Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Prośba o konstrolne sprawdzenie loga...
16 Lut 2008, 09:54
Witam, tak jak w temacie...
ComboFix
ComboFix
- Kod:
ComboFix 08-02-16.2 - Maciekk 2008-02-17 8:52:51.10 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1682 [GMT 1:00]
Running from: C:\Documents and Settings\Maciekk\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-12 15:29 . 2008-02-12 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-12 15:29 . 2008-02-12 16:27 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-12 15:29 . 2008-02-12 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-11 18:51 . 2008-02-11 18:51 <DIR> d--hs---- C:\FOUND.005
2008-02-11 18:04 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-11 18:04 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-11 18:03 . 2008-02-11 18:03 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-02-11 18:03 . 2005-04-12 19:21 45,504 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-02-11 18:03 . 2005-04-12 19:21 22,240 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-02-11 18:03 . 2005-04-12 19:21 17,632 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys
2008-02-11 18:03 . 2005-04-12 19:21 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-02-11 18:03 . 2005-04-12 19:21 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-02-11 17:35 . 2008-02-11 17:36 <DIR> d-------- C:\Documents and Settings\Maciekk\Dane aplikacji\THQ
2008-02-11 17:26 . 2008-02-11 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-02-09 16:16 . 2006-02-04 04:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-09 16:16 . 2006-02-04 04:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Program Files\QuickTime
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Program Files\iTunes
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Program Files\iPod
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Program Files\Bonjour
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-02-09 01:00 . 2008-02-16 22:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 01:00 . 2008-02-09 01:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-09 00:59 . 2008-02-09 00:59 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-09 00:59 . 2008-02-09 00:59 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-09 00:59 . 2008-02-09 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-02-07 09:14 . 2008-02-07 09:14 <DIR> d--hs---- C:\FOUND.004
2008-02-06 23:29 . 2008-02-06 23:29 <DIR> d--hs---- C:\FOUND.003
2008-02-04 19:46 . 2008-02-04 19:46 <DIR> d-------- C:\WINDOWS\Lineage II Red Dragon
2008-02-04 09:51 . 2008-02-04 09:51 <DIR> d-------- C:\Program Files\GraveLand.pl
2008-02-02 11:03 . 2008-02-02 11:03 <DIR> d-------- C:\Program Files\uTorrent
2008-02-02 11:03 . 2008-02-02 11:03 <DIR> d-------- C:\Documents and Settings\Maciekk\Dane aplikacji\uTorrent
2008-02-01 09:41 . 2008-02-01 09:41 <DIR> d--hs---- C:\FOUND.002
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-26 14:04 . 2008-02-16 19:42 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-25 18:06 . 2008-01-25 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-01-25 18:05 . 2008-01-25 18:05 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-01-25 18:02 . 2008-01-25 18:02 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-25 15:45 . 2008-01-25 15:45 <DIR> d-------- C:\Documents and Settings\Maciekk\Dane aplikacji\Ahead
2008-01-25 15:45 . 2008-01-25 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-01-24 21:30 . 2008-01-24 21:30 3,348 --a------ C:\WINDOWS\nero.INI
2008-01-24 20:22 . 2008-01-24 20:22 0 --a------ C:\WINDOWS\Irremote.ini
2008-01-23 14:49 . 2008-01-23 14:49 <DIR> dr-h----- C:\Documents and Settings\Maciekk\Dane aplikacji\SecuROM
2008-01-17 10:47 . 2008-01-17 10:47 427 --a------ C:\WINDOWS\ODBC.INI
2008-01-17 10:44 . 2008-01-17 10:44 <DIR> d-------- C:\WINDOWS\ShellNew
2008-01-17 10:43 . 2008-01-17 10:43 <DIR> d-------- C:\Documents and Settings\Maciekk\Dane aplikacji\Microsoft Web Folders
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 18:44 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\Winamp
2008-01-16 18:40 --------- d-----w C:\Program Files\Ulead Systems
2008-01-16 18:40 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-16 18:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-01-14 21:10 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\FaxCtr
2008-01-14 21:03 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-14 21:02 --------- d-----w C:\Program Files\Lx_cats
2008-01-14 21:02 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-01-14 21:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FaxCtr
2008-01-14 20:56 --------- d-----w C:\Program Files\Lexmark 3300 Series
2008-01-13 16:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-01-13 16:28 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\Nero
2008-01-13 16:26 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-13 16:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-01-13 15:27 9,216 ----a-w C:\WINDOWS\system32\clipsrv.exe
2008-01-13 15:14 7,040 ----a-w C:\WINDOWS\system32\drivers\ndisaluo.sys
2008-01-13 15:11 6,144 ----a-w C:\Documents and Settings\Maciekk\ie_updates3r.exe
2008-01-13 15:03 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\DAEMON Tools
2008-01-13 14:34 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-13 14:20 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\DAEMON Tools Pro
