496   --a------   c:\windows\system32\TwnLib20.dll
2009-01-20 11:15 . 2001-06-26 08:15   38,912   ---------   c:\windows\system32\picn20.dll
2009-01-20 11:14 . 2009-01-20 11:15   <DIR>   d--------   c:\program files\Common Files\Ahead
2009-01-20 11:14 . 2009-01-20 11:15   <DIR>   d--------   c:\program files\Ahead
2009-01-20 11:14 . 2001-07-09 11:50   155,648   --a------   c:\windows\system32\NeroCheck.exe
2009-01-15 15:51 . 2003-06-12 10:42   16,896   -ra------   c:\windows\system32\drivers\Siemens_Sx1Swup.sys
2009-01-14 14:25 . 2008-03-21 13:57   14,640   ---------   c:\windows\system32\spmsgXP_2k3.dll
2009-01-14 14:25 . 2009-01-14 14:25   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-14 14:25 . 2009-01-14 14:25   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-01-13 14:11 . 2009-01-13 14:10   1,107,296   --a------   c:\windows\system32\WdfCoInstaller01007.dll
2009-01-13 14:11 . 2009-01-13 14:10   109,568   --a------   c:\windows\system32\drivers\zebrmdmc.sys
2009-01-13 14:11 . 2009-01-13 14:10   14,848   --a------   c:\windows\system32\drivers\zebrmdfl.sys
2009-01-13 14:10 . 2009-01-13 14:10   <DIR>   d--------   c:\program files\Sony Ericsson
2009-01-13 13:41 . 2009-01-13 14:10   109,568   --a------   c:\windows\system32\drivers\zebrmdm.sys
2009-01-13 13:41 . 2009-01-13 14:10   83,200   --a------   c:\windows\system32\drivers\zebrbus.sys
2009-01-13 13:41 . 2009-01-13 14:10   12,160   --a------   c:\windows\system32\drivers\zebrwhnt.sys
2009-01-13 13:41 . 2009-01-13 14:10   12,160   --a------   c:\windows\system32\drivers\zebrwh.sys
2009-01-13 13:41 . 2009-01-13 14:10   12,160   --a------   c:\windows\system32\drivers\zebrcmnt.sys
2009-01-13 13:41 . 2009-01-13 14:10   12,160   --a------   c:\windows\system32\drivers\zebrcm.sys
2009-01-13 10:13 . 2009-01-16 14:50   31   --a------   c:\windows\GrandPrix_v1.5.2_XP.INI
2009-01-12 11:27 . 2009-01-12 11:27   <DIR>   d--------   c:\documents and settings\emil\Dane aplikacji\Nokia Multimedia Player
2009-01-07 11:39 . 2009-01-07 11:39   26   --a------   c:\windows\fiupd.bat
2009-01-07 11:38 . 2009-01-07 11:38   <DIR>   d--------   c:\documents and settings\emil\WINDOWS
2009-01-03 12:22 . 2009-01-03 12:23   <DIR>   d--------   c:\program files\DreamBox
2009-01-03 12:22 . 2008-01-31 17:02   17,152   --a------   c:\windows\system32\drivers\dreambox.sys
2009-01-03 11:13 . 2009-01-03 11:14   <DIR>   d--------   c:\documents and settings\emil\Dane aplikacji\cruiser suite
2009-01-02 16:16 . 2009-01-02 16:16   <DIR>   d--------   c:\program files\LG Electronics
2009-01-02 16:16 . 2003-05-22 14:23   34,856   --a------   c:\windows\system32\drivers\lgusbmodem.sys
2009-01-02 16:16 . 2003-05-22 13:26   31,712   --a------   c:\windows\system32\drivers\lgUsbDiag.sys
2009-01-02 16:16 . 2003-05-22 13:25   21,448   --a------   c:\windows\system32\drivers\lgusbbus.sys
2009-01-02 16:11 . 2009-01-02 16:11   77,586   --a------   c:\windows\system32\ASTULog.cab
2009-01-02 16:10 . 2009-01-02 16:10   <DIR>   d--------   c:\windows\ASTULogTemp
2009-01-02 16:10 . 2009-01-02 16:11   1,049   --a------   c:\windows\system32\setup.inf
2009-01-02 16:10 . 2009-01-02 16:11   283   --a------   c:\windows\system32\setup.rpt
2009-01-02 12:53 . 2009-01-02 12:53   <DIR>   d--------   c:\documents and settings\emil\Dane aplikacji\TomTom
2009-01-02 12:52 . 2009-01-02 12:52   <DIR>   d--------   c:\program files\TomTom HOME 2
2008-12-30 16:34 . 2008-12-30 16:34   <DIR>   d--------   c:\program files\Microsoft ActiveSync
2008-12-29 14:16 . 2007-03-27 11:26   88,960   --a------   c:\windows\system32\drivers\hmumdm.sys
2008-12-29 14:09 . 2008-04-13 19:45   32,128   --a------   c:\windows\system32\drivers\usbccgp.sys
2008-12-29 14:09 . 2008-04-13 19:45   32,128   --a--c---   c:\windows\system32\dllcache\usbccgp.sys
2008-12-29 12:20 . 2009-01-08 17:24   <DIR>   d--hs----   c:\documents and settings\emil\Phone Browser
2008-12-27 10:58 . 2008-12-27 10:58   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\LogMeIn
2008-12-27 10:58 . 2008-12-27 10:58   1,024   --a------   C:\.rnd

