juz mialem podobny problem 1,5 tyg temu zrobilem formata i bylo wszystko ok az do dzisiaj nagle komputer zaczal startowac w okolo 2 minuty i kaspersky wykryl mi wirusa
adware not-a-virus-:adware.win32.shopper.r znalazl go w c:/system volume information/restore i jakies cyfry
usunal mi go ale komputer muli nadal wiec daje loga i prosze o pomoc
podejrzewam ze to sprawka spybota gdyz pierwszy raz go isntalowalem na nowym ssytemie mialem ten sam problem i zrobilem formata wczoraj rowniez zaisntalowalem spybota sciaglem akutalizacje zrobilem skan wykryl 3 szpiegow czy cos usunelem rano wlaczam kompa a tu lipa odisntalowalem spybota i komp zaczal szybciej chodzic ale to nadal 20% jego mozliwosci ten virus chyba jeszcze siedzi u mnie:(
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Meta\Pulpit\etmin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [http://www.daemon-search.com/startpage]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 4871 bytes
Zmieniony przez - maniakkomp w dniu 2008-05-01 12:22:23
______________________________
E4600
2x1 gb ram geila 800 mhz cl 4
galaxy cm-hp 8800 gt 512
asus p5b
Logi - Obawa przed wirusami
Rozpoczęty przez
maniakkomp
, 01 05 2008 12:20
-
Temat jest zamknięty
2 odpowiedzi w tym temacie
#3
maniakkomp
-
-
- 26 postów
Początkujący
Napisano 01 05 2008 - 15:21
ComboFix 08-04-29.5 - Meta 2008-05-01 12:56:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1679 [GMT 2:00]
Running from: C:\Documents and Settings\Meta\Pulpit\sciagane\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.
2008-05-01 12:13 . 2008-05-01 12:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-01 11:58 . 2008-05-01 11:58 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-04-30 20:08 . 2008-04-30 20:08 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-04-30 20:08 . 2008-04-30 20:08 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-04-30 20:07 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2008-04-30 20:07 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-04-30 20:07 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-04-30 20:06 . 2008-04-30 20:06 <DIR> d-------- C:\Program Files\Futuremark
2008-04-30 17:13 . 2008-05-01 11:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-30 17:13 . 2008-05-01 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-27 08:12 . 2008-04-27 08:12 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-26 13:32 . 2008-04-26 13:34 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\mIRC
2008-04-25 15:12 . 2008-04-26 16:08 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\teamspeak2
2008-04-25 15:12 . 2008-04-25 15:12 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-04-25 08:45 . 2008-04-25 08:45 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-25 08:45 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-25 08:45 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-25 08:42 . 2008-04-25 08:42 <DIR> d-------- C:\Program Files\MarBit
2008-04-25 07:24 . 2008-04-25 07:24 <DIR> d-------- C:\Program Files\DNA
2008-04-25 07:24 . 2008-05-01 13:00 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\DNA
2008-04-24 19:33 . 2008-04-24 19:36 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-04-24 19:16 . 2008-04-25 06:07 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-24 19:07 . 2008-04-26 21:00 <DIR> d-------- C:\Program Files\RegCleaner
2008-04-24 18:49 . 2008-04-24 17:51 16,859,136 --a------ C:\Program Files\trl.exe
2008-04-24 18:43 . 2008-04-24 19:22 <DIR> d-------- C:\Program Files\VVSN
2008-04-24 18:29 . 2008-04-24 18:29 26 --a------ C:\WINDOWS\system32\mcheck.mhf
2008-04-24 18:28 . 2008-04-24 18:28 <DIR> d-------- C:\Program Files\SlySoft
2008-04-24 18:28 . 2008-04-24 18:29 44 ---hs---- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
2008-04-24 17:48 . 2008-04-24 19:24 <DIR> d-------- C:\Program Files\Tomb Raider - Legend
2008-04-24 17:45 . 2008-04-24 17:45 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\DAEMON Tools
2008-04-24 14:57 . 2008-04-24 14:57 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\Ubisoft
2008-04-24 14:53 . 2008-04-24 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-04-24 14:53 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-24 14:53 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-24 14:53 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-24 14:53 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-24 14:47 . 2008-04-24 14:47 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-24 14:46 . 2008-04-24 14:46 <DIR> d-------- C:\Program Files\free-downloads.net
2008-04-24 14:46 . 2008-04-24 14:46 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-04-24 11:31 . 2008-04-24 17:45 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-23 07:07 . 2008-04-23 07:24 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2008-04-22 20:49 . 2008-05-01 12:04 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-22 20:33 . 2008-04-22 20:33 <DIR> d-------- C:\Program Files\coldstorage
2008-04-22 20:27 . 2008-04-22 20:27 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-04-22 20:11 . 2008-04-22 20:43 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-04-22 19:35 . 2008-04-24 10:51 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-22 19:34 . 2008-04-22 19:35 <DIR> d-------- C:\Documents and Settings\Meta\SystemRequirementsLab
