Oto mój log:
ComboFix 08-12-14.01 - user 2008-12-14 20:02:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.603 [GMT 1:00]
Uruchomiony z: c:\documents and settings\user\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-14 do 2008-12-14 )))))))))))))))))))))))))))))))
.
2008-12-14 19:10 . 2008-12-14 19:10
2008-12-14 19:10 . 2008-12-14 19:10
2008-12-14 19:10 . 2008-12-14 19:10
2008-12-14 19:10 . 2008-12-03 19:52 38,496 --a–c— c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 19:10 . 2008-12-03 19:52 15,504 --a–c— c:\windows\system32\drivers\mbam.sys
2008-12-13 16:18 . 2008-06-19 17:24 28,544 --a–c— c:\windows\system32\drivers\pavboot.sys
2008-12-06 17:33 . 2008-12-06 17:33
2008-12-06 17:33 . 2008-12-06 17:33
2008-12-06 15:29 . 2008-12-07 15:25 262,144 --a–c— c:\windows\system32\wrap_oal.dll
2008-12-06 15:29 . 2008-12-07 15:25 86,016 --a–c— c:\windows\system32\OpenAL32.dll
2008-12-05 18:36 . 2003-09-20 23:09 794,624 --a–c— c:\windows\system32\mpgfiltr.ax
2008-12-05 18:36 . 2004-05-26 06:06 417,792 --a–c— c:\windows\system32\ac3filter.ax
2008-12-05 18:36 . 2004-01-11 00:02 258,048 --a–c— c:\windows\system32\GplMpgDec.ax
2008-12-05 18:36 . 2004-03-26 23:32 99,328 --a–c— c:\windows\system32\t5rdv.dll
2008-12-05 18:36 . 2004-08-12 20:54 35,840 --a–c— c:\windows\system32\ecesq.dll
2008-12-05 18:36 . 2004-06-09 21:17 33,792 --a–c— c:\windows\system32\cpwiuy.dll
2008-12-05 18:36 . 2004-05-01 04:46 28,672 --a–c— c:\windows\system32\t3odm.dll
2008-12-05 18:01 . 2008-12-13 16:36 54,156 --ah-c— c:\windows\QTFont.qfn
2008-12-05 18:01 . 2008-12-05 18:01 1,409 --a–c— c:\windows\QTFont.for
2008-12-04 18:03 . 2008-12-04 18:03
2008-12-03 18:41 . 2008-12-03 18:42
2008-11-29 16:49 . 2008-12-03 19:52
2008-11-29 16:48 . 2008-11-29 16:48
2008-11-29 14:53 . 2008-11-29 14:53
2008-11-27 18:01 . 2008-11-27 18:11
2008-11-27 18:01 . 2008-11-27 18:01
2008-11-23 20:18 . 2008-11-23 20:18
2008-11-23 13:42 . 2008-11-29 16:03
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 17:33 --------- dc----w c:\program files\BitComet
2008-12-13 16:39 --------- dc----w c:\program files\eMule
2008-11-29 15:52 --------- dc----w c:\program files\VirtualDubMod
2008-11-24 18:53 --------- dc----w c:\program files\Gabest
2008-11-20 08:26 --------- dc----w c:\program files\Conduit
2008-11-19 17:20 --------- dc----w c:\program files\Winamp
2008-11-19 17:18 --------- dc-h–w c:\program files\InstallShield Installation Information
2008-11-19 17:18 --------- dc----w c:\program files\Microsoft Games
2008-11-12 16:49 --------- dc----w c:\program files\SystemRequirementsLab
2008-11-12 16:19 --------- dc----w c:\program files\matura2010
2008-11-10 17:41 --------- dc----w c:\documents and settings\All Users\Dane aplikacji\Test Drive Unlimited
2008-11-10 17:30 108,144 -c–a-w c:\windows\system32\CmdLineExt.dll
2008-11-10 17:30 --------- dc-h–r c:\documents and settings\user\Dane aplikacji\SecuROM
2008-11-01 14:52 --------- dc----w c:\program files\Mahjong World
2008-10-24 11:10 453,632 -c–a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01 283,648 -c–a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 -c–a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 -c–a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 -c–a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 -c–a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 -c–a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 -c–a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 -c–a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 -c–a-w c:\windows\system32\wups.dll
2008-10-03 10:17 247,326 -c–a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 -c–a-w c:\windows\system32\msxml4.dll
2008-09-15 15:40 1,846,272 -c–a-w c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-03 15360]
“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2006-02-17 2396160]
“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2004-10-13 1694208]
