Zgadza sie, szukam pomocy w kilku miejscach:) oto aktualny Log:
ComboFix 08-06-15.4 - Administrator 2008-06-18 16:52:16.10 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.143 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator.O_O\Pulpit\Combo-Fix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Administrator.O_O\Ustawienia lokalne\Temp
C:\Documents and Settings\Administrator.O_O\Ustawienia lokalne\Temp~DF8405.tmp
C:\Documents and Settings\Administrator.O_O\Ustawienia lokalne\Temp\Av-test.txt
C:\Documents and Settings\kurczaki!\Ustawienia lokalne\Temp
C:\Documents and Settings\kurczaki!\Ustawienia lokalne\Temp~DF33E6.tmp
C:\WINDOWS\AppPatch\AcPlugin.dll
C:\WINDOWS\System32\drivers\eth8023.sys
C:\WINDOWS\system32\stjxakin.exe
C:\WINDOWS\system32\ypdjgbmp.dll
C:\WINDOWS\system32\zdesfx.dll
C:\WINDOWS\Temp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ETH8023
-------\Service_eth8023
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.
2008-06-18 06:53 . 2008-06-18 06:53
2008-06-18 06:52 . 2008-06-18 06:54
2008-06-17 22:44 . 2008-06-17 22:44 218,624 --ah----- C:\WINDOWS\system32\zgrjdx.dll
2008-06-17 09:12 . 2008-06-17 09:12
2008-06-16 23:50 . 2008-06-16 23:50
2008-06-16 19:33 . 2008-06-16 19:34
2008-06-16 17:59 . 2008-06-17 10:39
2008-06-16 17:12 . 2008-06-17 10:38
2008-06-16 16:42 . 2008-06-17 10:28
2008-06-16 16:39 . 2008-06-18 16:53
2008-06-16 16:39 . 2008-06-12 19:35
2008-06-16 16:39 . 2008-06-12 17:43
2008-06-16 16:39 . 2008-06-18 15:13
2008-06-16 16:39 . 2008-06-17 10:39
2008-06-16 16:39 . 2008-06-16 18:02
2008-06-16 16:39 . 2008-06-17 10:38
2008-06-16 16:39 . 2008-06-18 15:12
2008-06-16 09:44 . 2008-06-16 09:45
2008-06-15 21:00 . 2008-06-12 19:35
2008-06-15 21:00 . 2008-06-16 09:45
2008-06-15 21:00 . 2008-06-12 17:43
2008-06-15 21:00 . 2008-06-16 09:43
2008-06-15 21:00 . 2008-06-12 19:35
2008-06-15 21:00 . 2008-06-16 09:43
2008-06-15 21:00 . 2008-06-12 19:35
2008-06-15 21:00 . 2008-06-16 09:44
2008-06-15 19:39 . 2008-06-15 19:39 171 --a------ C:\WINDOWS\system32\winsYs.reg
2008-06-14 09:42 . 2008-06-15 19:03 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-14 09:42 . 2008-06-15 19:03 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-14 09:40 . 2008-06-14 09:40
2008-06-14 09:40 . 2008-06-18 14:27
2008-06-14 09:40 . 2008-06-18 14:44 1,989,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-14 09:40 . 2008-06-18 14:29 31,796 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-14 09:40 . 2008-06-18 14:42 31,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-14 09:40 . 2008-06-18 14:29 6,092 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-14 09:39 . 2008-06-14 09:39
2008-06-14 09:36 . 2008-06-14 09:36
2008-06-13 15:35 . 2008-06-14 12:00
2008-06-13 15:35 . 2008-06-13 15:35
2008-06-13 15:35 . 2008-06-13 15:35 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-06-13 08:33 . 2008-06-17 21:52
2008-06-13 08:33 . 2008-06-13 08:33 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-13 08:30 . 2008-06-17 21:55
2008-06-13 08:28 . 2008-06-13 08:28
2008-06-13 08:27 . 2008-06-13 08:28
2008-06-13 08:26 . 2008-06-13 08:28
2008-06-13 03:22 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 03:22 . 2008-04-14 17:53 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 03:04 . 2005-05-04 14:45 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2008-06-13 03:04 . 2005-05-04 14:45 2,890,240 --a–c— C:\WINDOWS\system32\dllcache\msi.dll
2008-06-13 03:04 . 2005-05-04 14:45 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2008-06-13 03:04 . 2005-05-04 14:45 884,736 --a–c— C:\WINDOWS\system32\dllcache\msimsg.dll
2008-06-13 03:04 . 2005-05-04 14:45 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2008-06-13 03:04 . 2005-05-04 14:45 271,360 --a–c— C:\WINDOWS\system32\dllcache\msihnd.dll
2008-06-13 03:04 . 2005-05-04 14:45 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2008-06-13 03:04 . 2005-05-04 14:45 78,848 --a–c— C:\WINDOWS\system32\dllcache\msiexec.exe
2008-06-13 03:04 . 2005-05-04 14:45 15,360 --a------ C:\WINDOWS\system32\msisip.dll
2008-06-13 03:04 . 2005-05-04 14:45 15,360 --a–c— C:\WINDOWS\system32\dllcache\msisip.dll
2008-06-13 03:02 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-12 23:32 . 2008-06-13 21:50
2008-06-12 23:32 . 2006-05-05 11:41 453,120 -----c— C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-06-12 20:20 . 2003-06-15 19:38 225,792 --ah----- C:\WINDOWS\system32\pedadt.dll
2008-06-12 18:12 . 2008-06-12 18:12 1,169 --a------ C:\WINDOWS\mozver.dat
2008-06-12 18:09 . 2008-06-12 18:09
2008-06-12 18:07 . 2008-06-12 18:07
2008-06-12 18:06 . 2008-06-12 18:06
2008-06-12 18:06 . 2008-03-15 12:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-12 18:06 . 2008-03-15 12:12 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-12 18:06 . 2008-03-15 12:12 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-06-12 18:06 . 2008-03-15 13:07 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 18:06 . 2008-03-15 13:07 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-06-12 18:06 . 2008-03-15 12:12 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-12 18:05 . 2008-06-12 18:05
