[log] problem z zaporą

[zsderw]

Witam, przejrzałem wiele wątków na ten temat,zastosowałem się do poleceń, niestety problem po krótkim czasie powrócił
Problem tkwi w tym, że bez jakiejś regularności pojawia sie komunikat,że komputer jest zagrożony gdyż zapory i aktualizacje automatyczne są wyłaczone,o ile te drugie da sie ponownie wlaczyc to mozliwosc przywrocenia zapory jest wylaczona, rownolegle z możliwoscią wyłaczenia przywracania systemu
jestem po świeżym formacie, avast i fixdief nic nie wykryły,zabezpieczyłem porty przez wwdc i seconfigxp, zrobiłem ten myk z notatnikiem ale jak już napisalem problem cały czas się pojawia. Może to nie problem z jakimś trojanem a po prostu z sp2 ?
mimo to prosiłbym o sprawdzenie logów
dziękuję i pozdrawiam

Logfile of HiJackFree v3.0
Scan saved at 20:55:39, on 2008-07-21
Platform: Windows XP Dodatek Service Pack 2 (Windows NT 5.1.2600)
MSIE: Internet Explorer v 6.0 Dodatek Service Pack 2 (6.0.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\a-squared HiJackFree\a2hijackfree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(.Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O7 - Regedit - Enabled
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFBAR.ICO
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra "Tools" menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
O14 - IERESET.INF: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O14 - IERESET.INF: SEARCH_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O21 - ShellServiceObjectDelayLoad: PostBootReminder -
O21 - ShellServiceObjectDelayLoad: CDBurn -
O21 - ShellServiceObjectDelayLoad: WebCheck -
O21 - ShellServiceObjectDelayLoad: SysTray -
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - C:\WINDOWS\System32\browseui.dll
O23 - Usługa: Urządzenie alarmowe - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Usługa bramy warstwy aplikacji - C:\WINDOWS\System32\alg.exe
O23 - Usługa: Zarządzanie aplikacjami - C:\WINDOWS\system32\svchost.exe
O23 - Usługa: ASFWHide - C:\DOCUME~1\MIKOAJ~1\USTAWI~1\Temp\ASFWHide
O23 - Usługa: avast! iAVS4 Control Service - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Usługa: Windows Audio - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: avast! Antivirus - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Usługa: avast! Mail Scanner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Usługa: avast! Web Scanner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Usługa: Usługa inteligentnego transferu w tle - C:\WINDOWS\system32\svchost.exe
O23 - Usługa: Przeglądarka komputera - C:\WINDOWS\system32\svchost.exe
O23 - Usługa: Indexing Service - C:\WINDOWS\system32\cisvc.exe
O23 - Usługa: ClipBook - C:\WINDOWS\system32\clipsrv.exe
O23 - Usługa: Aplikacja systemowa modelu COM+ - C:\WINDOWS\System32\dllhost.exe
O23 - Usługa: Usługi kryptograficzne - C:\WINDOWS\system32\svchost.exe
O23 - Usługa: Program uruchamiający proces serwera DCOM - C:\WINDOWS\system32\svchost
O23 - Usługa: Klient DHCP - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Usługa administracyjna Menedżera dysków logicznych - C:\WINDOWS\System32\dmadmin.exe
O23 - Usługa: Menedżer dysków logicznych - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Klient DNS - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Error Reporting Service - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Dziennik zdarzeń - C:\WINDOWS\system32\services.exe
O23 - Usługa: System zdarzeń COM+ - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Zgodność szybkiego przełączania użytkowników - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Pomoc i obsługa techniczna - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Dostęp do urządzeń interfejsu HID - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: HTTP SSL - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Usługa COM nagrywania dysków CD IMAPI - C:\WINDOWS\system32\imapi.exe
O23 - Usługa: Serwer - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Stacja robocza - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Pomoc TCP/IP NetBIOS - C:\WINDOWS\system32\svchost.exe
O23 - Usługa: Posłaniec - C:\WINDOWS\system32\svchost.exe
O23 - Usługa: NetMeeting Remote Desktop Sharing - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Usługa: Distributed Transaction Coordinator - C:\WINDOWS\System32\msdtc.exe
O23 - Usługa: Instalator Windows - C:\WINDOWS\system32\msiexec.exe
O23 - Usługa: DDE sieci - C:\WINDOWS\system32\netdde.exe
O23 - Usługa: DSDM DDE sieci - C:\WINDOWS\system32\netdde.exe
O23 - Usługa: Logowanie do sieci - C:\WINDOWS\system32\lsass.exe
O23 - Usługa: Połączenia sieciowe - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Rozpoznawanie lokalizacji w sieci (NLA) - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Usługa NT LM Security Support Provider - C:\WINDOWS\System32\lsass.exe
O23 - Usługa: Magazyn wymienny - C:\WINDOWS\system32\svchost.exe
O23 - Usługa: NVIDIA Driver Helper Service - C:\WINDOWS\System32\nvsvc32.exe
O23 - Usługa: Office Source Engine - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Usługa: Plug and Play - C:\WINDOWS\system32\services.exe
O23 - Usługa: Usługi IPSEC - C:\WINDOWS\system32\lsass.exe
O23 - Usługa: Magazyn chroniony - C:\WINDOWS\system32\lsass.exe
O23 - Usługa: Menedżer autopołączenia dostępu zdalnego - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Menedżer połączeń usługi Dostęp zdalny - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Menedżer sesji pomocy pulpitu zdalnego - C:\WINDOWS\system32\sessmgr.exe
O23 - Usługa: Routing i dostęp zdalny - C:\WINDOWS\system32\svchost.exe
O23 - Usługa: Lokalizator usługi zdalnego wywołania procedury (RPC) - C:\WINDOWS\System32\locator.exe
O23 - Usługa: Zdalne wywoływanie procedur (RPC) - C:\WINDOWS\system32\svchost
O23 - Usługa: QoS RSVP - C:\WINDOWS\System32\rsvp.exe
O23 - Usługa: Menedżer kont zabezpieczeń - C:\WINDOWS\system32\lsass.exe
O23 - Usługa: Karta inteligentna - C:\WINDOWS\System32\SCardSvr.exe
O23 - Usługa: Harmonogram zadań - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Logowanie pomocnicze - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Zawiadomienie o zdarzeniu systemowym - C:\WINDOWS\system32\svchost.exe
O23 - Usługa: Zapora systemu Windows/Udostępnianie połączenia internetowego - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Wykrywanie sprzętu powłoki - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Bufor wydruku - C:\WINDOWS\system32\spoolsv.exe
O23 - Usługa: Usługa przywracania systemu - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Usługa odnajdywania SSDP - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Windows Image Acquisition (WIA) - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: MS Software Shadow Copy Provider - C:\WINDOWS\System32\dllhost.exe
O23 - Usługa: Dzienniki wydajności i alerty - C:\WINDOWS\system32\smlogsvc.exe
O23 - Usługa: Telefonia - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Usługi terminalowe - C:\WINDOWS\System32\svchost
O23 - Usługa: Kompozycje - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Klient śledzenia łączy rozproszonych - C:\WINDOWS\system32\svchost.exe
O23 - Usługa: Host uniwersalnego urządzenia Plug and Play - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe
O23 - Usługa: Kopiowanie woluminów w tle - C:\WINDOWS\System32\vssvc.exe
O23 - Usługa: Usługa Czas systemu Windows - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: WebClient - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Instrumentacja zarządzania Windows - C:\WINDOWS\system32\svchost.exe
O23 - Usługa: Usługa numeru seryjnego multimediów przenośnych - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Karta wydajności WMI - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Usługa: Centrum zabezpieczeń - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Aktualizacje automatyczne - C:\WINDOWS\system32\svchost.exe
O23 - Usługa: Konfiguracja zerowej sieci bezprzewodowej - C:\WINDOWS\System32\svchost.exe
O23 - Usługa: Usługa dostarczania sieci - C:\WINDOWS\System32\svchost.exe

