Warning -this machine does not have the-o co w tym chodzi?

[jmasterj]

[/list]ComboFix 08-09-03.06 - DOMOWY 2008-09-05 13:13:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.153 [GMT 2:00]
Running from: C:\Documents and Settings\DOMOWY\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\DOMOWY\Cookies\domowy@showit[1].txt

.
((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.

2008-09-05 11:36 . 2008-09-05 11:36 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-09-05 11:36 . 2008-09-05 11:36 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-09-04 22:35 . 2008-07-18 01:26 68,912 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2008-09-04 22:35 . 2008-07-18 01:26 13,360 --a------ C:\WINDOWS\system32\drivers\sbaphd.sys
2008-09-04 22:13 . 2008-09-04 22:13 <DIR> d-------- C:\Documents and Settings\DOMOWY\Dane aplikacji\Sunbelt
2008-09-04 22:13 . 2008-09-04 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sunbelt
2008-09-04 22:10 . 2008-09-04 22:10 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-09-04 20:30 . 2008-09-04 20:30 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-09-04 00:41 . 2008-09-04 00:41 232,075 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_7203.exe
2008-09-03 18:49 . 2008-09-04 12:50 <DIR> d-------- C:\Program Files\KeyLoggerHome
2008-09-02 22:30 . 2008-09-02 22:32 <DIR> d-------- C:\WINDOWS\system32\wdrivers
2008-09-02 21:33 . 2008-09-02 21:33 <DIR> d-------- C:\WINDOWS\0674B216AB4642EBBEA960702316154E.TMP
2008-09-02 16:18 . 2008-09-02 16:18 <DIR> d-------- C:\Program Files\Creative
2008-09-02 16:18 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-09-01 14:24 . 2008-09-01 14:24 <DIR> d-------- C:\AstroSfera
2008-08-28 21:08 . 2008-08-28 21:08 <DIR> d-------- C:\Program Files\DAEMON Tools Toolbar
2008-08-28 21:08 . 2008-08-28 21:08 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-28 21:02 . 2008-08-28 21:02 <DIR> d-------- C:\Documents and Settings\DOMOWY\Dane aplikacji\DAEMON Tools
2008-08-28 19:17 . 2008-08-28 19:17 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-28 19:17 . 2008-08-28 19:17 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-08-28 16:18 . 2008-08-28 16:18 <DIR> d-------- C:\Program Files\Anti-keylogger
2008-08-28 16:18 . 2008-08-11 14:36 360,448 --a------ C:\WINDOWS\system32\drivers\krnl_akl.sys
2008-08-28 04:39 . 2008-09-05 13:06 4 --a------ C:\WINDOWS\system32\msdbcrpt.kar.{de6af992-0620-498f-922f-79ce716e7a55}
2008-08-28 04:39 . 2008-09-05 13:06 4 --a------ C:\WINDOWS\system32\fsdbcrpt.kar.{de6af992-0620-498f-922f-79ce716e7a55}
2008-08-28 04:38 . 2008-08-28 04:38 <DIR> d-------- C:\Program Files\GFI
2008-08-28 04:36 . 2008-08-28 04:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-28 02:17 . 2008-08-28 02:17 <DIR> d-------- C:\Program Files\SolarWinds
2008-08-28 02:08 . 2008-08-28 02:08 <DIR> d-------- C:\Program Files\WildPackets
2008-08-27 13:56 . 2008-08-27 15:13 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-25 23:38 . 2008-08-28 17:30 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-08-25 22:25 . 2008-08-25 22:25 <DIR> d-------- C:\Program Files\kRk Software
2008-08-20 23:05 . 2008-08-20 23:05 <DIR> d-------- C:\Documents and Settings\DOMOWY\Dane aplikacji\Gadu-Gadu
2008-08-20 21:26 . 2008-09-03 19:54 <DIR> d-------- C:\Documents and Settings\DOMOWY\Gadu-Gadu
2008-08-20 21:25 . 2008-08-25 23:03 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-08-19 21:29 . 2008-09-04 20:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-19 15:54 . 2008-08-19 18:16 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-17 08:50 . 2008-08-17 08:50 59,176 --a------ C:\WINDOWS\system32\sbbd.exe
2008-08-14 10:49 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 10:58 --------- d-----w C:\Program Files\Wanadoo
2008-09-05 09:34 --------- d-----w C:\Program Files\BOINC