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 16:47   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\OpenOffice.org2
2009-01-27 14:05   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-27 12:46   24,576   ----a-w   c:\windows\eg0bus.exe
2009-01-17 10:25   ---------   d-----w   c:\program files\Easy-Unlocker
2009-01-15 15:28   ---------   d-----w   c:\program files\Cruiser Suite
2009-01-13 13:10   22,368   ----a-w   c:\windows\system32\drivers\ggsemc.sys
2009-01-13 13:10   10,976   ----a-w   c:\windows\system32\drivers\ggflt.sys
2009-01-08 16:31   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\PC Suite
2009-01-07 12:33   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\uTorrent
2008-12-31 12:11   ---------   d-----w   c:\program files\Cruiser
2008-12-30 16:31   ---------   d-----w   c:\program files\UST Pro 2
2008-12-29 11:47   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\Nokia
2008-12-23 13:20   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-21 09:48   ---------   d-----w   c:\program files\Common Files\Nokia
2008-12-20 10:21   ---------   d-----w   c:\program files\OpenOffice.org 2.2
2008-12-19 14:33   33,824   ----a-w   c:\windows\system32\drivers\oreans32.sys
2008-12-16 17:33   410,984   ----a-w   c:\windows\system32\deploytk.dll
2008-12-16 17:33   ---------   d-----w   c:\program files\Java
2008-12-16 13:54   ---------   d-----w   c:\program files\InfinityBox
2008-12-15 14:42   0   ---ha-w   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-15 14:42   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-12-15 11:42   ---------   d-----w   c:\program files\Common Files\Java
2008-12-13 13:09   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-13 13:09   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\AdobeUM
2008-12-13 12:25   ---------   d-----w   c:\program files\Samsung
2008-12-13 12:25   ---------   d-----w   c:\program files\Common Files\PCSuite
2008-12-13 09:22   ---------   d-----w   c:\program files\SarasSoft
2008-12-13 09:19   ---------   d-----w   c:\program files\Nokia
2008-12-13 09:18   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Installations
2008-12-12 17:09   ---------   d-----w   c:\program files\SagMaster Team
2008-12-12 15:48   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\Gadu-Gadu
2008-12-12 14:03   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\Samsung
2008-12-12 14:02   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\PC Suite
2008-12-12 13:59   ---------   d-----w   c:\program files\PC Connectivity Solution
2008-12-12 13:59   ---------   d-----w   c:\program files\DIFX
2008-12-12 12:55   3,567   ----a-w   c:\windows\system32\drivers\PortTalk.sys
2008-12-12 12:54   ---------   d-----w   c:\program files\Axalto
2008-12-12 12:23   ---------   d-----w   c:\program files\GsmServer
2008-12-12 11:40   ---------   d-----w   c:\program files\uTorrent
2008-12-12 11:22   ---------   d-----w   c:\program files\GriffinTeam
2008-12-12 11:18   ---------   d-----w   c:\program files\Gadu-Gadu
2008-12-12 11:02   ---------   d-----w   c:\program files\mks_vir_2007
2008-12-12 11:00   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-12 10:58   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\NVIDIA
2008-12-12 10:55   ---------   d-----w   c:\program files\Realtek
2008-12-12 10:51   15,600   ----a-w   c:\windows\gdrv.sys
2008-12-12 10:28   315,392   ----a-w   c:\windows\HideWin.exe
2008-12-12 10:23   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\InstallShield
2008-12-12 10:08   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-12 10:07   ---------   d-----w   c:\program files\Us?ugi online
2008-12-11 10:57   333,952   ----a-w   c:\windows\system32\drivers\srv.sys
.