2008-04-22 19:32 . 2008-04-22 19:32 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-04-22 19:32 . 2008-04-22 19:32 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-04-22 19:32 . 2008-04-22 19:32 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\InstallShield
2008-04-22 19:32 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-04-22 19:31 . 2008-04-22 19:31 <DIR> d-------- C:\WINDOWS\Sun
2008-04-22 19:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 19:27 . 2008-04-22 19:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-22 16:07 . 2008-04-22 16:07 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-22 14:56 . 2008-04-22 14:56 <DIR> d-------- C:\Fraps
2008-04-22 14:56 . 2008-04-24 14:43 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-21 18:17 . 2008-04-22 19:23 <DIR> d-------- C:\Documents and Settings\Meta\.jpi_cache
2008-04-21 18:17 . 2008-04-21 18:17 <DIR> d-------- C:\Documents and Settings\Meta\.java
2008-04-21 17:45 . 2008-04-21 17:45 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-21 17:45 . 2008-04-21 17:45 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-21 17:44 . 2008-04-23 06:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-21 17:44 . 2008-04-21 17:44 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-04-21 17:44 . 2008-05-01 12:03 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-21 17:44 . 2008-04-21 17:44 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-21 17:44 . 2008-04-21 17:44 22,328 --a------ C:\Documents and Settings\Meta\Dane aplikacji\PnkBstrK.sys
2008-04-21 17:38 . 2008-04-21 17:38 <DIR> d-------- C:\Program Files\Electronic Arts
2008-04-21 17:37 . 2008-04-21 17:37 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\Gadu-Gadu
2008-04-21 17:29 . 2008-04-21 17:29 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-21 17:29 . 2008-04-28 16:16 <DIR> d-------- C:\Documents and Settings\Meta\Gadu-Gadu
2008-04-21 16:08 . 2008-04-21 16:08 13,680 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-21 16:01 . 2008-05-01 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-21 16:01 . 2008-05-01 13:07 2,327,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-21 16:01 . 2008-05-01 13:07 182,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-21 16:01 . 2008-04-21 16:07 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-21 16:01 . 2008-04-21 16:07 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-21 16:01 . 2008-05-01 11:50 32,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-21 16:01 . 2008-05-01 11:50 18,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-21 14:46 . 2008-04-21 14:46 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\AdobeUM
2008-04-21 14:41 . 2003-10-16 18:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-04-21 14:40 . 2008-04-21 14:40 <DIR> d-------- C:\Program Files\Thomson
2008-04-21 14:40 . 2003-12-08 11:53 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-04-21 14:40 . 2003-12-08 11:53 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-04-21 14:40 . 2003-12-08 11:53 5,606 --a------ C:\WINDOWS\system32\stci.dll
2008-04-21 14:40 . 2003-12-08 11:53 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2008-04-21 14:40 . 2003-12-08 11:53 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
2008-04-21 14:39 . 2008-04-21 14:50 <DIR> d-------- C:\Program Files\Neostrada TP
2008-04-21 14:39 . 2008-04-22 19:29 <DIR> d-------- C:\Program Files\Java
2008-04-21 14:39 . 2002-11-01 20:15 45,175 --------- C:\WINDOWS\system32\plugincpl140_03.cpl
2008-04-21 14:39 . 2002-11-01 20:15 41,068 --------- C:\WINDOWS\system32\ActPanel.dll
2008-04-21 14:37 . 2008-04-21 14:37 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-21 14:24 . 2008-04-21 14:24 <DIR> d-------- C:\Program Files\Analog Devices
2008-04-21 14:24 . 2001-09-11 14:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2008-04-21 14:24 . 2001-09-19 06:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2008-04-21 14:24 . 2006-03-17 11:18 392,960 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-04-21 14:24 . 2007-01-16 03:09 293,888 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-04-21 14:24 . 2006-08-07 00:57 93,952 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-04-21 14:24 . 2005-05-04 08:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
2008-04-21 14:24 . 2006-07-10 14:42 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
2008-04-21 14:24 . 2002-04-17 14:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2008-04-21 14:20 . 2008-04-21 14:20 <DIR> d-------- C:\Program Files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 06:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 13:53 --------- d-----w C:\Documents and Settings\Meta\Dane aplikacji\Talkback
2008-04-21 12:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-21 11:42 --------- d-----w C:\Program Files\Realtek
2008-04-21 11:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-21 11:27 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-04 13:53 1502232 --a------ C:\Program Files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-04 13:53 1502232]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2007-12-04 13:53 1502232]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-25 07:24 288576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-09 09:23 8523776]
"nwiz"="nwiz.exe" [2008-01-09 09:23 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-09 09:23 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56943bc9-11fc-11dd-a78e-001d6079bcea}]
