Mam problem z Mój komputer. Gdy włączam mój komputer ze startu lub z ikony z pulpity zamiast pokazac te wszystkie dyski i dokumenty to pokazuje się ta żarówka czy tam latarka cota w lewo i prawo sie rusza no i po chwili włącza sie ale wszystkie te ikony dyskow sa rozmieszczone wg nazwy a nie wg typu i nie sa rozmieszczone w grupie. CO mam zrobic bo juz mnie to irytuje gdy chc wejśc na jakis dysk to muzse czkac 2 zlbo 3 minuty az sie to wlaczy.
Problem z Mój Komputer
Rozpoczęty przez
McLaren5
, 10 05 2008 14:43
-
Temat jest zamknięty
3 odpowiedzi w tym temacie
#2
Daniel W.
-
-
- 259 postów
Stały użytkownik
Napisano 10 05 2008 - 14:46
Masz prawdopodobnie bardzo safyfionego kompa,lub jakies szkodliwe oprogramowanie....
Poskanuj tam prosze jakims antywirusem,badz sciag program ComboFix,lub HiThisJack i rzuc nam tutaj log
pozdrawiaM
Daniel
Poskanuj tam prosze jakims antywirusem,badz sciag program ComboFix,lub HiThisJack i rzuc nam tutaj log
pozdrawiaM
Daniel
#3
McLaren5
-
-
- 10 postów
Początkujący
Napisano 10 05 2008 - 14:56
Zasyfionego nie mam bo mam 3 programy do czyszczenia rejestru itd itp. Antyvira ma Norton AntyVirus 2008i mam jesze Ad-Aware Profesional 2007. NIe powiedzalem jeszcze ze wczoraj sciaglem aktualizacje do windowsa Service Pack 3.
ComboFix 08-05-09.1 - McLaren 2008-05-10 15:03:56.1 - NTFSx86
Running from: C:\Documents and Settings\McLaren\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
2008-05-10 14:42 . 2008-05-10 14:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-10 14:42 . 2008-05-10 14:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-09 22:56 . 2008-05-09 22:56 <DIR> d-------- C:\WINDOWS\system32\pl
2008-05-09 22:56 . 2008-05-09 22:56 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-09 22:56 . 2008-05-09 22:56 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-09 22:54 . 2008-05-09 22:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-09 22:51 . 2008-05-09 22:51 <DIR> d-------- C:\WINDOWS\EHome
2008-05-09 22:42 . 2006-03-02 14:00 184,137 -----c--- C:\WINDOWS\system32\dllcache\compact.wmz
2008-05-09 22:42 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-05-09 22:42 . 2006-03-02 14:00 9,585 -----c--- C:\WINDOWS\system32\dllcache\controls.css
2008-05-09 22:42 . 2006-03-02 14:00 999 -----c--- C:\WINDOWS\system32\dllcache\bktrh.gif
2008-05-09 22:42 . 2006-03-02 14:00 773 -----c--- C:\WINDOWS\system32\dllcache\cnth.gif
2008-05-09 22:42 . 2006-03-02 14:00 773 -----c--- C:\WINDOWS\system32\dllcache\cnt.gif
2008-05-09 22:42 . 2006-03-02 14:00 772 -----c--- C:\WINDOWS\system32\dllcache\cntd.gif
2008-05-09 22:42 . 2006-03-02 14:00 760 -----c--- C:\WINDOWS\system32\dllcache\cloapph.gif
2008-05-09 22:42 . 2006-03-02 14:00 717 -----c--- C:\WINDOWS\system32\dllcache\cloapp.gif
2008-05-09 17:50 . 2008-05-09 17:50 <DIR> d-------- C:\Documents and Settings\McLaren\Dane aplikacji\Ubisoft
2008-05-09 17:39 . 2008-05-09 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-05-09 17:36 . 2008-05-09 17:36 <DIR> d-------- C:\Program Files\Ubisoft
2008-05-07 22:28 . 2007-06-14 04:27 7,006,432 --a------ C:\WINDOWS\system32\US Army.scr
2008-05-07 22:28 . 2008-05-07 22:28 18,432 --a------ C:\WINDOWS\ss3unstl.exe
2008-05-06 22:51 . 2008-05-06 23:10 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-06 17:33 . 2008-05-06 17:33 <DIR> d-------- C:\Program Files\Aspyr
2008-05-06 17:31 . 2008-05-06 17:31 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-06 17:31 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-05-06 17:31 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-05-05 10:40 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-05 10:40 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-04 12:53 . 2008-05-05 18:49 <DIR> d-------- C:\Documents and Settings\McLaren\Dane aplikacji\Kingston
2008-05-03 17:49 . 2008-05-05 11:19 <DIR> d-------- C:\Program Files\America's Army
2008-05-03 13:37 . 2008-05-03 14:27 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-03 13:37 . 2008-05-03 13:41 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-05-03 13:31 . 2008-05-03 13:31 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-05-03 13:31 . 2008-05-03 14:26 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-03 13:30 . 2008-05-03 14:20 <DIR> d-------- C:\Program Files\Symantec
2008-05-03 13:30 . 2008-05-06 17:51 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-03 13:30 . 2008-05-03 14:20 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-03 13:30 . 2008-05-03 14:20 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-03 13:30 . 2008-05-03 14:20 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-03 13:30 . 2008-05-03 14:20 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-03 12:29 . 2008-05-03 12:29 391 --a------ C:\WINDOWS\COVERE~1.INI
2008-05-01 21:40 . 2008-05-01 21:40 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-01 21:40 . 2008-05-01 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-05-01 18:08 . 2008-05-01 18:10 <DIR> d-------- C:\Documents and Settings\McLaren\Dane aplikacji\HP
