Problem z KaBlam! w Konnekcie

Riddick-16 · 27 Maj 2007 20:14

Witam.

Znalazłem się tutaj, gdyż mam problem i proszę o pomoc. W skrócie: zaczął mi szwankować Konnekt, coś tam się zawiesił i utracił profil. Podczas jego zwisu otworzyłem menadżera zadań i zauważyłem tam uruchomioną aplikację KaBlam! Nie mając zielonego pojęcia co to jest przyszła mi z pomocą wyszukiwarka google. Wyjaśnienie znalazłem na forum konnekta, gdzie po pomoc kierowano ludzi właśnie tutaj.

Ściągnąłem na kompa HijackThis z zamiarem wklejenia na forum loga. Po przeskanowaniu kompa (które początkowo się nie udało), uzyskałem log, który wklejam poniżej. Proszę o pomoc.

Logfile of HijackThis v1.99.1 Scan saved at 22:10:34, on 2007-05-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe E:\Programy\ATnotes\ATnotes.exe E:\Programy\konnekt\konnekt.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe C:\WINDOWS\system32\nvsvc32.exe E:\Programy\Alcohol 52\StarWind\StarWindService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe E:\Programy\Firefox\firefox.exe C:\Documents and Settings\Paweł\Pulpit\Programy\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programy\adobe\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Paweł\Programy\BitComet\tools\BitCometBHO.dll (file missing) O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [ATnotes.exe] E:\Programy\ATnotes\ATnotes.exe O4 - HKCU…\Run: [Konnekt_ff16f617_Paweł] “E:\Programy\konnekt\konnekt.exe” /autostart -profile=Paweł O4 - HKCU…\Run: [Konnekt] “E:\Programy\konnekt\konnekt.exe” /autostart O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{9F3D25EB-EA14-418C-BD2A-581D479B0C23}: NameServer = 10.0.0.1 O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: You Are Empty Drivers Auto Removal (pr2aj6ec) (pr2aj6ec) - Cenega Poland - C:\WINDOWS\system32\pr2aj6ec.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Programy\Alcohol 52\StarWind\StarWindService.exe

Hmm dodam, iż na pierwszy mój oka rzut wszystko gra. Jak więc pozbyć się tego czegoś i czym najlepiej chronić kompa przed całym tym syfem?

Gutek · 27 Maj 2007 21:49

experymentuj u siebie na kompie :evil:

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz You Are Empty Drivers Auto Removal a plik uusń ręcznie

Daj log z Combofix

jak odinstalowałeś BitComet to folder usuń ręcznie, wpisy jedn i drugi usuń HJT

Riddick-16 · 28 Maj 2007 12:36

Ok, zrobiłem wszystko jak mówiłeś.

Log z ComboFix:

“Pawe” - 2007-05-28 14:32:44 Dodatek Service Pack 2 ComboFix 07-05.27.V - Running from: “C:\Documents and Settings\Pawe\Pulpit” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\WINDOWS\system32\tmp21.tmp” ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 )))))))))))))))))))))))))))))))))) 2007-05-27 21:10 2007-05-27 21:10 2007-05-27 19:50 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-05-27 19:47 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll 2007-05-27 19:47 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll 2007-05-27 19:47 2007-05-27 16:42 2007-05-27 12:54 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-05-27 12:54 639,066 --a------ C:\WINDOWS\system32\DivX.dll 2007-05-27 12:37 2007-05-27 12:37 2007-05-27 12:36 2007-05-26 21:35 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-05-26 21:35 2007-05-26 18:54 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-05-26 18:54 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-05-26 18:54 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-05-26 18:54 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-05-26 18:54 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-05-26 18:54 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-05-26 18:54 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-05-26 18:54 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-05-26 18:54 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-05-26 18:54 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-05-26 18:54 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-05-26 18:54 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-05-26 18:54 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-05-24 11:16 2007-05-23 13:17 1,333 --a------ C:\WINDOWS\mozver.dat 2007-05-23 12:25 0 --a------ C:\WINDOWS\nsreg.dat 2007-05-23 12:25 2007-05-22 13:05 2007-05-21 12:56 807 --a------ C:\WINDOWS\unins000.dat 2007-05-20 22:08 2007-05-20 22:08 2007-05-20 22:00 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-05-20 22:00 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-05-20 22:00 2007-05-20 12:57 2007-05-20 12:54 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2007-05-20 12:53 2007-05-20 12:50 249,347 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_8828.exe 2007-05-20 12:50 2007-05-19 23:34 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-05-18 22:40 2007-05-18 22:38 2007-05-18 22:38 2007-05-18 22:38 2007-05-18 22:38 2007-05-18 13:50 2007-05-18 13:48 2007-05-18 13:47 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-05-18 13:47 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-05-18 13:47 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-05-18 13:47 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-05-18 13:47 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-05-18 13:47 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-05-18 13:46 38,912 --------- C:\WINDOWS\system32\picn20.dll 2007-05-18 13:46 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-05-18 13:46 2007-05-18 13:46 2007-05-18 12:26 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-05-18 12:18 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-05-18 12:16 2007-05-17 23:23 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE 2007-05-17 23:23 2007-05-17 23:12 2007-05-17 23:09 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-05-17 23:09 2007-05-17 23:05 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-05-17 23:05 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-05-17 23:05 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-05-17 23:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-05-17 23:05 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-05-17 23:03 2007-05-16 23:56 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-05-16 23:55 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-05-16 23:55 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-05-16 23:54 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-05-16 23:54 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-05-16 23:54 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-05-16 23:54 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-05-16 23:54 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-05-16 23:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-05-16 23:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-05-16 23:54 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-05-16 23:54 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-05-16 23:54 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-05-16 23:54 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-05-16 23:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-05-16 23:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-05-16 23:54 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-05-16 23:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-05-16 23:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-05-16 23:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-05-16 23:54 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-05-16 23:54 2007-05-16 23:54 2007-05-16 23:54 2007-05-16 23:54 2007-05-16 23:53 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-05-16 23:53 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-05-16 23:53 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-05-16 23:53 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-05-16 23:53 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-05-16 23:53 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-05-16 23:53 70,144 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-05-16 23:53 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-05-16 23:53 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-05-16 23:53 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-05-16 23:53 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-05-16 23:53 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-05-16 23:53 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-05-16 