2008-09-04 21:50 --------- d-----w C:\Program Files\Burn for Free 1
2008-09-04 19:49 44,544 ----a-w C:\WINDOWS\system32\alg.exe
2008-09-03 19:59 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
2008-08-28 19:02 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-28 17:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 00:55 --------- d-----w C:\Program Files\Java
2008-08-20 21:26 --------- d-----w C:\Program Files\Google
2008-08-20 21:21 224,768 ----a-w C:\WINDOWS\system32\b4fm.dll
2008-08-20 21:20 822,272 ----a-w C:\WINDOWS\system32\comres.dll
2008-08-20 14:44 454 ----a-w C:\Program Files\Skrót do BOINC.lnk
2008-08-17 21:17 --------- d-----w C:\Program Files\Winamp 5.32 Pro + Keygen
2008-08-17 21:08 --------- d-----w C:\Program Files\Data Doctor Password Recovery (Evaluation)
2008-08-17 21:08 --------- d-----w C:\Program Files\Common Files\NSIS
2008-08-17 20:23 --------- d-----w C:\Program Files\3wPlayer
2008-08-16 12:40 --------- d-----w C:\Program Files\KONAMI
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:41 662,016 ------w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-01-13 23:34 21,822,168 -c--a-w C:\Program Files\AdbeRdr80_en_US.exe
2007-01-13 23:13 7,050,552 -c--a-w C:\Program Files\psa30se_en_us.exe
2007-01-13 23:05 811,560 -c--a-w C:\Program Files\GoogleToolbarInstaller_ADBx_en_401019_signed.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-04_23.12.36.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-05 09:06:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_66c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-24 68856]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2002-12-09 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2002-12-09 45056]
"Anti-keylogger"="C:\Program Files\Anti-keylogger\Anti-keylogger.exe" [2008-08-11 279040]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"SBAMTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2008-08-17 660776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\DOMOWY\Menu Start\Programy\Autostart\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-11-13 4141056]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-01-12 962661]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^SATARaid.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SATARaid.lnk
backup=C:\WINDOWS\pss\SATARaid.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"C:\\Program Files\\AMBPR\\ambpr.exe"=
"D:\\UT2004\\System\\UT2004.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2002-12-18 84657]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-03-21 270336]
R1 krnl_akl;krnl_akl;C:\WINDOWS\system32\drivers\krnl_akl.sys [2008-08-11 360448]
R1 sbaphd;sbaphd;C:\WINDOWS\system32\drivers\sbaphd.sys [2008-07-18 13360]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 GFI LANguard N.S.S. 5.0 attendant service;GFI LANguard N.S.S. 5.0 attendant service;C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe [2004-04-08 102400]
R2 sbapifs;sbapifs;C:\WINDOWS\system32\drivers\sbapifs.sys [2008-07-18 68912]
Stop Pending2 SBAMSvc;Sunbelt VIPRE Antivirus Service;C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-08-17 849192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\atisetup.exe
\Shell\launch\command - E:\atisetup.exe

*Newly Created Service* - SBRE
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\DOMOWY\Dane aplikacji\Mozilla\Firefox\Profiles\pr3hf34n.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 13:15:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-05 13:16:50
ComboFix-quarantined-files.txt 2008-09-05 11:16:40
ComboFix2.txt 2008-09-04 21:13:14

Pre-Run: 8,733,384,704 bajtów wolnych
Post-Run: 8,733,802,496 bajtów wolnych

187 --- E O F --- 2008-08-28 20:36:32

[Okocza]

jmasterj, po 1 - gdzie log z hijacka po 2 - gdzie opis problemu po 3 - wstaw te logi w tagi 'code'