Dalej to samo, tutaj logi z ComboFix
ComboFix 08-02-13.2 - Właściciel 2008-02-13 11:46:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1250.1.1045.18.81 [GMT 1:00]
Running from: G:\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.
2008-02-13 10:56 . 2008-01-29 13:21
2008-02-13 10:56 . 2004-09-13 21:14
2008-02-13 10:56 . 2004-09-13 20:20
2008-02-13 10:56 . 2004-09-13 21:14
2008-02-13 10:56 . 2004-09-13 21:14
2008-02-13 10:56 . 2004-09-13 21:14
2008-02-13 10:56 . 2004-09-13 21:14
2008-01-29 13:24 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-29 13:24 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-29 13:24 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-29 13:24 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-29 13:24 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-29 13:24 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-29 13:24 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-29 13:24 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-28 13:41 . 2008-01-28 13:41
2008-01-28 12:35 . 2008-01-28 12:35
2008-01-28 12:34 . 2008-01-28 12:34
2008-01-23 10:25 . 2008-01-29 12:54
2008-01-23 08:28 . 2008-01-28 14:25
2008-01-23 08:25 . 2008-01-28 12:35
2008-01-22 09:42 . 2008-01-22 09:33 33,464 --a------ C:\lich.exe
2008-01-22 09:42 . 2008-01-22 09:42 0 --a------ C:\WINDOWS\system32\lich.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 09:43 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\The Bat!
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1999-05-17 13:58 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
2007-04-26 06:40 5 --sha-w C:\WINDOWS\system32\bccabbcf_s.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2003-04-16 13:00 13312]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“HTpatch”=“C:\WINDOWS\htpatch.exe” [2002-10-30 10:40 28672]
“SiSUSBRG”=“C:\WINDOWS\SiSUSBrg.exe” [2002-07-12 11:15 106496]
“Cmaudio”=“cmicnfg.cpl” []
“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2004-03-24 19:04 3309568]
“nwiz”=“nwiz.exe” [2004-03-24 19:04 782336 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2004-03-24 19:04 46080]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2003-04-16 13:00 13312]
R2 SCNDRVP;Plustek EPP Scanner;C:\WINDOWS\System32\drivers\SCNDRVP.sys [2000-11-13 16:43]
R2 upss20;UPS Monitor Server;C:\Program Files\UPS Monitor Server\upsmon20.exe [2001-12-17 08:11]
R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 00:32]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 00:48]
*Newly Created Service* - SISPORT
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 11:48:05
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-13 11:48:36
ComboFix-quarantined-files.txt 2008-02-13 10:48:21
ComboFix2.txt 2008-01-29 12:21:17