przez Wojtaz 22 Maj 2008, 11:06
Nie mam dwóch kompów ze sobą połączonych Co zrobić? 
przez Lukesh 22 Maj 2008, 11:11
przez Wojtaz 22 Maj 2008, 11:14
?
przez Lukesh 22 Maj 2008, 11:20
przez Wojtaz 22 Maj 2008, 11:31
przez Okocza 22 Maj 2008, 11:34
przez Wojtaz 22 Maj 2008, 11:40
ComboFix 08-05-21.2 - Wojtaz 2008-05-22 11:37:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.195 [GMT 2:00]
Running from: C:\Documents and Settings\Wojtaz\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.
2008-05-21 21:53 . 2002-11-20 21:16 180,224 --a------ C:\WINDOWS\system32\Ijl11.dll
2008-05-21 21:53 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-21 21:53 . 2007-04-15 19:45 53,248 --a------ C:\WINDOWS\system32\KMON.OCX
2008-05-21 21:53 . 2001-11-22 15:00 24,626 --a------ C:\WINDOWS\system32\scrrntr.dll
2008-05-21 21:53 . 2007-03-27 15:25 20,480 --a------ C:\WINDOWS\system32\PAC.EXE
2008-05-21 21:53 . 2007-04-15 19:46 19,456 --a------ C:\WINDOWS\system32\KTKBDHK3.DLL
2008-05-21 21:53 . 2008-05-22 11:37 52 --a------ C:\WINDOWS\system\ACD2.CMD
2008-05-21 21:53 . 2008-05-22 11:37 52 --a------ C:\WINDOWS\system\ACD.CMD
2008-05-20 13:56 . 2008-05-21 21:53 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-19 20:18 . 2008-05-19 20:18 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-19 20:17 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-19 20:17 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-19 20:17 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-19 20:17 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-05-19 20:17 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-19 20:17 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-19 20:17 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-19 20:16 . 2008-05-19 20:17 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-19 16:01 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-19 16:01 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-19 16:01 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-19 16:01 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-17 13:43 . 2008-05-17 13:43 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Apple Computer
2008-05-17 13:43 . 2008-05-18 09:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-17 13:43 . 2008-05-17 13:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-15 22:53 . 2008-05-15 22:55 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-15 22:27 . 2008-05-15 22:31 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-14 20:18 . 2008-05-14 20:17 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-05-14 20:10 . 2008-05-15 07:44 <DIR> d-------- C:\Documents and Settings\Wojtaz\Gadu-Gadu
2008-05-14 10:22 . 2006-04-23 03:34 42,496 --a------ C:\WINDOWS\system32\libusb0.dll
2008-05-14 10:22 . 2006-04-23 03:34 29,184 --a------ C:\WINDOWS\system32\drivers\libusb0.sys
2008-05-13 20:38 . 2008-05-13 20:39 <DIR> d-------- C:\Program Files\AnMing
2008-05-13 18:11 . 2008-05-13 18:11 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-05-12 15:29 . 2008-04-21 15:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-12 15:29 . 2008-04-21 15:00 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-12 15:29 . 2008-04-21 15:00 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-05-12 15:29 . 2008-04-21 15:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-12 08:57 . 2008-05-13 18:16 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Xfire
2008-05-11 20:58 . 2002-08-29 19:00 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-05-11 20:58 . 2007-04-15 00:05 991,232 --a------ C:\WINDOWS\system32\imageviewer2.ocx
2008-05-11 20:58 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-05-11 20:58 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2008-05-11 20:58 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\comct232.ocx
2008-05-11 20:58 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx
2008-05-11 20:58 . 2000-05-01 23:02 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2008-05-11 20:58 . 2000-07-09 18:15 106,496 --a------ C:\WINDOWS\system32\mbprgbar.ocx
2008-05-11 14:11 . 2008-05-11 14:11 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-11 14:11 . 2008-05-11 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-05-11 14:11 . 2008-05-11 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-05-10 21:53 . 2008-05-13 18:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-10 21:53 . 2008-05-10 21:53 22,328 --a------ C:\Documents and Settings\Wojtaz\Dane aplikacji\PnkBstrK.sys
2008-05-10 21:52 . 2008-05-10 21:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-10 21:52 . 2008-05-13 18:12 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-10 21:52 . 2008-05-12 08:52 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-10 21:52 . 2008-05-10 21:52 319 --a------ C:\WINDOWS\game.ini
