Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Thial

Rejestracja: 27 kwi 2008
OFFLINE Ostatnio: 10 05 2008 12:20

Moja zawartość

Moje posty

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

06 05 2008 - 19:16

Po wyłączeniu dziwnych procesów komputer działa odrobinę szybciej, jednak dalej strasznie sie tnie. Po zalogowaniu sie na konto musze czekać ponad 10 minut aż zacznie działać mi internet i aż włączy sie chociażby gg, nawet jak wchodze w moj komputer to poki te 10 min nie minie to latarka sie wyswietla. Ponadto pojawił się stary provlem, a mianowicie przy włączaniu aplikacji wyświetla się przykładowo C:\program.exe nie jest prawidłową aplikacją systemu win32. Chciał bym jeszcze wiedzieć co mogło się stac że nie moge botować płytek. Normalnie zawsze miałem Boot from CD i pod spodem pisało naciśniecie dowolnego klawisza bla bla... Teraz natomiast mam 2x Boot from CD i komputer uruchamia się normalnie, windows ładuje się dużo dłużej niż zwykle. Log:

ComboFix 08-04-26.3 - Domino 2008-05-06 19:16:02.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.234 [GMT 2:00]
Running from: D:\Documents and Settings\Domino.BOGDANOW-48FC99\Pulpit\Aplikacje\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Program Files\inetget2
D:\Program Files\inetget2\Installeur.exe
D:\Program Files\JavaCore
D:\Program Files\JavaCore\JavaCore.exe
D:\Program Files\JavaCore\UnInstall.exe
D:\WINDOWS\b152.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