2008-05-01 16:44 . 2008-05-06 23:46 <DIR> d-------- C:\Temp
2008-04-30 16:16 . 2008-05-10 14:42 <DIR> d-------- C:\Documents and Settings\McLaren\Dane aplikacji\Corel
2008-04-30 16:15 . 2008-04-30 16:15 <DIR> d-------- C:\Program Files\Corel
2008-04-30 16:15 . 2008-04-30 16:15 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-04-30 16:15 . 2008-04-30 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Corel
2008-04-30 00:39 . 2008-05-08 19:03 229,376 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT.tmp
2008-04-30 00:39 . 2008-05-08 19:03 229,376 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT.tmp
2008-04-30 00:39 . 2008-04-30 00:39 0 --ah----- C:\Documents and Settings\McLaren\NTUSER.DAT.tmp.LOG
2008-04-30 00:33 . 2008-04-30 00:33 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-30 00:28 . 2008-05-04 21:34 <DIR> d-------- C:\Program Files\AutoMapa EU
2008-04-30 00:22 . 2008-04-30 00:25 104,770 --a------ C:\WINDOWS\hpqins13.dat
2008-04-30 00:19 . 2008-04-30 00:19 <DIR> d-------- C:\Program Files\GameSpy
2008-04-30 00:17 . 2008-04-30 00:18 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-30 00:16 . 2008-05-08 20:22 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-30 00:16 . 2008-04-30 00:16 22,328 --a------ C:\Documents and Settings\McLaren\Dane aplikacji\PnkBstrK.sys
2008-04-30 00:15 . 2008-04-30 00:15 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-30 00:15 . 2008-04-30 00:15 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-04-30 00:15 . 2008-05-08 20:22 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-30 00:15 . 2008-04-30 00:15 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-30 00:01 . 2008-04-30 00:01 <DIR> d-------- C:\Program Files\Electronic Arts
2008-04-29 23:50 . 2008-04-29 23:50 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-29 23:48 . 2008-04-29 23:49 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-29 23:48 . 2008-04-29 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-29 23:47 . 2008-04-29 23:47 <DIR> dr-h----- C:\MSOCache
2008-04-29 23:42 . 2008-04-29 23:44 <DIR> d-------- C:\Program Files\Tlumacz Komputerowy - Angielski
2008-04-29 23:39 . 2008-04-29 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\WEBREG
2008-04-29 23:39 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-04-29 23:39 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-04-29 23:38 . 2008-04-29 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
2008-04-29 23:38 . 2007-03-17 08:39 958,464 -ra------ C:\WINDOWS\system32\hpotiop4.dll
2008-04-29 23:38 . 2007-03-17 08:39 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll
2008-04-29 23:38 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-04-29 23:38 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-04-29 23:38 . 2007-03-17 08:39 303,104 -ra------ C:\WINDOWS\system32\hpovst11.dll
2008-04-29 23:38 . 2007-03-30 17:29 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-04-29 23:38 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-04-29 23:38 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-04-29 23:38 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-29 23:37 . 2008-04-29 23:37 <DIR> d-------- C:\Documents and Settings\McLaren\Dane aplikacji\HPAppData
2008-04-29 23:37 . 2008-04-29 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY
2008-04-29 23:36 . 2008-04-29 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant
2008-04-29 23:36 . 2008-05-01 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Program Files\Common Files\HP
2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 23:34 . 2008-04-29 23:37 <DIR> d-------- C:\Program Files\HP
2008-04-29 23:34 . 2008-04-29 23:39 152,098 --a------ C:\WINDOWS\hpoins15.dat
2008-04-29 23:34 . 2007-06-06 01:04 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-04-29 23:30 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Valve
2008-04-29 23:27 . 2008-04-29 23:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-29 23:26 . 2008-05-09 23:01 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-29 23:23 . 2008-04-29 23:23 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-04-29 23:12 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-29 22:43 . 2008-04-29 22:43 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-04-29 22:43 . 2008-04-29 22:43 892,928 --a------ C:\WINDOWS\system32\iconv.dll
2008-04-29 22:43 . 2008-04-29 22:43 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-04-29 22:43 . 2008-04-29 22:43 301,568 --a------ C:\WINDOWS\system32\l3codecp.acm
2008-04-29 22:43 . 2008-04-29 22:43 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-04-29 22:42 . 2008-04-29 22:42 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2008-04-29 22:42 . 2008-04-29 22:42 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll
2008-04-29 22:42 . 2008-04-29 22:42 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-04-29 22:42 . 2008-04-29 22:42 106,496 --a------ C:\WINDOWS\system32\lmpgspl.ax
2008-04-29 22:42 . 2008-04-29 22:42 94,208 --a------ C:\WINDOWS\system32\lmpgvd.ax