ComboFix 08-07-19.1 - Mikołaj 2008-07-21 20:51:11.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.205 [GMT 2:00]
Running from: C:\Documents and Settings\Mikołaj\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-21 18:54 . 2008-07-21 19:52 <DIR> d-------- C:\Program Files\PhotoFiltre
2008-07-21 16:41 . 2008-07-21 16:41 <DIR> d-------- C:\Documents and Settings\Lucyna
2008-07-21 00:37 . 2008-07-21 00:37 <DIR> d-------- C:\Documents and Settings\Mikołaj\.java
2008-07-21 00:37 . 2008-07-21 00:37 <DIR> d-------- C:\Documents and Settings\Mikołaj\.java
2008-07-20 23:34 . 2008-07-20 23:35 <DIR> dr------- C:\Documents and Settings\Mikołaj\Moje dokumenty
2008-07-20 23:34 . 2008-07-20 23:35 <DIR> dr------- C:\Documents and Settings\Mikołaj\Moje dokumenty
2008-07-20 15:25 . 2008-07-20 15:25 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-07-20 13:49 . 2008-07-20 13:49 <DIR> d-------- C:\Program Files\Ashampoo
2008-07-20 13:13 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-20 00:51 . 2008-07-21 20:49 9,378 --a------ C:\runmgr.exe
2008-07-19 23:02 . 2008-07-19 23:02 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-07-19 22:31 . 2008-07-19 23:02 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-19 22:31 . 2004-08-04 09:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-19 22:30 . 2008-07-19 22:30 <DIR> d-------- C:\WINDOWS\peernet
2008-07-19 22:29 . 2008-07-19 22:29 <DIR> d-------- C:\WINDOWS\provisioning
2008-07-19 22:28 . 2008-07-19 22:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-19 22:20 . 2008-07-19 22:20 <DIR> d-------- C:\WINDOWS\EHome
2008-07-19 17:45 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-19 17:45 . 2004-08-04 00:44 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-07-19 17:45 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-07-19 17:45 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-07-19 17:01 . 2005-10-21 00:30 1,092,608 --a------ C:\WINDOWS\system32\esent.dll
2008-07-19 13:58 . 2008-07-19 13:58 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-19 13:57 . 2008-07-20 13:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-19 13:57 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-19 12:08 . 2004-08-04 09:44 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-07-19 12:08 . 2004-08-04 09:44 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-19 12:08 . 2004-08-04 09:43 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-07-19 12:08 . 2004-08-04 09:43 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-07-18 18:01 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-18 18:01 . 2008-07-19 12:05 421 --a------ C:\WINDOWS\ODBC.INI
2008-07-18 18:00 . 2008-07-19 12:05 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-18 17:55 . 2008-07-18 17:55 <DIR> d-------- C:\Documents and Settings\Mikołaj\Dane aplikacji\Gadu-Gadu
2008-07-18 17:25 . 2008-07-18 17:25 <DIR> d-------- C:\WINDOWS\nview
2008-07-18 17:25 . 2008-07-18 17:25 <DIR> d-------- C:\NVIDIA
2008-07-18 15:57 . 2008-07-18 15:57 <DIR> d-------- C:\Program Files\SAGEM
2008-07-18 15:57 . 2008-07-18 15:57 <DIR> d-------- C:\Program Files\JavaSoft
2008-07-18 15:56 . 2008-07-18 15:56 <DIR> d-------- C:\Documents and Settings\Mikołaj\WINDOWS
2008-07-18 15:56 . 2008-07-18 15:56 <DIR> d-------- C:\Documents and Settings\Mikołaj\WINDOWS
2008-07-18 15:55 . 2008-07-21 20:51 <DIR> d-------- C:\Program Files\Wanadoo
2008-07-18 15:55 . 2003-03-04 10:26 9,728 --a------ C:\WINDOWS\system32\rnaph.dll
2008-07-18 15:35 . 2004-08-04 09:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-07-18 15:35 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-18 15:35 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-07-18 15:34 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-07-18 15:29 . 2008-07-20 22:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2008-07-18 15:29 . 2008-07-18 14:42 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2008-07-18 15:29 . 2008-07-21 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2008-07-18 15:29 . 2008-07-19 22:30 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2008-07-18 15:29 . 2008-07-18 14:43 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2008-07-18 15:28 . 2008-07-18 14:47 <DIR> d--h----- C:\Documents and Settings\Default User
2008-07-18 15:28 . 2008-07-18 14:46 <DIR> d-------- C:\Documents and Settings\All Users
2008-07-18 15:28 . 2008-07-21 16:41 <DIR> d-------- C:\Documents and Settings
2008-07-18 15:06 . 2004-08-04 08:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-07-18 15:06 . 2004-08-04 07:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-07-18 15:06 . 2004-08-04 08:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-07-18 15:06 . 2004-08-04 08:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-07-18 15:06 . 2001-08-17 22:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-07-18 15:06 . 2001-08-17 22:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys
2008-07-18 15:06 . 2004-08-04 08:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-07-18 15:06 . 2004-08-04 08:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-18 15:06 . 2004-08-04 08:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-07-18 15:05 . 2008-07-18 15:05 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-07-18 15:04 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-18 15:00 . 2003-03-04 06:56 145,408 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys
2008-07-18 15:00 . 2003-03-04 06:56 145,408 --a--c--- C:\WINDOWS\system32\dllcache\e100b325.sys
2008-07-18 15:00 . 2003-03-03 10:26 118,784 -ra------ C:\WINDOWS\system32\Prounstl.exe
2008-07-18 15:00 . 2002-12-28 23:00 24,064 -ra------ C:\WINDOWS\system32\IntelNic.dll
2008-07-18 15:00 . 2003-02-03 00:26 12,288 -ra------ C:\WINDOWS\system32\e100bmsg.dll
2008-07-18 15:00 . 2002-06-27 00:53 5,110 -ra------ C:\WINDOWS\system32\e100b325.din