(((((((((((((((((((((((((((((   snapshot@2009-01-24_12.23.05.14   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-18 12:16:40   180,224   ----a-w   c:\windows\Downloaded Program Files\SmartLogin.dll
+ 2007-12-17 14:45:08   23,680   ----a-w   c:\windows\system32\drivers\motmodem.sys
+ 2007-12-17 14:45:08   42,112   ----a-w   c:\windows\system32\drivers\motodrv.sys
+ 2007-12-17 14:45:08   6,144   ----a-w   c:\windows\system32\mot_ci.dll
- 2009-01-24 10:15:30   40,196   ----a-w   c:\windows\system32\perfc009.dat
+ 2009-01-26 17:08:28   40,196   ----a-w   c:\windows\system32\perfc009.dat
- 2009-01-24 10:15:30   49,376   ----a-w   c:\windows\system32\perfc015.dat
+ 2009-01-26 17:08:28   49,376   ----a-w   c:\windows\system32\perfc015.dat
- 2009-01-24 10:15:30   311,934   ----a-w   c:\windows\system32\perfh009.dat
+ 2009-01-26 17:08:28   311,934   ----a-w   c:\windows\system32\perfh009.dat
- 2009-01-24 10:15:30   355,152   ----a-w   c:\windows\system32\perfh015.dat
+ 2009-01-26 17:08:28   355,152   ----a-w   c:\windows\system32\perfh015.dat
- 2006-11-02 08:09:50   1,419,232   ----a-w   c:\windows\system32\wdfcoinstaller01005.dll
+ 2007-12-17 14:45:08   1,419,232   ----a-w   c:\windows\system32\wdfcoinstaller01005.dll
+ 2009-01-27 16:47:09   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_318.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-27 108512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"mks_mail"="c:\program files\mks_vir_2007\bin\mks_mail.exe" [2007-05-24 520192]
"mkstray"="c:\program files\mks_vir_2007\bin\mkstray.exe" [2007-08-13 663552]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-31 c:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\emil\Menu Start\Programy\Autostart\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\GsmServer\\SCout\\SCout.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [2006-05-19 15328]
R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [2006-05-19 13440]
R3 MksMonFd;MksMonFd;c:\program files\mks_vir_2007\bin\mksmonfd.sys [2007-05-24 26624]
R3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\drivers\UFS2XX.sys [2008-12-12 53184]
R4 MksPC;MksPC;c:\program files\mks_vir_2007\bin\MksPC.exe [2007-05-24 253952]
R4 MksUpdate;MksUpdate;c:\program files\mks_vir_2007\bin\mksupdate.exe [2007-05-24 570880]
S3 DreamBox;Dream Box device;c:\windows\system32\drivers\dreambox.sys [2009-01-03 17152]
S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [2008-01-08 18880]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2008-12-12 34639]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-03-20 10976]
S3 mksidsf;mksidsf;c:\windows\system32\MksIdsf.sys [2007-05-24 11776]
S3 MksMonEn;MksMonEn;c:\program files\mks_vir_2007\bin\mksmonen.sys [2007-08-13 385024]
S3 MksMonEv;MksMonEv;c:\program files\mks_vir_2007\bin\mksmonev.sys [2007-05-24 89600]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmumdm.sys [2008-12-29 88960]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-12-17 42112]
S3 MtbUsb;Universal Flashing Interface;c:\windows\system32\drivers\mtbox.sys [2005-09-07 31452]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2008-12-12 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2008-12-12 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2008-12-12 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2008-12-12 12288]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2008-12-12 3567]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2007-11-02 109992]
S3 Siemens_Sx1Swup;Siemens_Sx1Swup.SvcDesc%;c:\windows\system32\drivers\Siemens_Sx1Swup.sys [2009-01-15 16896]
S3 VSD2XX;VSD2XX.SYS USB - RS232 device driver;c:\windows\system32\drivers\VSD2XX.sys [2007-11-20 25596]
S4 MksFwall;MksFwall;c:\program files\mks_vir_2007\bin\MksFwall.exe [2007-05-24 270336]
S4 mksfwallf;mksfwallf;c:\windows\system32\MksFwallf.sys [2007-05-24 13312]
S4 mksfwallt;mksfwallt;c:\windows\system32\MksFwallt.sys [2007-05-24 15360]
S4 mksidsa;mksidsa;c:\windows\system32\MksIdsa.sys [2007-05-24 6144]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Ftdisk
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - mssmbios
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - Netman
*Deregistered* - PolicyAgent
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - ShellHWDetection
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.allegro.pl/
LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081} - hxxp://www.boot-loader.com/files/SmartLogin.cab
DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} - hxxp://www.gsmserver.com/smartclip/SmartClip.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 18:03:47
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-920026266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3E5E3358-286D-7035-A324-443E3BDEED6A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1202660629-920026266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{707494EC-0A76-26C2-D503-81175FA33552}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(724)
c:\program files\mks_vir_2007\bin\mkslsp.dll
.
Completion time: 2009-01-27 18:04:40
ComboFix-quarantined-files.txt  2009-01-27 17:04:38
ComboFix2.txt  2009-01-24 11:24:26