2008-04-29 22:42 . 2008-04-29 22:42 86,528 --a------ C:\WINDOWS\system32\DVDVideo.ax
2008-04-29 22:42 . 2008-04-29 22:42 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2008-04-29 22:42 . 2008-04-29 22:42 9,216 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-04-29 22:41 . 2008-04-29 22:41 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-29 22:41 . 2008-04-29 22:41 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-04-29 22:41 . 2008-04-29 22:41 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-04-29 22:41 . 2008-04-29 22:41 391,168 --a------ C:\WINDOWS\system32\i263_32.drv
2008-04-29 22:41 . 2008-04-29 22:41 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-04-29 22:41 . 2008-04-29 22:41 344,394 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-29 21:54 . 2008-04-29 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-04-29 21:51 . 2008-04-29 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-29 21:41 . 2008-05-01 16:27 <DIR> d-------- C:\Documents and Settings\McLaren\Dane aplikacji\Ahead
2008-04-29 21:39 . 2008-04-29 21:39 <DIR> d-------- C:\Program Files\Nero
2008-04-29 21:39 . 2008-04-29 23:25 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-29 21:04 . 2008-04-14 18:05 58,880 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-29 21:04 . 2001-08-17 23:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-29 21:02 . 2008-04-29 21:02 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-04-29 21:02 . 2008-04-29 21:02 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2008-04-29 21:02 . 2008-04-29 19:11 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 13:06 --------- d-----w C:\Program Files\cFosSpeed
2008-05-10 12:42 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-09 15:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 15:00 --------- d-----w C:\Program Files\eMule
2008-05-06 17:19 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-03 15:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-03 15:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 12:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-01 19:36 --------- d-----w C:\Documents and Settings\McLaren\Dane aplikacji\Lavasoft
2008-04-29 20:52 --------- d-----w C:\Program Files\BearShare
2008-04-29 18:15 --------- d-----w C:\Program Files\ImTOO
2008-04-29 18:08 --------- d-----w C:\Documents and Settings\McLaren\Dane aplikacji\Winamp
2008-04-29 18:06 --------- d-----w C:\Program Files\Winamp
2008-04-29 18:04 --------- d-----w C:\Program Files\MarBit
2008-04-29 18:03 --------- d-----w C:\Program Files\jv16 PowerTools 2007
2008-04-29 18:01 --------- d-----w C:\Documents and Settings\McLaren\Dane aplikacji\Gadu-Gadu
2008-04-29 17:59 --------- d-----w C:\Program Files\Opera
2008-04-29 17:59 --------- d-----w C:\Program Files\CCleaner
2008-04-29 17:58 --------- d-----w C:\Program Files\AIDA32 - Personal System Information
2008-04-29 17:53 --------- d-----w C:\Program Files\AliveMedia
2008-04-29 17:51 150,830 ----a-w C:\WINDOWS\EXPStudio Audio Editor 3.5.1 Uninstaller.exe
2008-04-29 17:51 --------- d-----w C:\Program Files\EXPStudio
2008-04-29 17:45 --------- d-----w C:\Documents and Settings\McLaren\Dane aplikacji\Symantec
2008-04-29 17:43 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-04-29 17:37 --------- d-----w C:\Program Files\Realtek
2008-04-29 17:29 --------- d-----w C:\Program Files\SAGEM
2008-04-29 17:28 --------- d-----w C:\Documents and Settings\McLaren\Dane aplikacji\InstallShield
2008-04-29 17:27 --------- d-----w C:\Program Files\Intel
2008-04-29 17:26 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-29 17:25 --------- d-----w C:\Program Files\AGEIA Technologies
2008-04-29 17:24 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-29 17:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-29 17:13 --------- d-----w C:\Program Files\Usługi online
2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 17:22 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 17:22 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 17:22 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 17:22 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 17:09 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll
2008-04-14 17:09 7,680 ----a-w C:\WINDOWS\system32\kbdsmsfi.dll
2008-04-14 17:09 7,168 ----a-w C:\WINDOWS\system32\kbdukx.dll
2008-04-14 17:09 7,168 ----a-w C:\WINDOWS\system32\kbdno1.dll
2008-04-14 17:09 7,168 ----a-w C:\WINDOWS\system32\kbdnec.dll
2008-04-14 17:09 7,168 ----a-w C:\WINDOWS\system32\kbdfi1.dll
2008-04-14 17:09 6,656 ----a-w C:\WINDOWS\system32\kbdinmal.dll
2008-04-14 17:09 6,144 ----a-w C:\WINDOWS\system32\kbdmlt48.dll
2008-04-14 17:09 6,144 ----a-w C:\WINDOWS\system32\kbdmlt47.dll
2008-04-14 17:09 6,144 ----a-w C:\WINDOWS\system32\kbdinben.dll
2008-04-14 17:09 6,144 ----a-w C:\WINDOWS\system32\kbdinbe1.dll
2008-04-14 17:09 5,632 ----a-w C:\WINDOWS\system32\kbdmaori.dll