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 22:55 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-18 14:42 --------- d-----w C:\Program Files\Alwil Software
2008-07-18 13:57 22 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-07-18 13:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 12:58 --------- d-----w C:\Program Files\Intel
2008-07-18 12:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-18 12:47 558,142 ----a-w C:\WINDOWS\java\Packages\UFJHFFFL.ZIP
2008-07-18 12:47 155,995 ----a-w C:\WINDOWS\java\Packages\8FV3XR13.ZIP
2008-07-18 12:47 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 12:46 --------- d-----w C:\Program Files\Usługi online
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-07-20_15.21.08.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-20 10:44:38 138,368 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2006-06-26 17:45:40 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:42:20 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:42:21 246,784 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2006-06-26 17:45:40 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:42:20 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-11-30 11:21:28 19,320 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:40:46 19,320 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-07-21 18:43:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:44 15360]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-08-04 09:44 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 18:24 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 18:24 45056]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19 4841472]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-18 15:57:29 962667]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 20:52:06
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\MIKOAJ~1\USTAWI~1\Temp\ASFWHide"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
Completion time: 2008-07-21 20:52:59
ComboFix-quarantined-files.txt 2008-07-21 18:52:56
ComboFix2.txt 2008-07-20 14:59:09
ComboFix3.txt 2008-07-20 13:21:19