2008-05-10 20:26 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2008-05-10 20:26 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2008-05-10 20:25 . 2008-05-10 20:25 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-10 16:00 . 2008-05-10 16:00 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\CyberLink
2008-05-10 15:59 . 2008-05-10 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-05-10 12:50 . 2008-05-19 10:08 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\MyPhoneExplorer
2008-05-10 10:52 . 2008-05-10 10:52 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Teleca
2008-05-10 10:22 . 2007-04-23 15:54 108,680 -ra------ C:\WINDOWS\system32\drivers\s115mdm.sys
2008-05-10 10:22 . 2007-04-23 15:54 100,488 -ra------ C:\WINDOWS\system32\drivers\s115mgmt.sys
2008-05-10 10:22 . 2007-04-23 15:54 98,568 -ra------ C:\WINDOWS\system32\drivers\s115obex.sys
2008-05-10 10:22 . 2007-04-23 15:54 15,112 -ra------ C:\WINDOWS\system32\drivers\s115mdfl.sys
2008-05-10 10:22 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cmnt.sys
2008-05-10 10:22 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cm.sys
2008-05-10 10:21 . 2007-04-23 15:54 83,208 -ra------ C:\WINDOWS\system32\drivers\s115bus.sys
2008-05-10 10:21 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115whnt.sys
2008-05-10 10:21 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115wh.sys
2008-05-10 10:19 . 2008-05-10 10:19 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Light StartUp
2008-05-10 10:18 . 2008-05-10 10:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-10 10:18 . 2008-05-10 10:18 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-05-10 10:18 . 2008-05-10 10:18 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-05-10 10:18 . 2008-05-10 10:18 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Sony Ericsson
2008-05-10 10:17 . 2008-05-10 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-05-10 10:17 . 2008-05-10 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-05-09 19:47 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-09 19:47 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-09 15:23 . 2008-05-21 10:59 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\foobar2000
2008-05-09 14:35 . 2008-05-09 14:35 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Creative
2008-05-09 14:35 . 2008-05-09 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-05-09 14:35 . 2008-05-09 14:35 19 --a------ C:\WINDOWS\cie12.ini
2008-05-09 14:34 . 2008-05-09 14:34 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-05-09 14:27 . 2008-05-09 14:27 135 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-09 14:26 . 2008-05-22 11:30 754 --a------ C:\WINDOWS\WINCMD.INI
2008-05-08 21:32 . 2008-05-08 21:32 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-08 21:27 . 2008-05-08 21:27 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Gadu-Gadu
2008-05-08 21:24 . 2008-05-21 23:21 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Tlen.pl
2008-05-08 21:20 . 2008-05-08 21:20 <DIR> d-------- C:\Program Files\SAGEM
2008-05-08 21:20 . 2008-05-08 21:20 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\InstallShield
2008-05-08 21:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-08 21:19 . 2008-05-08 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-05-08 21:18 . 2008-05-08 21:19 <DIR> d-------- C:\WINDOWS\nview
2008-05-08 21:18 . 2005-06-15 11:20 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-08 21:18 . 2008-05-22 10:11 26,682 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-08 21:18 . 2005-06-15 11:20 14,757 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-08 21:17 . 2004-05-02 10:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
2008-05-08 21:16 . 2008-05-08 21:16 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-08 21:13 . 2008-05-08 21:13 <DIR> d-------- C:\WINDOWS\NV16841708.TMP
2008-05-08 21:12 . 2005-09-28 11:08 176,128 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-08 21:11 . 2008-05-15 22:53 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-08 21:11 . 2008-05-10 15:59 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-08 21:11 . 2008-05-08 21:11 <DIR> d-------- C:\Program Files\AMD
2008-05-08 21:11 . 2005-03-09 15:53 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-08 21:11 . 2008-05-08 21:11 14,595 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-08 21:11 . 2004-08-14 12:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-05-08 21:10 . 2004-04-30 17:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-08 21:09 . 2008-05-08 21:09 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-08 21:09 . 2008-05-08 22:52 <DIR> d--h----- C:\Documents and Settings\Wojtaz\Ustawienia lokalne
2008-05-08 21:09 . 2008-05-08 21:10 <DIR> dr------- C:\Documents and Settings\Wojtaz\Ulubione