2008-01-13 14:04 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-13 14:04 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-11 12:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 07:38 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-10 07:33 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\Gadu-Gadu
2008-01-09 20:41 --------- d-----w C:\Program Files\Java
2008-01-09 20:39 --------- d-----w C:\Program Files\Common Files\Java
2008-01-09 19:40 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\Talkback
2008-01-09 19:31 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-01-09 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 19:29 --------- d-----w C:\Program Files\Realtek
2008-01-09 19:29 --------- d-----w C:\Program Files\DIFX
2008-01-09 19:22 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\InstallShield
2008-01-09 19:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-09 19:07 --------- d-----w C:\Program Files\VDOTool
2008-01-09 18:55 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-09 18:54 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="E:\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"DAEMON Tools Lite"="e:\DAEMON Tools Lite\daemon.exe" [2008-01-03 14:54 486856]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 18:07 8491008]
"nwiz"="nwiz.exe" [2007-09-16 18:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 18:07 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Flashget"="E:\maciek\FlashGet\FlashGet.exe" [2007-09-25 09:10 2007088]
"NBKeyScan"="E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 01:17 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36 299008]
"WinFast Schedule"="e:\TV\WFWIZ.exe" [ ]
"WinampAgent"="E:\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"BearShare"="E:\BearShare\BearShare.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 14:44 73728]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"nv"="C:\Documents and Settings\LocalService\desktop.exe" [ ]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 20:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 20:52]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-09 20:31]
S3 WFIOCTL;WFIOCTL;e:\TV\WFIOCTL.SYS [2005-01-06 16:55]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 22:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 08:53:20
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-17 8:53:33
16 Lut 2008, 11:51
Wklej do Notatnika:
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po tym nowy log z Combo
File::
C:\FOUND.005
C:\FOUND.003
C:\FOUND.004
C:\FOUND.002
C:\Documents and Settings\Maciekk\ie_updates3r.exe
C:\Documents and Settings\LocalService\desktop.exe
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"nv"=-
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po tym nowy log z Combo
16 Lut 2008, 13:14
Proszę bardzo
- Kod:
ComboFix 08-02-16.2 - Maciekk 2008-02-17 12:14:35.11 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1658 [GMT 1:00]
Running from: C:\Documents and Settings\Maciekk\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maciekk\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
C:\Documents and Settings\LocalService\desktop.exe
C:\Documents and Settings\Maciekk\ie_updates3r.exe
C:\FOUND.002
C:\FOUND.003
C:\FOUND.004
C:\FOUND.005
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Maciekk\ie_updates3r.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-12 15:29 . 2008-02-12 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-12 15:29 . 2008-02-12 16:27 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-12 15:29 . 2008-02-12 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-11 18:51 . 2008-02-11 18:51 <DIR> d--hs---- C:\FOUND.005
2008-02-11 18:04 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-11 18:04 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-11 18:03 . 2008-02-11 18:03 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-02-11 18:03 . 2005-04-12 19:21 45,504 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-02-11 18:03 . 2005-04-12 19:21 22,240 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-02-11 18:03 . 2005-04-12 19:21 17,632 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys
2008-02-11 18:03 . 2005-04-12 19:21 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-02-11 18:03 . 2005-04-12 19:21 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-02-11 17:35 . 2008-02-11 17:36 <DIR> d-------- C:\Documents and Settings\Maciekk\Dane aplikacji\THQ
2008-02-11 17:26 . 2008-02-11 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-02-09 16:16 . 2006-02-04 04:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-09 16:16 . 2006-02-04 04:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Program Files\QuickTime
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Program Files\iTunes
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Program Files\iPod
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Program Files\Bonjour
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-02-09 01:00 . 2008-02-16 22:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 01:00 . 2008-02-09 01:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-09 00:59 . 2008-02-09 00:59 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-09 00:59 . 2008-02-09 00:59 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-09 00:59 . 2008-02-09 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-02-07 09:14 . 2008-02-07 09:14 <DIR> d--hs---- C:\FOUND.004