2008-06-12 18:05 . 2008-06-12 18:05 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-12 18:05 . 2008-06-12 18:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 18:03 . 2008-06-14 09:39
2008-06-12 18:03 . 2008-06-12 18:03
2008-06-12 18:03 . 2008-06-12 18:03
2008-06-12 18:03 . 2008-06-12 18:03 974,336 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-06-12 18:03 . 2008-06-12 18:03 659,228 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-06-12 18:03 . 2008-06-12 18:03 208,896 --a------ C:\WINDOWS\alcupd.exe
2008-06-12 18:03 . 2008-06-12 18:03 141,016 --a------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-06-12 18:03 . 2008-06-12 18:03 135,168 --a------ C:\WINDOWS\alcrmv.exe
2008-06-12 18:03 . 2008-06-12 18:03 46,592 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-06-12 18:03 . 2008-06-12 18:03 164 --a------ C:\WINDOWS\avrack.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 17:04 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-13 13:32 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-12 17:22 --------- d-----w C:\Documents and Settings\kurczaki!\Dane aplikacji\Gadu-Gadu
2008-06-12 16:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-12 15:50 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-12 15:48 --------- d-----w C:\Program Files\Usługi online
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2004-08-08 20:39 520 --sh–w C:\WINDOWS\system32\cgsqatyu.sys
2004-08-08 20:39 14,831 --sh–w C:\WINDOWS\system32\posqatyu.exe
2004-08-08 20:43 536,072 --sh–w C:\WINDOWS\system32\yzztjmsn.dll
.
------- Sigcheck -------
2004-08-04 01:44 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\svchost.exe
2004-08-04 01:44 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\dllcache\svchost.exe
2005-03-02 20:21 578560 6a93565be9b8422eb7538c66ac732d76 C:\WINDOWS$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51 579584 11abdecc02efc1d2b6a6a0fa46c26594 C:\WINDOWS$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 01:44 578560 0c81764f50f32d376e6e4b9e9f4b01a0 C:\WINDOWS$NtUninstallKB890859$\user32.dll
2005-03-02 20:18 578560 b7eeb1a1af740306049241ddf61f21ff C:\WINDOWS$NtUninstallKB925902$\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\SoftwareDistribution\Download\1f230f6d84102690e7c56ddde32096d1\sp2gdr\user32.dll
2007-03-08 17:51 579584 11abdecc02efc1d2b6a6a0fa46c26594 C:\WINDOWS\SoftwareDistribution\Download\1f230f6d84102690e7c56ddde32096d1\sp2qfe\user32.dll
2005-03-02 20:18 578560 b7eeb1a1af740306049241ddf61f21ff C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2gdr\user32.dll
2005-03-02 20:21 578560 6a93565be9b8422eb7538c66ac732d76 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2qfe\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\system32\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\system32\dllcache\user32.dll
2006-05-19 14:42 70656 e36896ed0589caf0c3bd725f7e33d444 C:\WINDOWS\SoftwareDistribution\Download\05ab8c082e41089957695756477f164e\SP1QFE\ws2_32.dll
2004-08-04 01:44 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 01:44 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\dllcache\ws2_32.dll
2008-04-21 08:58 669184 e937ccfe8348f56c46c14c8a7e26f71b C:\WINDOWS$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 08:44 668672 4f1ea30f3e4fb419e1637d9eb082662f C:\WINDOWS$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 08:41 669184 a3c7b35454f87a0635c73e8cb5a36d1f C:\WINDOWS$hf_mig$\KB950759\SP3QFE\wininet.dll
2004-08-04 01:44 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS$NtUninstallKB950759$\wininet.dll
2008-04-21 09:03 662016 39179de4ea2dce5d646bbf3b408b50ee C:\WINDOWS\SoftwareDistribution\Download\76cefaf8547a8e6c18fe68cec585dfa3\sp2gdr\wininet.dll
2008-04-21 08:58 669184 e937ccfe8348f56c46c14c8a7e26f71b C:\WINDOWS\SoftwareDistribution\Download\76cefaf8547a8e6c18fe68cec585dfa3\sp2qfe\wininet.dll
2008-04-21 08:44 668672 4f1ea30f3e4fb419e1637d9eb082662f C:\WINDOWS\SoftwareDistribution\Download\76cefaf8547a8e6c18fe68cec585dfa3\sp3gdr\wininet.dll
2008-04-21 08:41 669184 a3c7b35454f87a0635c73e8cb5a36d1f C:\WINDOWS\SoftwareDistribution\Download\76cefaf8547a8e6c18fe68cec585dfa3\sp3qfe\wininet.dll
2008-04-21 09:03 662016 39179de4ea2dce5d646bbf3b408b50ee C:\WINDOWS\system32\wininet.dll
2008-04-21 09:03 662016 39179de4ea2dce5d646bbf3b408b50ee C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-04 01:44 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\winlogon.exe
2004-08-04 01:44 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 20:14 2058240 35d11fdc381536ab95e3005489131f44 C:\WINDOWS$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09 2060672 2f4a36b1b03d64fb176cb0f3eb597118 C:\WINDOWS$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-04 01:54 2058112 44d1bc1b05e0c7c82e81687b79c653c7 C:\WINDOWS$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08 2058112 0f6990820c6ce0a7a911fae5937ef1f6 C:\WINDOWS$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\sp2gdr\ntkrnlpa.exe