Pre-Run: 23,900,557,312 bajtów wolnych
Post-Run: 23,889,682,432 bajtów wolnych

172 --- E O F --- 2008-07-20 19:00:46

[gloni]

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

i ot http://downloads.malwareteks.com/FixIEDef.exe
podaj logi

po tym wszystkim od nowa zrób logo z HijackThis ( zastosuj tą wersie http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe to co ty podałes jest troszkie inna, tą co masz odistaluj i zaistaluj tą co ci tu dałem )

[zsderw]

dzięki za instrukcje
a więc tak:

1)

SDFix: Version 1.207
Run by Mikoˆaj on 2008-07-22 at 00:04

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 00:15:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:LocalSubNet:Disabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Wed 2 Jul 2008 36,864 A.SHR --- "C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe"
Sun 20 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a7603e7cf792509c9ebbd8c74c82553\BIT4.tmp"

Finished!

2)

********************************************************************************
* *
* FixIEDef Log *
* Version 1.5.1.6010 *
* *
********************************************************************************

Created at 00:20:02 on Tuesday, July 22, 2008

Time Zone :

Logged On User : Mikołaj

Operating System : Microsoft Windows XP Home Edition Dodatek Service Pack 2
OS Version : 5.1.2600
System Langauge : Polish
Keyboard Layout : Polish
Processor : X86 Intel(R) Pentium(R) 4 CPU 2.60GHz

System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32

Total Physical Memory : 523756 KB
Free Physical Memory : 311740 KB
Total Virtual Memory : 2097024 KB
Free Virtual Memory : 2020388 KB

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

No malicious files found

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done

ShadowPuterDude

Safe Surfing!!!

3)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:21:48, on 2008-07-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F7270AF-8BE4-481D-BA21-D843B36F9C20}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F7270AF-8BE4-481D-BA21-D843B36F9C20}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 4195 bytes

[wojtas]

daj loga z combofixa

[zsderw]