2008-02-06 23:29 . 2008-02-06 23:29 <DIR> d--hs---- C:\FOUND.003
2008-02-04 19:46 . 2008-02-04 19:46 <DIR> d-------- C:\WINDOWS\Lineage II Red Dragon
2008-02-04 09:51 . 2008-02-04 09:51 <DIR> d-------- C:\Program Files\GraveLand.pl
2008-02-02 11:03 . 2008-02-02 11:03 <DIR> d-------- C:\Program Files\uTorrent
2008-02-02 11:03 . 2008-02-02 11:03 <DIR> d-------- C:\Documents and Settings\Maciekk\Dane aplikacji\uTorrent
2008-02-01 09:41 . 2008-02-01 09:41 <DIR> d--hs---- C:\FOUND.002
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-26 14:04 . 2008-02-16 19:42 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-25 18:06 . 2008-01-25 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-01-25 18:05 . 2008-01-25 18:05 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-01-25 18:02 . 2008-01-25 18:02 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-25 15:45 . 2008-01-25 15:45 <DIR> d-------- C:\Documents and Settings\Maciekk\Dane aplikacji\Ahead
2008-01-25 15:45 . 2008-01-25 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-01-24 21:30 . 2008-01-24 21:30 3,348 --a------ C:\WINDOWS\nero.INI
2008-01-24 20:22 . 2008-01-24 20:22 0 --a------ C:\WINDOWS\Irremote.ini
2008-01-23 14:49 . 2008-01-23 14:49 <DIR> dr-h----- C:\Documents and Settings\Maciekk\Dane aplikacji\SecuROM
2008-01-17 10:47 . 2008-01-17 10:47 427 --a------ C:\WINDOWS\ODBC.INI
2008-01-17 10:44 . 2008-01-17 10:44 <DIR> d-------- C:\WINDOWS\ShellNew
2008-01-17 10:43 . 2008-01-17 10:43 <DIR> d-------- C:\Documents and Settings\Maciekk\Dane aplikacji\Microsoft Web Folders
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 18:44 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\Winamp
2008-01-16 18:40 --------- d-----w C:\Program Files\Ulead Systems
2008-01-16 18:40 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-16 18:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-01-14 21:10 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\FaxCtr
2008-01-14 21:03 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-14 21:02 --------- d-----w C:\Program Files\Lx_cats
2008-01-14 21:02 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-01-14 21:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FaxCtr
2008-01-14 20:56 --------- d-----w C:\Program Files\Lexmark 3300 Series
2008-01-13 16:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-01-13 16:28 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\Nero
2008-01-13 16:26 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-13 16:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-01-13 15:27 9,216 ----a-w C:\WINDOWS\system32\clipsrv.exe
2008-01-13 15:14 7,040 ----a-w C:\WINDOWS\system32\drivers\ndisaluo.sys
2008-01-13 15:03 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\DAEMON Tools
2008-01-13 14:34 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-13 14:20 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\DAEMON Tools Pro
2008-01-13 14:04 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-13 14:04 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-11 12:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 07:38 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-10 07:33 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\Gadu-Gadu
2008-01-09 20:41 --------- d-----w C:\Program Files\Java
2008-01-09 20:39 --------- d-----w C:\Program Files\Common Files\Java
2008-01-09 19:40 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\Talkback
2008-01-09 19:31 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-01-09 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 19:29 --------- d-----w C:\Program Files\Realtek
2008-01-09 19:29 --------- d-----w C:\Program Files\DIFX
2008-01-09 19:22 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\InstallShield
2008-01-09 19:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-09 19:07 --------- d-----w C:\Program Files\VDOTool
2008-01-09 18:55 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-09 18:54 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="E:\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"DAEMON Tools Lite"="e:\DAEMON Tools Lite\daemon.exe" [2008-01-03 14:54 486856]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 18:07 8491008]
"nwiz"="nwiz.exe" [2007-09-16 18:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 18:07 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Flashget"="E:\maciek\FlashGet\FlashGet.exe" [2007-09-25 09:10 2007088]
"NBKeyScan"="E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 01:17 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36 299008]
"WinFast Schedule"="e:\TV\WFWIZ.exe" [ ]
"WinampAgent"="E:\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"BearShare"="E:\BearShare\BearShare.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 14:44 73728]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 20:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 20:52]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-09 20:31]
S3 WFIOCTL;WFIOCTL;e:\TV\WFIOCTL.SYS [2005-01-06 16:55]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 22:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 12:15:01
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-17 12:15:12
ComboFix2.txt 2008-02-17 07:53:34
ComboFix-quarantined-files.txt 2008-02-17 11:15:12
16 Lut 2008, 13:43
Błąd z mojej strony. Przepraszam.