\Shell\AutoRun\command - F:\autorun.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 13:07:46
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-01 13:09:21
ComboFix-quarantined-files.txt 2008-05-01 11:09:17
Pre-Run: 94,230,437,888 bajtów wolnych
Post-Run: 94,575,599,616 bajtów wolnych
191 --- E O F --- 2008-04-24 08:23:38
przy scanie w combofixie kasperksy wykryl mi kolejne 2 wirusy
rozumiem ze jest weekend nie kazdy siedzi 24h na forum ale gdyby byla taka mozliwosc to prosze o jak najszybsza pomoc poniewz o godzinie 21 mam wazny mecz w grze ktotrego opuscic nie moge niestety i bede potrzebowal sprawnego kompa wiec o 18 formata zrobie jesli tutaj nie uzyskam pomoc do tej godziny licze na was dzieki:)
tutaj jest nowy log troche programow usunelem i nie ruszalem myszka oraz antywirusa wylaczylem
ComboFix 08-04-29.5 - Meta 2008-05-01 15:30:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1706 [GMT 2:00]
Running from: C:\Documents and Settings\Meta\Pulpit\sciagane\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.
2008-05-01 12:13 . 2008-05-01 12:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-01 11:58 . 2008-05-01 11:58 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-04-30 20:08 . 2008-04-30 20:08 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-04-30 20:08 . 2008-04-30 20:08 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-04-30 20:07 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2008-04-30 20:07 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-04-30 20:07 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-04-30 20:06 . 2008-04-30 20:06 <DIR> d-------- C:\Program Files\Futuremark
2008-04-30 17:13 . 2008-05-01 11:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-30 17:13 . 2008-05-01 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-27 08:12 . 2008-04-27 08:12 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-26 13:32 . 2008-04-26 13:34 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\mIRC
2008-04-25 15:12 . 2008-04-26 16:08 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\teamspeak2
2008-04-25 15:12 . 2008-04-25 15:12 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-04-25 08:45 . 2008-04-25 08:45 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-25 08:45 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-25 08:45 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-25 08:42 . 2008-04-25 08:42 <DIR> d-------- C:\Program Files\MarBit
2008-04-25 07:24 . 2008-05-01 14:08 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\DNA
2008-04-24 19:33 . 2008-04-24 19:36 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-04-24 19:16 . 2008-04-25 06:07 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-24 19:07 . 2008-04-26 21:00 <DIR> d-------- C:\Program Files\RegCleaner
2008-04-24 18:49 . 2008-04-24 17:51 16,859,136 --a------ C:\Program Files\trl.exe
2008-04-24 18:43 . 2008-04-24 19:22 <DIR> d-------- C:\Program Files\VVSN
2008-04-24 18:29 . 2008-04-24 18:29 26 --a------ C:\WINDOWS\system32\mcheck.mhf
2008-04-24 18:28 . 2008-04-24 18:28 <DIR> d-------- C:\Program Files\SlySoft
2008-04-24 18:28 . 2008-04-24 18:29 44 ---hs---- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
2008-04-24 17:48 . 2008-04-24 19:24 <DIR> d-------- C:\Program Files\Tomb Raider - Legend
2008-04-24 17:45 . 2008-04-24 17:45 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\DAEMON Tools
2008-04-24 14:57 . 2008-04-24 14:57 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\Ubisoft
2008-04-24 14:53 . 2008-04-24 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-04-24 14:53 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-24 14:53 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-24 14:53 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-24 14:53 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-24 14:47 . 2008-04-24 14:47 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-24 14:46 . 2008-04-24 14:46 <DIR> d-------- C:\Program Files\free-downloads.net
2008-04-24 14:46 . 2008-04-24 14:46 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-04-24 11:31 . 2008-04-24 17:45 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-23 07:07 . 2008-04-23 07:24 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2008-04-22 20:49 . 2008-05-01 15:21 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-22 20:33 . 2008-04-22 20:33 <DIR> d-------- C:\Program Files\coldstorage
2008-04-22 20:27 . 2008-04-22 20:27 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-04-22 20:11 . 2008-04-22 20:43 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-04-22 19:35 . 2008-04-24 10:51 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-22 19:34 . 2008-04-22 19:35 <DIR> d-------- C:\Documents and Settings\Meta\SystemRequirementsLab
2008-04-22 19:32 . 2008-04-22 19:32 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-04-22 19:32 . 2008-04-22 19:32 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-04-22 19:32 . 2008-04-22 19:32 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\InstallShield
2008-04-22 19:32 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-04-22 19:31 . 2008-04-22 19:31 <DIR> d-------- C:\WINDOWS\Sun
2008-04-22 19:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 19:27 . 2008-04-22 19:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-22 16:07 . 2008-04-22 16:07 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-22 14:56 . 2008-04-22 14:56 <DIR> d-------- C:\Fraps
