ComboFix-Proszę o sprawdzenie czy nie ma syfu

Dla specjalistów Bezpieczeństwo
#1

ComboFix 07-11-01.1** - WIŚLAK1988 2007-11-03 12:35:48.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1645 [GMT 1:00]

Running from: C:\Documents and Settings\WIŚLAK1988\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\setup.exe

C:\WINDOWS\hosts

.

((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))

.

2007-11-03 12:35 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-11-03 09:14

2007-11-03 08:59

2007-11-02 16:10 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2007-11-02 16:10 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2007-11-02 16:10 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2007-11-02 16:10 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll

2007-11-02 16:10 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2007-11-02 16:02

2007-11-02 16:02

2007-11-02 16:02

2007-11-02 14:39

2007-11-02 10:52

2007-11-01 17:33

2007-11-01 17:33

2007-11-01 10:27

2007-10-31 16:09

2007-10-31 15:53

2007-10-30 11:22 90,112 --a------ C:\WINDOWS\system32\RegDACL.exe

2007-10-30 11:22 53,248 --a------ C:\WINDOWS\system32\process.exe

2007-10-30 11:22 8,925 --a------ C:\clean.bat

2007-10-30 11:22 4,096 --a------ C:\WINDOWS\system32\reboot.exe

2007-10-30 11:22 347 --a------ C:\run2.reg

2007-10-28 17:00

2007-10-24 10:04

2007-10-22 16:59

2007-10-22 16:48

2007-10-22 16:48

2007-10-22 15:07

2007-10-22 14:11

2007-10-22 14:11

2007-10-21 15:11

2007-10-19 15:01

2007-10-19 15:01

2007-10-18 13:07

2007-10-18 13:07

2007-10-17 15:27

2007-10-16 15:45

2007-10-16 15:16

2007-10-16 15:16

2007-10-16 14:35

2007-10-15 13:26 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll

2007-10-14 16:08

2007-10-14 13:09

2007-10-12 14:01

2007-10-12 14:01

2007-10-11 15:30

2007-10-11 06:30 81,797,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2007-10-11 06:28

2007-10-11 06:28

2007-10-11 06:28 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2007-10-11 06:28 4,212 —h----- C:\WINDOWS\system32\zllictbl.dat

2007-10-11 06:26

2007-10-05 06:56 33,792 --a–c— C:\WINDOWS\system32\dllcache\custsat.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-03 10:34 959,816 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2007-11-02 19:11 --------- d-----w C:\Program Files\Google

2007-11-02 15:14 --------- d-----w C:\Documents and Settings\WIŚLAK1988\Dane aplikacji\Sports Interactive

2007-11-01 09:30 --------- d-----w C:\Documents and Settings\WIŚLAK1988\Dane aplikacji\Skype

2007-10-30 17:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search & Destroy

2007-10-27 11:29 --------- d-----w C:\Program Files\Trend Micro

2007-10-26 15:20 --------- d-----w C:\Program Files\Common Files\Teleca Shared

2007-10-26 09:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-10-25 15:50 --------- d-----w C:\Program Files\PopCap Games

2007-10-22 15:59 --------- d-----w C:\Documents and Settings\WIŚLAK1988\Dane aplikacji\Lavasoft

2007-10-21 15:05 --------- d-----w C:\Program Files\Gadu-Gadu

2007-10-18 16:45 --------- d—a-w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP

2007-10-15 11:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\F-Secure

2007-10-14 15:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-10-14 15:18 --------- d-----w C:\Documents and Settings\WIŚLAK1988\Dane aplikacji\uTorrent

2007-10-08 11:00 392 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err

2007-09-29 09:01 47,312 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys

2007-09-27 15:42 --------- d-----w C:\Program Files\SkanerOnline

2007-09-22 15:31 --------- d-----w C:\Program Files\Ares

2007-09-18 16:51 --------- d-----w C:\Documents and Settings\WIŚLAK1988\Dane aplikacji\PCToolsFirewallPlus