2008-05-08 21:09 . 2008-05-08 20:58 <DIR> d--h----- C:\Documents and Settings\Wojtaz\Szablony
2008-05-08 21:09 . 2008-05-22 11:37 <DIR> d-------- C:\Documents and Settings\Wojtaz\Pulpit
2008-05-08 21:09 . 2008-05-15 22:32 <DIR> dr------- C:\Documents and Settings\Wojtaz\Moje dokumenty
2008-05-08 21:09 . 2008-05-08 22:52 <DIR> dr------- C:\Documents and Settings\Wojtaz\Menu Start
2008-05-08 21:09 . 2008-05-17 13:43 <DIR> dr-h----- C:\Documents and Settings\Wojtaz\Dane aplikacji
2008-05-08 21:09 . 2008-05-14 20:10 <DIR> d-------- C:\Documents and Settings\Wojtaz
2008-05-08 21:09 . 2008-05-22 11:38 <DIR> d--h----- C:\Documents and Settings\NetworkService\Ustawienia lokalne
2008-05-08 21:09 . 2008-05-08 21:09 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji
2008-05-08 21:09 . 2008-05-08 21:09 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-05-08 21:09 . 2008-05-22 11:38 <DIR> d--h----- C:\Documents and Settings\LocalService\Ustawienia lokalne
2008-05-08 21:09 . 2008-05-13 18:11 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji
2008-05-08 21:09 . 2008-05-08 21:09 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-05-08 21:09 . 2008-05-08 21:09 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 06:18 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-10 08:50 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-08 18:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 18:41 --------- d-----w C:\Program Files\Usługi online
2007-05-22 13:53 376,832 --sh--w C:\WINDOWS\system32\activexdebugger32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 19:11 925696]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 11:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 11:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 11:20 86016]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-15 22:55:36 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.avis"= ff_acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Tlen.pl\\tlen.exe"=
"D:\\Program Files\\Aptana\\Aptana Studio\\jre\\bin\\javaw.exe"=
"D:\\Program Files\\BearShare\\BearShare.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"32459:TCP"= 32459:TCP:BitComet 32459 TCP
"32459:UDP"= 32459:UDP:BitComet 32459 UDP
S3 gggen;Generic USB Flash Driver;C:\WINDOWS\system32\DRIVERS\gggen.sys [2006-09-28 14:10]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2006-04-23 03:34]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e2bddaa-2189-11dd-94d5-0015f2bb93a0}]
\Shell\Auto\command - I:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - I:\activexdebugger32.exe f
\Shell\open\Command - I:\activexdebugger32.exe f
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bb3cae7-1dc3-11dd-94c2-0015f2bb93a0}]
\Shell\Auto\command - I:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - I:\activexdebugger32.exe f
\Shell\open\Command - I:\activexdebugger32.exe f
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8eaa64c-1d33-11dd-94c1-0015f2bb93a0}]
\Shell\Auto\command - I:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - I:\activexdebugger32.exe f
\Shell\open\Command - I:\activexdebugger32.exe f
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-11 12:11:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 11:38:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-22 11:39:04
ComboFix-quarantined-files.txt 2008-05-22 09:39:02
Pre-Run: 16,183,046,144 bajtów wolnych
Post-Run: 16,204,541,952 bajtów wolnych
220
przez Okocza 22 Maj 2008, 12:08
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e2bddaa-2189-11dd-94d5-0015f2bb93a0}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bb3cae7-1dc3-11dd-94c2-0015f2bb93a0}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8eaa64c-1d33-11dd-94c1-0015f2bb93a0}]
przez Wojtaz 22 Maj 2008, 14:26
przez Okocza 22 Maj 2008, 14:26
przez Wojtaz 22 Maj 2008, 14:29
przez Okocza 22 Maj 2008, 14:30
przez Magik 22 Maj 2008, 14:33
wojtaz13 napisał(a):Co to znaczy z tymi dyskami udostępnionymi? Ja nic nie robiłem, wczoraj jeszcze czegoś takiego nie miałem, dopiero dzisiaj rano Razz Nie mam dwóch kompów ze sobą połączonych Razz Co zrobić? Very Happy
Pewnie nie wszyscy z nas wiedzą ale system Windows XP po instalacji udostępnia wszystkie nasze dyski lokalneAby wyłączyć udostępnianie musimy uruchomić edytor rejestru (Start — uruchom — regedit)
Przechodzimy do:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
klikamy po prawe stronie edytora rejestru prawym przyciskiem myszy i z menu kontekstowego które nam się rozwinie wybieramy nowy | dword nadajemy nazwy i wartości jak poniżej.
“AutoShareServer”=dword:00000000 oraz “AutoShareWks”=dword:00000000
przez Wojtaz 22 Maj 2008, 14:48
ComboFix 08-05-21.2 - Wojtaz 2008-05-22 14:47:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.344 [GMT 2:00]
Running from: C:\Documents and Settings\Wojtaz\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.
