Wątki
f4ls0n - Sob Maj 24, 2008 12:43 pm
ComboFix 08-05-21.3 - f4lsOn 2008-05-24 14:34:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1479 [GMT 2:00]
Running from: C:\Documents and Settings\f4lsOn\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.
2008-05-23 23:59 . 2008-05-23 23:59 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-23 23:59 . 2007-10-19 05:18 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-23 23:59 . 2008-05-23 23:59 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-23 23:57 . 2008-05-23 23:57 <DIR> dr-h----- C:\Documents and Settings\f4lsOn\Dane aplikacji\SecuROM
2008-05-23 23:57 . 2008-05-23 23:57 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-23 23:56 . 2008-05-23 23:56 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-23 22:53 . 2004-02-17 12:20 208,896 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-05-23 22:50 . 2008-05-23 22:50 <DIR> d-------- C:\Program Files\GoldWave
2008-05-23 22:50 . 2008-05-23 22:50 6,592 --a------ C:\WINDOWS\gwpreset.ini
2008-05-23 22:50 . 2008-05-23 22:50 3,362 --a------ C:\WINDOWS\express.eqx
2008-05-23 22:50 . 2008-05-23 22:56 376 --a------ C:\WINDOWS\goldwave.ini
2008-05-22 23:41 . 2008-05-22 23:41 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-21 17:32 . 2008-04-14 00:15 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-17 11:35 . 2008-05-24 14:35 558 --a------ C:\WINDOWS\DFC.INI
2008-05-17 02:06 . 2008-05-17 02:06 <DIR> d-------- C:\WINDOWS\system32\js
2008-05-17 02:06 . 2008-05-17 02:06 <DIR> d-------- C:\WINDOWS\system32\images
2008-05-17 02:06 . 2008-05-17 02:06 <DIR> d-------- C:\WINDOWS\system32\html
2008-05-17 02:06 . 2008-05-17 02:06 <DIR> d-------- C:\WINDOWS\system32\css
2008-05-17 02:06 . 2008-05-17 02:06 <DIR> d-------- C:\Program Files\Business Objects
2008-05-17 02:03 . 2008-05-17 02:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-17 02:03 . 2008-05-17 02:03 4,444 --a------ C:\WINDOWS\system32\pid.PNF
2008-05-17 02:02 . 2008-05-17 02:05 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-05-17 02:02 . 2008-05-17 02:02 <DIR> d-------- C:\Program Files\Microsoft Device Emulator
2008-05-17 02:01 . 2008-05-17 02:01 <DIR> d-------- C:\Program Files\Windows Mobile 5.0 SDK R2
2008-05-17 02:00 . 2008-05-17 02:00 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-17 02:00 . 2008-05-17 02:00 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 09:35 --------- d-----w C:\Program Files\SpeedFan
2008-05-20 14:27 --------- d-----w C:\Documents and Settings\f4lsOn\Dane aplikacji\Tlen.pl
2008-05-19 18:39 --------- d-----w C:\Program Files\foobar2000
2008-05-17 10:01 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-16 23:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-05-16 23:55 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-05-16 23:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PreEmptive Solutions
2008-05-16 23:53 --------- d-----w C:\Program Files\HTML Help Workshop
2008-05-16 23:52 --------- d-----w C:\Program Files\Microsoft SDKs
2008-05-16 23:52 --------- d-----w C:\Program Files\CE Remote Tools
2008-05-16 23:48 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-05-16 23:46 --------- d-----w C:\Program Files\MSBuild
2008-05-16 23:45 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-16 23:23 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-16 23:17 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-05-16 23:15 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-16 23:15 --------- d-----w C:\Documents and Settings\f4lsOn\Dane aplikacji\DAEMON Tools
2008-05-16 23:06 --------- d-----w C:\Program Files\Sony Ericsson
2008-05-16 23:02 --------- d-----w C:\Program Files\Real Alternative
2008-05-16 23:02 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-05-16 23:02 --------- d-----w C:\Program Files\Media Player Classic
2008-05-16 22:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-16 22:59 --------- d-----w C:\Program Files\Avanquest update
2008-05-16 22:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2008-05-16 22:58 --------- d-----w C:\Documents and Settings\f4lsOn\Dane aplikacji\InstallShield
2008-05-16 22:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-05-16 22:57 --------- d-----w C:\Program Files\SubEdit-Player
2008-05-16 22:56 --------- d-----w C:\Program Files\Java
2008-05-16 22:52 --------- d-----w C:\Program Files\MarBit
2008-05-16 22:52 --------- d-----w C:\Program Files\Common Files\Java
2008-05-16 22:44 --------- d-----w C:\Program Files\Sunbelt Software
2008-05-16 22:43 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-16 22:38 --------- d-----w C:\Program Files\Tlen.pl
2008-05-16 22:32 --------- d-----w C:\Program Files\ESET
2008-05-16 22:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-05-16 22:30 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-16 22:30 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-05-16 22:28 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-16 22:28 --------- d-----w C:\Program Files\Ahead
2008-05-16 22:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\McAfee.com
2008-05-16 22:18 --------- d-----w C:\Program Files\Realtek
2008-05-16 22:18 --------- d-----w C:\Program Files\Intel
2008-05-16 22:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-16 22:09 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-16 22:07 --------- d-----w C:\Program Files\Usługi online
2008-04-14 22:50 75,776 ----a-w C:\WINDOWS\system32\storprop.dll
2008-04-14 21:35 58,880 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 20:52 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 20:51 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
2008-04-14 20:50 77,312 ----a-w C:\WINDOWS\system32\usbui.dll
2008-04-14 20:50 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
2008-04-14 20:03 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 19:48 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 00:15 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
2008-04-13 22:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 22:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 22:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 22:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 22:15 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 22:15 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-13 22:15 59,520 ----a-w C:\WINDOWS\system32\drivers\usbhub.sys
2008-04-13 22:15 56,576 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-13 22:15 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-13 22:15 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys
2008-04-13 22:15 30,208 ----a-w C:\WINDOWS\system32\drivers\usbehci.sys
2008-04-13 22:15 20,608 ----a-w C:\WINDOWS\system32\drivers\usbuhci.sys
2008-04-13 22:15 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-13 22:15 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-13 22:15 143,872 ----a-w C:\WINDOWS\system32\drivers\usbport.sys
2008-04-13 22:10 96,512 ----a-w C:\WINDOWS\system32\drivers\atapi.sys
2008-04-13 22:10 24,960 ----a-w C:\WINDOWS\system32\drivers\pciidex.sys
2008-04-13 22:09 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-04-13 22:09 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-13 22:09 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-13 22:02 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys
2008-04-13 20:09 142,592 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2008-04-01 22:28 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-10 10:46 2,177,576 ----a-w C:\WINDOWS\TBPanel.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-15 14:00 15360]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2006-10-11 11:48 1118720]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 16:20 360448]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 15:03 2396160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 16:59 143360]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 08:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-23 21:51 1410304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Gainward"="C:\WINDOWS\TBPanel.exe" [2008-03-10 12:46 2177576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-15 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-23 21:52]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 18:13]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 18:01]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"D:\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 14:37:49
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-24 14:39:10
ComboFix-quarantined-files.txt 2008-05-24 12:39:04
Pre-Run: 12,556,062,720 bajtów wolnych
Post-Run: 12,659,228,672 bajtów wolnych
179
huber2t - Sob Maj 24, 2008 12:50 pm
Czysto