2008-05-04 15:59 . 2008-05-04 15:59 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2008-05-04 15:59 . 2008-05-06 18:51 107,832 --a------ D:\WINDOWS\system32\PnkBstrB.exe
2008-05-04 15:59 . 2008-05-04 15:59 66,872 --a------ D:\WINDOWS\system32\PnkBstrA.exe
2008-05-04 15:59 . 2008-05-06 18:51 22,328 --a------ D:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-04 15:58 . 2008-05-06 18:27 36,864 --a------ D:\WINDOWS\system32\vcmgcd32.dll
2008-05-04 15:58 . 2008-05-06 18:51 17,878 --ah----- D:\WINDOWS\system32\vcmgcd32.dl_
2008-05-04 09:17 . 2008-05-04 09:17 <DIR> d-------- D:\WINDOWS\system32\mm3
2008-05-04 09:17 . 2008-05-04 09:17 <DIR> d-------- D:\WINDOWS\system32\gt1
2008-05-04 09:16 . 2008-05-04 09:16 <DIR> d-------- D:\WINDOWS\system32\bkEur04
2008-05-04 08:52 . 2008-05-04 09:00 <DIR> d-------- D:\SDFix
2008-05-02 18:26 . 2008-05-02 19:05 <DIR> d-------- D:\Program Files\DietMP3
2008-05-01 21:07 . 2008-05-01 21:07 <DIR> d-------- D:\Program Files\FontLab
2008-05-01 21:07 . 2008-05-01 21:07 <DIR> d-------- D:\Program Files\Common Files\FontLab
2008-05-01 19:06 . 2008-05-01 19:06 1,500 --a------ D:\WINDOWS\system32\tmp.reg
2008-05-01 19:05 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-05-01 19:05 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-05-01 19:05 . 2008-04-24 08:10 86,528 --a------ D:\WINDOWS\system32\VACFix.exe
2008-05-01 19:05 . 2008-04-28 08:03 82,944 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-05-01 19:05 . 2008-04-28 08:03 82,944 --a------ D:\WINDOWS\system32\404Fix.exe
2008-05-01 19:05 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-05-01 19:05 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-05-01 19:05 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-04-29 20:44 . 2008-05-02 12:19 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\skypePM
2008-04-29 20:44 . 2008-04-29 20:44 32 --a------ D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ezsid.dat
2008-04-29 20:41 . 2008-05-04 09:13 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Skype
2008-04-29 20:39 . 2008-04-29 20:39 <DIR> d-------- D:\Program Files\Skype
2008-04-29 20:39 . 2008-04-29 20:39 <DIR> d-------- D:\Program Files\Common Files\Skype
2008-04-29 20:38 . 2008-04-29 20:39 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype
2008-04-28 23:35 . 2008-04-28 23:39 <DIR> d-------- D:\Program Files\Power MP3 WMA Converter
2008-04-28 23:20 . 2008-04-28 23:40 221 --a------ D:\WINDOWS\wcx_ftp.ini
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\UC.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\RAR.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\PKZIP.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\PKUNZIP.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\NOCLOSE.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\LHA.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\ARJ.PIF
2008-04-28 23:15 . 2008-04-28 23:49 414 --a------ D:\WINDOWS\wincmd.ini
2008-04-28 18:19 . 2008-04-28 18:19 <DIR> d-------- D:\Documents and Settings\Mama\Dane aplikacji\MySpace
2008-04-28 15:38 . 2008-04-28 15:38 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Musi[beeep]
2008-04-27 22:43 . 2008-04-27 22:43 <DIR> d-------- D:\Program Files\MySpace
2008-04-27 22:43 . 2008-04-27 22:43 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\MySpace
2008-04-27 18:18 . 2008-04-27 18:18 <DIR> d-------- D:\Documents and Settings\Mama\Dane aplikacji\Musi[beeep]
2008-04-27 17:05 . 2008-04-27 17:05 <DIR> d-------- D:\Program Files\Common Files\INCA Shared
2008-04-27 17:05 . 2003-07-18 14:17 5,174 --a------ D:\WINDOWS\system32\nppt9x.vxd
2008-04-27 17:05 . 2005-01-02 05:43 4,682 --a------ D:\WINDOWS\system32\npptNT2.sys
2008-04-24 15:54 . 2008-04-25 17:57 <DIR> d-------- D:\Program Files\DAEMON Tools
2008-04-24 15:54 . 2008-04-24 15:54 223,128 --a------ D:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-24 15:51 . 2008-04-24 15:51 642,560 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-04-24 15:51 . 2008-04-24 15:51 96,256 --a------ D:\WINDOWS\system32\drivers\sptd0381.sys
2008-04-23 12:04 . 2008-04-23 12:04 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\AdobeUM
2008-04-23 10:51 . 2002-09-23 05:41 <DIR> d-------- D:\Program Files\Common Files\Adobe
2008-04-22 19:34 . 2008-04-24 22:57 <DIR> d-------- D:\Program Files\Real Alternative
2008-04-22 19:17 . 2008-04-22 19:17 <DIR> d-------- D:\Program Files\Common Files\GTK
2008-04-22 19:11 . 2008-04-22 19:11 <DIR> d-------- D:\Program Files\GIMP-2.0
2008-04-22 16:49 . 2008-04-22 17:16 <DIR> d-------- D:\Program Files\a-squared Free
2008-04-22 05:47 . 2008-05-06 06:49 24,888 --a------ D:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-06 06:49 24,888 --a------ D:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-06 06:49 16,420 --a------ D:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-06 06:49 16,420 --a------ D:\WINDOWS\system32\BMXState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-06 06:49 1,080 --a------ D:\WINDOWS\system32\settingsbkup.sfm
2008-04-22 05:47 . 2008-05-06 06:49 1,080 --a------ D:\WINDOWS\system32\settings.sfm
2008-04-22 05:47 . 2008-05-06 06:49 24 --a------ D:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat
2008-04-22 05:47 . 2008-05-06 06:49 24 --a------ D:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat
2008-04-21 21:46 . 2008-05-05 13:45 3,374,371 --a------ D:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80641102}.CDF
2008-04-21 21:40 . 2008-04-21 21:40 <DIR> d-------- D:\WINDOWS\system32\Data
2008-04-21 21:39 . 2001-05-28 13:47 32,768 --a------ D:\WINDOWS\system32\AudioHQU.cpl
2008-04-21 21:39 . 2001-05-28 13:47 12,288 --a------ D:\WINDOWS\system32\AHQCpURes.dll
2008-04-21 21:38 . 2008-04-26 13:46 <DIR> d--h----- D:\Program Files\InstallShield Installation Information
2008-04-21 21:38 . 2008-04-21 21:39 <DIR> d-------- D:\Program Files\Creative
2008-04-21 21:38 . 1999-12-17 01:00 6,752 --------- D:\WINDOWS\system32\PFMODNT.SYS
2008-04-21 16:46 . 2008-04-21 16:46 <DIR> d-------- D:\Program Files\Deluxe Ski Jump 3
2008-04-21 01:28 . 2008-05-06 01:12 107 --a------ D:\WINDOWS\VplayerINI.vpl
2008-04-20 01:12 . 2008-05-06 01:12 1,446 --a------ D:\WINDOWS\VPlayer.INI
2008-04-18 22:48 . 2008-05-06 19:14 7,168 --ahs---- D:\WINDOWS\Thumbs.db
2008-04-18 16:12 . 2008-04-18 16:12 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Thinstall
2008-04-18 16:12 . 2008-04-18 16:12 0 --a------ D:\WINDOWS\nsreg.dat
2008-04-18 16:09 . 2003-03-18 22:20 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2008-04-18 08:20 . 2008-04-18 08:20 <DIR> d-------- D:\Program Files\YASA3GPVideoConverter
2008-04-18 04:35 . 2008-04-18 04:35 <DIR> d---s---- D:\Documents and Settings\Mama\UserData
2008-04-18 04:31 . 2008-05-06 19:19 <DIR> d--h----- D:\Documents and Settings\Mama\Ustawienia lokalne
2008-04-18 04:31 . 2008-04-18 06:28 <DIR> dr------- D:\Documents and Settings\Mama\Ulubione
2008-04-18 04:31 . 2008-04-17 08:21 <DIR> d--h----- D:\Documents and Settings\Mama\Szablony
2008-04-18 04:31 . 2008-04-18 19:48 <DIR> d-------- D:\Documents and Settings\Mama\Pulpit
2008-04-18 04:31 . 2008-04-18 04:32 <DIR> dr------- D:\Documents and Settings\Mama\Moje dokumenty
2008-04-18 04:31 . 2008-04-17 10:14 <DIR> dr------- D:\Documents and Settings\Mama\Menu Start
2008-04-18 04:31 . 2008-04-28 18:19 <DIR> dr-h----- D:\Documents and Settings\Mama\Dane aplikacji
2008-04-18 04:31 . 2008-04-18 04:35 <DIR> d-------- D:\Documents and Settings\Mama
2008-04-18 04:31 . 2008-05-06 19:15 1,024 --ah----- D:\Documents and Settings\Mama\NTUSER.DAT.LOG
2008-04-17 20:29 . 2008-04-18 04:31 <DIR> d-------- D:\WINDOWS\nview
2008-04-17 20:29 . 2008-03-15 07:43 208,896 --a------ D:\WINDOWS\system32\nvudisp.exe
2008-04-17 20:29 . 2008-05-05 13:45 88,566 --a------ D:\WINDOWS\system32\nvapps.xml
2008-04-17 20:29 . 2006-10-22 12:22 17,056 --a------ D:\WINDOWS\system32\nvdisp.nvu
2008-04-17 20:21 . 2006-10-22 15:06 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE
2008-04-17 20:20 . 2008-04-21 21:38 <DIR> d-------- D:\Program Files\Common Files\InstallShield
2008-04-17 19:16 . 2008-04-17 19:16 <DIR> d---s---- D:\Documents and Settings\Domino.BOGDANOW-48FC99\UserData
2008-04-17 18:49 . 2008-04-17 18:49 <DIR> d-------- D:\Program Files\Easy GIF Animator
2008-04-17 18:10 . 2008-04-17 18:10 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Gadu-Gadu
2008-04-17 18:09 . 2008-04-17 18:10 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Gadu-Gadu
2008-04-17 15:27 . 2008-05-06 17:37 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\gtk-2.0
2008-04-17 15:06 . 2008-04-17 15:06 <DIR> d-------- D:\Program Files\K-Lite Codec Pack
2008-04-17 15:06 . 2008-04-17 15:06 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Media Player Classic
2008-04-17 14:56 . 2008-04-17 14:56 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\.thumbnails
2008-04-17 14:54 . 2008-05-06 18:37 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\.gimp-2.4
2008-04-17 14:38 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-15 14:38 . 2008-04-15 14:38 <DIR> d-------- D:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 17:29 --------- d-----w D:\Program Files\CCleaner
2008-05-01 02:15 --------- d-----w D:\Program Files\Winamp
2008-04-18 15:06 --------- d-----w D:\Program Files\Gadu-Gadu
2008-04-17 06:27 --------- d-----w D:\Program Files\microsoft frontpage
2008-04-17 06:24 --------- d-----w D:\Program Files\Usługi online
2008-03-06 17:12 12,032 ----a-w D:\WINDOWS\system32\drivers\ws2ifsl.sys
2008-03-06 17:11 4,352 ----a-w D:\WINDOWS\system32\drivers\wmilib.sys
2008-03-06 17:08 80,256 ----a-w D:\WINDOWS\system32\drivers\parport.sys
2008-03-06 17:07 96,256 ----a-w D:\WINDOWS\system32\drivers\scsiport.sys
2008-03-06 17:07 67,584 ----a-w D:\WINDOWS\system32\drivers\sdbus.sys
2008-03-06 17:07 65,664 ----a-w D:\WINDOWS\system32\drivers\serial.sys
2008-03-06 17:07 27,440 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2008-03-06 17:07 15,488 ----a-w D:\WINDOWS\system32\drivers\serenum.sys
2008-03-06 17:07 14,592 ----a-w D:\WINDOWS\system32\drivers\smclib.sys
2008-03-06 17:07 11,392 ----a-w D:\WINDOWS\system32\drivers\sfloppy.sys
2008-03-06 17:07 11,136 ----a-w D:\WINDOWS\system32\drivers\sffdisk.sys
2008-03-06 17:07 10,240 ----a-w D:\WINDOWS\system32\drivers\sffp_sd.sys
2008-03-06 17:05 68,608 ----a-w D:\WINDOWS\system32\drivers\pci.sys
2008-03-06 17:05 6,912 ----a-w D:\WINDOWS\system32\drivers\parvdm.sys
2008-03-06 17:05 3,456 ----a-w D:\WINDOWS\system32\drivers\oprghdlr.sys
2008-03-06 17:05 25,088 ----a-w D:\WINDOWS\system32\drivers\pciidex.sys
2008-03-06 17:05 18,688 ----a-w D:\WINDOWS\system32\drivers\partmgr.sys
2008-03-06 17:05 120,064 ----a-w D:\WINDOWS\system32\drivers\pcmcia.sys
2008-03-06 17:04 88,448 ----a-w D:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-03-06 17:04 63,232 ----a-w D:\WINDOWS\system32\drivers\nwlnknb.sys
2008-03-06 17:04 574,592 ----a-w D:\WINDOWS\system32\drivers\ntfs.sys
2008-03-06 17:04 55,936 ----a-w D:\WINDOWS\system32\drivers\nwlnkspx.sys
2008-03-06 17:04 40,320 ----a-w D:\WINDOWS\system32\drivers\nmnt.sys
2008-03-06 17:04 34,560 ----a-w D:\WINDOWS\system32\drivers\netbios.sys
2008-03-06 17:04 32,512 ----a-w D:\WINDOWS\system32\drivers\nwlnkfwd.sys
2008-03-06 17:04 30,848 ----a-w D:\WINDOWS\system32\drivers\npfs.sys
2008-03-06 17:04 2,944 ----a-w D:\WINDOWS\system32\drivers\null.sys
2008-03-06 17:04 163,584 ----a-w D:\WINDOWS\system32\drivers\nwrdr.sys
2008-03-06 17:04 162,816 ----a-w D:\WINDOWS\system32\drivers\netbt.sys
2008-03-06 17:04 12,416 ----a-w D:\WINDOWS\system32\drivers\nwlnkflt.sys
2008-03-06 17:03 91,776 ----a-w D:\WINDOWS\system32\drivers\ndiswan.sys
2008-03-06 17:03 9,600 ----a-w D:\WINDOWS\system32\drivers\ndistapi.sys
2008-03-06 17:03 38,016 ----a-w D:\WINDOWS\system32\drivers\ndproxy.sys
2008-03-06 17:03 182,912 ----a-w D:\WINDOWS\system32\drivers\ndis.sys
2008-03-06 17:03 107,904 ----a-w D:\WINDOWS\system32\drivers\mup.sys
2008-03-06 17:02 72,960 ----a-w D:\WINDOWS\system32\drivers\mqac.sys
2008-03-06 17:02 451,456 ----a-w D:\WINDOWS\system32\drivers\mrxsmb.sys
2008-03-06 17:02 42,240 ----a-w D:\WINDOWS\system32\drivers\mountmgr.sys
2008-03-06 17:02 35,072 ----a-w D:\WINDOWS\system32\drivers\msgpc.sys
2008-03-06 17:02 19,072 ----a-w D:\WINDOWS\system32\drivers\msfs.sys
2008-03-06 17:02 181,248 ----a-w D:\WINDOWS\system32\drivers\mrxdav.sys
2008-03-06 17:01 7,680 ----a-w D:\WINDOWS\system32\drivers\mcd.sys
2008-03-06 17:01 4,224 ----a-w D:\WINDOWS\system32\drivers\mnmdd.sys
2008-03-06 16:59 92,032 ----a-w D:\WINDOWS\system32\drivers\ksecdd.sys
2008-03-06 16:59 74,752 ----a-w D:\WINDOWS\system32\drivers\ipsec.sys
2008-03-06 16:59 41,856 ----a-w D:\WINDOWS\system32\drivers\imapi.sys
2008-03-06 16:59 40,320 ----a-w D:\WINDOWS\system32\drivers\intelppm.sys
2008-03-06 16:59 36,224 ----a-w D:\WINDOWS\system32\drivers\isapnp.sys
2008-03-06 16:59 32,896 ----a-w D:\WINDOWS\system32\drivers\ipfltdrv.sys
2008-03-06 16:59 29,056 ----a-w D:\WINDOWS\system32\drivers\ip6fw.sys
2008-03-06 16:59 24,960 ----a-w D:\WINDOWS\system32\drivers\kbdclass.sys
2008-03-06 16:59 20,992 ----a-w D:\WINDOWS\system32\drivers\ipinip.sys
2008-03-06 16:59 134,912 ----a-w D:\WINDOWS\system32\drivers\ipnat.sys
2008-03-06 16:59 11,264 ----a-w D:\WINDOWS\system32\drivers\irenum.sys
2008-03-06 16:57 800,000 ----a-w D:\WINDOWS\system32\drivers\dmboot.sys
2008-03-06 16:56 49,664 ----a-w D:\WINDOWS\system32\drivers\classpnp.sys
2008-03-06 16:55 95,360 ----a-w D:\WINDOWS\system32\drivers\atapi.sys
2008-03-06 16:55 71,552 ----a-w D:\WINDOWS\system32\drivers\bridge.sys
2008-03-06 16:55 63,744 ----a-w D:\WINDOWS\system32\drivers\cdfs.sys
2008-03-06 16:55 59,904 ----a-w D:\WINDOWS\system32\drivers\atmarpc.sys
2008-03-06 16:55 55,936 ----a-w D:\WINDOWS\system32\drivers\atmlane.sys
2008-03-06 16:55 49,536 ----a-w D:\WINDOWS\system32\drivers\cdrom.sys
2008-03-06 16:55 4,224 ----a-w D:\WINDOWS\system32\drivers\beep.sys
2008-03-06 16:55 352,256 ----a-w D:\WINDOWS\system32\drivers\atmuni.sys
2008-03-06 16:55 31,360 ----a-w D:\WINDOWS\system32\drivers\atmepvc.sys
2008-03-06 16:55 14,336 ----a-w D:\WINDOWS\system32\drivers\asyncmac.sys
2008-03-06 16:55 13,952 ----a-w D:\WINDOWS\system32\drivers\cbidf2k.sys
2008-03-06 16:54 26,624 ----a-w D:\WINDOWS\system32\drivers\usbehci.sys
2008-03-06 16:54 188,672 ----a-w D:\WINDOWS\system32\drivers\acpi.sys
2008-03-06 16:54 138,496 ----a-w D:\WINDOWS\system32\drivers\afd.sys
2008-03-06 16:54 12,032 ----a-w D:\WINDOWS\system32\drivers\acpiec.sys
2008-02-12 19:55 575,530,568 ----a-w D:\Program Files\WOLF ET 2.60b.rar
2007-09-28 15:16 366 ----a-w D:\Program Files\Skrót do Program Files.lnk
2002-10-22 18:14 364,892 ----a-w D:\Program Files\wear_all_items.rar
2002-10-07 14:38 396,288 ----a-w D:\Program Files\BNetEditor.exe
2002-10-06 21:14 5,122,687 ----a-w D:\Program Files\LODPatch_110.exe
2002-10-06 20:49 5,713,057 ----a-w D:\Program Files\Hero_Editor_Full_V96.zip
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-03-06 18:56 22528]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1695232]
"MySpaceIM"="D:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9146368]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1650688 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 17:42 108160]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 53248 D:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 118784]
"Jet Detection"="D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 57344]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-04-25 17:44 62976]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-04-25 17:44 62976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-03-06 18:56 22528]
"MySpaceIM"="D:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9146368]
"JavaCore"="D:\Program Files\\JavaCore\\JavaCore.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Program Files\\WOLF ET 2.60b\\ET.exe"=