2008-05-21 21:53 . 2002-11-20 21:16 180,224 --a------ C:\WINDOWS\system32\Ijl11.dll
2008-05-21 21:53 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-05-21 21:53 . 2007-04-15 19:45 53,248 --a------ C:\WINDOWS\system32\KMON.OCX
2008-05-21 21:53 . 2001-11-22 15:00 24,626 --a------ C:\WINDOWS\system32\scrrntr.dll
2008-05-21 21:53 . 2007-03-27 15:25 20,480 --a------ C:\WINDOWS\system32\PAC.EXE
2008-05-21 21:53 . 2007-04-15 19:46 19,456 --a------ C:\WINDOWS\system32\KTKBDHK3.DLL
2008-05-21 21:53 . 2008-05-22 14:47 52 --a------ C:\WINDOWS\system\ACD2.CMD
2008-05-21 21:53 . 2008-05-22 14:47 52 --a------ C:\WINDOWS\system\ACD.CMD
2008-05-20 13:56 . 2008-05-21 21:53 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-19 20:18 . 2008-05-19 20:18 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-19 20:17 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-19 20:17 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-19 20:17 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-19 20:17 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-05-19 20:17 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-19 20:17 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-19 20:17 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-19 20:16 . 2008-05-19 20:17 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-19 16:01 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-19 16:01 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-19 16:01 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-19 16:01 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-17 13:43 . 2008-05-17 13:43 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Apple Computer
2008-05-17 13:43 . 2008-05-18 09:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-17 13:43 . 2008-05-17 13:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-15 22:53 . 2008-05-15 22:55 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-15 22:27 . 2008-05-15 22:31 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-14 20:18 . 2008-05-14 20:17 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-05-14 20:10 . 2008-05-15 07:44 <DIR> d-------- C:\Documents and Settings\Wojtaz\Gadu-Gadu
2008-05-14 10:22 . 2006-04-23 03:34 42,496 --a------ C:\WINDOWS\system32\libusb0.dll
2008-05-14 10:22 . 2006-04-23 03:34 29,184 --a------ C:\WINDOWS\system32\drivers\libusb0.sys
2008-05-13 20:38 . 2008-05-13 20:39 <DIR> d-------- C:\Program Files\AnMing
2008-05-13 18:11 . 2008-05-13 18:11 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-05-12 15:29 . 2008-04-21 15:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-12 15:29 . 2008-04-21 15:00 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-12 15:29 . 2008-04-21 15:00 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-05-12 15:29 . 2008-04-21 15:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-12 08:57 . 2008-05-13 18:16 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Xfire
2008-05-11 20:58 . 2002-08-29 19:00 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-05-11 20:58 . 2007-04-15 00:05 991,232 --a------ C:\WINDOWS\system32\imageviewer2.ocx
2008-05-11 20:58 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-05-11 20:58 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2008-05-11 20:58 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\comct232.ocx
2008-05-11 20:58 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx
2008-05-11 20:58 . 2000-05-01 23:02 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2008-05-11 20:58 . 2000-07-09 18:15 106,496 --a------ C:\WINDOWS\system32\mbprgbar.ocx
2008-05-11 14:11 . 2008-05-11 14:11 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-11 14:11 . 2008-05-11 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-05-11 14:11 . 2008-05-11 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-05-10 21:53 . 2008-05-13 18:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-10 21:53 . 2008-05-10 21:53 22,328 --a------ C:\Documents and Settings\Wojtaz\Dane aplikacji\PnkBstrK.sys
2008-05-10 21:52 . 2008-05-10 21:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-10 21:52 . 2008-05-13 18:12 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-10 21:52 . 2008-05-12 08:52 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-10 21:52 . 2008-05-10 21:52 319 --a------ C:\WINDOWS\game.ini
2008-05-10 20:26 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2008-05-10 20:26 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2008-05-10 20:25 . 2008-05-10 20:25 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-10 16:00 . 2008-05-10 16:00 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\CyberLink
2008-05-10 15:59 . 2008-05-10 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-05-10 12:50 . 2008-05-19 10:08 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\MyPhoneExplorer
2008-05-10 10:52 . 2008-05-10 10:52 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Teleca
2008-05-10 10:22 . 2007-04-23 15:54 108,680 -ra------ C:\WINDOWS\system32\drivers\s115mdm.sys
2008-05-10 10:22 . 2007-04-23 15:54 100,488 -ra------ C:\WINDOWS\system32\drivers\s115mgmt.sys