Wklej do Notatnika:
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po tym nowy log z Combo
DiRT Drivers wiesz co to?
Wklej do Notatnika:
Folder::
C:\FOUND.005
C:\FOUND.003
C:\FOUND.004
C:\FOUND.002
C:\FOUND.001
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po tym nowy log z Combo
DiRT Drivers wiesz co to?
16 Lut 2008, 15:28
To Dirt Drivers to na 98% jest coś związane z grą Colin McRea Dirt
log
log
- Kod:
ComboFix 08-02-16.2 - Maciekk 2008-02-17 14:28:15.12 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1648 [GMT 1:00]
Running from: C:\Documents and Settings\Maciekk\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maciekk\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\FOUND.001
C:\FOUND.001\FILE0000.CHK
C:\FOUND.001\FILE0001.CHK
C:\FOUND.001\FILE0002.CHK
C:\FOUND.001\FILE0003.CHK
C:\FOUND.001\FILE0004.CHK
C:\FOUND.001\FILE0005.CHK
C:\FOUND.001\FILE0006.CHK
C:\FOUND.001\FILE0007.CHK
C:\FOUND.001\FILE0008.CHK
C:\FOUND.001\FILE0009.CHK
C:\FOUND.001\FILE0010.CHK
C:\FOUND.001\FILE0011.CHK
C:\FOUND.002
C:\FOUND.002\FILE0000.CHK
C:\FOUND.002\FILE0001.CHK
C:\FOUND.003
C:\FOUND.003\FILE0000.CHK
C:\FOUND.003\FILE0001.CHK
C:\FOUND.003\FILE0002.CHK
C:\FOUND.003\FILE0003.CHK
C:\FOUND.003\FILE0004.CHK
C:\FOUND.003\FILE0005.CHK
C:\FOUND.003\FILE0006.CHK
C:\FOUND.003\FILE0007.CHK
C:\FOUND.003\FILE0008.CHK
C:\FOUND.003\FILE0009.CHK
C:\FOUND.003\FILE0010.CHK
C:\FOUND.003\FILE0011.CHK
C:\FOUND.003\FILE0012.CHK
C:\FOUND.003\FILE0013.CHK
C:\FOUND.003\FILE0014.CHK
C:\FOUND.003\FILE0015.CHK
C:\FOUND.003\FILE0016.CHK
C:\FOUND.003\FILE0017.CHK
C:\FOUND.003\FILE0018.CHK
C:\FOUND.003\FILE0019.CHK
C:\FOUND.003\FILE0020.CHK
C:\FOUND.003\FILE0021.CHK
C:\FOUND.003\FILE0022.CHK
C:\FOUND.003\FILE0023.CHK
C:\FOUND.003\FILE0024.CHK
C:\FOUND.003\FILE0025.CHK
C:\FOUND.003\FILE0026.CHK
C:\FOUND.004
C:\FOUND.004\FILE0000.CHK
C:\FOUND.005
C:\FOUND.005\FILE0000.CHK
C:\FOUND.005\FILE0001.CHK
C:\FOUND.005\FILE0002.CHK
C:\FOUND.005\FILE0003.CHK
C:\FOUND.005\FILE0004.CHK
C:\FOUND.005\FILE0005.CHK
C:\FOUND.005\FILE0006.CHK
C:\FOUND.005\FILE0007.CHK
C:\FOUND.005\FILE0008.CHK
C:\FOUND.005\FILE0009.CHK
C:\FOUND.005\FILE0010.CHK
C:\FOUND.005\FILE0011.CHK
C:\FOUND.005\FILE0012.CHK
C:\FOUND.005\FILE0013.CHK
C:\FOUND.005\FILE0014.CHK
C:\FOUND.005\FILE0015.CHK
C:\FOUND.005\FILE0016.CHK
C:\FOUND.005\FILE0017.CHK
C:\FOUND.005\FILE0018.CHK
C:\FOUND.005\FILE0019.CHK
C:\FOUND.005\FILE0020.CHK
C:\FOUND.005\FILE0021.CHK
C:\FOUND.005\FILE0022.CHK
C:\FOUND.005\FILE0023.CHK
C:\FOUND.005\FILE0024.CHK
C:\FOUND.005\FILE0025.CHK
C:\FOUND.005\FILE0026.CHK
C:\FOUND.005\FILE0027.CHK
C:\FOUND.005\FILE0028.CHK
C:\FOUND.005\FILE0029.CHK
C:\FOUND.005\FILE0030.CHK
C:\FOUND.005\FILE0031.CHK
C:\FOUND.005\FILE0032.CHK
C:\FOUND.005\FILE0033.CHK
C:\FOUND.005\FILE0034.CHK
C:\FOUND.005\FILE0035.CHK
C:\FOUND.005\FILE0036.CHK
C:\FOUND.005\FILE0037.CHK
C:\FOUND.005\FILE0038.CHK
C:\FOUND.005\FILE0039.CHK
C:\FOUND.005\FILE0040.CHK
C:\FOUND.005\FILE0041.CHK
C:\FOUND.005\FILE0042.CHK
C:\FOUND.005\FILE0043.CHK
C:\FOUND.005\FILE0044.CHK
C:\FOUND.005\FILE0045.CHK
C:\FOUND.005\FILE0046.CHK
C:\FOUND.005\FILE0047.CHK
C:\FOUND.005\FILE0048.CHK
C:\FOUND.005\FILE0049.CHK
C:\FOUND.005\FILE0050.CHK
C:\FOUND.005\FILE0051.CHK
C:\FOUND.005\FILE0052.CHK
C:\FOUND.005\FILE0053.CHK
C:\FOUND.005\FILE0054.CHK
C:\FOUND.005\FILE0055.CHK
C:\FOUND.005\FILE0056.CHK
C:\FOUND.005\FILE0057.CHK
C:\FOUND.005\FILE0058.CHK
C:\FOUND.005\FILE0059.CHK
C:\FOUND.005\FILE0060.CHK
C:\FOUND.005\FILE0061.CHK
C:\FOUND.005\FILE0062.CHK
C:\FOUND.005\FILE0063.CHK
C:\FOUND.005\FILE0064.CHK
C:\FOUND.005\FILE0065.CHK
C:\FOUND.005\FILE0066.CHK
C:\FOUND.005\FILE0067.CHK
C:\FOUND.005\FILE0068.CHK
C:\FOUND.005\FILE0069.CHK
C:\FOUND.005\FILE0070.CHK
C:\FOUND.005\FILE0071.CHK