2007-02-28 18:09 2060672 2f4a36b1b03d64fb176cb0f3eb597118 C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\sp2qfe\ntkrnlpa.exe
2005-03-02 20:08 2058112 0f6990820c6ce0a7a911fae5937ef1f6 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2gdr\ntkrnlpa.exe
2005-03-02 20:14 2058240 35d11fdc381536ab95e3005489131f44 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2qfe\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 20:14 2180864 dba3e4215279c8012b37d2135b531258 C:\WINDOWS$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:09 2183424 c450518ef9acc02a2d799698021e31a8 C:\WINDOWS$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-04 01:39 2182272 dcf53422b7edded3b7431fbae4a7ee3f C:\WINDOWS$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09 2180608 3f3612846d67352468d2286fc23fb0c2 C:\WINDOWS$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\sp2gdr\ntoskrnl.exe
2007-02-28 18:09 2183424 c450518ef9acc02a2d799698021e31a8 C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\sp2qfe\ntoskrnl.exe
2005-03-02 20:09 2180608 3f3612846d67352468d2286fc23fb0c2 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2gdr\ntoskrnl.exe
2005-03-02 20:14 2180864 dba3e4215279c8012b37d2135b531258 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2qfe\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 01:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\SoftwareDistribution\Download\8d454b309577cd5649a81b0f39c2c9c7\sp2gdr\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\SoftwareDistribution\Download\8d454b309577cd5649a81b0f39c2c9c7\sp2qfe\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 01:44 108544 3da8d964d2cc12ef8e8c342471a37917 C:\WINDOWS\system32\services.exe
2004-08-04 01:44 108544 3da8d964d2cc12ef8e8c342471a37917 C:\WINDOWS\system32\dllcache\services.exe
2004-08-04 01:44 13312 f485fefc8cc4fd29243d800be5d275d1 C:\WINDOWS\system32\lsass.exe
2004-08-04 01:44 13312 f485fefc8cc4fd29243d800be5d275d1 C:\WINDOWS\system32\dllcache\lsass.exe
2004-08-04 01:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 01:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_21.54.15,98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 19:51:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
-
2008-06-18 12:46:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
-
2008-06-17 18:34:06 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
-
2008-06-18 04:53:29 765,952 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
-
2008-06-18 04:53:29 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
-
2008-06-17 18:34:06 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
-
2008-06-18 04:53:28 765,952 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
-
2008-06-18 04:53:28 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{A490415F-65F8-B5C5-D8BA-9405FB12054A}]
2004-08-08 22:43 536072 —hs---- C:\WINDOWS\system32\yzztjmsn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-02-24 07:32 5537792]
“nwiz”=“nwiz.exe” [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-02-24 07:32 86016]
“SoundMan”=“SOUNDMAN.EXE” [2008-06-12 18:03 46592 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{A490415F-65F8-B5C5-D8BA-9405FB12054A}”= C:\WINDOWS\system32\yzztjmsn.dll [2004-08-08 22:43 536072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.avis”= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\BitComet\BitComet.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 16:53:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-18 16:54:09
ComboFix-quarantined-files.txt 2008-06-18 14:54:02
ComboFix2.txt 2008-06-18 04:42:15
ComboFix3.txt 2008-06-17 20:01:30
Pre-Run: 22,931,156,992 bajtów wolnych
Post-Run: 22,923,849,728 bajtów wolnych
264 — E O F — 2008-06-18 05:00:23
W dniu 18.06.2008 , o godzinie 17:21 został dopisany post przez ganjaman666
Rzeczywiscie korzystam z pomocy gdzie sie da:0 oto aktualny log:
ComboFix 08-06-15.4 - Administrator 2008-06-18 16:52:16.10 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.143 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator.O_O\Pulpit\Combo-Fix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Administrator.O_O\Ustawienia lokalne\Temp
C:\Documents and Settings\Administrator.O_O\Ustawienia lokalne\Temp~DF8405.tmp
C:\Documents and Settings\Administrator.O_O\Ustawienia lokalne\Temp\Av-test.txt
C:\Documents and Settings\kurczaki!\Ustawienia lokalne\Temp
C:\Documents and Settings\kurczaki!\Ustawienia lokalne\Temp~DF33E6.tmp
C:\WINDOWS\AppPatch\AcPlugin.dll
C:\WINDOWS\System32\drivers\eth8023.sys
C:\WINDOWS\system32\stjxakin.exe
C:\WINDOWS\system32\ypdjgbmp.dll
C:\WINDOWS\system32\zdesfx.dll
C:\WINDOWS\Temp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ETH8023
-------\Service_eth8023
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.