2007-09-18 15:10 --------- d-----w C:\Program Files\Microsoft.NET

2007-09-15 09:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\NVIDIA

2007-09-07 11:23 --------- d-----w C:\Documents and Settings\WIŚLAK1988\Dane aplikacji\LimeWire

2007-09-07 11:17 --------- d-----w C:\Program Files\Java

2007-09-07 11:15 --------- d-----w C:\Program Files\Common Files\Java

2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-19 16:09 319 ----a-w C:\drmHeader.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-08-11 14:43]

“nwiz”=“nwiz.exe” [2006-08-11 14:43 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-08-11 14:43]

“SkyTel”=“SkyTel.EXE” [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]

“RTHDCPL”=“RTHDCPL.EXE” [2007-01-30 11:54 C:\WINDOWS\RTHDCPL.exe]

“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2007-10-19 15:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2006-11-16 18:04]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\

Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38]

R2 PCC_PFW;PC-Cillin Personal Firewall;C:\WINDOWS\system32\Drivers\PCC_PFW.sys

S3 gdrv;gdrv;??\C:\WINDOWS\gdrv.sys

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-03 12:36:42

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-03 12:37:04

.

— E O F —

Złączono Posta : 03.11.2007 (Sob) 12:57

zauwazylem ze jest tu sporo wpisow programow ktore kiedys mialem to jak je usunac?np.

2007-10-22 16:48

2007-10-22 16:48

2007-10-18 13:07

2007-10-18 13:07

2007-10-17 15:27

2007-10-14 13:09

#2

Log jest czysty.

Jeśli te programy odinstalowałeś, to dlaczego się uruchamiają te foldery.

Po prostu usuń ręcznie te puste foldery, skoro odinstalowałeś te programy.

jessi

#3

czyli te foldery moge usunac???

2007-11-03 10:34 959,816 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2007-11-02 19:11 --------- d-----w C:\Program Files\Google

2007-11-02 15:14 --------- d-----w C:\Documents and Settings\WIŚLAK1988\Dane aplikacji\Sports Interactive

2007-11-01 09:30 --------- d-----w C:\Documents and Settings\WIŚLAK1988\Dane aplikacji\Skype

2007-10-30 17:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Spybot - Search & Destroy

2007-10-27 11:29 --------- d-----w C:\Program Files\Trend Micro

2007-10-26 15:20 --------- d-----w C:\Program Files\Common Files\Teleca Shared

2007-10-26 09:49 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-10-25 15:50 --------- d-----w C:\Program Files\PopCap Games

2007-10-22 15:59 --------- d-----w C:\Documents and Settings\WIŚLAK1988\Dane aplikacji\Lavasoft

2007-10-21 15:05 --------- d-----w C:\Program Files\Gadu-Gadu

2007-10-18 16:45 --------- d—a-w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP

2007-10-15 11:07 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\F-Secure

2007-10-14 15:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-10-14 15:18 --------- d-----w C:\Documents and Settings\WIŚLAK1988\Dane aplikacji\uTorrent

2007-10-08 11:00 392 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err

2007-09-29 09:01 47,312 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys

2007-09-27 15:42 --------- d-----w C:\Program Files\SkanerOnline

2007-09-22 15:31 --------- d-----w C:\Program Files\Ares

2007-09-18 16:51 --------- d-----w C:\Documents and Settings\WIŚLAK1988\Dane aplikacji\PCToolsFirewallPlus

2007-09-18 15:10 --------- d-----w C:\Program Files\Microsoft.NET

2007-09-15 09:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\NVIDIA

2007-09-07 11:23 --------- d-----w C:\Documents and Settings\WIŚLAK1988\Dane aplikacji\LimeWire

2007-09-07 11:17 --------- d-----w C:\Program Files\Java

2007-09-07 11:15 --------- d-----w C:\Program Files\Common Files\Java

2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-08-19 16:09 319 ----a-w C:\drmHeader.bin

#4

Tak, możesz usunąć, ale tylko te foldery, które pozostały po odinstalowaniu programów.

jessi