2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:34 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 16:33 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 16:33 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 16:33 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 16:32 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 16:29 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 16:29 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 16:22 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 16:22 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 16:20 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 16:20 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 16:18 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 16:17 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 16:16 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 16:15 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 16:11 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 16:11 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 16:09 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 16:03 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 16:01 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 16:00 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:59 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 15:58 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-03 14:20 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-07-09 17:10 838608]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 22:53 714608]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule2
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-04-29 19:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - AD-WATCH_CONNECT_FILTER
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 13:01:19 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - McLaren.job"
- C:\Program Files\Norton AntiVirus\Navw32.exef/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 15:06:41
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ad-Watch Real-Time Scanner]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTPD.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ad-Watch Registry Filter]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTRD.sys"
.
Completion time: 2008-05-10 15:07:20
ComboFix-quarantined-files.txt 2008-05-10 13:07:13
Pre-Run: 158,893,035,520 bajtów wolnych
Post-Run: 158,946,316,288 bajtów wolnych
318 --- E O F --- 2008-04-29 22:38:06
ComboFix 08-05-09.1 - McLaren 2008-05-10 15:03:56.1 - NTFSx86
Running from: C:\Documents and Settings\McLaren\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.
2008-05-10 14:42 . 2008-05-10 14:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-10 14:42 . 2008-05-10 14:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-09 22:56 . 2008-05-09 22:56 <DIR> d-------- C:\WINDOWS\system32\pl
2008-05-09 22:56 . 2008-05-09 22:56 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-09 22:56 . 2008-05-09 22:56 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-09 22:54 . 2008-05-09 22:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-09 22:51 . 2008-05-09 22:51 <DIR> d-------- C:\WINDOWS\EHome
2008-05-09 22:42 . 2006-03-02 14:00 184,137 -----c--- C:\WINDOWS\system32\dllcache\compact.wmz
2008-05-09 22:42 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-05-09 22:42 . 2006-03-02 14:00 9,585 -----c--- C:\WINDOWS\system32\dllcache\controls.css
2008-05-09 22:42 . 2006-03-02 14:00 999 -----c--- C:\WINDOWS\system32\dllcache\bktrh.gif
2008-05-09 22:42 . 2006-03-02 14:00 773 -----c--- C:\WINDOWS\system32\dllcache\cnth.gif
2008-05-09 22:42 . 2006-03-02 14:00 773 -----c--- C:\WINDOWS\system32\dllcache\cnt.gif
2008-05-09 22:42 . 2006-03-02 14:00 772 -----c--- C:\WINDOWS\system32\dllcache\cntd.gif
2008-05-09 22:42 . 2006-03-02 14:00 760 -----c--- C:\WINDOWS\system32\dllcache\cloapph.gif
2008-05-09 22:42 . 2006-03-02 14:00 717 -----c--- C:\WINDOWS\system32\dllcache\cloapp.gif
2008-05-09 17:50 . 2008-05-09 17:50 <DIR> d-------- C:\Documents and Settings\McLaren\Dane aplikacji\Ubisoft
2008-05-09 17:39 . 2008-05-09 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-05-09 17:36 . 2008-05-09 17:36 <DIR> d-------- C:\Program Files\Ubisoft
2008-05-07 22:28 . 2007-06-14 04:27 7,006,432 --a------ C:\WINDOWS\system32\US Army.scr
2008-05-07 22:28 . 2008-05-07 22:28 18,432 --a------ C:\WINDOWS\ss3unstl.exe
2008-05-06 22:51 . 2008-05-06 23:10 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-06 17:33 . 2008-05-06 17:33 <DIR> d-------- C:\Program Files\Aspyr
2008-05-06 17:31 . 2008-05-06 17:31 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-06 17:31 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-05-06 17:31 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-05-05 10:40 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-05 10:40 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-04 12:53 . 2008-05-05 18:49 <DIR> d-------- C:\Documents and Settings\McLaren\Dane aplikacji\Kingston
2008-05-03 17:49 . 2008-05-05 11:19 <DIR> d-------- C:\Program Files\America's Army