2008-06-18 06:53 . 2008-06-18 06:53
2008-06-18 06:52 . 2008-06-18 06:54
2008-06-17 22:44 . 2008-06-17 22:44 218,624 --ah----- C:\WINDOWS\system32\zgrjdx.dll
2008-06-17 09:12 . 2008-06-17 09:12
2008-06-16 23:50 . 2008-06-16 23:50
2008-06-16 19:33 . 2008-06-16 19:34
2008-06-16 17:59 . 2008-06-17 10:39
2008-06-16 17:12 . 2008-06-17 10:38
2008-06-16 16:42 . 2008-06-17 10:28
2008-06-16 16:39 . 2008-06-18 16:53
2008-06-16 16:39 . 2008-06-12 19:35
2008-06-16 16:39 . 2008-06-12 17:43
2008-06-16 16:39 . 2008-06-18 15:13
2008-06-16 16:39 . 2008-06-17 10:39
2008-06-16 16:39 . 2008-06-16 18:02
2008-06-16 16:39 . 2008-06-17 10:38
2008-06-16 16:39 . 2008-06-18 15:12
2008-06-16 09:44 . 2008-06-16 09:45
2008-06-15 21:00 . 2008-06-12 19:35
2008-06-15 21:00 . 2008-06-16 09:45
2008-06-15 21:00 . 2008-06-12 17:43
2008-06-15 21:00 . 2008-06-16 09:43
2008-06-15 21:00 . 2008-06-12 19:35
2008-06-15 21:00 . 2008-06-16 09:43
2008-06-15 21:00 . 2008-06-12 19:35
2008-06-15 21:00 . 2008-06-16 09:44
2008-06-15 19:39 . 2008-06-15 19:39 171 --a------ C:\WINDOWS\system32\winsYs.reg
2008-06-14 09:42 . 2008-06-15 19:03 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-14 09:42 . 2008-06-15 19:03 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-14 09:40 . 2008-06-14 09:40
2008-06-14 09:40 . 2008-06-18 14:27
2008-06-14 09:40 . 2008-06-18 14:44 1,989,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-14 09:40 . 2008-06-18 14:29 31,796 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-14 09:40 . 2008-06-18 14:42 31,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-14 09:40 . 2008-06-18 14:29 6,092 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-14 09:39 . 2008-06-14 09:39
2008-06-14 09:36 . 2008-06-14 09:36
2008-06-13 15:35 . 2008-06-14 12:00
2008-06-13 15:35 . 2008-06-13 15:35
2008-06-13 15:35 . 2008-06-13 15:35 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-06-13 08:33 . 2008-06-17 21:52
2008-06-13 08:33 . 2008-06-13 08:33 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-13 08:30 . 2008-06-17 21:55
2008-06-13 08:28 . 2008-06-13 08:28
2008-06-13 08:27 . 2008-06-13 08:28
2008-06-13 08:26 . 2008-06-13 08:28
2008-06-13 03:22 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 03:22 . 2008-04-14 17:53 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 03:04 . 2005-05-04 14:45 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2008-06-13 03:04 . 2005-05-04 14:45 2,890,240 --a–c— C:\WINDOWS\system32\dllcache\msi.dll
2008-06-13 03:04 . 2005-05-04 14:45 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2008-06-13 03:04 . 2005-05-04 14:45 884,736 --a–c— C:\WINDOWS\system32\dllcache\msimsg.dll
2008-06-13 03:04 . 2005-05-04 14:45 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2008-06-13 03:04 . 2005-05-04 14:45 271,360 --a–c— C:\WINDOWS\system32\dllcache\msihnd.dll
2008-06-13 03:04 . 2005-05-04 14:45 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2008-06-13 03:04 . 2005-05-04 14:45 78,848 --a–c— C:\WINDOWS\system32\dllcache\msiexec.exe
2008-06-13 03:04 . 2005-05-04 14:45 15,360 --a------ C:\WINDOWS\system32\msisip.dll
2008-06-13 03:04 . 2005-05-04 14:45 15,360 --a–c— C:\WINDOWS\system32\dllcache\msisip.dll
2008-06-13 03:02 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-12 23:32 . 2008-06-13 21:50
2008-06-12 23:32 . 2006-05-05 11:41 453,120 -----c— C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-06-12 20:20 . 2003-06-15 19:38 225,792 --ah----- C:\WINDOWS\system32\pedadt.dll
2008-06-12 18:12 . 2008-06-12 18:12 1,169 --a------ C:\WINDOWS\mozver.dat
2008-06-12 18:09 . 2008-06-12 18:09
2008-06-12 18:07 . 2008-06-12 18:07
2008-06-12 18:06 . 2008-06-12 18:06
2008-06-12 18:06 . 2008-03-15 12:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-12 18:06 . 2008-03-15 12:12 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-12 18:06 . 2008-03-15 12:12 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-06-12 18:06 . 2008-03-15 13:07 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 18:06 . 2008-03-15 13:07 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-06-12 18:06 . 2008-03-15 12:12 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-12 18:05 . 2008-06-12 18:05
2008-06-12 18:05 . 2008-06-12 18:05 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-12 18:05 . 2008-06-12 18:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 18:03 . 2008-06-14 09:39
2008-06-12 18:03 . 2008-06-12 18:03
2008-06-12 18:03 . 2008-06-12 18:03
2008-06-12 18:03 . 2008-06-12 18:03 974,336 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-06-12 18:03 . 2008-06-12 18:03 659,228 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-06-12 18:03 . 2008-06-12 18:03 208,896 --a------ C:\WINDOWS\alcupd.exe
2008-06-12 18:03 . 2008-06-12 18:03 141,016 --a------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-06-12 18:03 . 2008-06-12 18:03 135,168 --a------ C:\WINDOWS\alcrmv.exe
2008-06-12 18:03 . 2008-06-12 18:03 46,592 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-06-12 18:03 . 2008-06-12 18:03 164 --a------ C:\WINDOWS\avrack.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 17:04 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-13 13:32 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-12 17:22 --------- d-----w C:\Documents and Settings\kurczaki!\Dane aplikacji\Gadu-Gadu
2008-06-12 16:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-12 15:50 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-12 15:48 --------- d-----w C:\Program Files\Usługi online
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2004-08-08 20:39 520 --sh–w C:\WINDOWS\system32\cgsqatyu.sys
2004-08-08 20:39 14,831 --sh–w C:\WINDOWS\system32\posqatyu.exe
2004-08-08 20:43 536,072 --sh–w C:\WINDOWS\system32\yzztjmsn.dll
.
