tak więc ,CO MAM ROBIĆ???
Złączono Posta : 23.09.2007 (Nie) 13:59
ComboFix 07-09-21.2 - “Tomek” 2007-09-23 13:36:54.3 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.1.1045.18.128 [GMT 2:00]
.
((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))
.
2007-09-23 10:40 51,200 --a------ C:\WINNT\NirCmd.exe
2007-09-23 07:56
2007-09-21 14:53 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_220.dat
2007-09-20 11:19
2007-09-07 10:27 8,704 --a------ C:\WINNT\system32\vidccleaner.exe
2007-09-07 10:27 552,960 --a------ C:\WINNT\system32\xvidcore.dll
2007-09-07 10:27 159,744 --a------ C:\WINNT\system32\xvidvfw.dll
2007-09-07 10:26 83,968 --a------ C:\WINNT\system32\Skbase40.dll
2007-09-07 10:26 217,088 --a------ C:\WINNT\system32\skjpeg40.dll
2007-09-07 10:26
2007-08-31 12:45 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_3c0.dat
2007-08-30 18:11 86,784 --a------ C:\WINNT\system32\drivers\RT2400.sys
2007-08-30 18:11
2007-08-30 13:19
2007-08-30 13:19
2007-08-30 13:19
2007-08-30 11:35
2007-08-27 07:51
2007-08-24 08:19
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
07-09-07 10:26 --------- d–h----- C:\Program Files\InstallShield Installation Information
07-09-06 12:05 94416 --a------ C:\WINNT\system32\drivers\aswmon2.sys
07-09-06 12:05 92848 --a------ C:\WINNT\system32\drivers\aswmon.sys
07-09-06 12:03 23152 --a------ C:\WINNT\system32\drivers\aswRdr.sys
07-09-06 12:02 42912 --a------ C:\WINNT\system32\drivers\aswTdi.sys
07-09-06 12:00 26624 --a------ C:\WINNT\system32\drivers\aavmker4.sys
07-09-03 18:27 --------- d-------- C:\Program Files\eMule
07-09-01 08:38 --------- d-------- C:\Program Files\Gadu-Gadu
07-08-21 09:01 --------- d-------- C:\Program Files\MSXML 4.0
07-08-19 15:07 --------- d-------- C:\DOCUME~1\Tomek\DANEAP~1\uTorrent
07-08-18 17:01 --------- d-------- C:\Program Files\7-Zip
07-08-17 18:18 --------- d-------- C:\Program Files\uTorrent
07-08-04 07:50 --------- d-------- C:\DOCUME~1\Tomek\DANEAP~1\Ashampoo
07-07-30 19:19 92504 --a------ C:\WINNT\system32\cdm.dll
07-07-30 19:19 549720 --a------ C:\WINNT\system32\wuapi.dll
07-07-30 19:19 53080 --a------ C:\WINNT\system32\wuauclt.exe
07-07-30 19:19 43352 --a------ C:\WINNT\system32\wups2.dll
07-07-30 19:19 325976 --a------ C:\WINNT\system32\wucltui.dll
07-07-30 19:19 203096 --a------ C:\WINNT\system32\wuweb.dll
07-07-30 19:19 1712984 --a------ C:\WINNT\system32\wuaueng.dll
07-07-30 19:18 33624 --a------ C:\WINNT\system32\wups.dll
07-07-27 14:53 --------- d-------- C:\Program Files\Ares
07-06-26 11:58 235280 --a------ C:\WINNT\system32\GDI32.DLL
00-03-21 02:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Synchronization Manager”=“mobsync.exe” [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
“Matrox Powerdesk”=“C:\WINNT\system32\PDesk.exe” [01-01-08 12:08]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [05-12-15 11:18]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [07-09-06 12:06]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [05-11-10 13:03]
“Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe” []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” [07-07-02 12:27]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [07-07-09 09:39]
“eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” []
[HKEY_USERS.default\software\microsoft\windows\currentversion\runonce]
“^SetupICWDesktop”=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“internat.exe”=internat.exe
*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-23 13:38:31
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes …
\ComboFix\sed.cfexe [1124] 0x85C23BE0
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-23 13:39:53
C:\ComboFix2.txt … 07-09-23 13:30