“SpybotSD TeaTimer”=“c:\program files\Spybot - Search Destroy\TeaTimer.exe” [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-12-05 8523776]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-12-05 81920]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-11 49152]
“RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 32768]
“CoolSwitch”=“c:\windows\system32\taskswitch.exe” [2002-03-19 45632]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2008-08-04 36352]
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 132496]
“QuickTime Task”=“c:\windows\system32\qttask.exe” [2008-03-03 98304]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-07-19 78008]
“SoundMan”=“SOUNDMAN.EXE” [2005-10-24 c:\windows\soundman.exe]
“nwiz”=“nwiz.exe” [2007-12-05 c:\windows\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“Malwarebytes’ Anti-Malware”=“c:\program files\Malwarebytes’ Anti-Malware\mbamgui.exe” [2008-12-03 399504]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-03 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-09 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.sl_anet”= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
“vidc.divx”= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll
“vidc.iyuv”= c:\progra~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
“vidc.yvu9”= c:\progra~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
“vidc.uyvy”= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.yuy2”= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“vidc.yvyu”= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
“msacm.msaudio1”= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
“vidc.mpng”= c:\program files\t@b\0.958\686\tabdec.dll
“vidc.mvjp”= c:\program files\t@b\0.958\686\tabdec.dll
“vidc.444p”= c:\program files\t@b\0.958\686\tabdec.dll
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Gadu-Gadu\gg.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=
“c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“d:\DC++\DCPlusPlus.exe”=
“c:\Program Files\eMule\emule.exe”=
“e:\Program Files\BearShare\BearShare.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“e:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe”=
“c:\Program Files\Winamp Remote\bin\OrbTray.exe”=
“c:\Program Files\Lphant\eLePhantClient.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“9381:TCP”= 9381:TCP:BitComet 9381 TCP
“9381:UDP”= 9381:UDP:BitComet 9381 UDP
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-13 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-17 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-17 20560]
S3 CrystalSysInfo;CrystalSysInfo;??\c:\program files\MediaCoder\SysInfo.sys []
*Newly Created Service* - PAVBOOT
*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.bearshare.com/pl
IE: Eksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {455F671D-C451-4E5A-B08C-6A0AB01AA744} = 10.6.20.1 10.6.210.1
c:\windows\system32\ArcaMicroScanUpdater.exe - c:\windows\system32\ArcaOnlineUninstall.exe
c:\windows\system32\ArcaOnline.dll
O16 -: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D}
hxxp://arcaonline.arcabit.com/ArcaOnline.cab
c:\windows\Downloaded Program Files\ArcaOnline.inf
c:\windows\system32\SkanerOnlineUninstall.exe - c:\windows\system32\SkanerOnline.dll
O16 -: {68282C51-9459-467B-95BF-3C0E89627E55}
hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
c:\windows\Downloaded Program Files\SkanerOnline.inf
FF - ProfilePath - c:\documents and settings\Strzykała\Dane aplikacji\Mozilla\Firefox\Profiles\a65dxqim.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 20:03:55
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-12-14 20:04:40
ComboFix-quarantined-files.txt 2008-12-14 19:04:24
Przed: 21 710 471 168 bajtów wolnych
Po: 21,948,235,776 bajtów wolnych
179 — E O F — 2008-12-10 21:45:13
Czy wynika z niego że jest jakieś zagrożenie??
Przeskanowałem Malwarebytes’ Anti-Malware i nic z tego co pokazywało mi się na stronie na odnalazłem.