2008-05-03 13:37 . 2008-05-03 14:27 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-03 13:37 . 2008-05-03 13:41 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-05-03 13:31 . 2008-05-03 13:31 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-05-03 13:31 . 2008-05-03 14:26 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-05-03 13:30 . 2008-05-03 14:20 <DIR> d-------- C:\Program Files\Symantec
2008-05-03 13:30 . 2008-05-06 17:51 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-03 13:30 . 2008-05-03 14:20 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-03 13:30 . 2008-05-03 14:20 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-03 13:30 . 2008-05-03 14:20 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-03 13:30 . 2008-05-03 14:20 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-03 12:29 . 2008-05-03 12:29 391 --a------ C:\WINDOWS\COVERE~1.INI
2008-05-01 21:40 . 2008-05-01 21:40 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-01 21:40 . 2008-05-01 21:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-05-01 18:08 . 2008-05-01 18:10 <DIR> d-------- C:\Documents and Settings\McLaren\Dane aplikacji\HP
2008-05-01 16:44 . 2008-05-06 23:46 <DIR> d-------- C:\Temp
2008-04-30 16:16 . 2008-05-10 14:42 <DIR> d-------- C:\Documents and Settings\McLaren\Dane aplikacji\Corel
2008-04-30 16:15 . 2008-04-30 16:15 <DIR> d-------- C:\Program Files\Corel
2008-04-30 16:15 . 2008-04-30 16:15 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-04-30 16:15 . 2008-04-30 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Corel
2008-04-30 00:39 . 2008-05-08 19:03 229,376 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT.tmp
2008-04-30 00:39 . 2008-05-08 19:03 229,376 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT.tmp
2008-04-30 00:39 . 2008-04-30 00:39 0 --ah----- C:\Documents and Settings\McLaren\NTUSER.DAT.tmp.LOG
2008-04-30 00:33 . 2008-04-30 00:33 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-30 00:28 . 2008-05-04 21:34 <DIR> d-------- C:\Program Files\AutoMapa EU
2008-04-30 00:22 . 2008-04-30 00:25 104,770 --a------ C:\WINDOWS\hpqins13.dat
2008-04-30 00:19 . 2008-04-30 00:19 <DIR> d-------- C:\Program Files\GameSpy
2008-04-30 00:17 . 2008-04-30 00:18 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-30 00:16 . 2008-05-08 20:22 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-30 00:16 . 2008-04-30 00:16 22,328 --a------ C:\Documents and Settings\McLaren\Dane aplikacji\PnkBstrK.sys
2008-04-30 00:15 . 2008-04-30 00:15 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-30 00:15 . 2008-04-30 00:15 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-04-30 00:15 . 2008-05-08 20:22 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-30 00:15 . 2008-04-30 00:15 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-30 00:01 . 2008-04-30 00:01 <DIR> d-------- C:\Program Files\Electronic Arts
2008-04-29 23:50 . 2008-04-29 23:50 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-29 23:48 . 2008-04-29 23:49 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-29 23:48 . 2008-04-29 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-29 23:47 . 2008-04-29 23:47 <DIR> dr-h----- C:\MSOCache
2008-04-29 23:42 . 2008-04-29 23:44 <DIR> d-------- C:\Program Files\Tlumacz Komputerowy - Angielski
2008-04-29 23:39 . 2008-04-29 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\WEBREG
2008-04-29 23:39 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-04-29 23:39 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-04-29 23:38 . 2008-04-29 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard
2008-04-29 23:38 . 2007-03-17 08:39 958,464 -ra------ C:\WINDOWS\system32\hpotiop4.dll
2008-04-29 23:38 . 2007-03-17 08:39 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll
2008-04-29 23:38 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-04-29 23:38 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-04-29 23:38 . 2007-03-17 08:39 303,104 -ra------ C:\WINDOWS\system32\hpovst11.dll
2008-04-29 23:38 . 2007-03-30 17:29 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-04-29 23:38 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-04-29 23:38 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-04-29 23:38 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-29 23:37 . 2008-04-29 23:37 <DIR> d-------- C:\Documents and Settings\McLaren\Dane aplikacji\HPAppData
2008-04-29 23:37 . 2008-04-29 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HPSSUPPLY
2008-04-29 23:36 . 2008-04-29 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant
2008-04-29 23:36 . 2008-05-01 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\HP
2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Program Files\Common Files\HP
2008-04-29 23:35 . 2008-04-29 23:35 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 23:34 . 2008-04-29 23:37 <DIR> d-------- C:\Program Files\HP
2008-04-29 23:34 . 2008-04-29 23:39 152,098 --a------ C:\WINDOWS\hpoins15.dat
2008-04-29 23:34 . 2007-06-06 01:04 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-04-29 23:30 . 2008-04-29 23:32 <DIR> d-------- C:\Program Files\Valve