*Newly Created Service* - PNKBSTRB
*Newly Created Service* - PNKBSTRK
.

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

04 05 2008 - 09:43

logu z sd fixa nie mam, ponieważ gdy chciałem włączyć kompa w trybie awaryjnym to cały czas migała ta biała kreska i nic sie dalej nie dzialo, prubowałem też w trybie z obsługą sieci i z wierszem polecenia. Też nic, podejżewam że to wirus tak mi namącił w kompie. A teraz cos wam pokaże, zaczęły mi sie uruchamiać jakies dziwne procesy mam je na screenie a niektorych nie. te ktorych nie ma to 17PHolmes1001186.exe, i pliki tmp w lokacji WINDOWS/TEMP takie jak DIL6.tmp DILA.tmp i różne inne (nigdy wcześniej tego nie było. A teraz zrzuty z mojego managera urządzeń:
Pierwszy screen, po "zablokowaniu portow" zaczęły mi sie pokazywać nieznane dotąd procesy (poniższy screen)

Dołączona grafika

Po wsadzeniu skryptu w Combo Fixa i rebocie pojawiło sie coś takiego (chyba ktoś sie na mnie uwziął)

Dołączona grafika

Patrzcie na nazwe procesu (catchme.tmp) na polski "złap mnie", pomózcie bo ja szału dostane z tym kompem :/

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

01 05 2008 - 19:17

SmitFraudFix v2.319

Scan done at 19:06:03,96, 2008-05-01
Run from D:\Documents and Settings\Domino.BOGDANOW-48FC99\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!Attention, following keys are not inevitably infected!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 NtKrnlpa.info

127.0.0.1 localhost

87.106.12.132 l2authd.lineage2.com
216.107.250.194 nprotect.lineage2.com

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX) - Sterownik miniport Harmonogramu pakietów
DNS Server Search Order: 192.0.2.2
DNS Server Search Order: 192.0.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{578228EC-696A-4D5C-B3E5-0BB26DE9E2CC}: DhcpNameServer=192.0.2.2 192.0.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{578228EC-696A-4D5C-B3E5-0BB26DE9E2CC}: DhcpNameServer=192.0.2.2 192.0.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{578228EC-696A-4D5C-B3E5-0BB26DE9E2CC}: DhcpNameServer=192.0.2.2 192.0.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.0.2.2 192.0.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.0.2.2 192.0.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.0.2.2 192.0.2.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!Attention, following keys are not inevitably infected!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