C:\FOUND.005\FILE0072.CHK
.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.
2008-02-12 15:29 . 2008-02-12 16:27 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-02-12 15:29 . 2008-02-12 16:27 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-02-12 15:29 . 2008-02-12 16:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-11 18:04 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-11 18:04 . 2004-08-04 00:38 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-11 18:03 . 2008-02-11 18:03 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-02-11 18:03 . 2005-04-12 19:21 45,504 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-02-11 18:03 . 2005-04-12 19:21 22,240 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-02-11 18:03 . 2005-04-12 19:21 17,632 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys
2008-02-11 18:03 . 2005-04-12 19:21 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-02-11 18:03 . 2005-04-12 19:21 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-02-11 17:35 . 2008-02-11 17:36 <DIR> d-------- C:\Documents and Settings\Maciekk\Dane aplikacji\THQ
2008-02-11 17:26 . 2008-02-11 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-02-09 16:16 . 2006-02-04 04:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-09 16:16 . 2006-02-04 04:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Program Files\QuickTime
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Program Files\iTunes
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Program Files\iPod
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Program Files\Bonjour
2008-02-09 01:00 . 2008-02-09 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-02-09 01:00 . 2008-02-16 22:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 01:00 . 2008-02-09 01:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-09 00:59 . 2008-02-09 00:59 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-09 00:59 . 2008-02-09 00:59 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-09 00:59 . 2008-02-09 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-02-04 19:46 . 2008-02-04 19:46 <DIR> d-------- C:\WINDOWS\Lineage II Red Dragon
2008-02-04 09:51 . 2008-02-04 09:51 <DIR> d-------- C:\Program Files\GraveLand.pl
2008-02-02 11:03 . 2008-02-02 11:03 <DIR> d-------- C:\Program Files\uTorrent
2008-02-02 11:03 . 2008-02-02 11:03 <DIR> d-------- C:\Documents and Settings\Maciekk\Dane aplikacji\uTorrent
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-26 14:04 . 2008-02-16 19:42 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-25 18:06 . 2008-01-25 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-01-25 18:05 . 2008-01-25 18:05 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-01-25 18:02 . 2008-01-25 18:02 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-25 15:45 . 2008-01-25 15:45 <DIR> d-------- C:\Documents and Settings\Maciekk\Dane aplikacji\Ahead
2008-01-25 15:45 . 2008-01-25 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-01-24 21:30 . 2008-01-24 21:30 3,348 --a------ C:\WINDOWS\nero.INI
2008-01-24 20:22 . 2008-01-24 20:22 0 --a------ C:\WINDOWS\Irremote.ini
2008-01-23 14:49 . 2008-01-23 14:49 <DIR> dr-h----- C:\Documents and Settings\Maciekk\Dane aplikacji\SecuROM
2008-01-17 10:47 . 2008-01-17 10:47 427 --a------ C:\WINDOWS\ODBC.INI
2008-01-17 10:44 . 2008-01-17 10:44 <DIR> d-------- C:\WINDOWS\ShellNew
2008-01-17 10:43 . 2008-01-17 10:43 <DIR> d-------- C:\Documents and Settings\Maciekk\Dane aplikacji\Microsoft Web Folders
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 18:44 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\Winamp
2008-01-16 18:40 --------- d-----w C:\Program Files\Ulead Systems