ComboFix 08-07-19.1 - Mikołaj 2008-07-22 0:43:00.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.254 [GMT 2:00]
Running from: C:\Documents and Settings\Mikołaj\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-22 00:21 . 2008-07-22 00:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-22 00:11 . 2008-07-22 00:11 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-21 23:54 . 2008-07-21 23:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-21 23:13 . 2008-07-20 14:37 <DIR> d-------- C:\Documents and Settings\Mikołaj\SDFix
2008-07-21 23:13 . 2008-07-20 14:37 <DIR> d-------- C:\Documents and Settings\Mikołaj\SDFix
2008-07-21 23:13 . 2008-07-20 14:35 729,362 --a------ C:\Documents and Settings\Mikołaj\RunThis.bat
2008-07-21 23:13 . 2008-07-20 14:35 729,362 --a------ C:\Documents and Settings\Mikołaj\RunThis.bat
2008-07-21 23:12 . 2008-07-22 00:15 <DIR> d-------- C:\SDFix
2008-07-21 18:54 . 2008-07-21 19:52 <DIR> d-------- C:\Program Files\PhotoFiltre
2008-07-21 16:41 . 2008-07-21 16:41 <DIR> d-------- C:\Documents and Settings\Lucyna
2008-07-21 00:37 . 2008-07-21 00:37 <DIR> d-------- C:\Documents and Settings\Mikołaj\.java
2008-07-21 00:37 . 2008-07-21 00:37 <DIR> d-------- C:\Documents and Settings\Mikołaj\.java
2008-07-20 23:34 . 2008-07-20 23:35 <DIR> dr------- C:\Documents and Settings\Mikołaj\Moje dokumenty
2008-07-20 23:34 . 2008-07-20 23:35 <DIR> dr------- C:\Documents and Settings\Mikołaj\Moje dokumenty
2008-07-20 13:49 . 2008-07-20 13:49 <DIR> d-------- C:\Program Files\Ashampoo
2008-07-20 13:13 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-20 00:51 . 2008-07-21 23:07 9,378 --a------ C:\runmgr.exe
2008-07-19 23:02 . 2008-07-19 23:02 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-07-19 22:31 . 2008-07-19 23:02 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-19 22:31 . 2004-08-04 09:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-19 22:30 . 2008-07-19 22:30 <DIR> d-------- C:\WINDOWS\peernet
2008-07-19 22:29 . 2008-07-19 22:29 <DIR> d-------- C:\WINDOWS\provisioning
2008-07-19 22:28 . 2008-07-19 22:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-19 22:20 . 2008-07-19 22:20 <DIR> d-------- C:\WINDOWS\EHome
2008-07-19 17:45 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-19 17:45 . 2004-08-04 00:44 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-07-19 17:45 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-07-19 17:45 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-07-19 17:01 . 2005-10-21 00:30 1,092,608 --a------ C:\WINDOWS\system32\esent.dll
2008-07-19 13:58 . 2008-07-19 13:58 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-19 13:57 . 2008-07-20 13:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-19 13:57 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-19 12:08 . 2004-08-04 09:44 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-07-19 12:08 . 2004-08-04 09:44 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-19 12:08 . 2004-08-04 09:43 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-07-19 12:08 . 2004-08-04 09:43 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-07-18 18:01 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-18 18:01 . 2008-07-19 12:05 421 --a------ C:\WINDOWS\ODBC.INI
2008-07-18 18:00 . 2008-07-19 12:05 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-18 17:55 . 2008-07-18 17:55 <DIR> d-------- C:\Documents and Settings\Mikołaj\Dane aplikacji\Gadu-Gadu
2008-07-18 17:25 . 2008-07-18 17:25 <DIR> d-------- C:\WINDOWS\nview
2008-07-18 17:25 . 2008-07-18 17:25 <DIR> d-------- C:\NVIDIA
2008-07-18 15:57 . 2008-07-18 15:57 <DIR> d-------- C:\Program Files\SAGEM
2008-07-18 15:57 . 2008-07-18 15:57 <DIR> d-------- C:\Program Files\JavaSoft
2008-07-18 15:56 . 2008-07-18 15:56 <DIR> d-------- C:\Documents and Settings\Mikołaj\WINDOWS
2008-07-18 15:56 . 2008-07-18 15:56 <DIR> d-------- C:\Documents and Settings\Mikołaj\WINDOWS
2008-07-18 15:55 . 2008-07-22 00:42 <DIR> d-------- C:\Program Files\Wanadoo
2008-07-18 15:55 . 2003-03-04 10:26 9,728 --a------ C:\WINDOWS\system32\rnaph.dll
2008-07-18 15:35 . 2004-08-04 09:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-07-18 15:35 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-18 15:35 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-07-18 15:34 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-07-18 15:29 . 2008-07-21 20:52 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2008-07-18 15:29 . 2008-07-18 14:42 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2008-07-18 15:29 . 2008-07-21 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2008-07-18 15:29 . 2008-07-19 22:30 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2008-07-18 15:29 . 2008-07-18 14:43 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2008-07-18 15:28 . 2008-07-18 14:47 <DIR> d--h----- C:\Documents and Settings\Default User
2008-07-18 15:28 . 2008-07-18 14:46 <DIR> d-------- C:\Documents and Settings\All Users
2008-07-18 15:28 . 2008-07-22 00:15 <DIR> d-------- C:\Documents and Settings
2008-07-18 15:06 . 2004-08-04 08:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-07-18 15:06 . 2004-08-04 07:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-07-18 15:06 . 2004-08-04 08:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-07-18 15:06 . 2004-08-04 08:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-07-18 15:06 . 2001-08-17 22:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-07-18 15:06 . 2001-08-17 22:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys
2008-07-18 15:06 . 2004-08-04 08:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-07-18 15:06 . 2004-08-04 08:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-18 15:06 . 2004-08-04 08:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-07-18 15:05 . 2008-07-18 15:05 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-07-18 15:04 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-18 15:00 . 2003-03-04 06:56 145,408 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys
2008-07-18 15:00 . 2003-03-04 06:56 145,408 --a--c--- C:\WINDOWS\system32\dllcache\e100b325.sys
2008-07-18 15:00 . 2003-03-03 10:26 118,784 -ra------ C:\WINDOWS\system32\Prounstl.exe
2008-07-18 15:00 . 2002-12-28 23:00 24,064 -ra------ C:\WINDOWS\system32\IntelNic.dll
2008-07-18 15:00 . 2003-02-03 00:26 12,288 -ra------ C:\WINDOWS\system32\e100bmsg.dll
2008-07-18 15:00 . 2002-06-27 00:53 5,110 -ra------ C:\WINDOWS\system32\e100b325.din