------- Sigcheck -------
2004-08-04 01:44 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\svchost.exe
2004-08-04 01:44 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\dllcache\svchost.exe
2005-03-02 20:21 578560 6a93565be9b8422eb7538c66ac732d76 C:\WINDOWS$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51 579584 11abdecc02efc1d2b6a6a0fa46c26594 C:\WINDOWS$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 01:44 578560 0c81764f50f32d376e6e4b9e9f4b01a0 C:\WINDOWS$NtUninstallKB890859$\user32.dll
2005-03-02 20:18 578560 b7eeb1a1af740306049241ddf61f21ff C:\WINDOWS$NtUninstallKB925902$\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\SoftwareDistribution\Download\1f230f6d84102690e7c56ddde32096d1\sp2gdr\user32.dll
2007-03-08 17:51 579584 11abdecc02efc1d2b6a6a0fa46c26594 C:\WINDOWS\SoftwareDistribution\Download\1f230f6d84102690e7c56ddde32096d1\sp2qfe\user32.dll
2005-03-02 20:18 578560 b7eeb1a1af740306049241ddf61f21ff C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2gdr\user32.dll
2005-03-02 20:21 578560 6a93565be9b8422eb7538c66ac732d76 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2qfe\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\system32\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\system32\dllcache\user32.dll
2006-05-19 14:42 70656 e36896ed0589caf0c3bd725f7e33d444 C:\WINDOWS\SoftwareDistribution\Download\05ab8c082e41089957695756477f164e\SP1QFE\ws2_32.dll
2004-08-04 01:44 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 01:44 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\dllcache\ws2_32.dll
2008-04-21 08:58 669184 e937ccfe8348f56c46c14c8a7e26f71b C:\WINDOWS$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 08:44 668672 4f1ea30f3e4fb419e1637d9eb082662f C:\WINDOWS$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 08:41 669184 a3c7b35454f87a0635c73e8cb5a36d1f C:\WINDOWS$hf_mig$\KB950759\SP3QFE\wininet.dll
2004-08-04 01:44 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS$NtUninstallKB950759$\wininet.dll
2008-04-21 09:03 662016 39179de4ea2dce5d646bbf3b408b50ee C:\WINDOWS\SoftwareDistribution\Download\76cefaf8547a8e6c18fe68cec585dfa3\sp2gdr\wininet.dll
2008-04-21 08:58 669184 e937ccfe8348f56c46c14c8a7e26f71b C:\WINDOWS\SoftwareDistribution\Download\76cefaf8547a8e6c18fe68cec585dfa3\sp2qfe\wininet.dll
2008-04-21 08:44 668672 4f1ea30f3e4fb419e1637d9eb082662f C:\WINDOWS\SoftwareDistribution\Download\76cefaf8547a8e6c18fe68cec585dfa3\sp3gdr\wininet.dll
2008-04-21 08:41 669184 a3c7b35454f87a0635c73e8cb5a36d1f C:\WINDOWS\SoftwareDistribution\Download\76cefaf8547a8e6c18fe68cec585dfa3\sp3qfe\wininet.dll
2008-04-21 09:03 662016 39179de4ea2dce5d646bbf3b408b50ee C:\WINDOWS\system32\wininet.dll
2008-04-21 09:03 662016 39179de4ea2dce5d646bbf3b408b50ee C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-04 01:44 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\winlogon.exe
2004-08-04 01:44 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 20:14 2058240 35d11fdc381536ab95e3005489131f44 C:\WINDOWS$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09 2060672 2f4a36b1b03d64fb176cb0f3eb597118 C:\WINDOWS$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-04 01:54 2058112 44d1bc1b05e0c7c82e81687b79c653c7 C:\WINDOWS$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08 2058112 0f6990820c6ce0a7a911fae5937ef1f6 C:\WINDOWS$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\sp2gdr\ntkrnlpa.exe
2007-02-28 18:09 2060672 2f4a36b1b03d64fb176cb0f3eb597118 C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\sp2qfe\ntkrnlpa.exe
2005-03-02 20:08 2058112 0f6990820c6ce0a7a911fae5937ef1f6 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2gdr\ntkrnlpa.exe
2005-03-02 20:14 2058240 35d11fdc381536ab95e3005489131f44 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2qfe\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 20:14 2180864 dba3e4215279c8012b37d2135b531258 C:\WINDOWS$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:09 2183424 c450518ef9acc02a2d799698021e31a8 C:\WINDOWS$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-04 01:39 2182272 dcf53422b7edded3b7431fbae4a7ee3f C:\WINDOWS$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09 2180608 3f3612846d67352468d2286fc23fb0c2 C:\WINDOWS$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\sp2gdr\ntoskrnl.exe
2007-02-28 18:09 2183424 c450518ef9acc02a2d799698021e31a8 C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\sp2qfe\ntoskrnl.exe
2005-03-02 20:09 2180608 3f3612846d67352468d2286fc23fb0c2 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2gdr\ntoskrnl.exe
2005-03-02 20:14 2180864 dba3e4215279c8012b37d2135b531258 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2qfe\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 01:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\SoftwareDistribution\Download\8d454b309577cd5649a81b0f39c2c9c7\sp2gdr\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\SoftwareDistribution\Download\8d454b309577cd5649a81b0f39c2c9c7\sp2qfe\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 01:44 108544 3da8d964d2cc12ef8e8c342471a37917 C:\WINDOWS\system32\services.exe
2004-08-04 01:44 108544 3da8d964d2cc12ef8e8c342471a37917 C:\WINDOWS\system32\dllcache\services.exe
2004-08-04 01:44 13312 f485fefc8cc4fd29243d800be5d275d1 C:\WINDOWS\system32\lsass.exe
2004-08-04 01:44 13312 f485fefc8cc4fd29243d800be5d275d1 C:\WINDOWS\system32\dllcache\lsass.exe