2008-04-22 14:56 . 2008-04-24 14:43 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-21 18:17 . 2008-04-22 19:23 <DIR> d-------- C:\Documents and Settings\Meta\.jpi_cache
2008-04-21 18:17 . 2008-04-21 18:17 <DIR> d-------- C:\Documents and Settings\Meta\.java
2008-04-21 17:45 . 2008-04-21 17:45 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-21 17:45 . 2008-04-21 17:45 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-21 17:44 . 2008-04-23 06:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-21 17:44 . 2008-04-21 17:44 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-04-21 17:44 . 2008-05-01 15:21 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-21 17:44 . 2008-04-21 17:44 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-21 17:44 . 2008-04-21 17:44 22,328 --a------ C:\Documents and Settings\Meta\Dane aplikacji\PnkBstrK.sys
2008-04-21 17:38 . 2008-04-21 17:38 <DIR> d-------- C:\Program Files\Electronic Arts
2008-04-21 17:37 . 2008-04-21 17:37 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\Gadu-Gadu
2008-04-21 17:29 . 2008-04-21 17:29 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-21 17:29 . 2008-04-28 16:16 <DIR> d-------- C:\Documents and Settings\Meta\Gadu-Gadu
2008-04-21 16:08 . 2008-04-21 16:08 13,680 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-21 16:01 . 2008-05-01 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-21 16:01 . 2008-05-01 15:31 2,634,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-21 16:01 . 2008-05-01 15:31 187,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-21 16:01 . 2008-04-21 16:07 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-21 16:01 . 2008-04-21 16:07 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-21 16:01 . 2008-05-01 15:15 37,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-21 16:01 . 2008-05-01 15:15 19,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-21 14:46 . 2008-04-21 14:46 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\AdobeUM
2008-04-21 14:41 . 2003-10-16 18:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-04-21 14:40 . 2008-04-21 14:40 <DIR> d-------- C:\Program Files\Thomson
2008-04-21 14:40 . 2003-12-08 11:53 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-04-21 14:40 . 2003-12-08 11:53 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-04-21 14:40 . 2003-12-08 11:53 5,606 --a------ C:\WINDOWS\system32\stci.dll
2008-04-21 14:40 . 2003-12-08 11:53 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2008-04-21 14:40 . 2003-12-08 11:53 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
2008-04-21 14:39 . 2008-04-21 14:50 <DIR> d-------- C:\Program Files\Neostrada TP
2008-04-21 14:39 . 2008-04-22 19:29 <DIR> d-------- C:\Program Files\Java
2008-04-21 14:39 . 2002-11-01 20:15 45,175 --------- C:\WINDOWS\system32\plugincpl140_03.cpl
2008-04-21 14:39 . 2002-11-01 20:15 41,068 --------- C:\WINDOWS\system32\ActPanel.dll
2008-04-21 14:37 . 2008-04-21 14:37 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-21 14:24 . 2008-04-21 14:24 <DIR> d-------- C:\Program Files\Analog Devices
2008-04-21 14:24 . 2001-09-11 14:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2008-04-21 14:24 . 2001-09-19 06:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2008-04-21 14:24 . 2006-03-17 11:18 392,960 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-04-21 14:24 . 2007-01-16 03:09 293,888 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-04-21 14:24 . 2006-08-07 00:57 93,952 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-04-21 14:24 . 2005-05-04 08:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
2008-04-21 14:24 . 2006-07-10 14:42 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
2008-04-21 14:24 . 2002-04-17 14:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2008-04-21 14:20 . 2008-04-21 14:20 <DIR> d-------- C:\Program Files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 06:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 13:53 --------- d-----w C:\Documents and Settings\Meta\Dane aplikacji\Talkback
2008-04-21 12:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-21 11:42 --------- d-----w C:\Program Files\Realtek
2008-04-21 11:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-21 11:27 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-04 13:53 1502232 --a------ C:\Program Files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-04 13:53 1502232]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2007-12-04 13:53 1502232]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-09 09:23 8523776]
"nwiz"="nwiz.exe" [2008-01-09 09:23 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-09 09:23 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56943bc9-11fc-11dd-a78e-001d6079bcea}]
\Shell\AutoRun\command - F:\autorun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 15:31:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-01 15:32:21
ComboFix-quarantined-files.txt 2008-05-01 13:32:18
ComboFix2.txt 2008-05-01 11:09:23
Pre-Run: 107,591,168,000 bajtów wolnych
Post-Run: 107,583,459,328 bajtów wolnych
186 --- E O F --- 2008-04-24 08:23:38
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1679 [GMT 2:00]
Running from: C:\Documents and Settings\Meta\Pulpit\sciagane\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.
