Nowy log
((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-31 )))))))))))))))))))))))))))))))
.
2008-10-31 20:08 . 2008-10-31 20:08 580,096 --a–c— C:\WINDOWS\system32\dllcache\user32.dll
2008-10-31 20:07 . 2008-10-31 20:07
2008-10-31 20:03 . 2008-10-31 20:18
2008-10-31 14:06 . 2008-10-31 14:06
2008-10-31 14:06 . 2008-10-31 14:06
2008-10-31 14:06 . 2008-10-31 14:06
2008-10-31 14:06 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-31 14:06 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-30 10:22 . 2008-10-30 10:22
2008-10-29 09:28 . 2008-10-29 09:28
2008-10-29 08:46 . 2008-10-29 09:24 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-10-29 08:45 . 2008-10-29 08:45
2008-10-28 02:30 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-28 02:27 . 2008-10-28 02:27
2008-10-28 01:56 . 2008-10-28 01:59
2008-10-28 01:56 . 2008-10-28 07:47
2008-10-28 01:53 . 2008-10-28 01:53
2008-10-28 00:19 . 2008-10-28 00:19
2008-10-28 00:19 . 2006-05-31 08:22 62,232 -r------- C:\WINDOWS\system32\GameuxInstallHelper.dll
2008-10-28 00:15 . 2008-10-28 00:15
2008-10-28 00:12 . 2008-10-28 00:12
2008-10-28 00:12 . 2008-10-28 00:12 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-10-27 15:12 . 2008-10-27 15:12
2008-10-27 12:51 . 2008-10-27 12:51
2008-10-27 12:51 . 2008-06-08 23:58 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-10-27 12:51 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-10-27 12:51 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-27 12:47 . 2008-04-14 18:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-27 12:43 . 2008-10-27 12:53
2008-10-27 12:43 . 2008-10-27 12:44
2008-10-26 21:30 . 2008-10-26 21:30
2008-10-26 21:30 . 2008-10-26 21:49
2008-10-25 19:22 . 2008-04-14 17:20 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-10-25 19:22 . 2008-04-14 17:20 14,720 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-10-25 19:21 . 2008-10-25 19:21
2008-10-25 19:21 . 2008-10-25 19:21
2008-10-25 15:42 . 2008-06-10 01:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-25 15:38 . 2008-10-25 15:38
2008-10-25 14:41 . 2008-10-25 15:42
2008-10-25 14:40 . 2008-10-25 14:40
2008-10-25 00:27 . 2008-10-25 00:27
2008-10-24 19:41 . 2008-10-27 11:41
2008-10-24 19:41 . 2008-10-27 11:41
2008-10-24 14:41 . 2008-10-24 14:41
2008-10-24 14:41 . 2008-10-24 14:41
2008-10-24 14:41 . 2008-10-24 14:41
2008-10-24 14:40 . 2008-10-24 14:41
2008-10-24 14:28 . 2008-10-24 14:28
2008-10-24 14:28 . 2008-10-24 14:28
2008-10-24 14:28 . 2008-10-24 14:28
2008-10-24 14:28 . 2008-10-24 14:28
2008-10-24 14:28 . 2008-10-07 12:33 453,152 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-10-24 14:28 . 2008-10-31 20:22 202,106 --a------ C:\WINDOWS\system32\nvapps.xml
2008-10-24 14:28 . 2008-10-07 12:33 18,477 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-10-24 14:27 . 2008-10-24 14:27
2008-10-24 14:27 . 2008-10-02 09:07 453,152 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-10-24 11:03 . 2008-10-24 14:41
2008-10-24 11:03 . 2008-10-03 18:26 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-24 11:03 . 2007-04-17 10:32 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-24 11:03 . 2007-03-08 06:11 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-24 11:03 . 2008-08-26 09:26 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-24 11:03 . 2008-08-26 09:26 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-24 11:03 . 2008-08-26 09:26 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-24 11:03 . 2008-08-26 09:26 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-24 11:03 . 2008-08-26 09:26 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-24 11:03 . 2008-08-25 09:38 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-24 09:24 . 2008-10-15 17:36 337,408 -----c— C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-24 09:21 . 2001-10-26 16:29 171,520 --a------ C:\WINDOWS\system32\LXAESUI.DLL
2008-10-23 19:04 . 2008-10-23 19:04
2008-10-23 19:04 . 2008-10-23 19:04 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-23 18:58 . 2008-10-23 19:05
2008-10-23 11:21 . 2008-10-29 23:33
2008-10-23 04:03 . 2004-08-03 23:35 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-10-22 21:28 . 2008-10-22 21:28
2008-10-22 12:39 . 2008-10-27 21:38
2008-10-22 12:37 . 2008-10-22 12:37