2008-05-10 10:22 . 2007-04-23 15:54 98,568 -ra------ C:\WINDOWS\system32\drivers\s115obex.sys
2008-05-10 10:22 . 2007-04-23 15:54 15,112 -ra------ C:\WINDOWS\system32\drivers\s115mdfl.sys
2008-05-10 10:22 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cmnt.sys
2008-05-10 10:22 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cm.sys
2008-05-10 10:21 . 2007-04-23 15:54 83,208 -ra------ C:\WINDOWS\system32\drivers\s115bus.sys
2008-05-10 10:21 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115whnt.sys
2008-05-10 10:21 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115wh.sys
2008-05-10 10:19 . 2008-05-10 10:19 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Light StartUp
2008-05-10 10:18 . 2008-05-10 10:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-10 10:18 . 2008-05-10 10:18 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-05-10 10:18 . 2008-05-10 10:18 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-05-10 10:18 . 2008-05-10 10:18 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Sony Ericsson
2008-05-10 10:17 . 2008-05-10 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-05-10 10:17 . 2008-05-10 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-05-09 19:47 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-09 19:47 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-09 15:23 . 2008-05-21 10:59 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\foobar2000
2008-05-09 14:35 . 2008-05-09 14:35 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Creative
2008-05-09 14:35 . 2008-05-09 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-05-09 14:35 . 2008-05-09 14:35 19 --a------ C:\WINDOWS\cie12.ini
2008-05-09 14:34 . 2008-05-09 14:34 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-05-09 14:27 . 2008-05-09 14:27 135 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-09 14:26 . 2008-05-22 14:30 962 --a------ C:\WINDOWS\WINCMD.INI
2008-05-08 21:32 . 2008-05-08 21:32 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-08 21:27 . 2008-05-08 21:27 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Gadu-Gadu
2008-05-08 21:24 . 2008-05-21 23:21 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Tlen.pl
2008-05-08 21:20 . 2008-05-08 21:20 <DIR> d-------- C:\Program Files\SAGEM
2008-05-08 21:20 . 2008-05-08 21:20 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\InstallShield
2008-05-08 21:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-08 21:19 . 2008-05-08 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-05-08 21:18 . 2008-05-08 21:19 <DIR> d-------- C:\WINDOWS\nview
2008-05-08 21:18 . 2005-06-15 11:20 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-08 21:18 . 2008-05-22 14:45 26,682 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-08 21:18 . 2005-06-15 11:20 14,757 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-08 21:17 . 2004-05-02 10:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
2008-05-08 21:16 . 2008-05-08 21:16 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-08 21:13 . 2008-05-08 21:13 <DIR> d-------- C:\WINDOWS\NV16841708.TMP
2008-05-08 21:12 . 2005-09-28 11:08 176,128 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-08 21:11 . 2008-05-15 22:53 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-08 21:11 . 2008-05-10 15:59 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-08 21:11 . 2008-05-08 21:11 <DIR> d-------- C:\Program Files\AMD
2008-05-08 21:11 . 2005-03-09 15:53 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-08 21:11 . 2008-05-08 21:11 14,595 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-08 21:11 . 2004-08-14 12:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-05-08 21:10 . 2004-04-30 17:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-08 21:09 . 2008-05-08 21:09 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-08 21:09 . 2008-05-08 22:52 <DIR> d--h----- C:\Documents and Settings\Wojtaz\Ustawienia lokalne
2008-05-08 21:09 . 2008-05-08 21:10 <DIR> dr------- C:\Documents and Settings\Wojtaz\Ulubione
2008-05-08 21:09 . 2008-05-08 20:58 <DIR> d--h----- C:\Documents and Settings\Wojtaz\Szablony
2008-05-08 21:09 . 2008-05-22 14:46 <DIR> d-------- C:\Documents and Settings\Wojtaz\Pulpit
2008-05-08 21:09 . 2008-05-15 22:32 <DIR> dr------- C:\Documents and Settings\Wojtaz\Moje dokumenty
2008-05-08 21:09 . 2008-05-08 22:52 <DIR> dr------- C:\Documents and Settings\Wojtaz\Menu Start
2008-05-08 21:09 . 2008-05-17 13:43 <DIR> dr-h----- C:\Documents and Settings\Wojtaz\Dane aplikacji
2008-05-08 21:09 . 2008-05-14 20:10 <DIR> d-------- C:\Documents and Settings\Wojtaz
2008-05-08 21:09 . 2008-05-22 14:47 <DIR> d--h----- C:\Documents and Settings\NetworkService\Ustawienia lokalne
2008-05-08 21:09 . 2008-05-08 21:09 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji
2008-05-08 21:09 . 2008-05-08 21:09 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-05-08 21:09 . 2008-05-22 14:47 <DIR> d--h----- C:\Documents and Settings\LocalService\Ustawienia lokalne
2008-05-08 21:09 . 2008-05-13 18:11 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji
2008-05-08 21:09 . 2008-05-08 21:09 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-05-08 21:09 . 2008-05-08 21:09 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 06:18 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-10 08:50 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-08 18:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 18:41 --------- d-----w C:\Program Files\Usługi online
2007-05-22 13:53 376,832 --sh--w C:\WINDOWS\system32\activexdebugger32.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-22_11.38.57,25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 08:11:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 11:55:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 19:11 925696]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 11:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 11:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 11:20 86016]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-15 22:55:36 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.avis"= ff_acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Tlen.pl\\tlen.exe"=
"D:\\Program Files\\Aptana\\Aptana Studio\\jre\\bin\\javaw.exe"=
"D:\\Program Files\\BearShare\\BearShare.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"32459:TCP"= 32459:TCP:BitComet 32459 TCP
"32459:UDP"= 32459:UDP:BitComet 32459 UDP
S3 gggen;Generic USB Flash Driver;C:\WINDOWS\system32\DRIVERS\gggen.sys [2006-09-28 14:10]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2006-04-23 03:34]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-11 12:11:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 14:47:56
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-22 14:48:17
ComboFix-quarantined-files.txt 2008-05-22 12:48:15
ComboFix2.txt 2008-05-22 09:39:05
Pre-Run: 17,571,344,384 bajtów wolnych
Post-Run: 17,563,377,664 bajtów wolnych
209
przez Okocza 22 Maj 2008, 14:53
File::
C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\KMON.OCX
C:\WINDOWS\system32\scrrntr.dll
C:\WINDOWS\system32\PAC.EXE
C:\WINDOWS\system32\KTKBDHK3.DLL
przez Magik 22 Maj 2008, 14:54
przez Wojtaz 22 Maj 2008, 15:03
ComboFix 08-05-21.2 - Wojtaz 2008-05-22 15:00:26.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.327 [GMT 2:00]
Running from: C:\Documents and Settings\Wojtaz\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wojtaz\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\KMON.OCX
C:\WINDOWS\system32\KTKBDHK3.DLL
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\PAC.EXE
C:\WINDOWS\system32\scrrntr.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\KMON.OCX
C:\WINDOWS\system32\KTKBDHK3.DLL
C:\WINDOWS\system32\MSWINSCK.OCX
C:\WINDOWS\system32\PAC.EXE
C:\WINDOWS\system32\scrrntr.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.
2008-05-21 21:53 . 2008-05-22 14:47 52 --a------ C:\WINDOWS\system\ACD2.CMD
2008-05-21 21:53 . 2008-05-22 14:47 52 --a------ C:\WINDOWS\system\ACD.CMD
2008-05-20 13:56 . 2008-05-21 21:53 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-19 20:18 . 2008-05-19 20:18 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-19 20:17 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-05-19 20:17 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-05-19 20:17 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-05-19 20:17 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-05-19 20:17 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-05-19 20:17 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-05-19 20:17 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-05-19 20:16 . 2008-05-19 20:17 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-19 16:01 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-19 16:01 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-19 16:01 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-19 16:01 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-17 13:43 . 2008-05-17 13:43 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Apple Computer
2008-05-17 13:43 . 2008-05-18 09:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-17 13:43 . 2008-05-17 13:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-15 22:53 . 2008-05-15 22:55 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-15 22:27 . 2008-05-15 22:31 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-14 20:18 . 2008-05-14 20:17 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-05-14 20:10 . 2008-05-15 07:44 <DIR> d-------- C:\Documents and Settings\Wojtaz\Gadu-Gadu
2008-05-14 10:22 . 2006-04-23 03:34 42,496 --a------ C:\WINDOWS\system32\libusb0.dll
2008-05-14 10:22 . 2006-04-23 03:34 29,184 --a------ C:\WINDOWS\system32\drivers\libusb0.sys
2008-05-13 20:38 . 2008-05-13 20:39 <DIR> d-------- C:\Program Files\AnMing
2008-05-13 18:11 . 2008-05-13 18:11 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-05-12 15:29 . 2008-04-21 15:00 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-12 15:29 . 2008-04-21 15:00 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-12 15:29 . 2008-04-21 15:00 6,144 --a------ C:\WINDOWS\system32\ff_acm.acm