2008-05-01 12:13 . 2008-05-01 12:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-01 11:58 . 2008-05-01 11:58 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-04-30 20:08 . 2008-04-30 20:08 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-04-30 20:08 . 2008-04-30 20:08 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-04-30 20:07 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2008-04-30 20:07 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-04-30 20:07 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-04-30 20:06 . 2008-04-30 20:06 <DIR> d-------- C:\Program Files\Futuremark
2008-04-30 17:13 . 2008-05-01 11:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-30 17:13 . 2008-05-01 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-27 08:12 . 2008-04-27 08:12 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-26 13:32 . 2008-04-26 13:34 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\mIRC
2008-04-25 15:12 . 2008-04-26 16:08 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\teamspeak2
2008-04-25 15:12 . 2008-04-25 15:12 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-04-25 08:45 . 2008-04-25 08:45 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-25 08:45 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-25 08:45 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-25 08:42 . 2008-04-25 08:42 <DIR> d-------- C:\Program Files\MarBit
2008-04-25 07:24 . 2008-04-25 07:24 <DIR> d-------- C:\Program Files\DNA
2008-04-25 07:24 . 2008-05-01 13:00 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\DNA
2008-04-24 19:33 . 2008-04-24 19:36 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-04-24 19:16 . 2008-04-25 06:07 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-24 19:07 . 2008-04-26 21:00 <DIR> d-------- C:\Program Files\RegCleaner
2008-04-24 18:49 . 2008-04-24 17:51 16,859,136 --a------ C:\Program Files\trl.exe
2008-04-24 18:43 . 2008-04-24 19:22 <DIR> d-------- C:\Program Files\VVSN
2008-04-24 18:29 . 2008-04-24 18:29 26 --a------ C:\WINDOWS\system32\mcheck.mhf
2008-04-24 18:28 . 2008-04-24 18:28 <DIR> d-------- C:\Program Files\SlySoft
2008-04-24 18:28 . 2008-04-24 18:29 44 ---hs---- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
2008-04-24 17:48 . 2008-04-24 19:24 <DIR> d-------- C:\Program Files\Tomb Raider - Legend
2008-04-24 17:45 . 2008-04-24 17:45 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\DAEMON Tools
2008-04-24 14:57 . 2008-04-24 14:57 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\Ubisoft
2008-04-24 14:53 . 2008-04-24 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-04-24 14:53 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-24 14:53 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-24 14:53 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-24 14:53 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-24 14:47 . 2008-04-24 14:47 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-24 14:46 . 2008-04-24 14:46 <DIR> d-------- C:\Program Files\free-downloads.net
2008-04-24 14:46 . 2008-04-24 14:46 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-04-24 11:31 . 2008-04-24 17:45 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-23 07:07 . 2008-04-23 07:24 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2008-04-22 20:49 . 2008-05-01 12:04 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-22 20:33 . 2008-04-22 20:33 <DIR> d-------- C:\Program Files\coldstorage
2008-04-22 20:27 . 2008-04-22 20:27 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-04-22 20:11 . 2008-04-22 20:43 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-04-22 19:35 . 2008-04-24 10:51 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-22 19:34 . 2008-04-22 19:35 <DIR> d-------- C:\Documents and Settings\Meta\SystemRequirementsLab
2008-04-22 19:32 . 2008-04-22 19:32 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-04-22 19:32 . 2008-04-22 19:32 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-04-22 19:32 . 2008-04-22 19:32 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\InstallShield
2008-04-22 19:32 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-04-22 19:31 . 2008-04-22 19:31 <DIR> d-------- C:\WINDOWS\Sun
2008-04-22 19:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 19:27 . 2008-04-22 19:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-22 16:07 . 2008-04-22 16:07 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-22 14:56 . 2008-04-22 14:56 <DIR> d-------- C:\Fraps
2008-04-22 14:56 . 2008-04-24 14:43 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-21 18:17 . 2008-04-22 19:23 <DIR> d-------- C:\Documents and Settings\Meta\.jpi_cache
2008-04-21 18:17 . 2008-04-21 18:17 <DIR> d-------- C:\Documents and Settings\Meta\.java
2008-04-21 17:45 . 2008-04-21 17:45 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-21 17:45 . 2008-04-21 17:45 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-21 17:44 . 2008-04-23 06:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-21 17:44 . 2008-04-21 17:44 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-04-21 17:44 . 2008-05-01 12:03 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-21 17:44 . 2008-04-21 17:44 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-21 17:44 . 2008-04-21 17:44 22,328 --a------ C:\Documents and Settings\Meta\Dane aplikacji\PnkBstrK.sys
