Proszę o sprawdzenie logu z combofix


(Piotrkijak) #1

Proszę o sprawdzenie logów z w/w programu.

moja prośba wiąże się z tematem: viewtopic.php?f=19&t=267030

ComboFix 08-08-23.03 - Piotr 2008-08-24 19:34:50.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1033.18.468 [GMT 2:00]

Running from: C:\Users\Piotr\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-24 16:17 --------- d-----w C:\Users\Piotr\AppData\Roaming\Azureus

2008-08-24 15:28 --------- d-----w C:\Users\Piotr\AppData\Roaming\Nowe Gadu-Gadu

2008-08-24 13:36 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-24 13:36 --------- d-----w C:\Program Files\Common Files\Ulead Systems

2008-08-24 10:34 --------- d-----w C:\Program Files\WinImage

2008-08-24 07:33 --------- d-----w C:\Program Files\PowerISO

2008-08-23 21:49 159,927 ----a-w C:\Windows\Marsu-Fix Uninstaller.exe

2008-08-23 20:27 --------- d-----w C:\Users\Piotr\AppData\Roaming\Ashampoo

2008-08-23 20:26 --------- d-----w C:\ProgramData\ashampoo

2008-08-23 17:29 --------- d-----w C:\Program Files\Java

2008-08-23 17:14 --------- d-----w C:\Users\Piotr\AppData\Roaming\GHISLER

2008-08-23 17:14 --------- d-----w C:\Program Files\Windows Sidebar

2008-08-23 17:14 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-08-23 17:14 --------- d-----w C:\Program Files\Windows Journal

2008-08-23 17:14 --------- d-----w C:\Program Files\Windows Defender

2008-08-23 17:14 --------- d-----w C:\Program Files\Windows Collaboration

2008-08-23 17:14 --------- d-----w C:\Program Files\Windows Calendar

2008-08-23 17:14 --------- d-----w C:\Program Files\totalcmd

2008-08-23 17:14 --------- d-----w C:\Program Files\PC Inspector File Recovery

2008-08-23 17:14 --------- d-----w C:\Program Files\Common Files\snpstd3

2008-08-23 17:14 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-23 16:42 --------- d-----w C:\Program Files\Jufsoft

2008-08-23 15:50 --------- d-----w C:\ProgramData\Azureus

2008-08-23 15:37 --------- d-----w C:\Program Files\Common Files\Java

2008-08-23 15:28 --------- d-----w C:\Users\Piotr\AppData\Roaming\InstallShield

2008-08-23 15:26 --------- d-----w C:\ProgramData\NVIDIA

2008-08-23 14:12 --------- d-----w C:\Program Files\Windows Mail

2008-08-23 14:03 --------- d-----w C:\Users\Piotr\AppData\Roaming\ESET

2008-08-23 14:01 --------- d-----w C:\ProgramData\ESET

2008-08-23 14:01 --------- d-----w C:\Program Files\ESET

2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll

2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll

2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-07-12 06:18 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll

2008-07-12 06:18 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll

2008-07-12 06:18 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll

2008-07-07 07:40 56,108 ----a-w C:\Windows\system32\drivers\scdemu.sys

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-05-30 12:19 507,400 ----a-w C:\Windows\System32\XAudio2_1.dll

2008-05-30 12:18 238,088 ----a-w C:\Windows\System32\xactengine3_1.dll

2008-05-30 12:17 65,032 ----a-w C:\Windows\System32\XAPOFX1_0.dll

2008-05-30 12:17 25,608 ----a-w C:\Windows\System32\X3DAudio1_4.dll

2008-05-30 12:11 467,984 ----a-w C:\Windows\System32\d3dx10_38.dll

2008-05-30 12:11 3,850,760 ----a-w C:\Windows\System32\D3DX9_38.dll

2008-05-30 12:11 1,491,992 ----a-w C:\Windows\System32\D3DCompiler_38.dll

2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll

2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll

2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll

2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll

2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll

2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll

2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll

2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll

2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll

2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll

2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll

2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll

2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll

2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin

2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin

2008-01-21 02:41 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:21 1233920]

"Nowe Gadu-Gadu"="D:\gg\gg.exe" [2008-08-14 12:26 9929312]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 04:21 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 14:01 13535776]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 14:01 92704]

"snpstd3"="C:\Windows\vsnpstd3.exe" [2006-09-18 14:12 843776]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 09:34 167936]

"Ulead Photo Express Calendar Checker"="D:\Unlead\calcheck.exe" [2004-01-12 20:40 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:21]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:21]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.onet.pl/

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-24 19:37:19

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-24 19:38:46

ComboFix-quarantined-files.txt 2008-08-24 17:38:42

Pre-Run: System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.

Post-Run: 91,016,458,240 bajtów wolnych

133 --- E O F --- 2008-08-23 14:22:30


(Kambor4) #2

Ja nie widzę tu nic podejrzanego.

Usuń ręcznie folder C:**** Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer Ccleanerem

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html ( uruchom przez IE ) Daj raport z niego na forum.

lub

Dr.WEB CureIt!.

=====================

K.


(Piotrkijak) #3

ok, dzięki