prosze o analizę loga z combofixa

[Okocza]

tak, wstaw go na forum +


Wykonaj to co jest podane w tym temacie

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem

ale chce wiedzieć co i jak:)

to co zrobiłeś, usuneło Ci z rejestru niepotrzebny wpis

[marjano82]

a oto i log:

ComboFix 08-06-20.4 - Mariusz 2008-06-30 11:51:15.7 - NTFSx86
Running from: C:\Documents and Settings\Mariusz\Pulpit\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-27 07:56 . 2008-06-27 07:56 <DIR> d-------- C:\Program Files\MoorHunt
2008-06-26 07:31 . 2008-06-26 07:31 <DIR> d-------- C:\!KillBox
2008-06-24 11:14 . 2008-06-24 11:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-23 08:15 . 2008-06-23 08:15 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-23 08:15 . 2008-06-23 08:15 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-23 08:14 . 2008-06-30 08:12 2,634,272 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-23 08:14 . 2008-06-30 08:12 557,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-23 08:14 . 2008-06-30 08:12 22,708 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-23 08:14 . 2008-06-30 08:12 4,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-18 09:59 . 2008-06-30 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-06-18 09:35 . 2008-06-18 09:54 <DIR> d-------- C:\KAV
2008-06-11 15:02 . 2008-06-11 15:02 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 07:00 . 2008-06-14 20:01 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 07:00 . 2008-06-14 20:01 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-02 08:11 . 2008-06-02 08:11 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-05-19 09:27 . 2008-05-19 09:27 <DIR> d-------- C:\Documents and Settings\Mariusz\Dane aplikacji\Zoner
2008-05-16 10:29 . 2008-05-16 10:29 <DIR> d-------- C:\Program Files\MERIDIAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 05:55 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\MegauploadToolbar
2008-06-24 09:50 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\OpenOffice.org2
2008-06-24 09:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 09:07 --------- d-----w C:\Program Files\PITy
2008-06-23 08:14 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-02 06:11 --------- d-----w C:\Program Files\Common Files\Real
2008-06-02 06:10 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-28 05:02 --------- d-----w C:\Documents and Settings\Mariusz\Dane aplikacji\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:44 1200128]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [ ]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 07:26 68856]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 13:18 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 08:10 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Mariusz^Menu Start^Programy^Autostart^OpenOffice.org 2.0.3.lnk]
path=C:\Documents and Settings\Mariusz\Menu Start\Programy\Autostart\OpenOffice.org 2.0.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
C:\Program Files\Tlen.pl\tlen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-06-16 01:15 366400 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Konnekt\\konnekt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"24600:TCP"= 24600:TCP:BitComet 24600 TCP
"24600:UDP"= 24600:UDP:BitComet 24600 UDP


*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 11:54:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-30 11:58:47
ComboFix-quarantined-files.txt 2008-06-30 09:58:37
ComboFix2.txt 2008-06-30 07:18:33

Pre-Run: 31,143,927,808 bajtów wolnych
Post-Run: 31,117,320,192 bajtów wolnych

110 --- E O F --- 2008-06-20 13:01:14

[Okocza]

jest już czysto - wykonaj to co zaleciłem w poprzednim poście i będzie ok

[marjano82]

Ok. Będą jeszcze 2 kompy do przeskanowania ale to wieczorkiem, chce być pewien że na żadnym z nich nie ma tego ***** amvo:)
Dzięki raz jeszcze i pozdrawiam.

[ Dodano: Dzisiaj o 17:37 ]
Podaję log z combofixa drugiego kompa, jeśli możecie sprawdzcie go szczegolnie pod katem wspomnianego amvo.exe. oto log:

ComboFix 08-06-20.4 - marjan 2008-06-30 17:23:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.672 [GMT 2:00]
Running from: C:\Documents and Settings\marjan\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo1.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-23 23:34 . 2008-06-23 08:07 111,715 -r-hs---- C:\1nkbd8h.bat
2008-06-21 20:39 . 2002-01-02 14:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-06-21 20:39 . 2008-06-30 17:25 3,118,112 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-21 20:39 . 2008-06-30 17:25 393,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-21 20:39 . 2008-06-21 20:39 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-21 20:39 . 2008-06-21 20:39 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-21 20:39 . 2008-06-30 17:25 27,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-21 20:39 . 2008-06-30 17:25 4,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-19 18:20 . 2008-06-19 18:20 0 --a------ C:\WINDOWS\graphedit.INI
2008-06-18 16:43 . 2008-06-18 16:43 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-18 15:24 . 2008-06-18 16:20 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-17 00:05 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-17 00:04 . 2008-06-17 00:04 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-14 12:22 . 2008-06-18 06:37 <DIR> d-------- C:\Documents and Settings\marjan\Dane aplikacji\U3
2008-06-14 11:08 . 2002-01-02 03:29 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-14 10:28 . 2005-04-20 13:32 2,916,352 --------- C:\WINDOWS\UNNMP.exe
2008-06-14 10:28 . 2006-03-22 13:55 47,867 --------- C:\WINDOWS\UNNMP.cfg
2008-06-14 10:25 . 2008-06-14 10:25 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-14 10:24 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNNeroVision.exe
2008-06-14 10:24 . 2006-03-22 13:55 179,261 --------- C:\WINDOWS\UNNeroVision.cfg
2008-06-14 10:24 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-14 10:23 . 2008-06-14 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-06-14 10:23 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-06-14 07:32 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-06-14 07:32 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-06-14 07:32 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-06-14 07:32 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-06-14 07:32 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-06-14 07:32 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-14 07:32 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-06-14 07:30 . 2008-06-14 07:30 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-14 07:30 . 2008-06-14 10:27 <DIR> d-------- C:\Program Files\Ahead
2008-06-11 16:45 . 2008-06-13 12:20 356 --a------ C:\WINDOWS\pdf2word.INI
2008-06-11 16:44 . 2008-06-11 16:44 <DIR> d-------- C:\Program Files\VeryPDF PDF2Word v3.0
2008-06-10 21:34 . 2008-06-10 21:34 <DIR> d-------- C:\Documents and Settings\marjan\Dane aplikacji\DisplayTune
2008-06-10 20:54 . 2008-06-10 20:54 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-10 18:44 . 2008-06-10 18:44 <DIR> d-------- C:\Program Files\Portrait Displays
2008-06-10 18:44 . 2008-06-10 18:44 <DIR> d-------- C:\Program Files\Common Files\Portrait Displays
2008-06-08 20:17 . 2008-06-08 20:17 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-07 11:09 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-07 11:09 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-07 11:09 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-07 11:09 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-07 11:05 . 2002-01-02 14:28 138,408 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-07 11:05 . 2008-06-07 11:05 22,328 --a------ C:\Documents and Settings\marjan\Dane aplikacji\PnkBstrK.sys
2008-06-07 11:04 . 2008-06-07 11:04 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-07 11:04 . 2002-01-02 14:27 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-06-07 11:04 . 2008-06-07 11:06 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-06-07 11:04 . 2008-06-07 11:04 267 --a------ C:\WINDOWS\game.ini
2008-06-05 12:22 . 2008-06-11 23:02 16,832 --a------ C:\Documents and Settings\marjan\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-06-05 09:13 . 2008-06-05 09:14 <DIR> d-------- C:\ProgDVB
2008-06-05 09:11 . 2008-06-05 09:11 <DIR> d-------- C:\Program Files\Elecard MPEG2 Decoder Package 2.0
2008-06-05 09:11 . 2008-06-05 09:11 <DIR> d-------- C:\Program Files\Common Files\Elecard
2008-06-05 09:04 . 2008-06-05 09:04 <DIR> d-------- C:\Program Files\DVBViewerTE
2008-06-05 09:03 . 2008-06-05 09:03 <DIR> d-------- C:\Program Files\TechniSat DVB
2008-06-05 09:03 . 2008-06-05 09:03 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-05 09:02 . 2004-10-13 11:56 462,212 -ra------ C:\WINDOWS\system32\drivers\SkyNET.sys
2008-06-04 22:04 . 2008-06-04 22:04 12,664 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-04 20:17 . 2008-06-04 20:17 <DIR> d-------- C:\KAV
2008-06-04 19:24 . 2008-06-04 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-06-04 18:31 . 2008-06-16 20:07 <DIR> d-------- C:\Documents and Settings\marjan\Dane aplikacji\gtk-2.0
2008-06-04 18:30 . 2008-06-04 18:30 <DIR> d-------- C:\Documents and Settings\marjan\Dane aplikacji\.RawTherapee
2008-06-04 18:28 . 2008-06-04 18:28 <DIR> d-------- C:\Program Files\Raw Therapee
2008-06-04 17:39 . 2008-06-04 17:39 <DIR> d-------- C:\Program Files\MarBit