2008-01-16 18:40 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-01-16 18:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-01-14 21:10 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\FaxCtr
2008-01-14 21:03 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-01-14 21:02 --------- d-----w C:\Program Files\Lx_cats
2008-01-14 21:02 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2008-01-14 21:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FaxCtr
2008-01-14 20:56 --------- d-----w C:\Program Files\Lexmark 3300 Series
2008-01-13 16:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-01-13 16:28 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\Nero
2008-01-13 16:26 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-13 16:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-01-13 15:27 9,216 ----a-w C:\WINDOWS\system32\clipsrv.exe
2008-01-13 15:14 7,040 ----a-w C:\WINDOWS\system32\drivers\ndisaluo.sys
2008-01-13 15:03 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\DAEMON Tools
2008-01-13 14:34 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-13 14:20 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\DAEMON Tools Pro
2008-01-13 14:04 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-13 14:04 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-11 12:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 07:38 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-10 07:33 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\Gadu-Gadu
2008-01-09 20:41 --------- d-----w C:\Program Files\Java
2008-01-09 20:39 --------- d-----w C:\Program Files\Common Files\Java
2008-01-09 19:40 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\Talkback
2008-01-09 19:31 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-01-09 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 19:29 --------- d-----w C:\Program Files\Realtek
2008-01-09 19:29 --------- d-----w C:\Program Files\DIFX
2008-01-09 19:22 --------- d-----w C:\Documents and Settings\Maciekk\Dane aplikacji\InstallShield
2008-01-09 19:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-09 19:07 --------- d-----w C:\Program Files\VDOTool
2008-01-09 18:55 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-09 18:54 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="E:\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"DAEMON Tools Lite"="e:\DAEMON Tools Lite\daemon.exe" [2008-01-03 14:54 486856]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 18:07 8491008]
"nwiz"="nwiz.exe" [2007-09-16 18:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 18:07 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Flashget"="E:\maciek\FlashGet\FlashGet.exe" [2007-09-25 09:10 2007088]
"NBKeyScan"="E:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"lxccmon.exe"="C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [2005-07-21 01:17 192512]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 10:36 299008]
"WinFast Schedule"="e:\TV\WFWIZ.exe" [ ]
"WinampAgent"="E:\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"BearShare"="E:\BearShare\BearShare.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LXCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 14:44 73728]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 20:53]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 20:52]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-09 20:31]
S3 WFIOCTL;WFIOCTL;e:\TV\WFIOCTL.SYS [2005-01-06 16:55]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 22:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 14:28:46
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-17 14:28:57
ComboFix-quarantined-files.txt 2008-02-17 13:28:56
16 Lut 2008, 17:09
Czysto 