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 22:55 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-18 14:42 --------- d-----w C:\Program Files\Alwil Software
2008-07-18 13:57 22 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-07-18 13:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 12:58 --------- d-----w C:\Program Files\Intel
2008-07-18 12:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-18 12:47 558,142 ----a-w C:\WINDOWS\java\Packages\UFJHFFFL.ZIP
2008-07-18 12:47 155,995 ----a-w C:\WINDOWS\java\Packages\8FV3XR13.ZIP
2008-07-18 12:47 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 12:46 --------- d-----w C:\Program Files\Usługi online
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-07-20_15.21.08.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-20 12:35:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-21 22:02:31 1,556,480 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-07-21 22:02:31 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-07-20 12:35:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-21 21:54:20 1,556,480 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-07-21 21:54:20 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-06-20 10:44:38 138,368 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2006-06-26 17:45:40 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:42:20 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:42:21 246,784 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2006-06-26 17:45:40 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:42:20 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-11-30 11:21:28 19,320 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:40:46 19,320 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-07-20 13:06:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c0.dat
+ 2008-07-21 22:40:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:44 15360]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-08-04 09:44 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 18:24 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 18:24 45056]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19 4841472]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-18 15:57:29 962667]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 00:43:51
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\MIKOAJ~1\USTAWI~1\Temp\ASFWHide"
.
Completion time: 2008-07-22 0:44:40
ComboFix-quarantined-files.txt 2008-07-21 22:44:37
ComboFix2.txt 2008-07-21 18:52:59
ComboFix3.txt 2008-07-20 14:59:09
ComboFix4.txt 2008-07-20 13:21:19

Pre-Run: 23,835,303,936 bajtów wolnych
Post-Run: 23,825,088,512 bajtów wolnych

181 --- E O F --- 2008-07-20 19:00:46

[Magik]

wklej do notatnika

Kod: Zaznacz wszystko

FILE::
C:\runmgr.exe

Plik >>> zapisz pod nazwą CFScript.txt a nastepnie przeciągnij go i upuść na ikonę ComboFix.exe

[zsderw]

wynik:

ComboFix 08-07-19.1 - Mikołaj 2008-07-22 1:19:05.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.297 [GMT 2:00]
Running from: C:\Documents and Settings\Mikołaj\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mikołaj\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\runmgr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\runmgr.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-22 00:21 . 2008-07-22 00:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-22 00:11 . 2008-07-22 00:11 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-21 23:54 . 2008-07-21 23:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-21 23:13 . 2008-07-20 14:37 <DIR> d-------- C:\Documents and Settings\Mikołaj\SDFix
2008-07-21 23:13 . 2008-07-20 14:37 <DIR> d-------- C:\Documents and Settings\Mikołaj\SDFix
2008-07-21 23:13 . 2008-07-20 14:35 729,362 --a------ C:\Documents and Settings\Mikołaj\RunThis.bat
2008-07-21 23:13 . 2008-07-20 14:35 729,362 --a------ C:\Documents and Settings\Mikołaj\RunThis.bat
2008-07-21 23:12 . 2008-07-22 00:15 <DIR> d-------- C:\SDFix
2008-07-21 18:54 . 2008-07-21 19:52 <DIR> d-------- C:\Program Files\PhotoFiltre
2008-07-21 16:41 . 2008-07-21 16:41 <DIR> d-------- C:\Documents and Settings\Lucyna
2008-07-21 00:37 . 2008-07-21 00:37 <DIR> d-------- C:\Documents and Settings\Mikołaj\.java
2008-07-21 00:37 . 2008-07-21 00:37 <DIR> d-------- C:\Documents and Settings\Mikołaj\.java
2008-07-20 23:34 . 2008-07-20 23:35 <DIR> dr------- C:\Documents and Settings\Mikołaj\Moje dokumenty
2008-07-20 23:34 . 2008-07-20 23:35 <DIR> dr------- C:\Documents and Settings\Mikołaj\Moje dokumenty
2008-07-20 13:49 . 2008-07-20 13:49 <DIR> d-------- C:\Program Files\Ashampoo
2008-07-20 13:13 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-19 23:02 . 2008-07-19 23:02 <DIR> d-------- C:\Documents and Settings\LocalService\Menu Start
2008-07-19 22:31 . 2008-07-19 23:02 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-19 22:31 . 2004-08-04 09:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-19 22:30 . 2008-07-19 22:30 <DIR> d-------- C:\WINDOWS\peernet
2008-07-19 22:29 . 2008-07-19 22:29 <DIR> d-------- C:\WINDOWS\provisioning
2008-07-19 22:28 . 2008-07-19 22:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-19 22:20 . 2008-07-19 22:20 <DIR> d-------- C:\WINDOWS\EHome
2008-07-19 17:45 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-07-19 17:45 . 2004-08-04 00:44 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-07-19 17:45 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-07-19 17:45 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-07-19 17:01 . 2005-10-21 00:30 1,092,608 --a------ C:\WINDOWS\system32\esent.dll
2008-07-19 13:58 . 2008-07-19 13:58 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-19 13:57 . 2008-07-20 13:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-19 13:57 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-19 12:08 . 2004-08-04 09:44 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-07-19 12:08 . 2004-08-04 09:44 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-07-19 12:08 . 2004-08-04 09:43 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-07-19 12:08 . 2004-08-04 09:43 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-07-18 18:01 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-18 18:01 . 2008-07-19 12:05 421 --a------ C:\WINDOWS\ODBC.INI
2008-07-18 18:00 . 2008-07-19 12:05 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-18 17:55 . 2008-07-18 17:55 <DIR> d-------- C:\Documents and Settings\Mikołaj\Dane aplikacji\Gadu-Gadu
2008-07-18 17:25 . 2008-07-18 17:25 <DIR> d-------- C:\WINDOWS\nview
2008-07-18 17:25 . 2008-07-18 17:25 <DIR> d-------- C:\NVIDIA
2008-07-18 15:57 . 2008-07-18 15:57 <DIR> d-------- C:\Program Files\SAGEM
2008-07-18 15:57 . 2008-07-18 15:57 <DIR> d-------- C:\Program Files\JavaSoft
2008-07-18 15:56 . 2008-07-18 15:56 <DIR> d-------- C:\Documents and Settings\Mikołaj\WINDOWS
2008-07-18 15:56 . 2008-07-18 15:56 <DIR> d-------- C:\Documents and Settings\Mikołaj\WINDOWS
2008-07-18 15:55 . 2008-07-22 01:18 <DIR> d-------- C:\Program Files\Wanadoo
2008-07-18 15:55 . 2003-03-04 10:26 9,728 --a------ C:\WINDOWS\system32\rnaph.dll
2008-07-18 15:35 . 2004-08-04 09:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-07-18 15:35 . 2004-08-04 08:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-18 15:35 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-07-18 15:34 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-07-18 15:29 . 2008-07-22 00:44 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> dr-h----- C:\Documents and Settings\Default User\Ustawienia lokalne
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d-------- C:\Documents and Settings\Default User\Ulubione
2008-07-18 15:29 . 2008-07-18 14:42 <DIR> d--h----- C:\Documents and Settings\Default User\Szablony
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d-------- C:\Documents and Settings\Default User\Pulpit
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d-------- C:\Documents and Settings\Default User\Moje dokumenty
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> dr------- C:\Documents and Settings\Default User\Menu Start
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> dr-h----- C:\Documents and Settings\Default User\Dane aplikacji
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Ulubione
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> d--h----- C:\Documents and Settings\All Users\Szablony
2008-07-18 15:29 . 2008-07-21 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Pulpit
2008-07-18 15:29 . 2008-07-19 22:30 <DIR> dr------- C:\Documents and Settings\All Users\Menu Start
2008-07-18 15:29 . 2008-07-18 14:43 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenty
2008-07-18 15:29 . 2008-07-18 15:29 <DIR> dr-h----- C:\Documents and Settings\All Users\Dane aplikacji
2008-07-18 15:28 . 2008-07-18 14:47 <DIR> d--h----- C:\Documents and Settings\Default User
2008-07-18 15:28 . 2008-07-18 14:46 <DIR> d-------- C:\Documents and Settings\All Users
2008-07-18 15:28 . 2008-07-22 00:15 <DIR> d-------- C:\Documents and Settings
2008-07-18 15:06 . 2004-08-04 08:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-07-18 15:06 . 2004-08-04 07:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-07-18 15:06 . 2004-08-04 08:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-07-18 15:06 . 2004-08-04 08:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-07-18 15:06 . 2001-08-17 22:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-07-18 15:06 . 2001-08-17 22:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys
2008-07-18 15:06 . 2004-08-04 08:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-07-18 15:06 . 2004-08-04 08:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-18 15:06 . 2004-08-04 08:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-07-18 15:05 . 2008-07-18 15:05 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-07-18 15:04 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-18 15:00 . 2003-03-04 06:56 145,408 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys
2008-07-18 15:00 . 2003-03-04 06:56 145,408 --a--c--- C:\WINDOWS\system32\dllcache\e100b325.sys
2008-07-18 15:00 . 2003-03-03 10:26 118,784 -ra------ C:\WINDOWS\system32\Prounstl.exe
2008-07-18 15:00 . 2002-12-28 23:00 24,064 -ra------ C:\WINDOWS\system32\IntelNic.dll
2008-07-18 15:00 . 2003-02-03 00:26 12,288 -ra------ C:\WINDOWS\system32\e100bmsg.dll
2008-07-18 15:00 . 2002-06-27 00:53 5,110 -ra------ C:\WINDOWS\system32\e100b325.din