2008-06-03 22:40 . 2008-06-03 22:40 <DIR> d-------- C:\Documents and Settings\marjan\Dane aplikacji\AdobeUM
2008-06-03 18:47 . 2008-06-03 18:47 <DIR> d-------- C:\Documents and Settings\marjan\Dane aplikacji\Media Player Classic
2008-06-03 13:11 . 2008-06-03 13:11 <DIR> d-------- C:\Program Files\ReaConverter 5.5 Pro
2008-06-03 13:11 . 2008-06-03 13:20 <DIR> d-------- C:\Documents and Settings\marjan\Dane aplikacji\RCP 5
2008-06-03 13:00 . 2008-06-03 13:34 <DIR> d-------- C:\Program Files\ImageConverter Plus
2008-06-03 13:00 . 2004-04-19 18:53 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-06-03 12:55 . 2008-06-04 18:32 <DIR> d-------- C:\Documents and Settings\marjan\Dane aplikacji\VSO
2008-06-03 12:54 . 2008-06-03 12:54 <DIR> d-------- C:\Program Files\VSO
2008-06-03 11:15 . 2008-06-03 11:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-03 06:12 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-03 06:11 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-03 06:11 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-03 06:11 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-03 06:11 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-03 06:11 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-03 06:11 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-03 06:11 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-03 06:11 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-03 06:11 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-03 01:11 . 2008-06-17 00:02 <DIR> d-------- C:\Program Files\ffdshow
2008-06-03 01:11 . 2008-06-03 01:11 1,052 --a------ C:\WINDOWS\VPlayer.INI
2008-06-03 01:11 . 2008-06-03 01:11 187 --a------ C:\WINDOWS\VplayerINI.vpl
2008-06-03 01:10 . 2008-06-03 01:11 <DIR> d-------- C:\Program Files\Winamp
2008-06-03 01:10 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-03 01:09 . 2008-06-14 11:06 <DIR> d-------- C:\Program Files\Real Alternative
2008-06-03 01:09 . 2008-06-14 11:05 <DIR> d-------- C:\Program Files\Media Player Classic
2008-06-02 23:05 . 2008-06-02 23:05 <DIR> d-------- C:\WINDOWS\Sun
2008-06-02 23:04 . 2008-06-02 23:04 <DIR> d-------- C:\Program Files\Sun
2008-06-02 23:04 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 23:03 . 2008-06-02 23:04 <DIR> d-------- C:\Program Files\Java
2008-06-02 23:02 . 2008-06-02 23:02 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-02 22:41 . 2008-06-02 22:41 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-06-02 21:28 . 2007-02-28 18:04 2,181,632 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-06-02 21:28 . 2007-02-28 18:04 2,137,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-06-02 21:28 . 2007-02-28 18:04 2,058,880 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-06-02 21:28 . 2007-02-28 18:04 2,017,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-06-02 21:27 . 2006-03-17 02:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-06-02 21:11 . 2008-06-02 21:11 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-06-02 21:11 . 2008-06-02 21:11 <DIR> d-------- C:\Program Files\ACD Systems
2008-06-02 21:11 . 2008-06-02 21:11 <DIR> d-------- C:\Documents and Settings\marjan\Dane aplikacji\ACD Systems
2008-06-02 21:11 . 2008-06-02 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems
2008-06-02 21:08 . 2008-06-02 21:08 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-06-02 21:06 . 2008-06-04 18:37 <DIR> d-------- C:\Program Files\Picasa2
2008-06-02 21:06 . 2008-06-02 21:06 <DIR> d-------- C:\Program Files\Google
2008-06-02 21:06 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-02 21:06 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-02 20:12 . 2008-06-02 20:12 <DIR> d-------- C:\Documents and Settings\marjan\Dane aplikacji\ArcaBit
2008-06-02 19:44 . 2008-06-02 19:45 <DIR> d-------- C:\Documents and Settings\marjan\ArcaMicroScan
2008-06-02 19:13 . 2008-06-02 21:25 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-02 19:13 . 2008-06-02 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-06-02 17:45 . 2008-06-10 20:54 1,300 --a------ C:\WINDOWS\mozver.dat
2008-06-02 17:09 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-02 17:09 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-02 17:09 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-02 17:09 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-02 16:53 . 2008-06-02 16:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-02 16:35 . 2008-06-02 16:35 <DIR> d-------- C:\Documents and Settings\marjan\Dane aplikacji\Gadu-Gadu
2008-06-02 09:32 . 2008-06-03 06:38 <DIR> d-------- C:\WINDOWS\system32\pl-pl
2008-06-02 09:31 . 2008-06-03 22:55 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-02 08:14 . 2008-06-02 08:14 <DIR> d-------- C:\Program Files\PocketRAR
2008-06-02 08:07 . 2008-06-02 08:07 427 --a------ C:\WINDOWS\ODBC.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 14:16 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-01 14:14 --------- d-----w C:\Program Files\Usługi online
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-25 08:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"scheduler_monitor"="C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 11:17 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 03:11 925696]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-02-23 21:10 35328]
"DT HPW"="C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-09-28 15:52 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

