Czy mam formatować kompa ? Czy istnieje szansa na wyleczenie ?
Aktualizacje na programosy.pl:
Mozilla Firefox • Folder Lock • Passware Kit Standard • ReSharper • Adblock Plus • EverNote • SIW (System Info) • IntelliJ IDEA Community Edition • Lansweeper
-
- Ogłoszenie:
prośba o pomoc z komputerem [log]
28 posty(ów) • Strona 2 z 2 • 1, 2
przez wojtas 16 Gru 2007, 15:16
a w sieciowce nie ma zadnych sterownikow czy czegos ? sprobuj je przeinstalowac
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
przez tomilek 16 Gru 2007, 16:12
zrobiłem format, bo za długo to trwało, a muszę popracowac troszkę.
Prośba o kontrolę, czy coś się jeszcze nie przykleiło - oto nowe logi po formacie:
HisjackThis
Prośba o kontrolę, czy coś się jeszcze nie przykleiło - oto nowe logi po formacie:
- Kod: Zaznacz wszystko
ComboFix 07-12-15.5 - tomilek 2007-12-16 15:06:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.514 [GMT 1:00]
Running from: L:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
E:\autorun.inf
F:\Autorun.inf
G:\autorun.inf
H:\autorun.inf
I:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-11-16 to 2007-12-16 )))))))))))))))))))))))))))))))
.
2007-12-16 14:31 . 2007-12-16 14:31 <DIR> d-------- C:\Program Files\Rzeczpospolita - Mała Księgowość
2007-12-16 14:15 . 2007-12-16 14:15 <DIR> d-------- C:\Documents and Settings\tomilek\Dane aplikacji\skypePM
2007-12-16 14:15 . 2007-12-16 14:15 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-12-16 14:14 . 2007-12-16 14:14 <DIR> d-------- C:\Program Files\Google
2007-12-16 14:14 . 2007-12-16 14:57 <DIR> d-------- C:\Documents and Settings\tomilek\Dane aplikacji\Skype
2007-12-16 14:13 . 2007-12-16 14:13 <DIR> d-------- C:\Program Files\Skype
2007-12-16 14:13 . 2007-12-16 14:13 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-16 14:13 . 2007-12-16 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-12-16 14:11 . 2007-12-16 14:11 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-12-16 14:11 . 2007-12-16 14:11 <DIR> d-------- C:\Documents and Settings\tomilek\Gadu-Gadu
2007-12-16 14:08 . 2007-12-16 14:08 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-16 14:07 . 2007-12-16 14:07 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-16 14:05 . 2007-12-16 14:05 <DIR> d-------- C:\WINDOWS\Cache
2007-12-16 14:04 . 2007-12-16 14:04 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-16 14:04 . 2007-12-16 14:04 <DIR> d-------- C:\Program Files\Ahead
2007-12-16 14:04 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-16 14:04 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-16 14:04 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-16 14:04 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-16 14:04 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-16 14:04 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-16 14:03 . 2007-12-16 14:03 <DIR> d-------- C:\Program Files\Avira
2007-12-16 14:03 . 2007-12-16 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 12:55 --------- d-----w C:\Program Files\AutoCAD 2004
2007-12-16 12:53 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-12-16 12:53 12,464 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2007-12-16 12:53 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-16 12:53 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-16 12:53 --------- d-----w C:\Program Files\Autodesk
2007-12-16 12:53 --------- d-----w C:\Program Files\AnswerWorks 4.0
2007-12-16 12:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2007-12-16 12:43 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-16 12:43 --------- d-----w C:\Program Files\Microsoft Works
2007-12-16 12:41 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-12-16 12:38 --------- d-----w C:\Program Files\ArcSoft
2007-12-16 12:37 --------- d-----w C:\Program Files\BitComet
2007-12-16 12:37 --------- d-----w C:\Documents and Settings\tomilek\Dane aplikacji\Autodesk
2007-12-16 12:35 --------- d-----w C:\Program Files\Real
2007-12-16 12:35 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-16 12:35 --------- d-----w C:\Program Files\Common Files\Real
2007-12-16 12:34 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-16 12:31 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-12-16 12:31 --------- d-----w C:\Documents and Settings\tomilek\Dane aplikacji\BESTplayer
2007-12-16 12:29 --------- d-----w C:\Documents and Settings\tomilek\Dane aplikacji\Media Player Classic
2007-12-16 12:25 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-16 12:24 --------- d-----w C:\Documents and Settings\tomilek\Dane aplikacji\ATI
2007-12-16 12:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 12:23 --------- d-----w C:\Program Files\ATI Technologies
2007-12-16 12:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-16 12:07 --------- d-----w C:\Program Files\Intel
2007-12-16 12:06 --------- d-----w C:\Program Files\Analog Devices
2007-12-16 11:59 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-16 11:58 --------- d-----w C:\Program Files\Usługi online
2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutoCAD Digital Signatures Icon Overlay Handler]
@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}
[HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]
2003-02-14 11:31 136352 --a------ C:\WINDOWS\system32\AcSignIcon.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-11-05 14:33]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:23]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-16 13:35]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-16 14:09]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SSMDRV
*Newly Created Service* - UDFS
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 15:07:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-16 15:08:25
HisjackThis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:32, on 2007-12-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
L:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6427 bytes
przez wojtas 16 Gru 2007, 16:55
tomilek napisał(a):mam, a co ?