Pre-Run: 53,149,208,576 bajt?w wolnych
Post-Run: 53,390,020,608 bajt?w wolnych

296   --- E O F ---   2009-01-14 17:10:29



hijack

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:39 PM, on 1/27/2009
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\mks_vir_2007\bin\mks_mail.exe
C:\Program Files\mks_vir_2007\bin\mkstray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\mks_vir_2007\bin\MksPC.exe
C:\Program Files\mks_vir_2007\bin\mksupdate.exe
C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allegro.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ??cza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe
O4 - HKLM\..\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utw?rz Ulubione dla urz?dzenia przeno?nego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
O16 - DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081} (LoginCtl Class) - http://www.boot-loader.com/files/SmartLogin.cab
O16 - DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} (CSmartClient Object) - http://www.gsmserver.com/smartclip/SmartClip.cab
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe
O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe
O23 - Service: MksUpdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe
O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6654 bytes



[wojtas]

skasuj:

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

Otworz notatnik i wklej w nim to:

File::
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
c:\windows\system32\nmdfgds0.dll
C:\AcrF.tmp
C:\AcrD.tmp
C:\AcrB.tmp
C:\Acr9.tmp
C:\Acr13.tmp
C:\Acr11.tmp
C:\.rnd

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[emilkawa]

nie bardzo wiem skąd mam wykasować wpis który mi podałeś jako krok nr1
poradzilem sobie natomiast z plikiem txt.
log po wykonaniu kroku nr 2:

Kod: Zaznacz wszystko

ComboFix 09-01-21.04 - emil 2009-01-28 17:04:58.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1045.18.959.447 [GMT 1:00]
Running from: g:\cabs\ComboFix.exe
Command switches used :: c:\documents and settings\emil\Pulpit\CFScript.txt.txt
AV: mks_vir 2k7 *On-access scanning disabled* (Updated)
FW: Firewall mks_vir 2k7 *disabled*
* Created a new restore point

FILE ::
C:\.rnd
C:\Acr11.tmp
C:\Acr13.tmp
C:\Acr9.tmp
C:\AcrB.tmp
C:\AcrD.tmp
C:\AcrF.tmp
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.rnd
C:\Acr11.tmp
C:\Acr13.tmp
C:\Acr9.tmp
C:\AcrB.tmp
C:\AcrD.tmp
C:\AcrF.tmp
C:\uvsqfgwd.cmd
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
D:\uvsqfgwd.cmd
G:\uvsqfgwd.cmd

.
(((((((((((((((((((((((((   Files Created from 2008-12-28 to 2009-01-28  )))))))))))))))))))))))))))))))
.