ComboFix 08-04-26.3 - Domino 2008-05-01 19:11:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.191 [GMT 2:00]
Running from: D:\Documents and Settings\Domino.BOGDANOW-48FC99\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\Domino.BOGDANOW-48FC99\Menu Start\Programy\Outerinfo
D:\Documents and Settings\Domino.BOGDANOW-48FC99\Menu Start\Programy\Outerinfo\Terms.lnk
D:\Documents and Settings\Domino.BOGDANOW-48FC99\Menu Start\Programy\Outerinfo\Uninstall.lnk
D:\Documents and Settings\Domino.BOGDANOW-48FC99\Moje dokumenty\YMBOLS~1
D:\Documents and Settings\Domino.BOGDANOW-48FC99\Moje dokumenty\YMBOLS~1\w?aclt.exe
D:\Program Files\Common Files\Yazzle1560OinAdmin.exe
D:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
D:\Program Files\inetget2
D:\Program Files\JavaCore
D:\Program Files\JavaCore\JavaCore.exe
D:\Program Files\JavaCore\UnInstall.exe
D:\Program Files\outerinfo
D:\Program Files\outerinfo\FF\chrome.manifest
D:\Program Files\outerinfo\FF\components\FF.dll
D:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
D:\Program Files\outerinfo\FF\install.rdf
D:\Program Files\outerinfo\Terms.rtf
D:\WINDOWS\appatc~1
D:\WINDOWS\appatc~1\A?pPatch\
D:\WINDOWS\appatc~1\msiexec.exe
D:\WINDOWS\b128.exe
D:\WINDOWS\b152.exe
D:\WINDOWS\b999.exe
D:\WINDOWS\mrofinu1001186.exe
D:\WINDOWS\mrofinu1001186.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-05-01 19:06 . 2008-05-01 19:06 1,500 --a------ D:\WINDOWS\system32\tmp.reg
2008-05-01 19:05 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
2008-05-01 19:05 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
2008-05-01 19:05 . 2008-04-24 08:10 86,528 --a------ D:\WINDOWS\system32\VACFix.exe
2008-05-01 19:05 . 2008-04-28 08:03 82,944 --a------ D:\WINDOWS\system32\IEDFix.exe
2008-05-01 19:05 . 2008-04-28 08:03 82,944 --a------ D:\WINDOWS\system32\404Fix.exe
2008-05-01 19:05 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
2008-05-01 19:05 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
2008-05-01 19:05 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
2008-04-29 20:44 . 2008-04-30 13:36 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\skypePM
2008-04-29 20:44 . 2008-04-29 20:44 32 --a------ D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ezsid.dat
2008-04-29 20:41 . 2008-05-01 18:59 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Skype
2008-04-29 20:39 . 2008-04-29 20:39 <DIR> d-------- D:\Program Files\Skype
2008-04-29 20:39 . 2008-04-29 20:39 <DIR> d-------- D:\Program Files\Common Files\Skype
2008-04-29 20:38 . 2008-04-29 20:39 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype
2008-04-28 23:35 . 2008-04-28 23:39 <DIR> d-------- D:\Program Files\Power MP3 WMA Converter
2008-04-28 23:20 . 2008-04-28 23:40 221 --a------ D:\WINDOWS\wcx_ftp.ini
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\UC.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\RAR.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\PKZIP.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\PKUNZIP.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\NOCLOSE.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\LHA.PIF
2008-04-28 23:15 . 2006-10-23 06:55 545 --a------ D:\WINDOWS\ARJ.PIF
2008-04-28 23:15 . 2008-04-28 23:49 414 --a------ D:\WINDOWS\wincmd.ini
2008-04-28 18:19 . 2008-04-28 18:19 <DIR> d-------- D:\Documents and Settings\Mama\Dane aplikacji\MySpace
2008-04-28 15:38 . 2008-04-28 15:38 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Musi[beeep]
2008-04-27 22:43 . 2008-04-27 22:43 <DIR> d-------- D:\Program Files\MySpace
2008-04-27 22:43 . 2008-04-27 22:43 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\MySpace
2008-04-27 18:18 . 2008-04-27 18:18 <DIR> d-------- D:\Documents and Settings\Mama\Dane aplikacji\Musi[beeep]
2008-04-27 17:05 . 2008-04-27 17:05 <DIR> d-------- D:\Program Files\Common Files\INCA Shared
2008-04-27 17:05 . 2003-07-18 14:17 5,174 --a------ D:\WINDOWS\system32\nppt9x.vxd
2008-04-27 17:05 . 2005-01-02 05:43 4,682 --a------ D:\WINDOWS\system32\npptNT2.sys
2008-04-24 15:54 . 2008-04-25 17:57 <DIR> d-------- D:\Program Files\DAEMON Tools
2008-04-24 15:54 . 2008-04-24 15:54 223,128 --a------ D:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-24 15:51 . 2008-04-24 15:51 642,560 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-04-24 15:51 . 2008-04-24 15:51 96,256 --a------ D:\WINDOWS\system32\drivers\sptd0381.sys
2008-04-23 12:04 . 2008-04-23 12:04 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\AdobeUM
2008-04-23 10:51 . 2002-09-23 05:41 <DIR> d-------- D:\Program Files\Common Files\Adobe
2008-04-22 19:34 . 2008-04-24 22:57 <DIR> d-------- D:\Program Files\Real Alternative
2008-04-22 19:17 . 2008-04-22 19:17 <DIR> d-------- D:\Program Files\Common Files\GTK
2008-04-22 19:11 . 2008-04-22 19:11 <DIR> d-------- D:\Program Files\GIMP-2.0
2008-04-22 16:49 . 2008-04-22 17:16 <DIR> d-------- D:\Program Files\a-squared Free
2008-04-22 05:47 . 2008-05-01 01:49 29,808 --a------ D:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-01 01:49 29,808 --a------ D:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-01 01:49 17,500 --a------ D:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-01 01:49 17,500 --a------ D:\WINDOWS\system32\BMXState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2008-05-01 01:49 1,080 --a------ D:\WINDOWS\system32\settingsbkup.sfm
2008-04-22 05:47 . 2008-05-01 01:49 1,080 --a------ D:\WINDOWS\system32\settings.sfm
2008-04-22 05:47 . 2008-05-01 01:49 24 --a------ D:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat
2008-04-22 05:47 . 2008-05-01 01:49 24 --a------ D:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat
2008-04-21 21:46 . 2008-05-01 18:57 3,374,371 --a------ D:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80641102}.CDF
2008-04-21 21:40 . 2008-04-21 21:40 <DIR> d-------- D:\WINDOWS\system32\Data
2008-04-21 21:39 . 2001-05-28 13:47 32,768 --a------ D:\WINDOWS\system32\AudioHQU.cpl
2008-04-21 21:39 . 2001-05-28 13:47 12,288 --a------ D:\WINDOWS\system32\AHQCpURes.dll
2008-04-21 21:38 . 2008-04-26 13:46 <DIR> d--h----- D:\Program Files\InstallShield Installation Information
2008-04-21 21:38 . 2008-04-21 21:39 <DIR> d-------- D:\Program Files\Creative
2008-04-21 21:38 . 1999-12-17 01:00 6,752 --------- D:\WINDOWS\system32\PFMODNT.SYS
2008-04-21 16:46 . 2008-04-21 16:46 <DIR> d-------- D:\Program Files\Deluxe Ski Jump 3
2008-04-21 01:28 . 2008-05-01 01:48 112 --a------ D:\WINDOWS\VplayerINI.vpl
2008-04-20 01:12 . 2008-05-01 01:48 1,350 --a------ D:\WINDOWS\VPlayer.INI
2008-04-18 22:48 . 2008-04-30 12:45 7,168 --ahs---- D:\WINDOWS\Thumbs.db
2008-04-18 16:12 . 2008-04-18 16:12 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Thinstall
2008-04-18 16:12 . 2008-04-18 16:12 0 --a------ D:\WINDOWS\nsreg.dat
2008-04-18 16:09 . 2003-03-18 22:20 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2008-04-18 08:20 . 2008-04-18 08:20 <DIR> d-------- D:\Program Files\YASA3GPVideoConverter
2008-04-18 04:35 . 2008-04-18 04:35 <DIR> d---s---- D:\Documents and Settings\Mama\UserData
2008-04-18 04:31 . 2008-05-01 19:13 <DIR> d--h----- D:\Documents and Settings\Mama\Ustawienia lokalne
2008-04-18 04:31 . 2008-04-18 06:28 <DIR> dr------- D:\Documents and Settings\Mama\Ulubione
2008-04-18 04:31 . 2008-04-17 08:21 <DIR> d--h----- D:\Documents and Settings\Mama\Szablony
2008-04-18 04:31 . 2008-04-18 19:48 <DIR> d-------- D:\Documents and Settings\Mama\Pulpit
2008-04-18 04:31 . 2008-04-18 04:32 <DIR> dr------- D:\Documents and Settings\Mama\Moje dokumenty
2008-04-18 04:31 . 2008-04-17 10:14 <DIR> dr------- D:\Documents and Settings\Mama\Menu Start
2008-04-18 04:31 . 2008-04-28 18:19 <DIR> dr-h----- D:\Documents and Settings\Mama\Dane aplikacji
2008-04-18 04:31 . 2008-04-18 04:35 <DIR> d-------- D:\Documents and Settings\Mama
2008-04-18 04:31 . 2008-05-01 18:56 1,024 --ah----- D:\Documents and Settings\Mama\NTUSER.DAT.LOG
2008-04-17 20:29 . 2008-04-18 04:31 <DIR> d-------- D:\WINDOWS\nview
2008-04-17 20:29 . 2008-03-15 07:43 208,896 --a------ D:\WINDOWS\system32\nvudisp.exe
2008-04-17 20:29 . 2008-05-01 18:57 88,566 --a------ D:\WINDOWS\system32\nvapps.xml
2008-04-17 20:29 . 2006-10-22 12:22 17,056 --a------ D:\WINDOWS\system32\nvdisp.nvu
2008-04-17 20:21 . 2006-10-22 15:06 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE
2008-04-17 20:20 . 2008-04-21 21:38 <DIR> d-------- D:\Program Files\Common Files\InstallShield
2008-04-17 19:16 . 2008-04-17 19:16 <DIR> d---s---- D:\Documents and Settings\Domino.BOGDANOW-48FC99\UserData
2008-04-17 18:49 . 2008-04-17 18:49 <DIR> d-------- D:\Program Files\Easy GIF Animator
2008-04-17 18:10 . 2008-04-17 18:10 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Gadu-Gadu
2008-04-17 18:09 . 2008-04-17 18:10 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Gadu-Gadu
2008-04-17 15:27 . 2008-04-30 21:02 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\gtk-2.0
2008-04-17 15:06 . 2008-04-17 15:06 <DIR> d-------- D:\Program Files\K-Lite Codec Pack
2008-04-17 15:06 . 2008-04-17 15:06 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Media Player Classic
2008-04-17 14:56 . 2008-04-17 14:56 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\.thumbnails
2008-04-17 14:54 . 2008-04-30 22:40 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\.gimp-2.4
2008-04-17 14:38 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-15 14:38 . 2008-04-15 14:38 <DIR> d-------- D:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 02:15 --------- d-----w D:\Program Files\Winamp
2008-04-18 15:06 --------- d-----w D:\Program Files\Gadu-Gadu
2008-04-17 06:27 --------- d-----w D:\Program Files\microsoft frontpage
2008-04-17 06:24 --------- d-----w D:\Program Files\Usługi online
2008-03-06 17:11 99,328 ----a-w D:\WINDOWS\system32\winscard.dll
2008-03-06 17:09 94,832 ----a-w D:\WINDOWS\twain.dll
2008-03-06 17:08 991,744 ----a-w D:\WINDOWS\system32\syssetup.dll
2008-03-06 17:07 996,352 ----a-w D:\WINDOWS\system32\setupapi.dll
2008-03-06 17:06 98,304 ----a-w D:\WINDOWS\system32\rtm.dll
2008-03-06 17:05 98,304 ----a-w D:\WINDOWS\system32\odbcint.dll
2008-03-06 17:04 94,208 ----a-w D:\WINDOWS\system32\netsh.exe
2008-03-06 17:03 91,776 ----a-w D:\WINDOWS\system32\drivers\ndiswan.sys
2008-03-06 17:02 997,888 ----a-w D:\WINDOWS\system32\msgina.dll
2008-03-06 17:01 98,816 ----a-w D:\WINDOWS\system32\loadperf.dll
2008-03-06 16:59 92,320 ----a-w D:\WINDOWS\system32\krnl386.exe
2008-03-06 16:58 99,840 ----a-w D:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe
2008-03-06 16:57 97,280 ----a-w D:\WINDOWS\system32\dpcdll.dll
2008-03-06 16:56 825,344 ----a-w D:\WINDOWS\system32\d3dim700.dll
2008-03-06 16:55 95,360 ----a-w D:\WINDOWS\system32\drivers\atapi.sys
2008-03-06 16:54 937,984 ----a-w D:\WINDOWS\system32\winbrand.dll
2008-02-12 19:55 575,530,568 ----a-w D:\Program Files\WOLF ET 2.60b.rar
2007-09-28 15:16 366 ----a-w D:\Program Files\Skrót do Program Files.lnk
2002-10-22 18:14 364,892 ----a-w D:\Program Files\wear_all_items.rar
2002-10-07 14:38 396,288 ----a-w D:\Program Files\BNetEditor.exe
2002-10-06 21:14 5,122,687 ----a-w D:\Program Files\LODPatch_110.exe
2002-10-06 20:49 5,713,057 ----a-w D:\Program Files\Hero_Editor_Full_V96.zip
.

