dodaje log z Combofix,choc nie wiem czy poprzednio wklejony jest ok.
ComboFix 08-10-06.03 - User 2008-10-06 22:25:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.260 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\User\Pulpit\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-06 do 2008-10-06 )))))))))))))))))))))))))))))))
.
2008-10-06 21:31 . 2008-10-06 21:31
2008-10-06 21:30 . 2008-10-06 21:30
2008-10-06 21:30 . 2008-10-06 21:30
2008-10-06 21:08 . 2008-10-06 21:09
2008-10-06 21:03 . 2008-10-06 21:19
2008-10-06 20:55 . 2008-10-06 22:27
2008-10-06 20:55 . 2008-10-06 21:00
2008-10-06 20:55 . 2008-07-02 10:24
2008-10-06 20:55 . 2008-10-06 22:07
2008-10-06 20:55 . 2008-07-02 12:17
2008-10-06 20:55 . 2008-07-02 12:17
2008-10-06 20:55 . 2008-07-02 12:17
2008-10-06 20:55 . 2008-10-06 20:55
2008-10-06 20:14 . 2008-10-06 20:14
2008-10-06 20:14 . 2008-10-06 20:14
2008-10-06 20:14 . 2008-10-06 20:14
2008-10-06 20:13 . 2008-10-06 20:13
2008-10-01 19:00 . 2008-10-01 19:00
2008-09-30 13:39 . 2008-09-30 13:39
2008-09-19 14:04 . 2008-09-19 14:04
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 19:50 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-10-03 15:52 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-22 19:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kodak
2008-07-06 19:41 32,768 ----a-w C:\WINDOWS\system32\winopn32.dll
2008-07-06 19:41 32,768 ----a-w C:\WINDOWS\system32\winjyg32.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{C94E154B-1459-4A47-966B-4B843BEFC7DB}”= “C:\Program Files\AskSearch\bin\DefaultSearch.dll” [2008-08-06 45056]
[HKEY_CLASSES_ROOT\clsid{c94e154b-1459-4a47-966b-4b843befc7db}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib{EC73A159-0736-4EF3-972D-6EA9B2278495}]
[HKEY_CLASSES_ROOT\DefaultSearch.DefaultSearchHook]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20 279944 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{3041d03e-fd4b-44e0-b742-2d9b88305f98}”= “C:\Program Files\AskBarDis\bar\bin\askBar.dll” [2008-08-06 279944]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{3041D03E-FD4B-44E0-B742-2D9B88305F98}”= “C:\Program Files\AskBarDis\bar\bin\askBar.dll” [2008-08-06 279944]
[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-07-04 148776]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-07-27 68856]
“AROReminder”=“C:\Program Files\Advanced Registry Optimizer\aro.exe” [2008-08-12 2084480]
“Uniblue RegistryBooster 2009”=“C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe” [2008-08-26 2019624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-07-02 1107848]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 79224]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 36975]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-10-19 286720]
“SoundMan”=“SOUNDMAN.EXE” [2004-07-01 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-07-22 1205840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12”= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
–a------ 2007-06-20 12:49 451872 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2007-07-04 14:20 161064 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
–a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\QTTask.exe
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\WINDOWS\system32\winver.exe”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 69656]
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”
.
Zawartość folderu ‘Zaplanowane zadania’
2008-09-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wp.pl/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Eksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface{114123E0-7041-4B19-998C-209615A267F2}: NameServer = 83.238.255.76 213.241.79.37
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 22:28:18
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-06 22:30:18
ComboFix-quarantined-files.txt 2008-10-06 20:30:00
ComboFix2.txt 2008-10-06 20:09:37
Przed: 8 112 275 456 bajtów wolnych
Po: 8,105,893,888 bajtów wolnych
122