2009-01-28 13:25 . 2009-01-28 13:25   <DIR>   d--------   c:\windows\LastGood
2009-01-28 13:09 . 2006-05-15 16:01   28,311,591   --a------   C:\wm5.bin
2009-01-27 18:49 . 2009-01-27 18:49   <DIR>   d--------   c:\program files\Any Capture Screen
2009-01-27 18:30 . 2009-01-27 18:30   <DIR>   d--------   C:\logi na dorum
2009-01-27 18:27 . 2009-01-27 18:27   <DIR>   d--------   c:\program files\Trend Micro
2009-01-26 10:19 . 2009-01-26 10:19   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-01-23 17:37 . 2009-01-27 13:47   31,882,557   --a------   c:\windows\readm.htz
2009-01-23 15:34 . 2009-01-28 10:31   116   --a------   c:\windows\NeroDigital.ini
2009-01-21 13:30 . 2009-01-21 13:30   <DIR>   d--------   c:\documents and settings\LocalService\Pulpit
2009-01-20 11:15 . 2004-07-20 17:24   1,568,768   ---------   c:\windows\system32\ImagX7.dll
2009-01-20 11:15 . 2004-07-20 17:24   476,320   ---------   c:\windows\system32\ImagXpr7.dll
2009-01-20 11:15 . 2004-07-20 17:24   471,040   ---------   c:\windows\system32\ImagXRA7.dll
2009-01-20 11:15 . 2004-07-09 09:43   364,544   ---------   c:\windows\system32\TwnLib4.dll
2009-01-20 11:15 . 2004-07-20 17:24   262,144   ---------   c:\windows\system32\ImagXR7.dll
2009-01-20 11:15 . 2000-06-26 11:45   106,496   --a------   c:\windows\system32\TwnLib20.dll
2009-01-20 11:15 . 2001-06-26 08:15   38,912   ---------   c:\windows\system32\picn20.dll
2009-01-20 11:14 . 2009-01-20 11:15   <DIR>   d--------   c:\program files\Common Files\Ahead
2009-01-20 11:14 . 2009-01-20 11:15   <DIR>   d--------   c:\program files\Ahead
2009-01-20 11:14 . 2001-07-09 11:50   155,648   --a------   c:\windows\system32\NeroCheck.exe
2009-01-15 15:51 . 2003-06-12 10:42   16,896   -ra------   c:\windows\system32\drivers\Siemens_Sx1Swup.sys
2009-01-14 14:25 . 2008-03-21 13:57   14,640   ---------   c:\windows\system32\spmsgXP_2k3.dll
2009-01-14 14:25 . 2009-01-14 14:25   0   --ah-----   c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-01-14 14:25 . 2009-01-14 14:25   0   --ah-----   c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-01-13 14:11 . 2009-01-13 14:10   1,107,296   --a------   c:\windows\system32\WdfCoInstaller01007.dll
2009-01-13 14:11 . 2009-01-13 14:10   109,568   --a------   c:\windows\system32\drivers\zebrmdmc.sys
2009-01-13 14:11 . 2009-01-13 14:10   14,848   --a------   c:\windows\system32\drivers\zebrmdfl.sys
2009-01-13 14:10 . 2009-01-13 14:10   <DIR>   d--------   c:\program files\Sony Ericsson
2009-01-13 13:41 . 2009-01-13 14:10   109,568   --a------   c:\windows\system32\drivers\zebrmdm.sys