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 22:55 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-18 14:42 --------- d-----w C:\Program Files\Alwil Software
2008-07-18 13:57 22 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-07-18 13:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 12:58 --------- d-----w C:\Program Files\Intel
2008-07-18 12:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-18 12:47 558,142 ----a-w C:\WINDOWS\java\Packages\UFJHFFFL.ZIP
2008-07-18 12:47 155,995 ----a-w C:\WINDOWS\java\Packages\8FV3XR13.ZIP
2008-07-18 12:47 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 12:46 --------- d-----w C:\Program Files\Usługi online
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-07-20_15.21.08.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-20 12:35:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-21 22:02:31 1,556,480 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-07-21 22:02:31 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-07-20 12:35:20 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-07-21 21:54:20 1,556,480 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-07-21 21:54:20 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-06-20 10:44:38 138,368 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2006-06-26 17:45:40 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:42:20 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:42:21 246,784 -c----w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2006-06-26 17:45:40 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:42:20 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-11-30 11:21:28 19,320 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:40:46 19,320 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-07-20 13:06:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c0.dat
+ 2008-07-21 22:40:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:44 15360]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-07-28 15:19 49152]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" [2004-08-04 09:44 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 18:24 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 18:24 45056]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 15:19 4841472]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800]
"nwiz"="nwiz.exe" [2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-18 15:57:29 962667]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 01:19:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\MIKOAJ~1\USTAWI~1\Temp\ASFWHide"
.
Completion time: 2008-07-22 1:20:27
ComboFix-quarantined-files.txt 2008-07-21 23:20:21
ComboFix2.txt 2008-07-21 22:44:41
ComboFix3.txt 2008-07-21 18:52:59
ComboFix4.txt 2008-07-20 14:59:09
ComboFix5.txt 2008-07-21 23:18:38

Pre-Run: 23,794,032,640 bajtów wolnych
Post-Run: 23,785,000,960 bajtów wolnych

190 --- E O F --- 2008-07-20 19:00:46

[Magik]

zsderw nic ciekawego juz wiecej nie widac

by okocz'

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED



i zainstaluj SP3

[zsderw]

dzięki wielkie za pomoc:)
Ale to chyba jeszcze nie koniec moich problemów;) przy sprawdzaniu błędów na dysku dochodzi do 38 lub 40% i włącza się od nowa, i tak w kółko...

[Magik]

Ale to chyba jeszcze nie koniec moich problemówWink przy sprawdzaniu błędów na dysku dochodzi do 38 lub 40% i włącza się od nowa, i tak w kółko...

Pokombinuj