częsty błąd generic host process for win32 services

[szczepan12]

bardzo czesto pojawia mi sie błąd generic host process for win32 services . przyznam staje sie on juz uciazliwy. wykonuje to co jest w temacie o tym bledzie ale np teraz mam go znow, poniewaz mam wdok windowsa 98 zamiast xp
moze cos tam gdzies siedzi...

ComboFix 08-05-15.2 - Dominik 2008-05-16 10:25:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.206 [GMT 2:00]
Running from: C:\Documents and Settings\Dominik\Pulpit\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-15 16:02 . 2008-05-15 17:58 <DIR> d-------- C:\Documents and Settings\Dominik\Dane aplikacji\gtk-2.0
2008-05-15 16:02 . 2008-05-15 16:02 <DIR> d-------- C:\Documents and Settings\Dominik\.thumbnails
2008-05-15 16:00 . 2008-05-15 21:44 <DIR> d-------- C:\Documents and Settings\Dominik\.gimp-2.4
2008-05-15 15:59 . 2008-05-15 15:59 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-05-11 08:05 . 2008-05-11 08:05 <DIR> d-------- C:\WINDOWS\Sun
2008-05-06 09:26 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-05 21:58 . 2008-05-05 21:58 50 --a------ C:\WINDOWS\Winamp.ini
2008-05-05 21:58 . 2008-05-05 21:58 41 --a------ C:\WINDOWS\winampa.ini
2008-05-03 21:17 . 2008-05-15 11:40 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-03 12:23 . 2008-05-03 12:23 <DIR> d-------- C:\Temp
2008-05-03 09:13 . 2008-05-03 09:13 <DIR> d--h----- C:\host
2008-05-03 09:11 . 2008-05-03 09:12 663,648 --ah----- C:\WINDOWS\svhosted.exe
2008-05-01 12:56 . 2008-05-01 12:56 <DIR> d-------- C:\Program Files\Ares
2008-04-28 17:12 . 2008-04-28 17:13 <DIR> d-------- C:\Documents and Settings\Dominik\Dane aplikacji\FreeCall
2008-04-28 08:34 . 2008-04-28 08:34 41,200 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-27 22:00 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-04-27 22:00 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-04-27 22:00 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-04-27 22:00 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-04-27 22:00 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-27 22:00 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-04-27 22:00 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-04-27 22:00 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-04-27 22:00 . 2008-04-27 22:00 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-27 21:59 . 2008-04-27 21:59 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-27 21:59 . 2008-04-27 22:00 <DIR> d-------- C:\Program Files\Ahead
2008-04-27 17:18 . 2008-04-27 17:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-27 17:18 . 2008-04-27 17:18 <DIR> d-------- C:\Program Files\Deamon-Tools
2008-04-27 17:18 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-04-27 17:18 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-04-27 14:32 . 2008-04-27 14:32 421 --a------ C:\WINDOWS\ODBC.INI
2008-04-27 14:30 . 2008-04-27 14:31 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-25 23:12 . 2008-04-25 23:12 <DIR> d-------- C:\Documents and Settings\Dominik\Dane aplikacji\Media Player Classic
2008-04-25 15:41 . 2008-04-25 15:41 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-25 15:36 . 2005-11-10 13:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-25 15:35 . 2008-04-25 15:35 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-25 15:34 . 2008-04-25 15:34 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-25 15:27 . 2008-04-25 15:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-25 15:26 . 2008-05-06 09:44 <DIR> d-------- C:\Program Files\Winamp
2008-04-25 15:21 . 2008-04-25 15:21 <DIR> d-------- C:\Documents and Settings\Dominik\Dane aplikacji\Gadu-Gadu
2008-04-25 15:19 . 2008-04-25 15:19 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-25 15:19 . 2008-05-02 20:39 <DIR> d-------- C:\Documents and Settings\Dominik\Gadu-Gadu
2008-04-25 15:11 . 2004-01-07 08:29 261,964 --a------ C:\WINDOWS\system32\drivers\rtbldep3.bnm
2008-04-25 15:10 . 2008-04-25 15:10 <DIR> d-------- C:\WINDOWS\system32\AlertModule
2008-04-25 15:10 . 2008-04-25 15:10 <DIR> d-------- C:\Program Files\SAGEM
2008-04-25 15:10 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-04-25 15:10 . 2002-11-01 20:15 45,175 --------- C:\WINDOWS\system32\plugincpl140_03.cpl
2008-04-25 15:10 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-04-25 15:10 . 2005-10-06 15:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-04-25 15:10 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-04-25 15:09 . 2008-04-25 15:36 <DIR> d-------- C:\Program Files\Java
2008-04-25 15:09 . 2002-11-01 20:15 41,068 --------- C:\WINDOWS\system32\ActPanel.dll
2008-04-25 15:08 . 2008-04-25 15:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-25 15:08 . 2008-05-16 10:23 <DIR> d-------- C:\Program Files\neostrada tp
2008-04-25 15:05 . 2008-04-25 15:28 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-25 15:05 . 2008-04-25 15:28 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-25 15:04 . 2008-04-25 15:04 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-25 15:04 . 2008-05-16 10:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-25 15:04 . 2008-05-15 23:53 3,266,848 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-25 15:04 . 2008-05-16 10:28 242,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-25 15:04 . 2008-05-15 23:53 50,900 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-25 15:04 . 2008-05-15 23:53 24,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 13:11 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-04-25 13:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 12:59 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-04-25 12:59 --------- d-----w C:\Program Files\Gigabyte
2008-04-25 12:59 --------- d-----w C:\Program Files\AvRack
2008-04-25 12:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-25 12:39 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeCall"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"autoclk"="autoclk.exe" []
"adiras"="adiras.exe" []
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-25 15:11:11 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\Deamon-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\polska111]
C:\Windows\system32\polska111.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\polskajaja.exe]
C:\Windows\system32\polskajaja.exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-05-25 19:35 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 10:28:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-16 10:29:53
ComboFix-quarantined-files.txt 2008-05-16 08:29:50

