Log combofix proszę o sprawdzenie


(Msimin) #1

Witam,

coś mi się zaczął laptop przycinać, a nie było tego wcześniej, oto dzisiejszy log, proszę o sprawdzenie.

ComboFix 09-09-17.04 - Michał 2009-09-18 20:02.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2046.1239 [GMT 2:00]

Uruchomiony z: e:\download\ComboFix.exe

SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\$recycle.bin\S-1-5-21-611559869-920762673-1300272416-500

c:\program files\pdfforge Toolbar\SearchSettings.dll

c:\users\Michał\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

c:\users\Michał\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe

c:\windows\system32\acovcnt.exe


.

((((((((((((((((((((((((( Pliki utworzone od 2009-08-18 do 2009-09-18 )))))))))))))))))))))))))))))))

.


2009-09-18 18:26 . 2009-09-18 18:26	--------	d-----w-	c:\users\Default\AppData\Local\temp

2009-09-09 13:13 . 2009-09-09 13:13	--------	d-----w-	c:\program files\Common Files\NSV

2009-08-24 19:52 . 2009-08-24 19:52	--------	d-----w-	c:\windows\Sun

2009-08-21 16:08 . 2009-08-30 15:24	--------	d-----w-	C:\SPDISK


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-18 18:25 . 2009-08-03 17:03	--------	d-----w-	c:\program files\pdfforge Toolbar

2009-09-18 17:37 . 2007-04-20 07:29	662056	----a-w-	c:\windows\system32\perfh015.dat

2009-09-18 17:37 . 2007-04-20 07:29	126908	----a-w-	c:\windows\system32\perfc015.dat

2009-09-18 17:12 . 2009-08-01 05:28	20	---h--w-	c:\programdata\PKP_DLdw.DAT

2009-09-17 22:11 . 2007-04-20 06:34	12	----a-w-	c:\windows\bthservsdp.dat

2009-09-14 18:56 . 2009-08-01 05:21	20	---h--w-	c:\programdata\PKP_DLdu.DAT

2009-09-10 19:26 . 2009-07-31 21:43	--------	d-----w-	c:\program files\Nowe Gadu-Gadu

2009-09-07 19:30 . 2009-08-06 19:56	73216	----a-w-	c:\windows\ST6UNST.EXE

2009-08-10 19:19 . 2009-08-10 19:19	--------	d-----w-	c:\programdata\LightScribe

2009-08-03 15:47 . 2009-08-01 01:45	--------	d-----w-	c:\program files\Common Files\Symantec Shared

2009-08-03 15:36 . 2009-08-03 15:36	--------	d-----w-	c:\program files\ESET

2009-08-03 15:34 . 2009-08-01 01:45	--------	d-----w-	c:\programdata\Symantec

2009-08-02 20:13 . 2009-07-31 21:44	--------	d-----w-	c:\programdata\Spybot - Search & Destroy

2009-08-02 19:44 . 2009-07-31 21:44	--------	d-----w-	c:\program files\Spybot - Search & Destroy

2009-08-02 18:52 . 2009-07-31 21:40	--------	d-----r-	c:\program files\Skype

2009-08-02 18:51 . 2009-08-02 18:45	--------	d-----w-	c:\programdata\NOS

2009-08-02 18:51 . 2009-08-02 18:45	--------	d-----w-	c:\program files\NOS

2009-08-02 18:46 . 2009-07-31 21:55	--------	d-----w-	c:\program files\Common Files\Adobe

2009-08-02 18:40 . 2009-08-02 18:40	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-08-02 09:37 . 2009-08-02 09:37	119280	---ha-w-	c:\windows\system32\mlfcache.dat

2009-08-02 06:52 . 2009-08-02 06:52	--------	d-----w-	c:\programdata\FLEXnet

2009-08-02 06:46 . 2009-08-02 06:46	--------	d-----w-	c:\program files\Bonjour

2009-08-02 06:34 . 2009-08-02 06:34	--------	d-----w-	c:\program files\Common Files\Macrovision Shared

2009-08-01 18:37 . 2009-08-01 05:19	--------	d-----w-	c:\program files\Common Files\Nikon

2009-08-01 18:36 . 2009-08-01 18:36	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-08-01 05:28 . 2009-08-01 05:28	--------	d-----w-	c:\programdata\Documentation

2009-08-01 05:28 . 2009-08-01 05:21	--------	d-----w-	c:\programdata\Ultima_T15

2009-08-01 05:28 . 2009-08-01 05:21	--------	d-----w-	c:\programdata\EnterNHelp

2009-08-01 05:22 . 2009-08-01 05:22	--------	d-----w-	c:\program files\Common Files\muvee Technologies

2009-08-01 05:22 . 2009-08-01 05:22	--------	d-----w-	c:\programdata\Nikon

2009-08-01 05:21 . 2009-08-01 05:21	--------	d-----w-	c:\programdata\Database

2009-08-01 05:19 . 2009-08-01 01:42	--------	d-----w-	c:\program files\Common Files\InstallShield

2009-08-01 05:17 . 2009-08-01 05:17	--------	d-----w-	c:\program files\Common Files\LightScribe

