Log z combofix po walce z pagefile.sys.vbc

magdalene · 19 Październik 2007 19:37

Bardzo proszę o sprawdzenie

ComboFix 07-10-17.8@ - ACER 2007-10-19 21:25:36.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.166 [GMT 2:00] Running from: C:\Documents and Settings\ACER\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32_000003_.tmp.dll C:\WINDOWS\system32_000006_.tmp.dll C:\WINDOWS\system32_000007_.tmp.dll C:\WINDOWS\system32_000008_.tmp.dll C:\WINDOWS\system32_000009_.tmp.dll C:\WINDOWS\system32_000010_.tmp.dll C:\WINDOWS\system32_000011_.tmp.dll C:\WINDOWS\system32_000012_.tmp.dll C:\WINDOWS\system32_000015_.tmp.dll C:\WINDOWS\system32_000016_.tmp.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-09-19 to 2007-10-19 ))))))))))))))))))))))))))))))) . 2007-10-19 21:24 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-19 21:16 1,156 --a------ C:\WINDOWS\mozver.dat 2007-10-19 21:13 2007-10-19 21:11 2007-10-19 21:06 2007-10-19 21:03 2007-10-19 21:03 2007-10-19 21:03 2007-10-19 21:03 2007-10-19 20:59 2007-10-19 20:56 2007-10-19 20:56 2007-10-19 20:55 2007-10-19 20:54 2007-10-19 20:54 2007-10-19 20:54 2007-10-19 20:40 2007-10-19 20:40 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-10-19 20:35 2007-10-19 20:34 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-19 20:30 2007-10-19 20:29 2007-10-19 20:29 2007-10-19 20:25 2007-10-19 20:25 2007-10-19 20:25 2007-10-19 20:23 2007-10-19 20:23 2007-10-19 20:23 2007-10-19 20:23 2007-10-19 20:23 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-10-19 20:22 2007-10-19 20:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-10-19 20:22 740,442 --a------ C:\WINDOWS\system32\divx.dll 2007-10-19 20:22 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-10-19 20:22 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-10-19 20:22 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-10-19 20:22 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-10-19 20:22 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-10-19 20:17 2007-10-19 20:17 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-10-19 20:17 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-10-19 20:17 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-19 20:17 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-19 20:17 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-19 20:17 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-19 20:17 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-19 14:56 2007-10-19 14:55 2007-10-19 14:55 2007-10-19 14:55 245,760 --a------ C:\WINDOWS\system32\Check.exe 2007-10-19 14:54 2007-10-19 14:54 2007-10-19 14:54 2007-10-19 14:54 2007-10-19 14:54 2007-10-19 14:54 2007-10-19 14:54 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-08-22 13:19 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll 2007-08-22 13:19 661,504 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-22 13:19 616,448 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-22 13:19 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-22 13:19 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-22 13:19 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-08-22 13:19 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-22 13:19 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-22 13:19 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-08-22 13:19 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-22 13:19 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-08-22 13:19 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-22 13:19 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-22 13:19 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-08-22 13:19 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-22 13:19 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-08-22 13:19 1,055,744 ----a-w C:\WINDOWS\system32\dllcache\danim.dll 2007-08-22 13:19 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll 2007-08-21 10:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “preload”=“C:\Windows\RUNXMLPL.exe” [2005-05-19 17:09] “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-01-23 10:36] “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2005-01-23 10:31] “SoundMan”=“SOUNDMAN.EXE” [2005-04-15 11:01 C:\WINDOWS\SOUNDMAN.EXE] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2005-02-04 11:12] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-02-04 11:11] “LaunchAp”=“C:\Program Files\Launch Manager\LaunchAp.exe” [2005-03-30 15:29] “PowerKey”=“C:\Program Files\Launch Manager\PowerKey.exe” [2002-08-30 15:02] “LManager”=“C:\Program Files\Launch Manager\HotkeyApp.exe” [2005-06-06 11:52] “CtrlVol”=“C:\Program Files\Launch Manager\CtrlVol.exe” [2003-09-16 14:28] “LMgrOSD”=“C:\Program Files\Launch Manager\OSDCtrl.exe” [2005-06-06 14:18] “Wbutton”=“C:\Program Files\Launch Manager\Wbutton.exe” [2005-06-21 11:51] “IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [2004-08-04 16:00] “MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” [2004-08-04 16:00] “PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-04 16:00] “PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe” [2004-08-04 16:00] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-07-15 01:07] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] “{0228e555-4f9c-4e35-a3ec-b109a192b4c2}”=“C:\Program Files\Google\Gmail Notifier\gnotify.exe” [2005-07-15 23:48] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “Device Detector”=“DevDetect.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 16:00] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-11-24 15:38] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-08-17 03:45] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56] R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys R2 EpmPsd;Acer EPM Power Scheme Driver;??\C:\WINDOWS\system32\drivers\epm-psd.sys R2 EpmShd;Acer EPM System Hardware Driver;??\C:\WINDOWS\system32\drivers\epm-shd.sys R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs R3 POWERKEY;POWERKEY;??\C:\Program Files\Launch Manager\POWERKEY.sys S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the ‘Scheduled Tasks’ folder “2007-10-19 18:23:54 C:\WINDOWS\Tasks\1-Click Maintenance.job” - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-19 21:28:06 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-19 21:29:30 - machine was rebooted . — E O F —

// Poprawiłem Twój post - dodałem tagi quote.

Kaka’

jessica · 20 Październik 2007 07:47

Log wygląda OK!

jessi

magdalene · 20 Październik 2007 11:36

Dzięki wielkie I za poprawę postu i za przejrzenie loga :).