Pre-Run: 8,605,986,816 bajtów wolnych
Post-Run: 8,618,942,464 bajtów wolnych

140

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:05, on 2008-05-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Dominik\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

--
End of file - 3481 bytes

prosze o sprawdzenie loga

[wojtas]

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\svhosted.exe

Folder::
C:\host

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\polskajaja.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\polska111]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

[szczepan12]

nowy log

ComboFix 08-05-15.2 - Dominik 2008-05-16 19:41:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.181 [GMT 2:00]
Running from: C:\Documents and Settings\Dominik\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dominik\Pulpit\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\svhosted.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\host

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-16 10:42 . 2008-05-16 10:42 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-05-16 10:42 . 2008-05-16 10:42 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-05-15 16:02 . 2008-05-15 17:58 <DIR> d-------- C:\Documents and Settings\Dominik\Dane aplikacji\gtk-2.0
2008-05-15 16:02 . 2008-05-15 16:02 <DIR> d-------- C:\Documents and Settings\Dominik\.thumbnails
2008-05-15 16:00 . 2008-05-16 19:29 <DIR> d-------- C:\Documents and Settings\Dominik\.gimp-2.4
2008-05-15 15:59 . 2008-05-15 15:59 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-05-11 08:05 . 2008-05-11 08:05 <DIR> d-------- C:\WINDOWS\Sun
2008-05-06 09:26 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-05 21:58 . 2008-05-05 21:58 50 --a------ C:\WINDOWS\Winamp.ini
2008-05-05 21:58 . 2008-05-05 21:58 41 --a------ C:\WINDOWS\winampa.ini
2008-05-03 21:17 . 2008-05-16 10:46 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-03 12:23 . 2008-05-03 12:23 <DIR> d-------- C:\Temp
2008-05-01 12:56 . 2008-05-01 12:56 <DIR> d-------- C:\Program Files\Ares
2008-04-28 17:12 . 2008-04-28 17:13 <DIR> d-------- C:\Documents and Settings\Dominik\Dane aplikacji\FreeCall
2008-04-28 08:34 . 2008-04-28 08:34 41,200 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-27 22:00 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-04-27 22:00 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-04-27 22:00 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-04-27 22:00 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-04-27 22:00 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-27 22:00 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-04-27 22:00 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-04-27 22:00 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-04-27 22:00 . 2008-04-27 22:00 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-27 21:59 . 2008-04-27 21:59 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-27 21:59 . 2008-04-27 22:00 <DIR> d-------- C:\Program Files\Ahead
2008-04-27 17:18 . 2008-04-27 17:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-27 17:18 . 2008-04-27 17:18 <DIR> d-------- C:\Program Files\Deamon-Tools
2008-04-27 17:18 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-04-27 17:18 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-04-27 14:32 . 2008-04-27 14:32 421 --a------ C:\WINDOWS\ODBC.INI
2008-04-27 14:30 . 2008-04-27 14:31 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-25 23:12 . 2008-04-25 23:12 <DIR> d-------- C:\Documents and Settings\Dominik\Dane aplikacji\Media Player Classic