2009-08-01 05:15 . 2009-08-01 05:14	--------	d-----w-	c:\program files\Common Files\Ahead

2009-08-01 05:14 . 2009-08-01 05:14	--------	d-----w-	c:\programdata\Nero

2009-08-01 02:23 . 2009-08-01 02:23	--------	d-----w-	c:\program files\CSR

2009-08-01 02:21 . 2009-08-01 02:21	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

2009-08-01 02:21 . 2009-08-01 02:21	--------	d-----w-	c:\program files\Synaptics

2009-08-01 02:19 . 2009-08-01 02:19	--------	d-----w-	c:\programdata\P4G

2009-08-01 02:19 . 2009-08-01 02:19	--------	d-----w-	c:\program files\P4G

2009-08-01 02:17 . 2009-08-01 01:39	--------	d-----w-	c:\program files\Intel

2009-08-01 02:09 . 2009-08-01 02:09	--------	d-----w-	c:\program files\Attansic

2009-08-01 01:58 . 2009-08-01 01:58	--------	d-----w-	c:\programdata\ASUS

2009-08-01 01:57 . 2009-08-01 01:57	--------	d-----w-	c:\programdata\Roaming

2009-08-01 01:57 . 2009-08-01 01:57	56	----a-w-	c:\windows\system32\IHV_Install.bat

2009-08-01 01:57 . 2009-08-01 01:57	--------	d-----w-	c:\programdata\Intel

2009-08-01 01:55 . 2009-08-01 01:55	--------	d-----w-	c:\program files\Wireless Console 2

2009-08-01 01:54 . 2009-08-01 01:54	--------	d-----w-	c:\program files\Fingerprint Sensor

2009-08-01 01:45 . 2009-08-01 01:45	--------	d-----w-	c:\program files\ATKOSD2

2009-08-01 01:44 . 2009-08-01 01:44	--------	d-----w-	c:\program files\ATKGFNEX

2009-08-01 01:44 . 2009-08-01 01:44	--------	d-----w-	c:\program files\ATK Hotkey

2009-08-01 01:42 . 2009-08-01 01:42	319456	----a-w-	c:\windows\DIFxAPI.dll

2009-08-01 01:42 . 2009-08-01 01:42	--------	d-----w-	c:\program files\Realtek

2009-08-01 01:42 . 2009-08-01 01:42	315392	----a-w-	c:\windows\HideWin.exe

2009-08-01 01:34 . 2009-08-01 01:34	--------	d-----w-	c:\program files\Motorola

2009-07-31 22:31 . 2009-07-31 22:26	--------	d-----w-	c:\programdata\Autodesk

2009-07-31 22:30 . 2009-07-31 22:25	--------	d-----w-	c:\program files\Common Files\Autodesk Shared

2009-07-31 22:29 . 2009-07-31 22:28	--------	d-----w-	c:\program files\AnswerWorks 4.0

2009-07-31 22:25 . 2009-07-31 22:25	--------	d-----w-	c:\program files\Autodesk

2009-07-31 22:21 . 2009-07-31 22:21	--------	d-----w-	c:\programdata\DAEMON Tools Lite

2009-07-31 22:21 . 2009-07-31 22:21	--------	d-----w-	c:\program files\DAEMON Tools Toolbar

2009-07-31 22:17 . 2009-07-31 22:11	721904	----a-w-	c:\windows\system32\drivers\sptd.sys

2009-07-31 21:52 . 2009-07-31 21:52	--------	d-----w-	c:\program files\Google

2009-07-31 21:50 . 2009-07-31 21:50	--------	d-----w-	c:\program files\Common Files\PX Storage Engine

2009-07-31 21:48 . 2009-07-31 21:48	--------	d-----w-	c:\program files\VideoLAN

2009-07-31 21:41 . 2009-07-31 21:41	56	---ha-w-	c:\windows\system32\ezsidmv.dat

2009-07-31 21:40 . 2009-07-31 21:40	--------	d-----w-	c:\program files\Common Files\Skype

2009-07-31 21:40 . 2009-07-31 21:40	--------	d-----w-	c:\programdata\Skype

2009-07-31 21:34 . 2009-07-31 21:34	410984	----a-w-	c:\windows\system32\deploytk.dll

2009-07-31 21:33 . 2009-07-31 21:33	--------	d-----w-	c:\program files\Java

2009-07-31 21:30 . 2009-07-31 21:30	--------	d-----w-	c:\program files\Common Files\DivX Shared

2009-07-31 21:27 . 2009-07-31 21:27	--------	d-----w-	c:\program files\AC3Filter

2009-07-31 20:43 . 2009-08-01 02:22	--------	d-----w-	c:\program files\PowerForPhone

2009-07-31 20:43 . 2009-08-01 01:42	--------	d--h--w-	c:\program files\InstallShield Installation Information