2008-04-29 23:27 . 2008-04-29 23:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-29 23:26 . 2008-05-09 23:01 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-29 23:23 . 2008-04-29 23:23 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-04-29 23:12 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-29 22:43 . 2008-04-29 22:43 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-04-29 22:43 . 2008-04-29 22:43 892,928 --a------ C:\WINDOWS\system32\iconv.dll
2008-04-29 22:43 . 2008-04-29 22:43 577,536 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-04-29 22:43 . 2008-04-29 22:43 301,568 --a------ C:\WINDOWS\system32\l3codecp.acm
2008-04-29 22:43 . 2008-04-29 22:43 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-04-29 22:42 . 2008-04-29 22:42 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2008-04-29 22:42 . 2008-04-29 22:42 245,760 --a------ C:\WINDOWS\system32\mplvpx.dll
2008-04-29 22:42 . 2008-04-29 22:42 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-04-29 22:42 . 2008-04-29 22:42 106,496 --a------ C:\WINDOWS\system32\lmpgspl.ax
2008-04-29 22:42 . 2008-04-29 22:42 94,208 --a------ C:\WINDOWS\system32\lmpgvd.ax
2008-04-29 22:42 . 2008-04-29 22:42 86,528 --a------ C:\WINDOWS\system32\DVDVideo.ax
2008-04-29 22:42 . 2008-04-29 22:42 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2008-04-29 22:42 . 2008-04-29 22:42 9,216 --a------ C:\WINDOWS\system32\cpuinf32.dll
2008-04-29 22:41 . 2008-04-29 22:41 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-29 22:41 . 2008-04-29 22:41 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-04-29 22:41 . 2008-04-29 22:41 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-04-29 22:41 . 2008-04-29 22:41 391,168 --a------ C:\WINDOWS\system32\i263_32.drv
2008-04-29 22:41 . 2008-04-29 22:41 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-04-29 22:41 . 2008-04-29 22:41 344,394 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-29 21:54 . 2008-04-29 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-04-29 21:51 . 2008-04-29 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-29 21:41 . 2008-05-01 16:27 <DIR> d-------- C:\Documents and Settings\McLaren\Dane aplikacji\Ahead
2008-04-29 21:39 . 2008-04-29 21:39 <DIR> d-------- C:\Program Files\Nero
2008-04-29 21:39 . 2008-04-29 23:25 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-29 21:04 . 2008-04-14 18:05 58,880 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-29 21:04 . 2001-08-17 23:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-04-29 21:02 . 2008-04-29 21:02 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-04-29 21:02 . 2008-04-29 21:02 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2008-04-29 21:02 . 2008-04-29 19:11 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 13:06 --------- d-----w C:\Program Files\cFosSpeed
2008-05-10 12:42 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-09 15:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 15:00 --------- d-----w C:\Program Files\eMule
2008-05-06 17:19 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-03 15:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-03 15:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 12:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-05-01 19:36 --------- d-----w C:\Documents and Settings\McLaren\Dane aplikacji\Lavasoft
2008-04-29 20:52 --------- d-----w C:\Program Files\BearShare
2008-04-29 18:15 --------- d-----w C:\Program Files\ImTOO
2008-04-29 18:08 --------- d-----w C:\Documents and Settings\McLaren\Dane aplikacji\Winamp
2008-04-29 18:06 --------- d-----w C:\Program Files\Winamp
2008-04-29 18:04 --------- d-----w C:\Program Files\MarBit
2008-04-29 18:03 --------- d-----w C:\Program Files\jv16 PowerTools 2007
2008-04-29 18:01 --------- d-----w C:\Documents and Settings\McLaren\Dane aplikacji\Gadu-Gadu
2008-04-29 17:59 --------- d-----w C:\Program Files\Opera
2008-04-29 17:59 --------- d-----w C:\Program Files\CCleaner
2008-04-29 17:58 --------- d-----w C:\Program Files\AIDA32 - Personal System Information
2008-04-29 17:53 --------- d-----w C:\Program Files\AliveMedia
2008-04-29 17:51 150,830 ----a-w C:\WINDOWS\EXPStudio Audio Editor 3.5.1 Uninstaller.exe
2008-04-29 17:51 --------- d-----w C:\Program Files\EXPStudio
2008-04-29 17:45 --------- d-----w C:\Documents and Settings\McLaren\Dane aplikacji\Symantec
2008-04-29 17:43 14,656 ----a-w C:\WINDOWS\gdrv.sys
2008-04-29 17:37 --------- d-----w C:\Program Files\Realtek
2008-04-29 17:29 --------- d-----w C:\Program Files\SAGEM
2008-04-29 17:28 --------- d-----w C:\Documents and Settings\McLaren\Dane aplikacji\InstallShield
2008-04-29 17:27 --------- d-----w C:\Program Files\Intel
2008-04-29 17:26 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-29 17:25 --------- d-----w C:\Program Files\AGEIA Technologies
2008-04-29 17:24 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-29 17:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-29 17:13 --------- d-----w C:\Program Files\Usługi online
