Log HijackThis proszę o sprawdzenie


(Hihi19100) #1

Witam proszę o sprawdzenie mojego loga.

http://www.wklejto.pl/8899

z Góry dziękuję.


(Kambor4) #2

Log wygląda na czysty.

Daj log z -----> ComboFix (niżej na stronie linku).

==================

K.


(Hihi19100) #3

Oto log z Combofixa. coś nie chce mi się załadować wklejto.pl :confused:

ComboFix 08-08-26.03 - Damian 2008-08-27 16:08:40.4 - FAT32 x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1712 [GMT 2:00]

Running from: C:\Documents and Settings\Damian\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))

.

2008-08-26 17:07 . 2008-08-26 17:07

2008-08-26 14:35 . 2008-07-16 09:57 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys

2008-08-26 14:35 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys

2008-08-21 10:46 . 2008-08-21 10:46

2008-08-21 10:03 . 2008-08-21 10:03

2008-08-20 16:13 . 2008-08-20 16:18 160 --a------ C:\WINDOWS\mafosav.INI

2008-08-20 14:21 . 2008-08-20 14:21 171,520 --a------ C:\WINDOWS\system32\cncs32.dll

2008-08-19 17:16 . 2008-08-19 17:16

2008-08-19 17:15 . 2008-08-19 17:15

2008-08-19 17:12 . 2008-08-19 17:13

2008-08-19 17:12 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCEE.DLL

2008-08-19 17:12 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCEE.DLL

2008-08-19 17:12 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL

2008-08-19 17:12 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-08-19 17:12 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys

2008-08-19 17:12 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-08-19 17:12 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys

2008-08-19 17:11 . 2008-08-19 17:11

2008-08-19 17:11 . 2007-04-18 00:00 67,072 --a------ C:\WINDOWS\system32\escwiad.dll

2008-08-19 17:11 . 2008-08-19 17:11 26 --a------ C:\WINDOWS\CDEDX8400EXPORT.ini

2008-08-19 15:19 . 2008-08-19 15:19

2008-08-19 12:12 . 2008-08-19 12:12

2008-08-19 12:12 . 2008-08-19 12:12

2008-08-19 11:08 . 2008-08-19 11:08

2008-08-19 11:08 . 2008-08-19 11:08 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-08-19 11:07 . 2008-08-19 11:07

2008-08-19 11:07 . 2008-08-19 11:07

2008-08-19 11:07 . 2008-08-19 11:07

2008-08-19 11:07 . 2008-08-19 11:07

2008-08-19 09:46 . 2008-08-19 09:46

2008-08-18 21:07 . 2008-08-18 21:07

2008-08-18 19:28 . 2008-08-18 19:28

2008-08-18 19:25 . 2008-08-18 19:25

2008-08-18 19:18 . 2008-08-18 19:18 0 --a------ C:\WINDOWS\nsreg.dat

2008-08-18 19:14 . 2008-08-18 19:14

2008-08-18 18:48 . 2008-08-18 18:48

2008-08-18 18:48 . 2008-08-18 18:48

2008-08-18 18:48 . 2006-08-14 07:09 83,200 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys

2008-08-18 18:46 . 2008-08-18 18:46

2008-08-18 18:46 . 2008-08-18 18:46 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-08-18 18:46 . 2008-08-18 18:46 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-08-18 18:45 . 2008-08-18 18:45

2008-08-18 18:45 . 2008-08-18 18:45

2008-08-18 18:45 . 2006-08-01 09:02 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe

2008-08-18 18:43 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-18 18:40 . 2008-08-18 18:40

2008-08-18 18:36 . 2008-08-18 18:37 127,254 --a------ C:\WINDOWS\system32\nvapps.xml

2008-08-18 18:35 . 2008-08-18 18:35

2008-08-18 18:35 . 2007-06-28 18:43 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-08-18 18:35 . 2007-06-28 18:43 17,463 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-18 18:34 . 2008-08-18 18:34

2008-08-18 18:34 . 2007-06-29 01:54 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-16 11:28 --------- d-----w C:\Program Files\microsoft frontpage

2008-08-16 11:26 --------- d-----w C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]

"Komunikator"="F:\Tlen\tlen.exe" [2008-01-15 17:09 6290944]

"EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 08:00 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]

"WinampAgent"="F:\Winamp\winampa.exe" [2008-08-04 01:02 36352]

"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= d:\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\WINDOWS\system32\sessmgr.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-07-16 09:57]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]

S2 SbPF.Launcher;SbPF.Launcher;F:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe []

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Damian\Dane aplikacji\Mozilla\Firefox\Profiles\amskvsx4.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pl

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-27 16:09:31

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-27 16:09:49

ComboFix-quarantined-files.txt 2008-08-27 14:09:48

Pre-Run: 16,225,435,648 bajtów wolnych

Post-Run: 16,233,988,096 bajtów wolnych

117


(huber2t) #4

W logu nic nie widzę

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!


(Monczkin) #5

smiley , popraw tytuł tematu oraz posta z logiem, inaczej wyciągnę konsekwencje.

viewtopic.php?f=16&t=66889

viewtopic.php?f=16&t=253052