2009-07-31 20:34 . 2009-08-01 01:52	--------	d-----w-	c:\program files\ASUS

2009-07-31 20:28 . 2009-07-31 20:28	0	----a-w-	c:\windows\nsreg.dat

2009-07-31 20:22 . 2009-07-31 20:22	260	----a-w-	C:\SPCSqmDataReview.dat

2009-07-31 20:08 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar

2009-07-31 20:08 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail

2009-07-31 20:08 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar

2009-07-31 20:08 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal

2009-07-31 20:08 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration

2009-07-31 20:08 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery

2009-07-31 19:41 . 2009-07-31 19:41	546	----a-w-	c:\windows\system32\ABF3Sv.DAT

2009-07-31 19:34 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender

2009-07-31 19:16 . 2006-11-02 10:32	101888	----a-w-	c:\windows\system32\ifxcardm.dll

2009-07-31 19:16 . 2006-11-02 10:32	82432	----a-w-	c:\windows\system32\axaltocm.dll

2009-07-31 18:36 . 2009-07-31 18:36	0	----a-w-	c:\windows\system32\drivers\1043_ASUSTeK_F3Sv.alu

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]

2009-06-25 13:06	688640	----a-w-	c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-06-25 688640]


[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]

"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"


[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Eksplorator.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Eksplorator.lnk

backup=c:\windows\pss\Eksplorator.lnk.CommonStartup

backupExtension=.CommonStartup


[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup


[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Przyspieszenie uruchomienia programu AutoCAD.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Przyspieszenie uruchomienia programu AutoCAD.lnk

backup=c:\windows\pss\Przyspieszenie uruchomienia programu AutoCAD.lnk.CommonStartup

backupExtension=.CommonStartup


[HKLM\~\startupfolder\C:^Users^Michał^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]

path=c:\users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk

backup=c:\windows\pss\Nikon Monitor.lnk.Startup

backupExtension=.Startup


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{2E920D25-3918-431B-9DB7-284B90814EC8}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{5C1E07B4-FF14-4499-86C4-1E0808FD910C}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"UDP Query User{B5B8AA38-130A-44D9-8B5E-D5C8F9449A88}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

"TCP Query User{0060B5C8-F8F9-404C-B313-8271FA48A6CA}d:\\program files\\winamp\\winamp.exe"= UDP:d:\program files\winamp\winamp.exe:Winamp

"UDP Query User{93137A50-6ECD-421E-9248-5E2D5E3DDE26}d:\\program files\\winamp\\winamp.exe"= TCP:d:\program files\winamp\winamp.exe:Winamp

"TCP Query User{32CD436D-7DAB-4101-BC08-32A898BC0027}d:\\program files\\miranda im\\miranda32.exe"= UDP:d:\program files\miranda im\miranda32.exe:Miranda IM

"UDP Query User{0EFB3223-A3E0-451E-8B7C-7C5A7D41572F}d:\\program files\\miranda im\\miranda32.exe"= TCP:d:\program files\miranda im\miranda32.exe:Miranda IM

"TCP Query User{7C5F2DD1-482B-4AE8-8CF6-D6808A2E6A47}d:\\program files\\wapster\\wapster aqq\\aqq.exe"= UDP:d:\program files\wapster\wapster aqq\aqq.exe:AQQ Communicator

"UDP Query User{B0886282-4237-4B9E-ABC1-85E99F28E16E}d:\\program files\\wapster\\wapster aqq\\aqq.exe"= TCP:d:\program files\wapster\wapster aqq\aqq.exe:AQQ Communicator


R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [2009-08-01 208896]

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2009-05-14 107256]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]

R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [2009-05-14 93312]

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2009-08-01 24576]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2009-08-01 48128]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [2009-08-01 1260672]

S4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-07-31 1153368]


--- Inne Usługi/Sterowniki w Pamięci ---


*NewlyCreated* - EKRN


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs	REG_MULTI_SZ BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.asus.com

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&ksport do programu Microsoft Excel - d:\progra~1\Office10\EXCEL.EXE/3000

TCP: {7291504B-5F78-4641-B0A6-16F762B6C611} = 217.30.129.149,217.30.137.200

FF - ProfilePath - c:\users\Michał\AppData\Roaming\Mozilla\Firefox\Profiles\tow0v41p.default\

FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll

.

- - - - USUNIĘTO PUSTE WPISY - - - -


AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe




**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-18 20:28

Windows 6.0.6002 Service Pack 2, v.113 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Czas ukończenia: 2009-09-18 20:30

ComboFix-quarantined-files.txt 2009-09-18 18:30


Przed: 7 397 023 744 bajtów wolnych

Po: 7 799 169 024 bajtów wolnych


219	--- E O F ---	2009-07-31 22:05

(deFco247) #2

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link.

Log wygląda na czysty.

Odinstaluj pdfforge Toolbar.

Start -> Uruchom... -> Combofix /u

Wyczyść rejestr i dysk CCleaner.

Wykonaj pełny skan Malwarebytes' Anti-Malware - znalezione obiekty usuń.

Gdy będą wirusy pokaż raport.


(Asterisk) #3

Zapoznaj się proszę z tą stroną i zmień tytuł na

konkretny. Inaczej temat poleci do śmietnika.


(Golden Finger) #4

Przeniesiony z Problemy :arrow: Bezpieczeństwo i logi HijackThis