------- Sigcheck -------

2008-03-06 18:58 1040896 b203781d5509ce237857d26e1339dcba D:\WINDOWS\explorer.exe

2008-03-06 18:56 22528 aa2abd388e6669d07727dbc848ab07ee D:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-27_14.59.18,50 )))))))))))))))))))))))))))))))))))))))))
.
- 2002-09-23 10:17:47 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-05-01 02:05:54 2,048 --s-a-w D:\WINDOWS\bootstat.dat
- 2005-10-20 18:02:28 174,080 ----a-w D:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w D:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 06:00:00 37,376 ----a-w D:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,160 ----a-w D:\WINDOWS\Nircmd.exe
- 2000-08-31 06:00:00 169,472 ----a-w D:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w D:\WINDOWS\swreg.exe
- 2002-09-23 10:17:51 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-01 02:05:55 16,384 ----a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2002-09-23 10:17:51 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-05-01 02:05:55 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
- 2002-09-23 10:17:51 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-01 02:05:55 32,768 ----a-w D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-07 23:51:00 9,336 ------w D:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2007-03-07 23:51:00 9,464 ------w D:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2007-03-07 23:51:00 43,528 ------w D:\WINDOWS\system32\drivers\PxHelp20.sys
- 2008-04-18 02:31:24 98,256 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-28 03:34:28 99,048 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-03-07 23:51:00 547,576 ------w D:\WINDOWS\system32\px.dll
+ 2007-03-07 23:51:00 129,784 ------w D:\WINDOWS\system32\pxafs.dll
+ 2007-03-07 23:51:00 64,760 ------w D:\WINDOWS\system32\pxcpya64.exe
+ 2007-03-07 23:51:00 510,712 ------w D:\WINDOWS\system32\pxdrv.dll
+ 2007-03-07 23:51:00 72,440 ------w D:\WINDOWS\system32\pxhpinst.exe
+ 2007-03-07 23:51:00 64,760 ------w D:\WINDOWS\system32\pxinsa64.exe
+ 2007-03-07 23:51:00 187,128 ------w D:\WINDOWS\system32\pxmas.dll
+ 2007-03-07 23:51:00 1,628,920 ------w D:\WINDOWS\system32\pxsfs.dll
+ 2007-03-07 23:51:00 379,640 ------w D:\WINDOWS\system32\pxwave.dll
- 2008-03-06 17:06:44 53,248 ----a-w D:\WINDOWS\system32\reg.exe
+ 2008-03-06 17:06:44 60,416 ----a-w D:\WINDOWS\system32\reg.exe
- 2008-03-06 17:07:48 132,608 ----a-w D:\WINDOWS\system32\sndrec32.exe
+ 2008-03-06 17:07:48 139,776 ----a-w D:\WINDOWS\system32\sndrec32.exe
+ 2007-03-07 23:51:00 39,672 ------w D:\WINDOWS\system32\vxblock.dll
- 2008-03-06 17:09:06 15,360 ----a-w D:\WINDOWS\TASKMAN.EXE
+ 2008-03-06 17:09:06 22,528 ----a-w D:\WINDOWS\TASKMAN.EXE
- 2008-03-06 17:09:20 25,600 ----a-w D:\WINDOWS\twunk_32.exe
+ 2008-03-06 17:09:20 32,768 ----a-w D:\WINDOWS\twunk_32.exe
- 2008-03-06 17:11:06 285,696 ----a-w D:\WINDOWS\winhlp32.exe
+ 2008-03-06 17:11:06 292,864 ----a-w D:\WINDOWS\winhlp32.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-03-06 18:56 22528]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1674752]
"MySpaceIM"="D:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9125888]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1630208 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 17:42 108160]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 32768 D:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 98304]
"Jet Detection"="D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 36864]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-04-25 17:44 42496]
"runner1"="D:\WINDOWS\mrofinu1001186.exe" [2008-05-01 19:15 37376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-03-06 18:56 22528]
"JavaCore"="D:\Program Files\\JavaCore\\JavaCore.exe" [ ]
"Oobr"="D:\WINDOWS\APPATC~1\msiexec.exe" [ ]
"Pvrxd"="D:\Documents and Settings\Domino.BOGDANOW-48FC99\Moje dokumenty\?ymbols\w?aclt.exe" [ ]
"MySpaceIM"="D:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9125888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 dump_wmimmc;dump_wmimmc;D:\Lineage II\system\GameGuard\dump_wmimmc.sys []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 19:14:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-01 19:16:22
ComboFix-quarantined-files.txt 2008-05-01 17:16:08
ComboFix2.txt 2008-04-27 13:00:11

