ComboFix 08-10-06.03 - Władysław Raszka 2008-10-06 22:13:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1618 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Władysław Raszka\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-06 do 2008-10-06 )))))))))))))))))))))))))))))))
.
2008-10-06 22:05 . 2008-10-06 22:05 578,560 --a–c— C:\WINDOWS\system32\dllcache\user32.dll
2008-10-06 22:04 . 2008-10-06 22:04
2008-10-06 21:58 . 2008-10-06 22:10
2008-10-06 17:14 . 2008-10-06 17:14
2008-10-06 17:09 . 2008-10-06 22:10
2008-10-06 17:09 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-06 17:09 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-06 17:09 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-06 17:09 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-06 17:08 . 2008-10-06 17:12
2008-10-06 17:08 . 2008-10-06 17:08
2008-10-06 17:02 . 2008-10-06 17:06
2008-09-25 23:19 . 2008-09-25 23:19
2008-09-25 22:57 . 2008-09-26 10:05
2008-09-25 21:21 . 2008-09-25 21:21
2008-09-25 21:21 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-09-25 21:21 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-09-25 00:30 . 2008-09-25 00:30
2008-09-25 00:29 . 2008-09-25 00:29
2008-09-18 21:47 . 2008-09-18 21:47
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 19:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 90112]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2007-01-05 872448]
“QlbCtrl.exe”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2008-02-26 177456]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2008-01-18 1028096]
“hpWirelessAssistant”=“C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-05-11 472632]
“QuickTime Task”=“C:\WINDOWS\system32\qttask.exe” [2008-06-04 98304]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 155648]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 32768]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 78008]
“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-08-25 1168264]
“Tweak UI”=“TWEAKUI.CPL” [2003-03-25 C:\WINDOWS\system32\tweakui.cpl]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213]
Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-06-23 950272]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.sl_anet”= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
“vidc.yv12”= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
“vidc.divx”= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
“vidc.iyuv”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
“vidc.yvu9”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
“vidc.uyvy”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.yuy2”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.yvyu”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“msacm.msaudio1”= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
“msacm.iac2”= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 450560]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.onet.pl/
O8 -: Eksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Wyślij do urządzenia Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - hxxp://arcaonline.arcabit.com/ArcaOnline.cab
C:\WINDOWS\Downloaded Program Files\ArcaOnline.inf
C:\WINDOWS\system32\ArcaMicroScanUpdater.exe
C:\WINDOWS\system32\ArcaOnlineUninstall.exe
C:\WINDOWS\system32\ArcaOnline.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 22:15:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-06 22:15:54
ComboFix-quarantined-files.txt 2008-10-06 20:15:51
Przed: 70 032 728 064 bajtów wolnych
Po: 70,023,540,736 bajtów wolnych
120 — E O F — 2008-06-26 11:08:38