jest na nim infekcja wiec musisz go sformatowac i po sformatowaniu dac loga z combofixa. poniewaz gdy go nie sformatujesz to po podlaczeniu kazdym bedzie wirus wchodzil na kompa
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez tomilek 16 Gru 2007, 17:02
Już
- Kod: Zaznacz wszystko
ComboFix 07-12-15.5 - tomilek 2007-12-16 16:00:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.487 [GMT 1:00]
Running from: C:\Documents and Settings\tomilek\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-16 to 2007-12-16 )))))))))))))))))))))))))))))))
.
2007-12-16 14:31 . 2007-12-16 15:55 <DIR> d-------- C:\Program Files\Rzeczpospolita - Mała Księgowość
2007-12-16 14:15 . 2007-12-16 14:15 <DIR> d-------- C:\Documents and Settings\tomilek\Dane aplikacji\skypePM
2007-12-16 14:15 . 2007-12-16 14:15 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-12-16 14:14 . 2007-12-16 14:14 <DIR> d-------- C:\Program Files\Google
2007-12-16 14:14 . 2007-12-16 15:49 <DIR> d-------- C:\Documents and Settings\tomilek\Dane aplikacji\Skype
2007-12-16 14:13 . 2007-12-16 14:13 <DIR> d-------- C:\Program Files\Skype
2007-12-16 14:13 . 2007-12-16 14:13 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-16 14:13 . 2007-12-16 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-12-16 14:11 . 2007-12-16 14:11 <DIR> d-------- C:\Program Files\Gadu-Gadu
2007-12-16 14:11 . 2007-12-16 14:11 <DIR> d-------- C:\Documents and Settings\tomilek\Gadu-Gadu
2007-12-16 14:08 . 2007-12-16 14:08 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-16 14:07 . 2007-12-16 14:07 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-16 14:05 . 2007-12-16 14:05 <DIR> d-------- C:\WINDOWS\Cache
2007-12-16 14:04 . 2007-12-16 14:04 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-16 14:04 . 2007-12-16 14:04 <DIR> d-------- C:\Program Files\Ahead
2007-12-16 14:04 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-16 14:04 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-16 14:04 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-16 14:04 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-16 14:04 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-16 14:04 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-16 14:03 . 2007-12-16 14:03 <DIR> d-------- C:\Program Files\Avira
2007-12-16 14:03 . 2007-12-16 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 12:55 --------- d-----w C:\Program Files\AutoCAD 2004
2007-12-16 12:53 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-12-16 12:53 12,464 ----a-w C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2007-12-16 12:53 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-16 12:53 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-16 12:53 --------- d-----w C:\Program Files\Autodesk
2007-12-16 12:53 --------- d-----w C:\Program Files\AnswerWorks 4.0
2007-12-16 12:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2007-12-16 12:43 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-16 12:43 --------- d-----w C:\Program Files\Microsoft Works
2007-12-16 12:41 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
2007-12-16 12:38 --------- d-----w C:\Program Files\ArcSoft
2007-12-16 12:37 --------- d-----w C:\Program Files\BitComet
2007-12-16 12:37 --------- d-----w C:\Documents and Settings\tomilek\Dane aplikacji\Autodesk
2007-12-16 12:35 --------- d-----w C:\Program Files\Real
2007-12-16 12:35 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-16 12:35 --------- d-----w C:\Program Files\Common Files\Real
2007-12-16 12:34 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-16 12:31 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-12-16 12:31 --------- d-----w C:\Documents and Settings\tomilek\Dane aplikacji\BESTplayer
2007-12-16 12:29 --------- d-----w C:\Documents and Settings\tomilek\Dane aplikacji\Media Player Classic
2007-12-16 12:25 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-16 12:24 --------- d-----w C:\Documents and Settings\tomilek\Dane aplikacji\ATI
2007-12-16 12:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-16 12:23 --------- d-----w C:\Program Files\ATI Technologies
2007-12-16 12:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-16 12:07 --------- d-----w C:\Program Files\Intel
2007-12-16 12:06 --------- d-----w C:\Program Files\Analog Devices
2007-12-16 11:59 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-16 11:58 --------- d-----w C:\Program Files\Usługi online
2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutoCAD Digital Signatures Icon Overlay Handler]
@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}
[HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]
2003-02-14 11:31 136352 --a------ C:\WINDOWS\system32\AcSignIcon.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-11-05 14:33]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:23]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 16:51]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 19:28]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-16 13:35]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-16 14:09]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SSMDRV
*Newly Created Service* - UDFS
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 16:01:30
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-16 16:02:05
C:\ComboFix2.txt ... 2007-12-16 15:08
28 posty(ów) • Strona 2 z 2 • 1, 2
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 14 gości