ComboFix 08-10-30.13 - Radzio 2008-10-31 22:09:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2465 [GMT 1:00]
Uruchomiony z: E:\Moje dokumenty\Pobrane pliki\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-31 )))))))))))))))))))))))))))))))
.
2008-10-30 18:11 . 2008-10-30 18:11
2008-10-29 16:03 . 2008-10-29 16:03
2008-10-29 16:03 . 2008-10-29 16:03
2008-10-29 16:03 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-10-29 16:03 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-10-29 16:03 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-10-29 16:03 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-10-29 16:03 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-10-29 14:05 . 2008-10-29 14:07 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-29 12:38 . 2008-10-29 12:38
2008-10-29 12:38 . 2008-10-29 12:38
2008-10-29 12:36 . 2008-10-31 22:13
2008-10-29 12:36 . 2007-12-17 14:47
2008-10-29 12:36 . 2007-12-17 13:53
2008-10-29 12:36 . 2007-12-17 14:47
2008-10-29 12:36 . 2008-10-29 14:03
2008-10-29 12:36 . 2007-12-17 14:47
2008-10-29 12:36 . 2008-10-29 12:38
2008-10-29 12:36 . 2008-10-29 12:37
2008-10-28 09:05 . 2008-10-28 09:05
2008-10-27 19:09 . 2008-10-27 19:09
2008-10-27 19:09 . 2008-10-27 19:09
2008-10-27 19:07 . 2008-10-31 22:13
2008-10-27 19:05 . 2008-10-27 19:05
2008-10-27 19:05 . 2008-10-27 19:05
2008-10-27 19:05 . 2008-10-27 19:09
2008-10-27 19:05 . 2008-07-16 10:43 160,680 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-10-27 19:05 . 2008-06-24 10:26 93,440 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2008-10-27 19:05 . 2008-07-03 18:06 81,320 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-27 19:05 . 2008-07-03 18:06 66,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-27 19:05 . 2008-07-16 10:43 57,256 --a------ C:\WINDOWS\system32\drivers\FWAuthDriver.sys
2008-10-27 19:05 . 2008-06-06 11:15 51,520 --a------ C:\WINDOWS\system32\drivers\TfFsMon.sys
2008-10-27 19:05 . 2008-07-03 18:06 42,408 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-27 19:05 . 2008-06-06 11:15 38,208 --a------ C:\WINDOWS\system32\drivers\TfSysMon.sys
2008-10-27 19:05 . 2008-06-06 11:15 33,088 --a------ C:\WINDOWS\system32\drivers\TfNetMon.sys
2008-10-27 19:05 . 2008-07-03 18:06 29,608 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-27 19:05 . 2008-06-06 11:15 12,608 --a------ C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-10-23 21:54 . 2008-10-15 17:36 337,408 -----c— C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 10:09 . 2008-10-15 10:09
2008-10-15 10:08 . 2008-10-15 10:08
2008-10-15 10:08 . 2008-06-10 01:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-15 10:02 . 2008-10-15 10:02
2008-10-15 07:28 . 2008-09-15 16:27 1,846,656 -----c— C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 07:28 . 2008-09-08 11:41 333,824 -----c— C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 07:27 . 2008-08-14 14:26 2,190,464 -----c— C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 07:27 . 2008-08-14 14:26 2,146,816 -----c— C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 07:27 . 2008-08-14 14:26 2,067,328 -----c— C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 07:27 . 2008-08-14 14:26 2,025,472 -----c— C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-27 17:56 . 2008-09-27 17:56
2008-09-27 17:56 . 2008-09-27 17:56
2008-09-27 17:33 . 2008-09-27 17:51
2008-09-27 17:28 . 2008-09-27 17:28
2008-09-27 17:28 . 2008-09-27 17:28
2008-09-27 17:27 . 2008-09-27 17:27
2008-09-27 16:59 . 2008-09-27 16:59
2008-09-27 16:58 . 2008-09-27 16:59
2008-09-27 16:56 . 2008-09-27 16:56
2008-09-26 18:38 . 2008-09-26 18:38
2008-09-26 18:38 . 2008-09-26 18:38
2008-09-09 12:18 . 2008-09-09 12:18
2008-09-09 12:18 . 2008-09-09 12:18
2008-09-09 12:18 . 2008-09-09 12:18
2008-09-09 12:17 . 2008-09-09 12:18
2008-09-09 12:13 . 2008-09-09 12:13
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 18:12 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-10-31 15:20 --------- d-----w C:\Documents and Settings\Radzio\Dane aplikacji\Skype
2008-10-31 15:07 --------- d-----w C:\Documents and Settings\Radzio\Dane aplikacji\skypePM
2008-09-27 16:01 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-09-27 09:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-09-15 15:27 1,846,656 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:26 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-04-15 10:18 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2006-06-23 06:48 32,768 -c–a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“HControl”=“C:\WINDOWS\ATK0100\HControl.exe” [2006-10-14 110592]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-04-28 8429568]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-04-28 81920]
“SMSERIAL”=“C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe” [2007-01-29 638976]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2006-05-25 786521]
“IntelZeroConfig”=“C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” [2007-02-21 819200]
“IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2007-02-21 970752]
“SSBkgdUpdate”=“C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2003-10-14 155648]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
“ISTray”=“D:\Program Files\PC Tools Internet Security\pctsTray.exe” [2008-07-16 1166248]
“nwiz”=“nwiz.exe” [2007-04-28 C:\WINDOWS\system32\nwiz.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2007-03-08 C:\WINDOWS\RTHDCPL.exe]
“SkyTel”=“SkyTel.EXE” [2006-05-16 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.sl_anet”= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
“vidc.yv12”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
“vidc.divx”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
“vidc.iyuv”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
“vidc.yvu9”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
“vidc.uyvy”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.yuy2”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.yvyu”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“msacm.msaudio1”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\WINDOWS\system32\sessmgr.exe”=
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
R0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys [2008-06-06 51520]
R0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys [2008-06-06 38208]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-16 160680]
R3 FWAuth;FWAuth Driver;C:\WINDOWS\system32\drivers\FWAuthDriver.sys [2008-07-16 57256]
R3 SynMini;Syntek USB2.0 2M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-11-27 1208064]
R3 SynScan;Syntek USB2.0 2M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-10-04 8064]
R3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys [2008-06-06 33088]
R3 ThreatFire;ThreatFire;D:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe service []
S3 ATE_PROCMON;ATE_PROCMON;D:\Program Files\Anti Trojan Elite\ATEPMon.sys []
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Radzio\Dane aplikacji\Mozilla\Firefox\Profiles\s598jrz9.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 22:13:57
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
PROCES: C:\WINDOWS\explorer.exe
- C:\WINDOWS\system32\nview.dll
.
Czas ukończenia: 2008-10-31 22:16:22
ComboFix-quarantined-files.txt 2008-10-31 21:16:08
Przed: 9 340 440 576 bajtów wolnych
Po: 9,331,417,088 bajtów wolnych
174 — E O F — 2008-10-23 21:28:19