2008-05-12 15:29 . 2008-04-21 15:00 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-12 08:57 . 2008-05-13 18:16 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Xfire
2008-05-11 20:58 . 2002-08-29 19:00 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-05-11 20:58 . 2007-04-15 00:05 991,232 --a------ C:\WINDOWS\system32\imageviewer2.ocx
2008-05-11 20:58 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-05-11 20:58 . 1996-01-12 00:00 200,704 --a------ C:\WINDOWS\system32\threed32.ocx
2008-05-11 20:58 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\comct232.ocx
2008-05-11 20:58 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx
2008-05-11 20:58 . 2000-05-01 23:02 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2008-05-11 20:58 . 2000-07-09 18:15 106,496 --a------ C:\WINDOWS\system32\mbprgbar.ocx
2008-05-11 14:11 . 2008-05-11 14:11 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-11 14:11 . 2008-05-11 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-05-11 14:11 . 2008-05-11 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-05-10 21:53 . 2008-05-13 18:12 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-10 21:53 . 2008-05-10 21:53 22,328 --a------ C:\Documents and Settings\Wojtaz\Dane aplikacji\PnkBstrK.sys
2008-05-10 21:52 . 2008-05-10 21:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-10 21:52 . 2008-05-13 18:12 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-10 21:52 . 2008-05-12 08:52 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-10 21:52 . 2008-05-10 21:52 319 --a------ C:\WINDOWS\game.ini
2008-05-10 20:26 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2008-05-10 20:26 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2008-05-10 20:25 . 2008-05-10 20:25 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-10 16:00 . 2008-05-10 16:00 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\CyberLink
2008-05-10 15:59 . 2008-05-10 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-05-10 12:50 . 2008-05-19 10:08 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\MyPhoneExplorer
2008-05-10 10:52 . 2008-05-10 10:52 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Teleca
2008-05-10 10:22 . 2007-04-23 15:54 108,680 -ra------ C:\WINDOWS\system32\drivers\s115mdm.sys
2008-05-10 10:22 . 2007-04-23 15:54 100,488 -ra------ C:\WINDOWS\system32\drivers\s115mgmt.sys
2008-05-10 10:22 . 2007-04-23 15:54 98,568 -ra------ C:\WINDOWS\system32\drivers\s115obex.sys
2008-05-10 10:22 . 2007-04-23 15:54 15,112 -ra------ C:\WINDOWS\system32\drivers\s115mdfl.sys
2008-05-10 10:22 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cmnt.sys
2008-05-10 10:22 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cm.sys
2008-05-10 10:21 . 2007-04-23 15:54 83,208 -ra------ C:\WINDOWS\system32\drivers\s115bus.sys
2008-05-10 10:21 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115whnt.sys
2008-05-10 10:21 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115wh.sys
2008-05-10 10:19 . 2008-05-10 10:19 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Light StartUp
2008-05-10 10:18 . 2008-05-10 10:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-10 10:18 . 2008-05-10 10:18 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-05-10 10:18 . 2008-05-10 10:18 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-05-10 10:18 . 2008-05-10 10:18 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Sony Ericsson
2008-05-10 10:17 . 2008-05-10 10:18 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-05-10 10:17 . 2008-05-10 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-05-09 19:47 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-09 19:47 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-09 15:23 . 2008-05-21 10:59 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\foobar2000
2008-05-09 14:35 . 2008-05-09 14:35 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Creative
2008-05-09 14:35 . 2008-05-09 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-05-09 14:35 . 2008-05-09 14:35 19 --a------ C:\WINDOWS\cie12.ini
2008-05-09 14:34 . 2008-05-09 14:34 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-05-09 14:27 . 2008-05-09 14:27 135 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-09 14:26 . 2008-05-22 14:30 962 --a------ C:\WINDOWS\WINCMD.INI
2008-05-08 21:32 . 2008-05-08 21:32 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-08 21:27 . 2008-05-08 21:27 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Gadu-Gadu
2008-05-08 21:24 . 2008-05-21 23:21 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\Tlen.pl
2008-05-08 21:20 . 2008-05-08 21:20 <DIR> d-------- C:\Program Files\SAGEM
2008-05-08 21:20 . 2008-05-08 21:20 <DIR> d-------- C:\Documents and Settings\Wojtaz\Dane aplikacji\InstallShield
2008-05-08 21:20 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-08 21:19 . 2008-05-08 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-05-08 21:18 . 2008-05-08 21:19 <DIR> d-------- C:\WINDOWS\nview
2008-05-08 21:18 . 2005-06-15 11:20 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-05-08 21:18 . 2008-05-22 14:45 26,682 --a------ C:\WINDOWS\system32\nvapps.xml