2004-08-04 01:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 01:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_21.54.15,98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 19:51:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
-
2008-06-18 12:46:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
-
2008-06-17 18:34:06 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
-
2008-06-18 04:53:29 765,952 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
-
2008-06-18 04:53:29 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
-
2008-06-17 18:34:06 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
-
2008-06-18 04:53:28 765,952 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
-
2008-06-18 04:53:28 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{A490415F-65F8-B5C5-D8BA-9405FB12054A}]
2004-08-08 22:43 536072 —hs---- C:\WINDOWS\system32\yzztjmsn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-02-24 07:32 5537792]
“nwiz”=“nwiz.exe” [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-02-24 07:32 86016]
“SoundMan”=“SOUNDMAN.EXE” [2008-06-12 18:03 46592 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{A490415F-65F8-B5C5-D8BA-9405FB12054A}”= C:\WINDOWS\system32\yzztjmsn.dll [2004-08-08 22:43 536072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.avis”= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\BitComet\BitComet.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 16:53:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-18 16:54:09
ComboFix-quarantined-files.txt 2008-06-18 14:54:02
ComboFix2.txt 2008-06-18 04:42:15
ComboFix3.txt 2008-06-17 20:01:30
Pre-Run: 22,931,156,992 bajtów wolnych
Post-Run: 22,923,849,728 bajtów wolnych
264 — E O F — 2008-06-18 05:00:23
W dniu 18.06.2008 , o godzinie 17:35 został dopisany post przez ganjaman666
Tak zgadza sie, korzystam z pomocy gdzie sie da:0 oto akualny Log:
ComboFix 08-06-15.4 - Administrator 2008-06-18 16:52:16.10 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.143 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator.O_O\Pulpit\Combo-Fix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Administrator.O_O\Ustawienia lokalne\Temp
C:\Documents and Settings\Administrator.O_O\Ustawienia lokalne\Temp~DF8405.tmp
C:\Documents and Settings\Administrator.O_O\Ustawienia lokalne\Temp\Av-test.txt
C:\Documents and Settings\kurczaki!\Ustawienia lokalne\Temp
C:\Documents and Settings\kurczaki!\Ustawienia lokalne\Temp~DF33E6.tmp
C:\WINDOWS\AppPatch\AcPlugin.dll
C:\WINDOWS\System32\drivers\eth8023.sys
C:\WINDOWS\system32\stjxakin.exe
C:\WINDOWS\system32\ypdjgbmp.dll
C:\WINDOWS\system32\zdesfx.dll
C:\WINDOWS\Temp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ETH8023
-------\Service_eth8023
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.
2008-06-18 06:53 . 2008-06-18 06:53
2008-06-18 06:52 . 2008-06-18 06:54
2008-06-17 22:44 . 2008-06-17 22:44 218,624 --ah----- C:\WINDOWS\system32\zgrjdx.dll
2008-06-17 09:12 . 2008-06-17 09:12
2008-06-16 23:50 . 2008-06-16 23:50
2008-06-16 19:33 . 2008-06-16 19:34
2008-06-16 17:59 . 2008-06-17 10:39
2008-06-16 17:12 . 2008-06-17 10:38
2008-06-16 16:42 . 2008-06-17 10:28
2008-06-16 16:39 . 2008-06-18 16:53
2008-06-16 16:39 . 2008-06-12 19:35
2008-06-16 16:39 . 2008-06-12 17:43
2008-06-16 16:39 . 2008-06-18 15:13
2008-06-16 16:39 . 2008-06-17 10:39
2008-06-16 16:39 . 2008-06-16 18:02
2008-06-16 16:39 . 2008-06-17 10:38
2008-06-16 16:39 . 2008-06-18 15:12
2008-06-16 09:44 . 2008-06-16 09:45
2008-06-15 21:00 . 2008-06-12 19:35
2008-06-15 21:00 . 2008-06-16 09:45
2008-06-15 21:00 . 2008-06-12 17:43
2008-06-15 21:00 . 2008-06-16 09:43
2008-06-15 21:00 . 2008-06-12 19:35
2008-06-15 21:00 . 2008-06-16 09:43
2008-06-15 21:00 . 2008-06-12 19:35
2008-06-15 21:00 . 2008-06-16 09:44
2008-06-15 19:39 . 2008-06-15 19:39 171 --a------ C:\WINDOWS\system32\winsYs.reg
2008-06-14 09:42 . 2008-06-15 19:03 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-14 09:42 . 2008-06-15 19:03 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-14 09:40 . 2008-06-14 09:40
2008-06-14 09:40 . 2008-06-18 14:27
2008-06-14 09:40 . 2008-06-18 14:44 1,989,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-14 09:40 . 2008-06-18 14:29 31,796 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-14 09:40 . 2008-06-18 14:42 31,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-14 09:40 . 2008-06-18 14:29 6,092 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-14 09:39 . 2008-06-14 09:39
2008-06-14 09:36 . 2008-06-14 09:36
2008-06-13 15:35 . 2008-06-14 12:00
2008-06-13 15:35 . 2008-06-13 15:35
2008-06-13 15:35 . 2008-06-13 15:35 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-06-13 08:33 . 2008-06-17 21:52
2008-06-13 08:33 . 2008-06-13 08:33 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-13 08:30 . 2008-06-17 21:55
2008-06-13 08:28 . 2008-06-13 08:28
2008-06-13 08:27 . 2008-06-13 08:28
2008-06-13 08:26 . 2008-06-13 08:28
2008-06-13 03:22 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 03:22 . 2008-04-14 17:53 273,024 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 03:04 . 2005-05-04 14:45 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2008-06-13 03:04 . 2005-05-04 14:45 2,890,240 --a–c— C:\WINDOWS\system32\dllcache\msi.dll
2008-06-13 03:04 . 2005-05-04 14:45 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2008-06-13 03:04 . 2005-05-04 14:45 884,736 --a–c— C:\WINDOWS\system32\dllcache\msimsg.dll
