Proszę o profilaktyczne sprawdzenie loga


(Milland) #1

ComboFix 08-05-24.1 - RAV 2008-05-25 15:15:30.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.79 [GMT 2:00]

Running from: D:\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))

.

2008-05-24 22:11 . 2008-05-24 22:14

2008-05-24 22:08 . 2008-05-24 22:08

2008-05-24 21:04 . 2008-05-24 21:04

2008-05-24 20:01 . 2007-06-26 16:17 87,504 --a------ C:\WINDOWS\system32\drivers\csfpc.sys

2008-05-24 20:00 . 2008-05-24 20:23

2008-05-24 20:00 . 2008-05-24 20:00

2008-05-24 20:00 . 2000-11-18 15:22 91,648 --a------ C:\WINDOWS\e4msetup.exe

2008-05-24 19:57 . 2008-05-24 21:11

2008-05-24 19:47 . 2008-05-24 19:50

2008-05-24 18:39 . 2008-05-24 20:20

2008-05-24 17:36 . 2008-05-24 18:36

2008-05-24 17:02 . 2008-05-24 17:02

2008-05-24 16:59 . 2008-05-24 16:59

2008-05-24 16:57 . 2008-05-24 17:39

2008-05-24 16:28 . 2008-05-24 16:28 79 --a------ C:\WINDOWS\AllDone.bak

2008-05-24 14:37 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl

2008-05-24 13:52 . 2008-05-25 14:20 79 --a------ C:\WINDOWS\AllDone.ini

2008-05-23 17:26 . 2008-05-23 17:26

2008-05-23 15:51 . 2008-02-09 11:20 31,280 --a------ C:\WINDOWS\system32\rrMon.sys

2008-05-22 21:50 . 2008-05-22 21:50

2008-05-22 21:17 . 2007-10-07 11:27 1,077,344 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX

2008-05-22 21:17 . 2004-09-03 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX

2008-05-22 21:17 . 2007-10-07 11:27 10,752 --a------ C:\WINDOWS\system32\aamd532.dll

2008-05-22 21:10 . 2008-05-23 22:06

2008-05-22 17:44 . 2005-01-20 13:47 175,616 --a------ C:\WINDOWS\system32\strings.exe

2008-05-22 17:44 . 2005-01-13 21:41 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe

2008-05-22 17:44 . 2005-01-13 21:41 11,254 --a------ C:\WINDOWS\system32\locate.com

2008-05-22 16:40 . 2008-05-22 16:40

2008-05-21 21:18 . 2008-05-21 21:18 7,830 --a------ C:\sidekickFix.bat

2008-05-21 18:59 . 2008-05-21 18:59 2,801 --a------ C:\NAV.bfu

2008-05-21 16:55 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-05-21 16:55 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-05-21 16:55 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-05-21 16:55 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-05-21 16:55 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe

2008-05-21 16:55 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-05-21 16:55 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-05-21 16:55 . 2008-05-21 16:55 1,816 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-21 16:14 . 2008-05-21 16:14

2008-05-21 15:35 . 2008-05-22 15:17

2008-05-20 22:11 . 2008-05-20 22:11 371 --a------ C:\fixme.bfu

2008-05-20 22:06 . 2008-05-20 22:06 1,470 --a------ C:\sdbot.bfu

2008-05-20 20:02 . 2008-05-20 20:02

2008-05-19 21:36 . 2008-05-19 21:36

2008-05-19 18:41 . 2005-11-08 23:26 38,400 --a------ C:\WINDOWS\system32\moveex.exe

2008-05-19 18:41 . 2007-10-11 14:42 8,925 --a------ C:\clean.bat

2008-05-19 18:41 . 2007-10-11 08:55 347 --a------ C:\run2.reg

2008-05-19 18:00 . 2008-05-22 22:12 734 --a------ C:\WINDOWS\apps

2008-05-19 17:47 . 2008-05-19 18:43

2008-05-18 21:49 . 2008-05-22 18:35

2008-05-18 20:09 . 2008-05-18 20:09

2008-05-18 17:59 . 2008-05-18 17:59

2008-05-18 17:59 . 2008-05-18 17:59

2008-05-18 17:59 . 2008-05-18 17:59

2008-05-18 17:59 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-05-18 17:59 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-05-18 17:58 . 2008-05-18 17:58