Pre-Run: 7,342,782,976 bajtów wolnych
Post-Run: 7,449,753,600 bajtów wolnych

261

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

28 04 2008 - 21:49

czasami w procesach odpala mi sie cos takiego jak mrofinu, holmes i dil6, czytałem że to back doory, mimo usunięcia komp dalej sie tnie a one wracają po jakimś czasie

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

27 04 2008 - 14:53

Log z combofixa

ComboFix 08-04-26.3 - Domino 2008-04-27 14:53:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.112 [GMT 2:00]
Running from: D:\Documents and Settings\Domino.BOGDANOW-48FC99\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-24 15:54 . 2008-04-25 17:57 <DIR> d-------- D:\Program Files\DAEMON Tools
2008-04-24 15:54 . 2008-04-24 15:54 223,128 --a------ D:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-24 15:51 . 2008-04-24 15:51 642,560 --a------ D:\WINDOWS\system32\drivers\sptd.sys
2008-04-24 15:51 . 2008-04-24 15:51 96,256 --a------ D:\WINDOWS\system32\drivers\sptd0381.sys
2008-04-23 12:04 . 2008-04-23 12:04 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\AdobeUM
2008-04-23 10:51 . 2002-09-23 05:41 <DIR> d-------- D:\Program Files\Common Files\Adobe
2008-04-22 19:34 . 2008-04-24 22:57 <DIR> d-------- D:\Program Files\Real Alternative
2008-04-22 19:17 . 2008-04-22 19:17 <DIR> d-------- D:\Program Files\Common Files\GTK
2008-04-22 19:11 . 2008-04-22 19:11 <DIR> d-------- D:\Program Files\GIMP-2.0
2008-04-22 16:49 . 2008-04-22 17:16 <DIR> d-------- D:\Program Files\a-squared Free
2008-04-22 05:47 . 2002-09-23 12:15 29,808 --a------ D:\WINDOWS\system32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2002-09-23 12:15 29,808 --a------ D:\WINDOWS\system32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2002-09-23 12:15 17,500 --a------ D:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2002-09-23 12:15 17,500 --a------ D:\WINDOWS\system32\BMXState-{00000000-00000000-0000000A-00001102-00000002-80641102}.rfx
2008-04-22 05:47 . 2002-09-23 12:15 1,080 --a------ D:\WINDOWS\system32\settingsbkup.sfm
2008-04-22 05:47 . 2002-09-23 12:15 1,080 --a------ D:\WINDOWS\system32\settings.sfm
2008-04-22 05:47 . 2002-09-23 12:15 24 --a------ D:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat
2008-04-22 05:47 . 2002-09-23 12:15 24 --a------ D:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80641102}.dat
2008-04-21 21:46 . 2002-09-23 12:37 3,374,371 --a------ D:\WINDOWS\{00000000-00000000-0000000A-00001102-00000002-80641102}.CDF
2008-04-21 21:40 . 2008-04-21 21:40 <DIR> d-------- D:\WINDOWS\system32\Data
2008-04-21 21:39 . 2001-05-28 13:47 32,768 --a------ D:\WINDOWS\system32\AudioHQU.cpl
2008-04-21 21:39 . 2001-05-28 13:47 12,288 --a------ D:\WINDOWS\system32\AHQCpURes.dll
2008-04-21 21:38 . 2008-04-26 13:46 <DIR> d--h----- D:\Program Files\InstallShield Installation Information
2008-04-21 21:38 . 2008-04-21 21:39 <DIR> d-------- D:\Program Files\Creative
2008-04-21 21:38 . 1999-12-17 01:00 6,752 --------- D:\WINDOWS\system32\PFMODNT.SYS
2008-04-21 16:46 . 2008-04-21 16:46 <DIR> d-------- D:\Program Files\Deluxe Ski Jump 3
2008-04-21 01:28 . 2002-09-23 11:54 107 --a------ D:\WINDOWS\VplayerINI.vpl
2008-04-20 01:12 . 2002-09-23 11:54 1,266 --a------ D:\WINDOWS\VPlayer.INI
2008-04-18 22:48 . 2002-09-23 12:21 7,168 --ahs---- D:\WINDOWS\Thumbs.db
2008-04-18 16:12 . 2008-04-18 16:12 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Thinstall
2008-04-18 16:12 . 2008-04-18 16:12 0 --a------ D:\WINDOWS\nsreg.dat
2008-04-18 16:09 . 2003-03-18 22:20 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2008-04-18 08:20 . 2008-04-18 08:20 <DIR> d-------- D:\Program Files\YASA3GPVideoConverter
2008-04-18 04:35 . 2008-04-18 04:35 <DIR> d---s---- D:\Documents and Settings\Mama\UserData
2008-04-18 04:31 . 2008-04-27 14:56 <DIR> d--h----- D:\Documents and Settings\Mama\Ustawienia lokalne
2008-04-18 04:31 . 2008-04-18 06:28 <DIR> dr------- D:\Documents and Settings\Mama\Ulubione
2008-04-18 04:31 . 2008-04-17 08:21 <DIR> d--h----- D:\Documents and Settings\Mama\Szablony
2008-04-18 04:31 . 2008-04-18 19:48 <DIR> d-------- D:\Documents and Settings\Mama\Pulpit
2008-04-18 04:31 . 2008-04-18 04:32 <DIR> dr------- D:\Documents and Settings\Mama\Moje dokumenty
2008-04-18 04:31 . 2008-04-17 10:14 <DIR> dr------- D:\Documents and Settings\Mama\Menu Start
2008-04-18 04:31 . 2008-04-25 04:15 <DIR> dr-h----- D:\Documents and Settings\Mama\Dane aplikacji
2008-04-18 04:31 . 2008-04-18 04:35 <DIR> d-------- D:\Documents and Settings\Mama
2008-04-18 04:31 . 2008-04-27 14:53 1,024 --ah----- D:\Documents and Settings\Mama\NTUSER.DAT.LOG
2008-04-17 20:29 . 2008-04-18 04:31 <DIR> d-------- D:\WINDOWS\nview
2008-04-17 20:29 . 2008-03-15 07:43 208,896 --a------ D:\WINDOWS\system32\nvudisp.exe
2008-04-17 20:29 . 2002-09-23 12:37 88,566 --a------ D:\WINDOWS\system32\nvapps.xml
2008-04-17 20:29 . 2006-10-22 12:22 17,056 --a------ D:\WINDOWS\system32\nvdisp.nvu
2008-04-17 20:21 . 2006-10-22 15:06 208,896 --a------ D:\WINDOWS\system32\NVUNINST.EXE
2008-04-17 20:20 . 2008-04-21 21:38 <DIR> d-------- D:\Program Files\Common Files\InstallShield
2008-04-17 19:16 . 2008-04-17 19:16 <DIR> d---s---- D:\Documents and Settings\Domino.BOGDANOW-48FC99\UserData
2008-04-17 18:49 . 2008-04-17 18:49 <DIR> d-------- D:\Program Files\Easy GIF Animator
2008-04-17 18:10 . 2008-04-17 18:10 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Gadu-Gadu
2008-04-17 18:09 . 2008-04-17 18:10 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Gadu-Gadu
2008-04-17 15:27 . 2002-09-23 14:29 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\gtk-2.0
2008-04-17 15:06 . 2008-04-17 15:06 <DIR> d-------- D:\Program Files\K-Lite Codec Pack
2008-04-17 15:06 . 2008-04-17 15:06 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\Dane aplikacji\Media Player Classic
2008-04-17 14:56 . 2008-04-17 14:56 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\.thumbnails
2008-04-17 14:54 . 2002-09-23 13:58 <DIR> d-------- D:\Documents and Settings\Domino.BOGDANOW-48FC99\.gimp-2.4
2008-04-17 14:38 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-15 14:38 . 2008-04-15 14:38 <DIR> d-------- D:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 15:06 --------- d-----w D:\Program Files\Gadu-Gadu
2008-04-17 06:27 --------- d-----w D:\Program Files\microsoft frontpage
2008-04-17 06:24 --------- d-----w D:\Program Files\Usługi online
2008-04-14 21:09 --------- d-----w D:\Program Files\Winamp
2008-03-06 17:11 99,328 ----a-w D:\WINDOWS\system32\winscard.dll
2008-03-06 17:09 94,832 ----a-w D:\WINDOWS\twain.dll
2008-03-06 17:08 991,744 ----a-w D:\WINDOWS\system32\syssetup.dll
2008-03-06 17:07 996,352 ----a-w D:\WINDOWS\system32\setupapi.dll
2008-03-06 17:06 98,304 ----a-w D:\WINDOWS\system32\rtm.dll
2008-03-06 17:05 98,304 ----a-w D:\WINDOWS\system32\odbcint.dll
2008-03-06 17:04 94,208 ----a-w D:\WINDOWS\system32\netsh.exe
2008-03-06 17:03 91,776 ----a-w D:\WINDOWS\system32\drivers\ndiswan.sys
2008-03-06 17:02 997,888 ----a-w D:\WINDOWS\system32\msgina.dll
2008-03-06 17:01 98,816 ----a-w D:\WINDOWS\system32\loadperf.dll
2008-03-06 16:59 92,320 ----a-w D:\WINDOWS\system32\krnl386.exe
2008-03-06 16:58 99,840 ----a-w D:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe
2008-03-06 16:57 97,280 ----a-w D:\WINDOWS\system32\dpcdll.dll
2008-03-06 16:56 825,344 ----a-w D:\WINDOWS\system32\d3dim700.dll
2008-03-06 16:55 95,360 ----a-w D:\WINDOWS\system32\drivers\atapi.sys
2008-03-06 16:54 937,984 ----a-w D:\WINDOWS\system32\winbrand.dll
2008-02-12 19:55 575,530,568 ----a-w D:\Program Files\WOLF ET 2.60b.rar
2007-09-28 15:16 366 ----a-w D:\Program Files\Skrót do Program Files.lnk
2002-10-22 18:14 364,892 ----a-w D:\Program Files\wear_all_items.rar
2002-10-07 14:38 396,288 ----a-w D:\Program Files\BNetEditor.exe
2002-10-06 21:14 5,122,687 ------w D:\Program Files\LODPatch_110.exe
2002-10-06 20:49 5,713,057 ----a-w D:\Program Files\Hero_Editor_Full_V96.zip
.

------- Sigcheck -------

2008-03-06 18:58 1040896 b203781d5509ce237857d26e1339dcba D:\WINDOWS\explorer.exe

2008-03-06 18:56 22528 aa2abd388e6669d07727dbc848ab07ee D:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-03-06 18:56 22528]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1674752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1630208 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2006-09-25 17:42 108160]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 32768 D:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="D:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 98304]
"Jet Detection"="D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 36864]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-03-06 18:56 22528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Gadu-Gadu\\gg.exe"=

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 14:57:59
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 15:00:09
ComboFix-quarantined-files.txt 2008-04-27 13:00:00

Pre-Run: 6,851,236,352 bajtów wolnych
Post-Run: 7,004,707,328 bajtów wolnych

146

I jeszcze na wszelki wypadek z silentrunnera

"Silent Runners.vbs", revision 56, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""D:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"MSMSGS" = ""D:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"UpdReg" = "D:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"Jet Detection" = ""D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string]
"DAEMON Tools" = ""D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension"
-> {HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Pulpit\tapetka.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Domino.BOGDANOW-48FC99\Pulpit\tapetka.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS]

Startup items in "Domino" & "All Users" startup folders:
--------------------------------------------------------

D:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"Adobe Gamma Loader" -> shortcut to: "D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]

---------- (launch time: 2002-09-23 14:42:44)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 140 seconds.
---------- (total run time: 195 seconds)

Thial

Statystyki

O mnie

Moje posty

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

Thial

Statystyki

O mnie

Moje posty

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

W temacie: [wirus]Jakieś Wirusy robaki i inne cuda :P

Zaloguj się