2008-05-08 21:18 . 2005-06-15 11:20 14,757 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-05-08 21:17 . 2004-05-02 10:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
2008-05-08 21:16 . 2008-05-08 21:16 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-08 21:13 . 2008-05-08 21:13 <DIR> d-------- C:\WINDOWS\NV16841708.TMP
2008-05-08 21:12 . 2005-09-28 11:08 176,128 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-05-08 21:11 . 2008-05-15 22:53 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-08 21:11 . 2008-05-10 15:59 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-08 21:11 . 2008-05-08 21:11 <DIR> d-------- C:\Program Files\AMD
2008-05-08 21:11 . 2005-03-09 15:53 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-08 21:11 . 2008-05-08 21:11 14,595 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-08 21:11 . 2004-08-14 12:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-05-08 21:10 . 2004-04-30 17:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-08 21:09 . 2008-05-08 21:09 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-05-08 21:09 . 2008-05-22 15:00 <DIR> d--h----- C:\Documents and Settings\Wojtaz\Ustawienia lokalne
2008-05-08 21:09 . 2008-05-08 21:10 <DIR> dr------- C:\Documents and Settings\Wojtaz\Ulubione
2008-05-08 21:09 . 2008-05-08 20:58 <DIR> d--h----- C:\Documents and Settings\Wojtaz\Szablony
2008-05-08 21:09 . 2008-05-22 15:00 <DIR> d-------- C:\Documents and Settings\Wojtaz\Pulpit
2008-05-08 21:09 . 2008-05-15 22:32 <DIR> dr------- C:\Documents and Settings\Wojtaz\Moje dokumenty
2008-05-08 21:09 . 2008-05-08 22:52 <DIR> dr------- C:\Documents and Settings\Wojtaz\Menu Start
2008-05-08 21:09 . 2008-05-17 13:43 <DIR> dr-h----- C:\Documents and Settings\Wojtaz\Dane aplikacji
2008-05-08 21:09 . 2008-05-14 20:10 <DIR> d-------- C:\Documents and Settings\Wojtaz
2008-05-08 21:09 . 2008-05-22 15:00 <DIR> d--h----- C:\Documents and Settings\NetworkService\Ustawienia lokalne
2008-05-08 21:09 . 2008-05-08 21:09 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji
2008-05-08 21:09 . 2008-05-08 21:09 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-05-08 21:09 . 2008-05-22 15:00 <DIR> d--h----- C:\Documents and Settings\LocalService\Ustawienia lokalne
2008-05-08 21:09 . 2008-05-13 18:11 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji
2008-05-08 21:09 . 2008-05-08 21:09 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-05-08 21:09 . 2008-05-08 21:09 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-08 21:08 . 2008-05-22 15:00 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne
2008-05-08 21:08 . 2008-05-08 22:52 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Ulubione
2008-05-08 21:08 . 2008-05-08 20:58 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Szablony
2008-05-08 21:08 . 2008-05-08 22:52 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Pulpit
2008-05-08 21:08 . 2008-05-08 22:52 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Moje dokumenty
2008-05-08 21:08 . 2008-05-08 22:52 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Start
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 06:18 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-05-10 08:50 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-08 18:42 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 18:41 --------- d-----w C:\Program Files\Usługi online
2007-05-22 13:53 376,832 --sh--w C:\WINDOWS\system32\activexdebugger32.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-22_11.38.57,25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 08:11:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-22 11:55:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 19:11 925696]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 11:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 11:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 11:20 86016]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-15 22:55:36 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"msacm.avis"= ff_acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Tlen.pl\\tlen.exe"=
"D:\\Program Files\\Aptana\\Aptana Studio\\jre\\bin\\javaw.exe"=
"D:\\Program Files\\BearShare\\BearShare.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"32459:TCP"= 32459:TCP:BitComet 32459 TCP
"32459:UDP"= 32459:UDP:BitComet 32459 UDP
S3 gggen;Generic USB Flash Driver;C:\WINDOWS\system32\DRIVERS\gggen.sys [2006-09-28 14:10]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2006-04-23 03:34]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-11 12:11:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 15:00:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-22 15:01:12
ComboFix-quarantined-files.txt 2008-05-22 13:01:10
ComboFix2.txt 2008-05-22 12:48:18
ComboFix3.txt 2008-05-22 09:39:05
Pre-Run: 17,554,362,368 bajtów wolnych
Post-Run: 17,547,182,080 bajtów wolnych
228
przez Okocza 22 Maj 2008, 15:06
wojtaz13 napisał(a):Magik, które usunąć:
przez Wojtaz 22 Maj 2008, 15:09
Znaczy jest ikonka tej ręki na dysku
przez Okocza 22 Maj 2008, 15:10
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 14 gości