23:53 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-05-16 23:53 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-05-16 23:53 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-05-16 23:53 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-05-16 23:53 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-05-16 23:53 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-05-16 23:53 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-05-16 23:53 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-05-16 23:53 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-05-16 23:53 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-05-16 23:53 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-05-16 23:53 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-05-16 23:53 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-05-16 23:53 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-05-16 23:53 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-05-16 23:53 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-05-16 23:53 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-05-16 23:53 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-05-16 23:53 2007-05-16 23:53 2007-05-16 23:53 2007-05-16 23:53 2007-05-16 23:53 2007-05-16 23:53 2007-05-16 23:53 2007-05-16 23:53 2007-05-16 23:53 2007-05-16 23:53 2007-05-16 23:53 2007-05-16 23:51 2007-05-16 23:51 2007-05-16 23:51 2007-05-16 23:51 2007-05-16 23:51 2007-05-16 23:51 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 23:48 2007-05-16 22:12 992,896 --a------ C:\WINDOWS\system32\drivers\Bravo_n.sys 2007-05-16 22:12 992,896 --a------ C:\WINDOWS\system32\drivers\Bravo_a.sys 2007-05-16 22:12 46,592 --a------ C:\WINDOWS\system32\asfrench.dll 2007-05-16 22:12 46,080 --a------ C:\WINDOWS\system32\asrussian.dll 2007-05-16 22:12 46,080 --a------ C:\WINDOWS\system32\asgerman.dll 2007-05-16 22:12 46,080 --a------ C:\WINDOWS\system32\aseng.dll 2007-05-16 22:12 45,568 --a------ C:\WINDOWS\system32\askorean.dll 2007-05-16 22:12 45,568 --a------ C:\WINDOWS\system32\asjapan.dll 2007-05-16 22:12 45,568 --a------ C:\WINDOWS\system32\ASCHT.dll 2007-05-16 22:12 45,568 --a------ C:\WINDOWS\system32\aschs.dll 2007-05-16 22:12 37,888 --a------ C:\WINDOWS\system32\ATKOGL32.dll 2007-05-16 22:12 241,152 --a------ C:\WINDOWS\ATKKBService.exe 2007-05-16 22:12 228,224 --a------ C:\WINDOWS\system32\ATKDISP.dll 2007-05-16 22:12 2,032,640 --a------ C:\WINDOWS\system32\ATKOSDX32.dll 2007-05-16 22:12 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-05-16 22:12 11,008 --a------ C:\WINDOWS\system32\drivers\atkkbnt.sys 2007-05-16 22:12 10,496 --a------ C:\WINDOWS\system32\ATKOSDMini.DLL 2007-05-16 22:12 1,667,072 --a------ C:\WINDOWS\system32\ATKDispCPL.dll 2007-05-16 22:12 2007-05-16 22:12 2007-05-16 22:11 11,264 -ra------ C:\WINDOWS\system32\drivers\EIO.sys 2007-05-16 22:09 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-05-16 22:09 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-05-16 22:09 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-05-16 22:09 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-05-16 22:09 577,536 -r------- C:\WINDOWS\soundman.exe 2007-05-16 22:09 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-05-16 22:09 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-05-16 22:09 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-05-16 22:09 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe 2007-05-16 22:09 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-05-16 22:09 3,964,736 -r------- C:\WINDOWS\system32\drivers\alcxwdm.sys 2007-05-16 22:09 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-05-16 22:09 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-05-16 22:09 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-05-16 22:09 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll 2007-05-16 22:09 10,527,232 -r------- C:\WINDOWS\system32\RTLCPL.exe 2007-05-16 22:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-05-16 22:08 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-05-16 22:08 315,392 -r------- C:\WINDOWS\alcupd.exe 2007-05-16 22:08 217,088 -ra------ C:\WINDOWS\Alcrmv.exe 2007-05-16 22:08 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-05-16 22:08 2007-05-16 22:08 2007-05-16 22:08 2007-05-16 22:08 2007-05-16 22:06 93,568 -ra------ C:\WINDOWS\system32\drivers\nvata.sys 2007-05-16 22:06 9,728 -ra------ C:\WINDOWS\system32\bdco1ins.dll 2007-05-16 22:06 9,728 -ra------ C:\WINDOWS\system32\bdco1.dll 2007-05-16 22:06 33,536 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys 2007-05-16 22:06 33,280 -ra------ C:\WINDOWS\system32\NVCOI.DLL 2007-05-16 22:06 32,256 -ra------ C:\WINDOWS\system32\nvconrm.dll 2007-05-16 22:06 289,792 -ra------ C:\WINDOWS\system32\idecoins.dll 2007-05-16 22:06 289,792 -ra------ C:\WINDOWS\system32\idecoi.dll 2007-05-16 22:06 261,888 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys 2007-05-16 22:06 208,256 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2007-05-16 22:06 201,728 -ra------ C:\WINDOWS\system32\fdco1ins.dll 2007-05-16 22:06 201,728 -ra------ C:\WINDOWS\system32\fdco1.dll 2007-05-16 22:06 176,128 -ra------ C:\WINDOWS\system32\nvusmb.exe 2007-05-16 22:06 176,128 -ra------ C:\WINDOWS\system32\nvunrm.exe 2007-05-16 22:06 176,128 -ra------ C:\WINDOWS\system32\NVUNINST.EXE 2007-05-16 22:06 176,128 --------- C:\WINDOWS\system32\nvuide.exe 2007-05-16 22:06 12,928 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2007-05-16 22:06 2007-05-16 22:05 36,352 -ra------ C:\WINDOWS\system32\drivers\AmdK8.sys 2007-05-16 22:05 2007-05-16 22:04 2,621,440 --ah----- C:\Documents and Settings\PAWE~1\NTUSER.DAT 2007-05-16 22:04 2,621,440 --ah----- C:\DOCUME~1\PAWE~1\NTUSER.DAT 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:04 2007-05-16 22:03 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-05-16 22:03 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-05-16 22:03 2007-05-16 22:03 2007-05-16 22:03 2007-05-16 22:03 2007-05-16 22:03 