2008-05-18 17:10 . 2008-05-24 14:02

2008-05-18 16:53 . 2008-05-18 16:53 90,112 --a------ C:\RegDACL.exe

2008-05-18 16:53 . 2008-05-18 16:53 53,248 --a------ C:\Process.exe

2008-05-18 16:53 . 2008-05-18 16:53 42,496 --a------ C:\swreg.exe

2008-05-18 16:53 . 2008-05-18 16:53 40,960 --a------ C:\swsc.exe

2008-05-18 16:53 . 2008-05-18 16:53 16,384 --a------ C:\restart.exe

2008-05-18 16:53 . 2008-05-18 16:53 16,235 --a------ C:\RegOwner_e.htm

2008-05-18 16:53 . 2008-05-18 16:53 4,175 --a------ C:\SMWNCV.cmd

2008-05-18 16:53 . 2008-05-18 16:53 4,096 --a------ C:\REBOOT.EXE

2008-05-18 16:51 . 2008-05-18 16:51

2008-05-18 16:51 . 2008-05-17 17:46 280,286 --a------ C:\win32delfkil.exe

2008-05-18 16:51 . 2008-05-18 16:51 90,112 --a------ C:\WINDOWS\system32\regdacl.exe

2008-05-18 16:51 . 2008-05-18 16:51 53,248 --a------ C:\WINDOWS\system32\process.exe

2008-05-18 16:51 . 2008-05-18 16:51 16,384 --a------ C:\WINDOWS\system32\restart.exe

2008-05-18 16:51 . 2008-05-18 16:51 4,096 --a------ C:\WINDOWS\system32\reboot.exe

2008-05-17 17:42 . 2008-05-17 17:43

2008-05-16 19:54 . 2008-05-23 21:37

2008-05-16 19:54 . 2008-05-16 19:54

2008-05-15 17:21 . 2008-05-14 20:31 392,201 --a------ C:\Silent Runners.vbs

2008-05-14 19:47 . 2008-05-14 19:47

2008-05-14 19:20 . 2008-05-14 19:20

2008-05-11 14:02 . 2008-05-11 14:02

2008-05-11 14:01 . 2008-05-11 14:02

2008-05-11 14:01 . 2008-05-11 14:02

2008-05-11 14:01 . 2008-05-11 14:01 3,567 --a------ C:\WINDOWS\system32\drivers\ptbtalk.sys

2008-05-09 16:50 . 2008-05-09 17:02

2008-05-09 16:48 . 2008-05-09 16:54

2008-05-09 15:43 . 2008-05-24 18:00

2008-05-08 17:56 . 2008-05-08 17:57

2008-05-07 17:56 . 2008-05-07 17:56

2008-05-07 17:32 . 2008-05-07 17:32

2008-05-07 17:32 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe

2008-05-07 17:10 . 2008-05-07 17:10

2008-05-06 20:46 . 2008-05-15 21:00 1,744 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-05-06 20:40 . 2008-05-06 20:42

2008-05-06 20:26 . 2008-05-09 17:05

2008-05-06 20:05 . 2008-05-06 20:05

2008-05-06 20:05 . 2008-05-06 20:06

2008-05-06 20:05 . 2008-05-06 20:05 4,174,814 --a------ C:\WINDOWS\system32\CT4MGM.SF2

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-25 13:20 3,953,184 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-25 13:18 232,992 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-25 12:21 98,816 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp

2008-05-25 12:21 57,572 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-25 12:21 24,716 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-25 12:21 2,093,056 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp

2008-05-24 20:31 --------- d-----w C:\Documents and Settings\RAV\Dane aplikacji\InfraRecorder

2008-05-24 20:21 2,081,792 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp

2008-05-24 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-24 18:19 65,536 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp

2008-05-24 18:19 2,046,976 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp

2008-05-24 16:56 --------- d-----w C:\Program Files\Odkurzacz

2008-05-24 16:48 53,248 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp

2008-05-24 16:48 2,011,136 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp

2008-05-24 15:55 55,808 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp

2008-05-24 15:55 2,013,696 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp

2008-05-24 15:37 2,010,112 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp

2008-05-24 15:37 153,600 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp

2008-05-23 20:23 140,800 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp

2008-05-22 20:36 117,248 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp

2008-05-22 16:31 106,496 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp

2008-05-21 19:42 88,576 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp

2008-05-21 13:49 69,632 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp

2008-05-21 12:46 1,739,264 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp

2008-05-20 20:15 110,080 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp

2008-05-20 12:50 807,415 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip

2008-05-19 19:40 171,008 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp

2008-05-18 19:57 110,592 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp

2008-05-18 14:52 1,606,144 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp

2008-05-17 19:34 73,216 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp

2008-05-17 14:08 18,944 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp

2008-05-17 14:08 1,564,672 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp

2008-05-16 19:31 65,536 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp

2008-05-16 19:31 1,564,672 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp

2008-05-15 19:32 83,968 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp

2008-05-15 19:32 1,549,824 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp

2008-05-14 23:07 9,216 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp

2008-05-14 19:50 81,920 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp

2008-05-14 19:50 1,539,584 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp

2008-05-14 17:45 107,008 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp

2008-05-13 19:42 53,248 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp

2008-05-13 19:42 1,458,688 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp

2008-05-12 19:22 1,448,960 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp

2008-05-11 19:37 46,080 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp

2008-05-11 19:37 1,444,352 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp

2008-05-11 13:31 50,688 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp

2008-05-11 13:31 1,440,768 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp

2008-05-10 18:55 1,435,648 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp

2008-05-10 12:15 42,496 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp

2008-05-10 12:15 1,433,600 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp

2008-05-09 19:38 99,328 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2008-05-09 19:38 1,432,576 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp

2008-05-08 18:04 --------- d-----w C:\Program Files\MultiRes

2008-05-07 15:10 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-05-06 17:58 --------- d-----w C:\Program Files\IrfanView

2008-05-06 17:58 --------- d-----w C:\Program Files\AbiSuite2

2008-05-06 17:47 --------- d-----w C:\Documents and Settings\RAV\Dane aplikacji\Talkback

2008-05-06 17:35 --------- d-----w C:\Documents and Settings\RAV\Dane aplikacji\Qualcomm

2008-05-06 17:24 --------- d-----w C:\Documents and Settings\RAV\Dane aplikacji\IrfanView

2008-05-06 17:03 --------- d-----w C:\Program Files\Zone Labs

2008-05-06 16:58 --------- d-----w C:\Program Files\OpenOfficeT7 2.4.0

2008-05-06 16:54 --------- d-----w C:\Program Files\Qualcomm

2008-05-06 16:51 --------- d-----w C:\Program Files\Visagesoft

2008-05-06 16:51 --------- d-----w C:\Program Files\Auslogics

2008-05-06 16:43 --------- d-----w C:\Program Files\VS Revo Group

2008-05-06 16:43 --------- d-----w C:\Program Files\Nvidia Omega Drivers

2008-05-06 16:41 --------- d-----w C:\Program Files\xp-AntiSpy

2008-05-06 16:36 --------- d-----w C:\Program Files\ESTsoft

2008-05-06 16:36 --------- d-----w C:\Documents and Settings\RAV\Dane aplikacji\ESTsoft

2008-05-06 16:27 --------- d-----w C:\Program Files\Support Tools

2008-05-06 16:16 --------- d-----w C:\Program Files\microsoft frontpage

2008-05-06 16:12 --------- d-----w C:\Program Files\Usługi online

2008-04-08 09:46 262,144 ----a-w C:\WINDOWS\BCUnInstall.exe

2008-04-02 19:07 75,248 ----a-w C:\WINDOWS\zllsputility.exe

2008-04-02 19:07 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll

2008-03-05 14:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll

2008-03-05 14:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll

2008-03-05 14:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll

2008-03-05 13:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll

2008-03-05 13:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll

2008-03-05 13:50 80,896 ----a-w C:\WINDOWS\system32\dxdllreg.exe

.

------- Sigcheck -------

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 19:29 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-29 22:50 4620288]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-04-02 21:07 919016]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 19:29 13312]

C:\Documents and Settings\RAV\Menu Start\Programy\Autostart\

MultiRes.lnk - C:\Program Files\MultiRes\MultiRes.exe [2006-09-12 14:05:16 54784]

C:\Documents and Settings\RAV\Menu Start\Programy\Autostart\MultiRes

MultiRes.lnk - C:\Program Files\MultiRes\MultiRes.exe [2006-09-12 14:05:16 54784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2006-08-17 14:57 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= ctwdm32.dll

R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\System32\drivers\mbam.sys [2008-05-05 20:46]

R2 PortTalk;PortTalk;C:\WINDOWS\System32\Drivers\PtbTalk.sys [2008-05-11 14:01]

S3 DarkSpy;DarkSpy;C:\WINDOWS\System32\DarkSpyKernel.sys []

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-25 15:19:23

Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-25 15:22:02

ComboFix-quarantined-files.txt 2008-05-25 13:21:51

Pre-Run: 17,511,157,760 bajtów wolnych

Post-Run: 17,501,102,080 bajtów wolnych

231


(Gutek) #2

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

Usuń wszystko co jest w folderze C:\WINDOWS\ Internet Logs \ po tym zrób skan http://www.kaspersky.pl/virusscanner.html