C:\Documents and Settings\marjan\Menu Start\Programy\Autostart\
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\cinetray.exe [2002-09-18 14:16:30 98304]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2008-06-05 09:03:42 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DVBViewerTE\\ts_winlirc.exe"=
"C:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Cod4\\iw3mp.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R0 m5288;m5288;C:\WINDOWS\system32\DRIVERS\m5288.sys [2005-12-23 22:54]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 08:10]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S3 rcp_service;ReaConverter scheduler service;C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 12:27]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2004-10-13 11:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{259b43a0-39f4-11dd-9132-00d0d70bc73c}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{593e9d38-3123-11dd-82fd-00173183ecd8}]
\Shell\AutoRun\command - G:\1nkbd8h.bat
\Shell\explore\Command - G:\1nkbd8h.bat
\Shell\open\Command - G:\1nkbd8h.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b40eeca6-3301-11dd-9114-806d6172696f}]
\Shell\AutoRun\command - F:\iefqwp.cmd
\Shell\explore\Command - F:\iefqwp.cmd
\Shell\open\Command - F:\iefqwp.cmd

*Newly Created Service* - GIVEIO
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 17:26:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-30 17:35:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 15:34:59

Pre-Run: 2,739,712,000 bajtów wolnych
Post-Run: 3,916,668,928 bajt˘w wolnych

252 --- E O F --- 2008-06-04 13:41:09

[ Dodano: Dzisiaj o 18:02 ]
i przepraszam za ten wulgaryzm admina....już się takoż wyrażał nie będę:) zdenerwowany człek był to i mięskiem się nieco rzuciło:)

[ Dodano: Dzisiaj o 17:22 ]
Proszę ponownie o analizę loga z combofixa, tym razem to komputer mojej narzeczonej. Problemy ponowne- byl wczesniej AMVO.EXE oraz M88COAIM.EXE na obu dyskach. oto log:

ComboFix 08-07-05.1 - Irenia K 2008-07-07 17:10:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.111 [GMT 2:00]
Running from: C:\Documents and Settings\Irenia K\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Irenia K\ravmonlog
C:\temp\unins000.dat

.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-07 17:04 . 2008-07-07 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-07-07 17:00 . 2008-07-07 17:03 <DIR> d-------- C:\WINDOWS\nview
2008-07-07 17:00 . 2005-07-20 15:07 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-07 17:00 . 2008-07-07 17:14 29,204 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-07 17:00 . 2005-07-20 15:07 14,757 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-07 16:58 . 2004-05-02 10:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
2008-06-22 19:41 . 2008-06-22 19:41 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-22 19:41 . 2008-06-22 19:41 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-22 19:40 . 2008-06-22 19:40 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-22 19:40 . 2008-07-07 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-06-22 19:40 . 2008-07-07 17:13 1,530,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-22 19:40 . 2008-07-07 17:13 278,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-22 19:40 . 2008-07-07 17:13 14,084 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-22 19:40 . 2008-07-07 17:13 3,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-18 20:10 . 2008-06-18 20:11 168,509 --a------ C:\RATUJ5.DOC
2008-06-18 20:10 . 2008-06-18 20:10 653 --a------ C:\RATUJ4.DOC
2008-06-18 20:10 . 2008-06-18 20:10 2 --a------ C:\RATUJ3.DOC
2008-06-18 20:09 . 2008-06-18 20:10 168,509 --a------ C:\RATUJ2.DOC
2008-06-18 20:09 . 2008-06-18 20:09 653 --a------ C:\RATUJ1.DOC
2008-06-18 20:09 . 2008-06-18 20:09 653 --a------ C:\RATUJ.DOC
2008-06-18 18:32 . 2008-06-18 18:32 <DIR> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 10:56 --------- d-----w C:\Documents and Settings\Irenia K\Dane aplikacji\U3
2008-06-23 10:47 --------- d-----w C:\Documents and Settings\Irenia K\Dane aplikacji\Image Zone Express
2008-06-13 14:39 --------- d-----w C:\Program Files\Sims
2008-06-12 15:10 --------- d-----w C:\Program Files\Winamp
2008-06-07 15:14 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-25 16:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
2008-04-18 14:19 19,448 ----a-w C:\Documents and Settings\Irenia K\Dane aplikacji\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 19:45 35328]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 15:07 7110656]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 15:07 86016]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
"nwiz"="nwiz.exe" [2005-07-20 15:07 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15719:TCP"= 15719:TCP:NortonAV
"18347:TCP"= 18347:TCP:NortonAV
"13084:TCP"= 13084:TCP:NortonAV
"16188:TCP"= 16188:TCP:NortonAV
"13466:TCP"= 13466:TCP:NortonAV
"12914:TCP"= 12914:TCP:NortonAV

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{494c0b34-4ce2-11dc-aba9-00138f8b0b60}]
\Shell\AutoRun\command - F:\d.cmd
\Shell\explore\Command - F:\d.cmd
\Shell\open\Command - F:\d.cmd

.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 17:14:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-07 17:17:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-07 15:17:16

Pre-Run: 3,715,674,112 bajtów wolnych
Post-Run: 5,291,827,200 bajt˘w wolnych

134

Autor postu otrzymał pochwałę