2007-05-16 22:03 2007-05-16 22:00 229,376 —h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-05-16 22:00 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-05-16 22:00 0 -rahs---- C:\MSDOS.SYS 2007-05-16 22:00 0 -rahs---- C:\IO.SYS 2007-05-16 22:00 0 --a------ C:\CONFIG.SYS 2007-05-16 22:00 0 --a------ C:\AUTOEXEC.BAT 2007-05-16 22:00 2007-05-16 22:00 2007-05-16 21:59 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-05-16 21:59 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-05-16 21:59 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-05-16 21:59 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-05-16 21:59 2007-05-16 21:59 2007-05-16 21:59 2007-05-16 21:59 2007-05-16 21:59 2007-05-16 21:59 2007-05-16 21:59 2007-05-16 21:58 86,016 --a------ C:\WINDOWS\system32\isign32.dll 2007-05-16 21:58 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-05-16 21:58 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-05-16 21:58 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-05-16 21:58 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-05-16 21:58 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-05-16 21:58 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-05-16 21:58 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 21:58 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-05-16 21:58 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-05-16 21:58 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-05-16 21:58 49,664 --a------ C:\WINDOWS\system32\inetres.dll 2007-05-16 21:58 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-05-16 21:58 431,616 --a------ C:\WINDOWS\system32\wuapi.dll 2007-05-16 21:58 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-05-16 21:58 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-05-16 21:58 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-05-16 21:58 36,864 --a------ C:\WINDOWS\system32\wups.dll 2007-05-16 21:58 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-05-16 21:58 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-05-16 21:58 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-05-16 21:58 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-05-16 21:58 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-05-16 21:58 278,528 --a------ C:\WINDOWS\system32\mstask.dll 2007-05-16 21:58 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-05-16 21:58 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-05-16 21:58 240,128 --a------ C:\WINDOWS\system32\srrstr.dll 2007-05-16 21:58 22,528 --a------ C:\WINDOWS\system32\fltMc.exe 2007-05-16 21:58 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-05-16 21:58 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-05-16 21:58 184,320 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-05-16 21:58 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-05-16 21:58 171,008 --a------ C:\WINDOWS\system32\srsvc.dll 2007-05-16 21:58 168,960 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-05-16 21:58 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-05-16 21:58 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys 2007-05-16 21:58 120,320 --a------ C:\WINDOWS\system32\wuweb.dll 2007-05-16 21:58 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-05-16 21:58 113,664 --a------ C:\WINDOWS\system32\wucltui.dll 2007-05-16 21:58 112,128 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-05-16 21:58 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-05-16 21:58 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-05-16 21:58 2007-05-16 21:58 2007-05-16 21:58 2007-05-16 21:58 2007-05-16 21:58 2007-05-16 21:58 2007-05-16 21:57 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-05-16 21:57 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-05-16 21:57 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-05-16 21:57 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-05-16 21:57 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-05-16 21:57 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-05-16 21:57 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-05-16 21:57 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-05-16 21:57 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-05-16 21:57 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-05-16 21:57 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-05-16 21:57 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-05-16 21:57 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-05-16 21:57 62,464 --a------ C:\WINDOWS\system32\colbact.dll 2007-05-16 21:57 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-05-16 21:57 60,928 --a------ C:\WINDOWS\system32\remotepg.dll 2007-05-16 21:57 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-05-16 21:57 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-05-16 21:57 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-05-16 21:57 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-05-16 21:57 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-05-16 21:57 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-05-16 21:57 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-05-16 21:57 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-05-16 21:57 539,136 --a------ C:\WINDOWS\system32\spider.exe 2007-05-16 21:57 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-05-16 21:57 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-05-16 21:57 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-05-16 21:57 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-05-16 21:57 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-05-16 21:57 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-05-16 21:57 408,576 --a------ C:\WINDOWS\system32\mstsc.exe 2007-05-16 21:57 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-05-16 21:57 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-05-16 21:57 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-05-16 21:57 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-05-16 