2008-04-14 20:51 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 20:50 997,888 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 20:50 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 17:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 17:26 332,288 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 17:22 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 17:22 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 17:22 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 17:22 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 17:22 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 17:22 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 17:22 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 17:20 999,936 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-04-14 17:19 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 17:18 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 17:18 1,449,472 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 17:17 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 17:13 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 17:12 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 17:09 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll
2008-04-14 17:09 7,680 ----a-w C:\WINDOWS\system32\kbdsmsfi.dll
2008-04-14 17:09 7,168 ----a-w C:\WINDOWS\system32\kbdukx.dll
2008-04-14 17:09 7,168 ----a-w C:\WINDOWS\system32\kbdno1.dll
2008-04-14 17:09 7,168 ----a-w C:\WINDOWS\system32\kbdnec.dll
2008-04-14 17:09 7,168 ----a-w C:\WINDOWS\system32\kbdfi1.dll
2008-04-14 17:09 6,656 ----a-w C:\WINDOWS\system32\kbdinmal.dll
2008-04-14 17:09 6,144 ----a-w C:\WINDOWS\system32\kbdmlt48.dll
2008-04-14 17:09 6,144 ----a-w C:\WINDOWS\system32\kbdmlt47.dll
2008-04-14 17:09 6,144 ----a-w C:\WINDOWS\system32\kbdinben.dll
2008-04-14 17:09 6,144 ----a-w C:\WINDOWS\system32\kbdinbe1.dll
2008-04-14 17:09 5,632 ----a-w C:\WINDOWS\system32\kbdmaori.dll
2008-04-14 17:06 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 17:05 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 17:03 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 17:01 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 17:00 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 16:34 73,472 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 16:33 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 16:33 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 16:33 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 16:32 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 16:29 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 16:29 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 16:25 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 16:22 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 16:22 153,856 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 16:20 24,960 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 16:20 14,720 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-14 16:18 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 16:17 40,832 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 16:16 40,448 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 16:15 49,664 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 16:15 2,977,792 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 16:13 563,200 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 16:11 65,280 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 16:11 53,248 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 16:09 190,976 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 16:07 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 16:05 67,584 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 16:05 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 16:03 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 16:01 52,864 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 16:00 39,936 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:59 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 15:59 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 15:58 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-03 14:20 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-07-09 17:10 838608]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 22:53 714608]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule2
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-04-29 19:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - AD-WATCH_CONNECT_FILTER
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 13:01:19 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - McLaren.job"
- C:\Program Files\Norton AntiVirus\Navw32.exef/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 15:06:41
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ad-Watch Real-Time Scanner]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTPD.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ad-Watch Registry Filter]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTRD.sys"
.