2008-06-13 03:04 . 2005-05-04 14:45 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2008-06-13 03:04 . 2005-05-04 14:45 271,360 --a–c— C:\WINDOWS\system32\dllcache\msihnd.dll
2008-06-13 03:04 . 2005-05-04 14:45 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2008-06-13 03:04 . 2005-05-04 14:45 78,848 --a–c— C:\WINDOWS\system32\dllcache\msiexec.exe
2008-06-13 03:04 . 2005-05-04 14:45 15,360 --a------ C:\WINDOWS\system32\msisip.dll
2008-06-13 03:04 . 2005-05-04 14:45 15,360 --a–c— C:\WINDOWS\system32\dllcache\msisip.dll
2008-06-13 03:02 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-12 23:32 . 2008-06-13 21:50
2008-06-12 23:32 . 2006-05-05 11:41 453,120 -----c— C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-06-12 20:20 . 2003-06-15 19:38 225,792 --ah----- C:\WINDOWS\system32\pedadt.dll
2008-06-12 18:12 . 2008-06-12 18:12 1,169 --a------ C:\WINDOWS\mozver.dat
2008-06-12 18:09 . 2008-06-12 18:09
2008-06-12 18:07 . 2008-06-12 18:07
2008-06-12 18:06 . 2008-06-12 18:06
2008-06-12 18:06 . 2008-03-15 12:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-06-12 18:06 . 2008-03-15 12:12 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-12 18:06 . 2008-03-15 12:12 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-06-12 18:06 . 2008-03-15 13:07 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 18:06 . 2008-03-15 13:07 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-06-12 18:06 . 2008-03-15 12:12 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-12 18:05 . 2008-06-12 18:05
2008-06-12 18:05 . 2008-06-12 18:05 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-12 18:05 . 2008-06-12 18:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 18:03 . 2008-06-14 09:39
2008-06-12 18:03 . 2008-06-12 18:03
2008-06-12 18:03 . 2008-06-12 18:03
2008-06-12 18:03 . 2008-06-12 18:03 974,336 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-06-12 18:03 . 2008-06-12 18:03 659,228 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2008-06-12 18:03 . 2008-06-12 18:03 208,896 --a------ C:\WINDOWS\alcupd.exe
2008-06-12 18:03 . 2008-06-12 18:03 141,016 --a------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-06-12 18:03 . 2008-06-12 18:03 135,168 --a------ C:\WINDOWS\alcrmv.exe
2008-06-12 18:03 . 2008-06-12 18:03 46,592 --a------ C:\WINDOWS\SOUNDMAN.EXE
2008-06-12 18:03 . 2008-06-12 18:03 164 --a------ C:\WINDOWS\avrack.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 17:04 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-13 13:32 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-12 17:22 --------- d-----w C:\Documents and Settings\kurczaki!\Dane aplikacji\Gadu-Gadu
2008-06-12 16:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-12 15:50 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-12 15:48 --------- d-----w C:\Program Files\Usługi online
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2004-08-08 20:39 520 --sh–w C:\WINDOWS\system32\cgsqatyu.sys
2004-08-08 20:39 14,831 --sh–w C:\WINDOWS\system32\posqatyu.exe
2004-08-08 20:43 536,072 --sh–w C:\WINDOWS\system32\yzztjmsn.dll
.
------- Sigcheck -------
2004-08-04 01:44 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\svchost.exe
2004-08-04 01:44 14336 ba98327e90022dbd6ee76490e0622e2e C:\WINDOWS\system32\dllcache\svchost.exe
2005-03-02 20:21 578560 6a93565be9b8422eb7538c66ac732d76 C:\WINDOWS$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51 579584 11abdecc02efc1d2b6a6a0fa46c26594 C:\WINDOWS$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-04 01:44 578560 0c81764f50f32d376e6e4b9e9f4b01a0 C:\WINDOWS$NtUninstallKB890859$\user32.dll
2005-03-02 20:18 578560 b7eeb1a1af740306049241ddf61f21ff C:\WINDOWS$NtUninstallKB925902$\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\SoftwareDistribution\Download\1f230f6d84102690e7c56ddde32096d1\sp2gdr\user32.dll
2007-03-08 17:51 579584 11abdecc02efc1d2b6a6a0fa46c26594 C:\WINDOWS\SoftwareDistribution\Download\1f230f6d84102690e7c56ddde32096d1\sp2qfe\user32.dll
2005-03-02 20:18 578560 b7eeb1a1af740306049241ddf61f21ff C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2gdr\user32.dll
2005-03-02 20:21 578560 6a93565be9b8422eb7538c66ac732d76 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2qfe\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\system32\user32.dll
2007-03-08 17:38 579072 a37a4637f84f8dd771274eaf8d17fa65 C:\WINDOWS\system32\dllcache\user32.dll
2006-05-19 14:42 70656 e36896ed0589caf0c3bd725f7e33d444 C:\WINDOWS\SoftwareDistribution\Download\05ab8c082e41089957695756477f164e\SP1QFE\ws2_32.dll
2004-08-04 01:44 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 01:44 82944 ab82237486b727dd7dab36a76f38a3a2 C:\WINDOWS\system32\dllcache\ws2_32.dll
2008-04-21 08:58 669184 e937ccfe8348f56c46c14c8a7e26f71b C:\WINDOWS$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 08:44 668672 4f1ea30f3e4fb419e1637d9eb082662f C:\WINDOWS$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 08:41 669184 a3c7b35454f87a0635c73e8cb5a36d1f C:\WINDOWS$hf_mig$\KB950759\SP3QFE\wininet.dll
2004-08-04 01:44 658944 d37dafb534ac8343d59a1b501abe852c C:\WINDOWS$NtUninstallKB950759$\wininet.dll
2008-04-21 09:03 662016 39179de4ea2dce5d646bbf3b408b50ee C:\WINDOWS\SoftwareDistribution\Download\76cefaf8547a8e6c18fe68cec585dfa3\sp2gdr\wininet.dll
2008-04-21 08:58 669184 e937ccfe8348f56c46c14c8a7e26f71b C:\WINDOWS\SoftwareDistribution\Download\76cefaf8547a8e6c18fe68cec585dfa3\sp2qfe\wininet.dll