2008-10-22 12:37 . 2008-10-22 12:37
2008-10-22 12:37 . 2008-10-22 12:37
2008-10-22 11:33 . 2008-10-22 11:33
2008-10-22 11:32 . 2008-10-22 11:32
2008-10-21 12:14 . 2008-10-21 12:14
2008-10-21 12:13 . 2008-10-21 12:13
2008-10-21 11:50 . 2008-10-21 11:51
2008-10-20 22:18 . 2008-10-20 22:18
2008-10-20 15:04 . 2006-09-28 15:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-20 14:59 . 2008-10-20 14:59
2008-10-20 14:56 . 2008-10-20 15:03
2008-10-20 14:52 . 2008-10-20 14:52
2008-10-20 10:30 . 2008-10-20 10:30
2008-10-20 00:11 . 2008-10-20 09:38
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 01:24 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-10-19 22:32 --------- d-----w C:\Program Files\OpenOffice.org 3
2008-10-19 22:31 --------- d-----w C:\Program Files\Open Office
2008-10-19 22:09 --------- d-----w C:\Program Files\Warthog
2008-10-19 22:09 --------- d-----w C:\Program Files\directx
2008-10-19 21:33 376,832 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2008-10-19 21:33 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-10-19 21:32 --------- d-----w C:\Program Files\EDIMAX
2008-10-19 21:32 --------- d-----w C:\Documents and Settings\Luser\Dane aplikacji\InstallShield
2008-10-19 21:29 --------- d-----w C:\Program Files\GIGABYTE
2008-10-19 21:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-19 21:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-10-19 21:24 --------- d-----w C:\Program Files\ASUS
2008-10-19 21:21 --------- d-----w C:\Program Files\Intel
2008-10-19 21:17 --------- d-----w C:\Program Files\NVIDIA nTune Performance Application
2008-10-19 21:17 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-10-19 21:16 --------- d-----w C:\Program Files\Microsoft Games
2008-10-19 21:13 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-10-19 21:13 --------- d-----w C:\Program Files\Realtek
2008-10-19 21:09 --------- d-----w C:\Program Files\Alwil Software
2008-10-19 21:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-10-19 21:02 --------- d-----w C:\Program Files\Usługi online
2008-09-15 15:27 1,846,656 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 07:31 288,024 ----a-w C:\WINDOWS\system32\PhysXCplUI.exe
2008-08-29 06:57 70,936 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:26 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 15360]
“DAEMON Tools Lite”=“C:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 78008]
“ISUSPM Startup”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2005-08-11 249856]
“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2005-08-11 81920]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2008-10-07 13574144]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2008-10-07 86016]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]
“Start WingMan Profiler”=“C:\Program Files\Logitech\Gaming Software\LWEMon.exe” [2008-04-04 88584]
“SDFix”=“C:\SDFix\RunThis.bat” [2008-10-26 918612]
“RTHDCPL”=“RTHDCPL.EXE” [2007-10-25 C:\WINDOWS\RTHDCPL.exe]
“SkyTel”=“SkyTel.EXE” [2007-10-11 C:\WINDOWS\SkyTel.exe]
“nwiz”=“nwiz.exe” [2008-10-07 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-14 15360]
C:\Documents and Settings\Luser\Menu Start\Programy\Autostart\
GIGABYTE Gamer HUD.lnk - C:\Documents and Settings\Luser\Dane aplikacji\Microsoft\Installer{1A3210EE-7494-4879-9270-A721ED7F9947}\HUD.exe1_1A3210EE749448799270A721ED7F9947.exe [2008-10-19 40960]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Wireless Utility.lnk - C:\Program Files\EDIMAX\Common\RaUI.exe [2008-10-19 716800]
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Xider\EsR DEMO2\ESR DEMO.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\Nowe Gadu-Gadu\gg.exe”=
“C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe”=
“C:\WINDOWS\system32\java.exe”=
“C:\Program Files\Java\jre1.6.0_07\bin\java.exe”=
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Luser\Dane aplikacji\Mozilla\Firefox\Profiles\nibjt69w.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 20:50:25
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-31 20:50:51
ComboFix-quarantined-files.txt 2008-10-31 19:50:49
ComboFix2.txt 2008-10-31 12:07:53
Przed: 65 527 304 192 bajtów wolnych
Po: 73,545,216,000 bajtów wolnych
198 — E O F — 2008-10-29 01:51:20