niewiem czy to o to chodzi ale podaje to co wyskoczylo po uzyciu tego 2 programu
ComboFix 08-11-21.05 - ola 2008-11-22 11:26:37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.123 [GMT 1:00]
Uruchomiony z: c:\documents and settings\ola\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-22 do 2008-11-22 )))))))))))))))))))))))))))))))
.
2008-11-21 22:13 . 2008-11-22 00:48
2008-11-21 22:08 . 2008-11-22 00:47
2008-11-21 22:04 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-21 22:04 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\unrar3.dll
2008-11-21 22:04 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-21 22:04 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-21 22:04 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-21 22:03 . 2008-11-22 00:48
2008-11-21 18:11 . 2008-11-21 18:11
2008-11-21 17:58 . 2008-11-21 17:58
2008-11-20 22:05 . 2008-11-21 16:07
2008-11-20 22:05 . 2008-11-20 22:05 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-20 22:04 . 2008-11-21 22:58
2008-11-20 22:03 . 2008-11-20 22:03
2008-11-20 22:03 . 2008-11-20 22:03
2008-11-20 22:02 . 2008-11-20 22:03
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 10:12 --------- d-----w c:\documents and settings\ola\Dane aplikacji\OpenOffice.ux.pl2
2008-11-21 21:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-21 21:03 --------- d–h--w c:\program files\InstallShield Installation Information
2008-11-21 21:03 --------- d-----w c:\program files\3DO
2008-11-21 16:58 --------- d-----w c:\program files\Ubisoft
2008-11-21 11:08 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-02 11:03 --------- d-----w c:\program files\Tibia
2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 19:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
.
((((((((((((((((((((((((((((( snapshot@2008-11-22_ 9.36.32,43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-22 10:12:01 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5f0.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2004-08-03 15360]
“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2007-07-09 2119104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2006-08-16 7630848]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2006-08-16 86016]
“ccApp”=“c:\program files\Common Files\Symantec Shared\ccApp.exe” [2007-01-09 115816]
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 144784]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-18 81000]
“SpeedTouch USB Diagnostics”=“c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-03-23 888832]
“nwiz”=“nwiz.exe” [2006-08-16 c:\windows\system32\nwiz.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2006-06-13 c:\windows\RTHDCPL.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-03 15360]
c:\documents and settings\ola\Menu Start\Programy\Autostart\
OpenOffice.ux.pl 2.1.0.lnk - c:\program files\OpenOffice.ux.pl 2.1.0\program\quickstart.exe [2006-12-30 17408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.divxa32”= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\WINDOWS\system32\usmt\migwiz.exe”=
“c:\Program Files\Gadu-Gadu\gg.exe”=
“c:\WINDOWS\system32\dpvsetup.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“25414:TCP”= 25414:TCP:BitComet 25414 TCP
“25414:UDP”= 25414:UDP:BitComet 25414 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-14 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-14 20560]
S3 ATE_PROCMON;ATE_PROCMON;??\c:\program files\Anti Trojan Elite\ATEPMon.sys []
S3 msloop;Sterownik karty Microsoft Loopback;c:\windows\system32\DRIVERS\loop.sys [2007-08-18 4992]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 11:27:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]
“ImagePath”="??\c:\docume~1\ola\USTAWI~1\Temp\ASFWHide"
.
Czas ukończenia: 2008-11-22 11:28:32
ComboFix-quarantined-files.txt 2008-11-22 10:28:06
ComboFix2.txt 2008-11-22 08:50:30
ComboFix3.txt 2008-11-22 08:37:16
Przed: 72 705 335 296 bajtów wolnych
Po: 72,701,358,080 bajtów wolnych
114 — E O F — 2008-11-13 07:21:11