2008-04-21 17:38 . 2008-04-21 17:38 <DIR> d-------- C:\Program Files\Electronic Arts
2008-04-21 17:37 . 2008-04-21 17:37 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\Gadu-Gadu
2008-04-21 17:29 . 2008-04-21 17:29 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-21 17:29 . 2008-04-28 16:16 <DIR> d-------- C:\Documents and Settings\Meta\Gadu-Gadu
2008-04-21 16:08 . 2008-04-21 16:08 13,680 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-21 16:01 . 2008-05-01 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-21 16:01 . 2008-05-01 13:07 2,327,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-21 16:01 . 2008-05-01 13:07 182,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-21 16:01 . 2008-04-21 16:07 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-21 16:01 . 2008-04-21 16:07 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-21 16:01 . 2008-05-01 11:50 32,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-21 16:01 . 2008-05-01 11:50 18,944 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-21 14:46 . 2008-04-21 14:46 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\AdobeUM
2008-04-21 14:41 . 2003-10-16 18:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-04-21 14:40 . 2008-04-21 14:40 <DIR> d-------- C:\Program Files\Thomson
2008-04-21 14:40 . 2003-12-08 11:53 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-04-21 14:40 . 2003-12-08 11:53 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-04-21 14:40 . 2003-12-08 11:53 5,606 --a------ C:\WINDOWS\system32\stci.dll
2008-04-21 14:40 . 2003-12-08 11:53 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2008-04-21 14:40 . 2003-12-08 11:53 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
2008-04-21 14:39 . 2008-04-21 14:50 <DIR> d-------- C:\Program Files\Neostrada TP
2008-04-21 14:39 . 2008-04-22 19:29 <DIR> d-------- C:\Program Files\Java
2008-04-21 14:39 . 2002-11-01 20:15 45,175 --------- C:\WINDOWS\system32\plugincpl140_03.cpl
2008-04-21 14:39 . 2002-11-01 20:15 41,068 --------- C:\WINDOWS\system32\ActPanel.dll
2008-04-21 14:37 . 2008-04-21 14:37 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-21 14:24 . 2008-04-21 14:24 <DIR> d-------- C:\Program Files\Analog Devices
2008-04-21 14:24 . 2001-09-11 14:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2008-04-21 14:24 . 2001-09-19 06:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2008-04-21 14:24 . 2006-03-17 11:18 392,960 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-04-21 14:24 . 2007-01-16 03:09 293,888 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-04-21 14:24 . 2006-08-07 00:57 93,952 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-04-21 14:24 . 2005-05-04 08:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
2008-04-21 14:24 . 2006-07-10 14:42 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
2008-04-21 14:24 . 2002-04-17 14:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2008-04-21 14:20 . 2008-04-21 14:20 <DIR> d-------- C:\Program Files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 06:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 13:53 --------- d-----w C:\Documents and Settings\Meta\Dane aplikacji\Talkback
2008-04-21 12:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-21 11:42 --------- d-----w C:\Program Files\Realtek
2008-04-21 11:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-21 11:27 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-04 13:53 1502232 --a------ C:\Program Files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-04 13:53 1502232]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2007-12-04 13:53 1502232]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-25 07:24 288576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-09 09:23 8523776]
"nwiz"="nwiz.exe" [2008-01-09 09:23 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-09 09:23 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56943bc9-11fc-11dd-a78e-001d6079bcea}]
\Shell\AutoRun\command - F:\autorun.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 13:07:46
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-01 13:09:21
ComboFix-quarantined-files.txt 2008-05-01 11:09:17
Pre-Run: 94,230,437,888 bajtów wolnych
Post-Run: 94,575,599,616 bajtów wolnych
191 --- E O F --- 2008-04-24 08:23:38
przy scanie w combofixie kasperksy wykryl mi kolejne 2 wirusy
rozumiem ze jest weekend nie kazdy siedzi 24h na forum ale gdyby byla taka mozliwosc to prosze o jak najszybsza pomoc poniewz o godzinie 21 mam wazny mecz w grze ktotrego opuscic nie moge niestety i bede potrzebowal sprawnego kompa wiec o 18 formata zrobie jesli tutaj nie uzyskam pomoc do tej godziny licze na was dzieki:)
tutaj jest nowy log troche programow usunelem i nie ruszalem myszka oraz antywirusa wylaczylem
ComboFix 08-04-29.5 - Meta 2008-05-01 15:30:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1706 [GMT 2:00]
Running from: C:\Documents and Settings\Meta\Pulpit\sciagane\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.