2009-01-13 13:41 . 2009-01-13 14:10   83,200   --a------   c:\windows\system32\drivers\zebrbus.sys
2009-01-13 13:41 . 2009-01-13 14:10   12,160   --a------   c:\windows\system32\drivers\zebrwhnt.sys
2009-01-13 13:41 . 2009-01-13 14:10   12,160   --a------   c:\windows\system32\drivers\zebrwh.sys
2009-01-13 13:41 . 2009-01-13 14:10   12,160   --a------   c:\windows\system32\drivers\zebrcmnt.sys
2009-01-13 13:41 . 2009-01-13 14:10   12,160   --a------   c:\windows\system32\drivers\zebrcm.sys
2009-01-13 10:13 . 2009-01-16 14:50   31   --a------   c:\windows\GrandPrix_v1.5.2_XP.INI
2009-01-12 11:27 . 2009-01-12 11:27   <DIR>   d--------   c:\documents and settings\emil\Dane aplikacji\Nokia Multimedia Player
2009-01-07 11:39 . 2009-01-07 11:39   26   --a------   c:\windows\fiupd.bat
2009-01-07 11:38 . 2009-01-07 11:38   <DIR>   d--------   c:\documents and settings\emil\WINDOWS
2009-01-03 12:22 . 2009-01-03 12:23   <DIR>   d--------   c:\program files\DreamBox
2009-01-03 12:22 . 2008-01-31 17:02   17,152   --a------   c:\windows\system32\drivers\dreambox.sys
2009-01-03 11:13 . 2009-01-03 11:14   <DIR>   d--------   c:\documents and settings\emil\Dane aplikacji\cruiser suite
2009-01-02 16:16 . 2009-01-02 16:16   <DIR>   d--------   c:\program files\LG Electronics
2009-01-02 16:16 . 2003-05-22 14:23   34,856   --a------   c:\windows\system32\drivers\lgusbmodem.sys
2009-01-02 16:16 . 2003-05-22 13:26   31,712   --a------   c:\windows\system32\drivers\lgUsbDiag.sys
2009-01-02 16:16 . 2003-05-22 13:25   21,448   --a------   c:\windows\system32\drivers\lgusbbus.sys
2009-01-02 16:11 . 2009-01-02 16:11   77,586   --a------   c:\windows\system32\ASTULog.cab
2009-01-02 16:10 . 2009-01-02 16:10   <DIR>   d--------   c:\windows\ASTULogTemp
2009-01-02 16:10 . 2009-01-02 16:11   1,049   --a------   c:\windows\system32\setup.inf
2009-01-02 16:10 . 2009-01-02 16:11   283   --a------   c:\windows\system32\setup.rpt
2009-01-02 12:53 . 2009-01-02 12:53   <DIR>   d--------   c:\documents and settings\emil\Dane aplikacji\TomTom
2009-01-02 12:52 . 2009-01-02 12:52   <DIR>   d--------   c:\program files\TomTom HOME 2
2008-12-30 16:34 . 2008-12-30 16:34   <DIR>   d--------   c:\program files\Microsoft ActiveSync
2008-12-29 14:16 . 2007-03-27 11:26   88,960   --a------   c:\windows\system32\drivers\hmumdm.sys
2008-12-29 14:09 . 2008-04-13 19:45   32,128   --a------   c:\windows\system32\drivers\usbccgp.sys
2008-12-29 14:09 . 2008-04-13 19:45   32,128   --a--c---   c:\windows\system32\dllcache\usbccgp.sys
2008-12-29 12:20 . 2009-01-08 17:24   <DIR>   d--hs----   c:\documents and settings\emil\Phone Browser