21:57 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-05-16 21:57 349,696 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-05-16 21:57 345,088 --a------ C:\WINDOWS\system32\mspaint.exe 2007-05-16 21:57 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-05-16 21:57 296,448 --a------ C:\WINDOWS\system32\termsrv.dll 2007-05-16 21:57 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-05-16 21:57 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-05-16 21:57 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-05-16 21:57 229,888 --a------ C:\WINDOWS\system32\catsrv.dll 2007-05-16 21:57 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-05-16 21:57 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-05-16 21:57 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-05-16 21:57 20,992 --a------ C:\WINDOWS\system32\qprocess.exe 2007-05-16 21:57 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-05-16 21:57 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-05-16 21:57 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-05-16 21:57 187,904 --a------ C:\WINDOWS\system32\cmprops.dll 2007-05-16 21:57 187,904 --a------ C:\WINDOWS\system32\accwiz.exe 2007-05-16 21:57 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-05-16 21:57 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-05-16 21:57 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-05-16 21:57 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-05-16 21:57 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-05-16 21:57 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-05-16 21:57 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-05-16 21:57 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-05-16 21:57 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-05-16 21:57 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-05-16 21:57 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-05-16 21:57 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-05-16 21:57 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-05-16 21:57 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-05-16 21:57 141,824 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-05-16 21:57 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-05-16 21:57 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-05-16 21:57 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-05-16 21:57 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-05-16 21:57 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-05-16 21:57 124,928 --a------ C:\WINDOWS\system32\mplay32.exe 2007-05-16 21:57 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-05-16 21:57 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-05-16 21:57 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-05-16 21:57 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-05-16 21:57 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-05-16 21:57 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-05-16 21:57 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-05-16 21:57 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-05-16 21:57 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-05-16 21:57 2007-05-16 21:57 2007-05-16 21:57 2007-05-16 21:57 2007-05-16 21:57 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-22 19:57:50 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-05-16 20:50:21 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-16 20:50:21 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-16 19:59:36 -------- d-----w C:\Program Files\Usługi online 2007-04-23 14:14:48 560,272 ----a-w C:\WINDOWS\system32\drivers\FStopW.sys 2006-12-31 02:16:36 313,344 --sha-w C:\WINDOWS\system32\avisynth.dll 2006-04-27 08:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll 2005-10-24 09:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe 2005-10-13 19:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe 2005-07-14 10:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 13:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 20:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2005-05-13 15:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-02-28 11:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll 2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=E:\Programy\adobe\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 14:17] {52D06F97-5511-43FA-8FDA-C481864FD26E}=C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2007-05-20 12:50] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [] “nwiz”=“nwiz.exe” [2006-03-09 09:29 C:\WINDOWS\system32\nwiz.exe] “iKeyWorks”=“C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe” [2006-04-09 19:31] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “F-PROT Antivirus Tray application”=“C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe” [2007-04-24 15:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “ATnotes.exe”=“E:\Programy\ATnotes\ATnotes.exe” [2005-01-05 15:45] “Konnekt_ff16f617_Paweł”=“E:\Programy\konnekt\konnekt.exe” [2005-05-24 23:41] “Konnekt”=“E:\Programy\konnekt\konnekt.exe” [2005-05-24 23:41] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyDocs”=1 (0x1) “NoStartMenuMyMusic”=1 (0x1) “NoSMMyPictures”=1 (0x1) “NoRecentDocsMenu”=1 (0x1) “StartMenuLogoff”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyDocs”=1 (0x1) “NoStartMenuMyMusic”=1 (0x1) “NoSMMyPictures”=1 (0x1) “NoRecentDocsMenu”=1 (0x1) “StartMenuLogoff”=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 nwprovau [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\FPAVServer] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9a4fd1c2-03f7-11dc-a6cf-806d6172696f}] AutoRun\command- D:\Setup.exe *Newly Created Service* -PROCEXP90 ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-28 14:33:15 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-28 14:33:29 C:\ComboFix-quarantined-files.txt … 2007-05-28 14:33 — E O F —

Gutek · 28 Maj 2007 15:25

Już powinno być Ok

Riddick-16 · 28 Maj 2007 16:51

Dzięki za pomoc.