2008-05-01 12:13 . 2008-05-01 12:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-01 11:58 . 2008-05-01 11:58 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-04-30 20:08 . 2008-04-30 20:08 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-04-30 20:08 . 2008-04-30 20:08 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-04-30 20:07 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2008-04-30 20:07 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-04-30 20:07 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-04-30 20:06 . 2008-04-30 20:06 <DIR> d-------- C:\Program Files\Futuremark
2008-04-30 17:13 . 2008-05-01 11:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-30 17:13 . 2008-05-01 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-27 08:12 . 2008-04-27 08:12 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-26 13:32 . 2008-04-26 13:34 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\mIRC
2008-04-25 15:12 . 2008-04-26 16:08 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\teamspeak2
2008-04-25 15:12 . 2008-04-25 15:12 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-04-25 08:45 . 2008-04-25 08:45 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-25 08:45 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-25 08:45 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-04-25 08:42 . 2008-04-25 08:42 <DIR> d-------- C:\Program Files\MarBit
2008-04-25 07:24 . 2008-05-01 14:08 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\DNA
2008-04-24 19:33 . 2008-04-24 19:36 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-04-24 19:16 . 2008-04-25 06:07 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-24 19:07 . 2008-04-26 21:00 <DIR> d-------- C:\Program Files\RegCleaner
2008-04-24 18:49 . 2008-04-24 17:51 16,859,136 --a------ C:\Program Files\trl.exe
2008-04-24 18:43 . 2008-04-24 19:22 <DIR> d-------- C:\Program Files\VVSN
2008-04-24 18:29 . 2008-04-24 18:29 26 --a------ C:\WINDOWS\system32\mcheck.mhf
2008-04-24 18:28 . 2008-04-24 18:28 <DIR> d-------- C:\Program Files\SlySoft
2008-04-24 18:28 . 2008-04-24 18:29 44 ---hs---- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
2008-04-24 17:48 . 2008-04-24 19:24 <DIR> d-------- C:\Program Files\Tomb Raider - Legend
2008-04-24 17:45 . 2008-04-24 17:45 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\DAEMON Tools
2008-04-24 14:57 . 2008-04-24 14:57 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\Ubisoft
2008-04-24 14:53 . 2008-04-24 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-04-24 14:53 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-24 14:53 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-24 14:53 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-24 14:53 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-24 14:47 . 2008-04-24 14:47 <DIR> d-------- C:\Program Files\Ubisoft
2008-04-24 14:46 . 2008-04-24 14:46 <DIR> d-------- C:\Program Files\free-downloads.net
2008-04-24 14:46 . 2008-04-24 14:46 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-04-24 11:31 . 2008-04-24 17:45 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-23 07:07 . 2008-04-23 07:24 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2008-04-22 20:49 . 2008-05-01 15:21 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-22 20:33 . 2008-04-22 20:33 <DIR> d-------- C:\Program Files\coldstorage
2008-04-22 20:27 . 2008-04-22 20:27 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-04-22 20:11 . 2008-04-22 20:43 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-04-22 19:35 . 2008-04-24 10:51 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-22 19:34 . 2008-04-22 19:35 <DIR> d-------- C:\Documents and Settings\Meta\SystemRequirementsLab
2008-04-22 19:32 . 2008-04-22 19:32 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-04-22 19:32 . 2008-04-22 19:32 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-04-22 19:32 . 2008-04-22 19:32 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\InstallShield
2008-04-22 19:32 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-04-22 19:31 . 2008-04-22 19:31 <DIR> d-------- C:\WINDOWS\Sun
2008-04-22 19:29 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 19:27 . 2008-04-22 19:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-22 16:07 . 2008-04-22 16:07 <DIR> d-------- C:\Program Files\Rockstar Games
2008-04-22 14:56 . 2008-04-22 14:56 <DIR> d-------- C:\Fraps
2008-04-22 14:56 . 2008-04-24 14:43 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-04-21 18:17 . 2008-04-22 19:23 <DIR> d-------- C:\Documents and Settings\Meta\.jpi_cache
2008-04-21 18:17 . 2008-04-21 18:17 <DIR> d-------- C:\Documents and Settings\Meta\.java
