Prośba o sprawdzenie loga z combofix

[melaniek]

ComboFix 09-03-25.03 - Administrator 2009-03-26 19:41:11.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.396 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning enabled* (Updated)
AV: AVG 7.5.524 *On-access scanning enabled* (Updated)

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZZZSVC_LICH
-------\Service_ZZZdrv_lich
-------\Service_ZZZsvc_lich


((((((((((((((((((((((((( Pliki utworzone od 2009-02-26 do 2009-03-26 )))))))))))))))))))))))))))))))
.

2009-03-26 18:27 . 2009-03-26 18:27 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 21:32 --------- d-----w c:\documents and settings\Monica\Dane aplikacji\uTorrent
2009-03-25 16:11 --------- d-----w c:\documents and settings\Monica\Dane aplikacji\skypePM
2009-03-25 16:11 --------- d-----w c:\documents and settings\Monica\Dane aplikacji\Skype
2009-03-12 09:57 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-11 14:51 --------- d-----w c:\documents and settings\Monica\Dane aplikacji\MSN6
2009-02-16 13:04 --------- d-----w c:\program files\CDex_150
2009-02-15 14:45 --------- d-----w c:\program files\NAPI-PROJEKT
2009-02-14 18:30 --------- d-----w c:\program files\ALLPlayer
2009-02-14 18:00 --------- d-----w c:\program files\K-Lite Codec Pack
2009-02-14 17:58 --------- d-----w c:\program files\Recode Media
2009-02-14 17:57 --------- d-----w c:\program files\DivX
2009-02-14 17:52 2,847,856 ----a-w C:\ALLPlayerPL.exe
2008-01-02 09:28 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2007-06-26 18:17 23,649,352 ----a-w c:\program files\avg75free_476a1048.exe
2007-06-11 16:23 23,402,288 ----a-w c:\program files\AdbeRdr810_en_US.exe
2007-04-11 13:06 3,924,896 ----a-w c:\program files\tleninst60113.exe
2006-05-29 15:14 70,148,351 ----a-w c:\program files\FineReader8_PE_trial.exe
2006-02-14 19:11 243,112 ----a-w c:\program files\GG PIONier v1.0 install.exe
2006-02-08 14:30 1,062,834 ----a-w c:\program files\getAttachment.exe
2006-02-08 13:28 905 -c--a-w c:\program files\uninstal.log
2006-02-08 13:33 56 -csh--r c:\windows\system32\C2FDC21442.sys
2006-02-08 13:33 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-04 13:53 1502232 --a------ c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-04 1502232]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2005-03-02 278528]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-08-25 1183744]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Monica\\Pulpit\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 CloneCD;CloneCD I/O Driver;c:\windows\system32\drivers\CloneCD.sys [2006-03-26 4872]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-14 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-14 20560]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2006-02-08 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2006-02-08 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [2006-02-08 34789]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2006-02-08 9446]
.
Zawartość folderu 'Zaplanowane zadania'

2006-08-06 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1145893446.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
.
.
------- Skan uzupełniający -------
.
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\or0qym0p.default\
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8UK.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD9.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARDT.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBOARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBREAKOUT.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAHJONG.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSNOOKER.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSOLITAIRE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWORDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWORDSSINGLE.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 19:46:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(284)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-03-26 19:48:57 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-03-26 18:48:54

Przed: 113 813 901 312 bajtów wolnych
Po: 113,922,748,416 bajtów wolnych

148

[wojtas]

zmień nazwe tematu ,prosze opisac problem oraz prosze objąć log w tagi