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 09:01   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\OpenOffice.org2
2009-01-27 14:05   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-27 12:46   24,576   ----a-w   c:\windows\eg0bus.exe
2009-01-17 10:25   ---------   d-----w   c:\program files\Easy-Unlocker
2009-01-15 15:28   ---------   d-----w   c:\program files\Cruiser Suite
2009-01-13 13:10   22,368   ----a-w   c:\windows\system32\drivers\ggsemc.sys
2009-01-13 13:10   10,976   ----a-w   c:\windows\system32\drivers\ggflt.sys
2009-01-08 16:31   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\PC Suite
2009-01-07 12:33   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\uTorrent
2008-12-31 12:11   ---------   d-----w   c:\program files\Cruiser
2008-12-30 16:31   ---------   d-----w   c:\program files\UST Pro 2
2008-12-29 11:47   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\Nokia
2008-12-27 09:58   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\LogMeIn
2008-12-23 13:20   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-21 09:48   ---------   d-----w   c:\program files\Common Files\Nokia
2008-12-20 10:21   ---------   d-----w   c:\program files\OpenOffice.org 2.2
2008-12-19 14:33   33,824   ----a-w   c:\windows\system32\drivers\oreans32.sys
2008-12-16 17:33   410,984   ----a-w   c:\windows\system32\deploytk.dll
2008-12-16 17:33   ---------   d-----w   c:\program files\Java
2008-12-16 13:54   ---------   d-----w   c:\program files\InfinityBox
2008-12-15 14:42   0   ---ha-w   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-15 14:42   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-12-15 11:42   ---------   d-----w   c:\program files\Common Files\Java
2008-12-13 13:09   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-13 13:09   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\AdobeUM
2008-12-13 12:25   ---------   d-----w   c:\program files\Samsung
2008-12-13 12:25   ---------   d-----w   c:\program files\Common Files\PCSuite
2008-12-13 09:22   ---------   d-----w   c:\program files\SarasSoft
2008-12-13 09:19   ---------   d-----w   c:\program files\Nokia
2008-12-13 09:18   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Installations
2008-12-12 17:09   ---------   d-----w   c:\program files\SagMaster Team
2008-12-12 15:48   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\Gadu-Gadu
2008-12-12 14:03   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\Samsung
2008-12-12 14:02   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\PC Suite
2008-12-12 13:59   ---------   d-----w   c:\program files\PC Connectivity Solution
2008-12-12 13:59   ---------   d-----w   c:\program files\DIFX
2008-12-12 12:55   3,567   ----a-w   c:\windows\system32\drivers\PortTalk.sys
2008-12-12 12:54   ---------   d-----w   c:\program files\Axalto
2008-12-12 12:23   ---------   d-----w   c:\program files\GsmServer
2008-12-12 11:40   ---------   d-----w   c:\program files\uTorrent
2008-12-12 11:22   ---------   d-----w   c:\program files\GriffinTeam
2008-12-12 11:18   ---------   d-----w   c:\program files\Gadu-Gadu
2008-12-12 11:02   ---------   d-----w   c:\program files\mks_vir_2007
2008-12-12 11:00   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-12 10:58   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\NVIDIA
2008-12-12 10:55   ---------   d-----w   c:\program files\Realtek
2008-12-12 10:51   15,600   ----a-w   c:\windows\gdrv.sys
2008-12-12 10:28   315,392   ----a-w   c:\windows\HideWin.exe
2008-12-12 10:23   ---------   d-----w   c:\documents and settings\emil\Dane aplikacji\InstallShield
2008-12-12 10:08   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-12 10:07   ---------   d-----w   c:\program files\Us?ugi online
2008-12-11 10:57   333,952   ----a-w   c:\windows\system32\drivers\srv.sys
.