Completion time: 2008-05-10 15:07:20
ComboFix-quarantined-files.txt 2008-05-10 13:07:13
Pre-Run: 158,893,035,520 bajtów wolnych
Post-Run: 158,946,316,288 bajtów wolnych
318 --- E O F --- 2008-04-29 22:38:06
#4
wncvirus
-
-
- 851 postów
Leń !
Napisano 11 05 2008 - 22:56
Polecam usunięcie obu antywirusów i zainstalować kasperskiego bądź avasta.
Wykonaj
Ściągnij SmitfraudFix.
Użyj go z opcji "Clean", czyli wpisz 2 i naciśnij ENTER.
Po jego użyciu może zajść potrzeba ustawiania od nowa tapety (czyli prawoklik na ekranie>>właściwości, itd. )
Daj z niego raport z C:\Repport.txt
[quote]Instrukcja obsługi:
1. Zastartuj komputer do trybu awaryjnego co jest opisane TUTAJ.
(można spróbować najpierw usuwać w Trybie Normalnym -często to się udaje)
2.Uruchom SmitfraudFix.exe ( podwójnie go kliknij)
3. Zainicjuje się linia komend i dostaniesz pierwszy z ekranów z prośbą o "wciśniecie jakiegokolwiek klawisza by kontynuować" więc z klawiatury ENTER:
4. Dostaniesz menu wyboru opcji na niebieskim ekranie: wpisz 2 i naciśnij ENTER
5. Zostanie uruchomione czyszczenie właściwe rozpoczęte od zabicia procesu explorer.exe (zniknie Pulpit i pasek zadań).
Następnie padnie pytanie Do you want to clean the registry? - wpisz z klawiatury Y i ENTER,
co zainicjuje usuwania kluczyków i restrykcji tapetek.
6.W dalszej kolejności narzędzie sprawdzi czy plik wininet.dll jest zainfekowany a jeśli tak, to może paść pytanie o podmianę pliku,
o ile czystą kopię znaleziono: Replace infected file? = Y i ENTER. Jeśli „wininet” nie jest zarażony, to to zostanie pominięte.
7.Finalnie może być wymagany reset komputera by ukończyć sprzątanie.
Po wykonaniu tego daj nowego loga z combofixa.
Wykonaj
Ściągnij SmitfraudFix.
Użyj go z opcji "Clean", czyli wpisz 2 i naciśnij ENTER.
Po jego użyciu może zajść potrzeba ustawiania od nowa tapety (czyli prawoklik na ekranie>>właściwości, itd. )
Daj z niego raport z C:\Repport.txt
[quote]Instrukcja obsługi:
1. Zastartuj komputer do trybu awaryjnego co jest opisane TUTAJ.
(można spróbować najpierw usuwać w Trybie Normalnym -często to się udaje)
2.Uruchom SmitfraudFix.exe ( podwójnie go kliknij)
3. Zainicjuje się linia komend i dostaniesz pierwszy z ekranów z prośbą o "wciśniecie jakiegokolwiek klawisza by kontynuować" więc z klawiatury ENTER:
4. Dostaniesz menu wyboru opcji na niebieskim ekranie: wpisz 2 i naciśnij ENTER
5. Zostanie uruchomione czyszczenie właściwe rozpoczęte od zabicia procesu explorer.exe (zniknie Pulpit i pasek zadań).
Następnie padnie pytanie Do you want to clean the registry? - wpisz z klawiatury Y i ENTER,
co zainicjuje usuwania kluczyków i restrykcji tapetek.
6.W dalszej kolejności narzędzie sprawdzi czy plik wininet.dll jest zainfekowany a jeśli tak, to może paść pytanie o podmianę pliku,
o ile czystą kopię znaleziono: Replace infected file? = Y i ENTER. Jeśli „wininet” nie jest zarażony, to to zostanie pominięte.
7.Finalnie może być wymagany reset komputera by ukończyć sprzątanie.
Po wykonaniu tego daj nowego loga z combofixa.
Użytkownicy przeglądający ten temat: 1
0 użytkowników, 1 gości, 0 anonimowych