2008-04-25 15:41 . 2008-04-25 15:41 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-25 15:36 . 2005-11-10 13:03 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-25 15:35 . 2008-04-25 15:35 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-25 15:34 . 2008-04-25 15:34 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-25 15:27 . 2008-04-25 15:27 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-25 15:26 . 2008-05-06 09:44 <DIR> d-------- C:\Program Files\Winamp
2008-04-25 15:21 . 2008-04-25 15:21 <DIR> d-------- C:\Documents and Settings\Dominik\Dane aplikacji\Gadu-Gadu
2008-04-25 15:19 . 2008-04-25 15:19 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-04-25 15:19 . 2008-05-16 13:04 <DIR> d-------- C:\Documents and Settings\Dominik\Gadu-Gadu
2008-04-25 15:11 . 2004-01-07 08:29 261,964 --a------ C:\WINDOWS\system32\drivers\rtbldep3.bnm
2008-04-25 15:10 . 2008-04-25 15:10 <DIR> d-------- C:\WINDOWS\system32\AlertModule
2008-04-25 15:10 . 2008-04-25 15:10 <DIR> d-------- C:\Program Files\SAGEM
2008-04-25 15:10 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-04-25 15:10 . 2002-11-01 20:15 45,175 --------- C:\WINDOWS\system32\plugincpl140_03.cpl
2008-04-25 15:10 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-04-25 15:10 . 2005-10-06 15:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-04-25 15:10 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-04-25 15:09 . 2008-04-25 15:36 <DIR> d-------- C:\Program Files\Java
2008-04-25 15:09 . 2002-11-01 20:15 41,068 --------- C:\WINDOWS\system32\ActPanel.dll
2008-04-25 15:08 . 2008-04-25 15:08 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-25 15:08 . 2008-05-16 19:53 <DIR> d-------- C:\Program Files\neostrada tp
2008-04-25 15:05 . 2008-04-25 15:28 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-04-25 15:05 . 2008-04-25 15:28 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-04-25 15:04 . 2008-04-25 15:04 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-04-25 15:04 . 2008-05-16 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-25 15:04 . 2008-05-16 19:51 3,266,848 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-25 15:04 . 2008-05-16 19:52 252,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-25 15:04 . 2008-05-16 19:51 50,900 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-25 15:04 . 2008-05-16 19:51 25,736 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 13:11 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-04-25 13:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-25 12:59 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-04-25 12:59 --------- d-----w C:\Program Files\Gigabyte
2008-04-25 12:59 --------- d-----w C:\Program Files\AvRack
2008-04-25 12:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-25 12:39 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((( snapshot@2008-05-16_10.29.16,45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 08:04:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 17:52:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeCall"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"autoclk"="autoclk.exe" []
"adiras"="adiras.exe" []
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 16:55 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-25 15:11:11 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\Deamon-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-05-25 19:35 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 19:52:56
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
.
**************************************************************************
.
Completion time: 2008-05-16 19:55:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 17:55:00
ComboFix2.txt 2008-05-16 08:29:58

Pre-Run: 8,592,748,544 bajtów wolnych
Post-Run: 8,585,355,264 bajt˘w wolnych

157

[Okocza]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

[szczepan12]

zrobilem ^^

czysto juz u mnie?

[Okocza]

teraz już tak.