2008-04-21 08:44 668672 4f1ea30f3e4fb419e1637d9eb082662f C:\WINDOWS\SoftwareDistribution\Download\76cefaf8547a8e6c18fe68cec585dfa3\sp3gdr\wininet.dll
2008-04-21 08:41 669184 a3c7b35454f87a0635c73e8cb5a36d1f C:\WINDOWS\SoftwareDistribution\Download\76cefaf8547a8e6c18fe68cec585dfa3\sp3qfe\wininet.dll
2008-04-21 09:03 662016 39179de4ea2dce5d646bbf3b408b50ee C:\WINDOWS\system32\wininet.dll
2008-04-21 09:03 662016 39179de4ea2dce5d646bbf3b408b50ee C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-04 01:44 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\winlogon.exe
2004-08-04 01:44 504832 0344407089b08548d4feba62bb0f32d0 C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-04 00:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-04 00:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 20:14 2058240 35d11fdc381536ab95e3005489131f44 C:\WINDOWS$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:09 2060672 2f4a36b1b03d64fb176cb0f3eb597118 C:\WINDOWS$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-04 01:54 2058112 44d1bc1b05e0c7c82e81687b79c653c7 C:\WINDOWS$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08 2058112 0f6990820c6ce0a7a911fae5937ef1f6 C:\WINDOWS$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\sp2gdr\ntkrnlpa.exe
2007-02-28 18:09 2060672 2f4a36b1b03d64fb176cb0f3eb597118 C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\sp2qfe\ntkrnlpa.exe
2005-03-02 20:08 2058112 0f6990820c6ce0a7a911fae5937ef1f6 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2gdr\ntkrnlpa.exe
2005-03-02 20:14 2058240 35d11fdc381536ab95e3005489131f44 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2qfe\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:04 2058880 2bdc1a6cefe320e9c39fabf1961ebb9d C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 20:14 2180864 dba3e4215279c8012b37d2135b531258 C:\WINDOWS$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:09 2183424 c450518ef9acc02a2d799698021e31a8 C:\WINDOWS$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-04 01:39 2182272 dcf53422b7edded3b7431fbae4a7ee3f C:\WINDOWS$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09 2180608 3f3612846d67352468d2286fc23fb0c2 C:\WINDOWS$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\sp2gdr\ntoskrnl.exe
2007-02-28 18:09 2183424 c450518ef9acc02a2d799698021e31a8 C:\WINDOWS\SoftwareDistribution\Download\a5506577491f4ecc1370b18df3c5a494\sp2qfe\ntoskrnl.exe
2005-03-02 20:09 2180608 3f3612846d67352468d2286fc23fb0c2 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2gdr\ntoskrnl.exe
2005-03-02 20:14 2180864 dba3e4215279c8012b37d2135b531258 C:\WINDOWS\SoftwareDistribution\Download\ef0eb4021a89170edd4d57c53df1dbef\sp2qfe\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:04 2181632 c378be3a1edc5e4421d428655ac4a48c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 01:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\SoftwareDistribution\Download\8d454b309577cd5649a81b0f39c2c9c7\sp2gdr\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\SoftwareDistribution\Download\8d454b309577cd5649a81b0f39c2c9c7\sp2qfe\explorer.exe
2007-06-13 15:23 1034752 029a562e81bbee088c61d418bf408f44 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-04 01:44 108544 3da8d964d2cc12ef8e8c342471a37917 C:\WINDOWS\system32\services.exe
2004-08-04 01:44 108544 3da8d964d2cc12ef8e8c342471a37917 C:\WINDOWS\system32\dllcache\services.exe
2004-08-04 01:44 13312 f485fefc8cc4fd29243d800be5d275d1 C:\WINDOWS\system32\lsass.exe
2004-08-04 01:44 13312 f485fefc8cc4fd29243d800be5d275d1 C:\WINDOWS\system32\dllcache\lsass.exe
2004-08-04 01:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 01:44 15360 cbfa30492d70ce3938d8a7783d0c0436 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-17_21.54.15,98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 19:51:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
-
2008-06-18 12:46:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
-
2008-06-17 18:34:06 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
-
2008-06-18 04:53:29 765,952 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
-
2008-06-18 04:53:29 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
-
2008-06-17 18:34:06 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
-
2008-06-18 04:53:28 765,952 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
-
2008-06-18 04:53:28 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{A490415F-65F8-B5C5-D8BA-9405FB12054A}]
2004-08-08 22:43 536072 —hs---- C:\WINDOWS\system32\yzztjmsn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-02-24 07:32 5537792]
“nwiz”=“nwiz.exe” [2005-02-24 07:32 1495040 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-02-24 07:32 86016]
“SoundMan”=“SOUNDMAN.EXE” [2008-06-12 18:03 46592 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{A490415F-65F8-B5C5-D8BA-9405FB12054A}”= C:\WINDOWS\system32\yzztjmsn.dll [2004-08-08 22:43 536072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.avis”= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\BitComet\BitComet.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 16:53:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-18 16:54:09
ComboFix-quarantined-files.txt 2008-06-18 14:54:02
ComboFix2.txt 2008-06-18 04:42:15
ComboFix3.txt 2008-06-17 20:01:30
Pre-Run: 22,931,156,992 bajtów wolnych
Post-Run: 22,923,849,728 bajtów wolnych
264 — E O F — 2008-06-18 05:00:23