2008-04-21 17:45 . 2008-04-21 17:45 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-21 17:45 . 2008-04-21 17:45 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-21 17:44 . 2008-04-23 06:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-21 17:44 . 2008-04-21 17:44 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-04-21 17:44 . 2008-05-01 15:21 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-21 17:44 . 2008-04-21 17:44 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-21 17:44 . 2008-04-21 17:44 22,328 --a------ C:\Documents and Settings\Meta\Dane aplikacji\PnkBstrK.sys
2008-04-21 17:38 . 2008-04-21 17:38 <DIR> d-------- C:\Program Files\Electronic Arts
2008-04-21 17:37 . 2008-04-21 17:37 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\Gadu-Gadu
2008-04-21 17:29 . 2008-04-21 17:29 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-21 17:29 . 2008-04-28 16:16 <DIR> d-------- C:\Documents and Settings\Meta\Gadu-Gadu
2008-04-21 16:08 . 2008-04-21 16:08 13,680 --a------ C:\WINDOWS\system32\wpa.bak
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-21 16:01 . 2008-05-01 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-21 16:01 . 2008-05-01 15:31 2,634,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-21 16:01 . 2008-05-01 15:31 187,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-21 16:01 . 2008-04-21 16:07 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-21 16:01 . 2008-04-21 16:07 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-21 16:01 . 2008-05-01 15:15 37,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-21 16:01 . 2008-05-01 15:15 19,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-21 14:46 . 2008-04-21 14:46 <DIR> d-------- C:\Documents and Settings\Meta\Dane aplikacji\AdobeUM
2008-04-21 14:41 . 2003-10-16 18:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-04-21 14:40 . 2008-04-21 14:40 <DIR> d-------- C:\Program Files\Thomson
2008-04-21 14:40 . 2003-12-08 11:53 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-04-21 14:40 . 2003-12-08 11:53 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys
2008-04-21 14:40 . 2003-12-08 11:53 5,606 --a------ C:\WINDOWS\system32\stci.dll
2008-04-21 14:40 . 2003-12-08 11:53 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys
2008-04-21 14:40 . 2003-12-08 11:53 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys
2008-04-21 14:39 . 2008-04-21 14:50 <DIR> d-------- C:\Program Files\Neostrada TP
2008-04-21 14:39 . 2008-04-22 19:29 <DIR> d-------- C:\Program Files\Java
2008-04-21 14:39 . 2002-11-01 20:15 45,175 --------- C:\WINDOWS\system32\plugincpl140_03.cpl
2008-04-21 14:39 . 2002-11-01 20:15 41,068 --------- C:\WINDOWS\system32\ActPanel.dll
2008-04-21 14:37 . 2008-04-21 14:37 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-21 14:24 . 2008-04-21 14:24 <DIR> d-------- C:\Program Files\Analog Devices
2008-04-21 14:24 . 2001-09-11 14:20 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2008-04-21 14:24 . 2001-09-19 06:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2008-04-21 14:24 . 2006-03-17 11:18 392,960 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-04-21 14:24 . 2007-01-16 03:09 293,888 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-04-21 14:24 . 2006-08-07 00:57 93,952 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-04-21 14:24 . 2005-05-04 08:20 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
2008-04-21 14:24 . 2006-07-10 14:42 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
2008-04-21 14:24 . 2002-04-17 14:05 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2008-04-21 14:20 . 2008-04-21 14:20 <DIR> d-------- C:\Program Files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 06:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 13:53 --------- d-----w C:\Documents and Settings\Meta\Dane aplikacji\Talkback
2008-04-21 12:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-21 11:42 --------- d-----w C:\Program Files\Realtek
2008-04-21 11:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-21 11:27 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-04 13:53 1502232 --a------ C:\Program Files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-04 13:53 1502232]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2007-12-04 13:53 1502232]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-09 09:23 8523776]
"nwiz"="nwiz.exe" [2008-01-09 09:23 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-09 09:23 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56943bc9-11fc-11dd-a78e-001d6079bcea}]
\Shell\AutoRun\command - F:\autorun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 15:31:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-01 15:32:21
ComboFix-quarantined-files.txt 2008-05-01 13:32:18
ComboFix2.txt 2008-05-01 11:09:23
Pre-Run: 107,591,168,000 bajtów wolnych
Post-Run: 107,583,459,328 bajtów wolnych
186 --- E O F --- 2008-04-24 08:23:38
Użytkownicy przeglądający ten temat: 1
0 użytkowników, 1 gości, 0 anonimowych