(((((((((((((((((((((((((((((   snapshot@2009-01-24_12.23.05.14   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-18 12:16:40   180,224   ----a-w   c:\windows\Downloaded Program Files\SmartLogin.dll
+ 2007-12-17 14:45:08   23,680   ----a-w   c:\windows\system32\drivers\motmodem.sys
+ 2007-12-17 14:45:08   42,112   ----a-w   c:\windows\system32\drivers\motodrv.sys
+ 2003-09-06 15:53:58   19,458   ----a-w   c:\windows\system32\drivers\MRT_box2.sys
+ 2007-12-17 14:45:08   6,144   ----a-w   c:\windows\system32\mot_ci.dll
+ 2003-09-06 15:53:40   36,864   ----a-w   c:\windows\system32\MRT_box2.dll
+ 2004-01-21 14:33:50   140,800   ----a-w   c:\windows\system32\MRTBOXUN.exe
- 2009-01-24 10:15:30   40,196   ----a-w   c:\windows\system32\perfc009.dat
+ 2009-01-26 17:08:28   40,196   ----a-w   c:\windows\system32\perfc009.dat
- 2009-01-24 10:15:30   49,376   ----a-w   c:\windows\system32\perfc015.dat
+ 2009-01-26 17:08:28   49,376   ----a-w   c:\windows\system32\perfc015.dat
- 2009-01-24 10:15:30   311,934   ----a-w   c:\windows\system32\perfh009.dat
+ 2009-01-26 17:08:28   311,934   ----a-w   c:\windows\system32\perfh009.dat
- 2009-01-24 10:15:30   355,152   ----a-w   c:\windows\system32\perfh015.dat
+ 2009-01-26 17:08:28   355,152   ----a-w   c:\windows\system32\perfh015.dat
- 2006-11-02 08:09:50   1,419,232   ----a-w   c:\windows\system32\wdfcoinstaller01005.dll
+ 2007-12-17 14:45:08   1,419,232   ----a-w   c:\windows\system32\wdfcoinstaller01005.dll
+ 2009-01-28 09:01:43   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_274.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"mks_mail"="c:\program files\mks_vir_2007\bin\mks_mail.exe" [2007-05-24 520192]
"mkstray"="c:\program files\mks_vir_2007\bin\mkstray.exe" [2007-08-13 663552]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-31 c:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\emil\Menu Start\Programy\Autostart\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\GsmServer\\SCout\\SCout.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [2006-05-19 15328]
R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [2006-05-19 13440]
R3 MksMonFd;MksMonFd;c:\program files\mks_vir_2007\bin\mksmonfd.sys [2007-05-24 26624]
R3 UFS2XX;UFS2XX.SYS UFS2 device driver;c:\windows\system32\drivers\UFS2XX.sys [2008-12-12 53184]
R4 MksPC;MksPC;c:\program files\mks_vir_2007\bin\MksPC.exe [2007-05-24 253952]
R4 MksUpdate;MksUpdate;c:\program files\mks_vir_2007\bin\mksupdate.exe [2007-05-24 570880]
S3 DreamBox;Dream Box device;c:\windows\system32\drivers\dreambox.sys [2009-01-03 17152]
S3 Egatecard;Egatecard;c:\windows\system32\drivers\egate.sys [2008-01-08 18880]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2008-12-12 34639]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-03-20 10976]
S3 mksidsf;mksidsf;c:\windows\system32\MksIdsf.sys [2007-05-24 11776]
S3 MksMonEn;MksMonEn;c:\program files\mks_vir_2007\bin\mksmonen.sys [2007-08-13 385024]
S3 MksMonEv;MksMonEv;c:\program files\mks_vir_2007\bin\mksmonev.sys [2007-05-24 89600]
S3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\hmumdm.sys [2008-12-29 88960]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-12-17 42112]
S3 MRT_box2;MRT_box2.SYS Martech BOX II device driver;c:\windows\system32\drivers\MRT_box2.sys [2007-11-22 19458]
S3 MtbUsb;Universal Flashing Interface;c:\windows\system32\drivers\mtbox.sys [2005-09-07 31452]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2008-12-12 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2008-12-12 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2008-12-12 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2008-12-12 12288]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2008-12-12 3567]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2007-11-02 109992]
S3 Siemens_Sx1Swup;Siemens_Sx1Swup.SvcDesc%;c:\windows\system32\drivers\Siemens_Sx1Swup.sys [2009-01-15 16896]
S3 VSD2XX;VSD2XX.SYS USB - RS232 device driver;c:\windows\system32\drivers\VSD2XX.sys [2007-11-20 25596]
S4 MksFwall;MksFwall;c:\program files\mks_vir_2007\bin\MksFwall.exe [2007-05-24 270336]
S4 mksfwallf;mksfwallf;c:\windows\system32\MksFwallf.sys [2007-05-24 13312]
S4 mksfwallt;mksfwallt;c:\windows\system32\MksFwallt.sys [2007-05-24 15360]
S4 mksidsa;mksidsa;c:\windows\system32\MksIdsa.sys [2007-05-24 6144]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Ftdisk
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - mssmbios
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - Netman
*Deregistered* - PolicyAgent
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - ShellHWDetection
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe
HKCU-Run-AnyCaptureScreen - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.allegro.pl/
LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll
DPF: {08BBAF4C-4A89-471C-9552-3694A7F2D081} - hxxp://www.boot-loader.com/files/SmartLogin.cab
DPF: {6ABE4BC3-7253-418E-85E8-F334A73154D3} - hxxp://www.gsmserver.com/smartclip/SmartClip.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 17:07:04
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-920026266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3E5E3358-286D-7035-A324-443E3BDEED6A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1202660629-920026266-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{707494EC-0A76-26C2-D503-81175FA33552}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\slbcsp.dll

- - - - - - - > 'lsass.exe'(724)
c:\program files\mks_vir_2007\bin\mkslsp.dll
.
Completion time: 2009-01-28 17:07:55
ComboFix-quarantined-files.txt  2009-01-28 16:07:53
ComboFix2.txt  2009-01-27 17:04:40
ComboFix3.txt  2009-01-24 11:24:26

Pre-Run: 53,499,600,896 bajt?w wolnych
Post-Run: 53,516,386,304 bajt?w wolnych

322   --- E O F ---   2009-01-14 17:10:29


[wojtas]

znasz to:

C:\wm5.bin

jesli nie to skasuj.. a tamte wpis to skasuj w hijacku

[emilkawa]

wm5.bin znam, to mój plik a co do wpisu do skasowania to hijack już go nie wywala przy ponownym skanie.
Mało tego - widzę w końcu pliki ukryte i systemowe - czy to w takim razie koniec moich kłopotów czy coś jeszczse powinienem zrobić? (oprócz podziękowań )

[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.