Proszę o sprawdzenie logów z w/w programu.
moja prośba wiąże się z tematem: viewtopic.php?f=19&t=267030
ComboFix 08-08-23.03 - Piotr 2008-08-24 19:34:50.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1033.18.468 [GMT 2:00]
Running from: C:\Users\Piotr\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 16:17 --------- d-----w C:\Users\Piotr\AppData\Roaming\Azureus
2008-08-24 15:28 --------- d-----w C:\Users\Piotr\AppData\Roaming\Nowe Gadu-Gadu
2008-08-24 13:36 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-08-24 13:36 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-24 10:34 --------- d-----w C:\Program Files\WinImage
2008-08-24 07:33 --------- d-----w C:\Program Files\PowerISO
2008-08-23 21:49 159,927 ----a-w C:\Windows\Marsu-Fix Uninstaller.exe
2008-08-23 20:27 --------- d-----w C:\Users\Piotr\AppData\Roaming\Ashampoo
2008-08-23 20:26 --------- d-----w C:\ProgramData\ashampoo
2008-08-23 17:29 --------- d-----w C:\Program Files\Java
2008-08-23 17:14 --------- d-----w C:\Users\Piotr\AppData\Roaming\GHISLER
2008-08-23 17:14 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-23 17:14 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-23 17:14 --------- d-----w C:\Program Files\Windows Journal
2008-08-23 17:14 --------- d-----w C:\Program Files\Windows Defender
2008-08-23 17:14 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-23 17:14 --------- d-----w C:\Program Files\Windows Calendar
2008-08-23 17:14 --------- d-----w C:\Program Files\totalcmd
2008-08-23 17:14 --------- d-----w C:\Program Files\PC Inspector File Recovery
2008-08-23 17:14 --------- d-----w C:\Program Files\Common Files\snpstd3
2008-08-23 17:14 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-23 16:42 --------- d-----w C:\Program Files\Jufsoft
2008-08-23 15:50 --------- d-----w C:\ProgramData\Azureus
2008-08-23 15:37 --------- d-----w C:\Program Files\Common Files\Java
2008-08-23 15:28 --------- d-----w C:\Users\Piotr\AppData\Roaming\InstallShield
2008-08-23 15:26 --------- d-----w C:\ProgramData\NVIDIA
2008-08-23 14:12 --------- d-----w C:\Program Files\Windows Mail
2008-08-23 14:03 --------- d-----w C:\Users\Piotr\AppData\Roaming\ESET
2008-08-23 14:01 --------- d-----w C:\ProgramData\ESET
2008-08-23 14:01 --------- d-----w C:\Program Files\ESET
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-12 06:18 467,984 ----a-w C:\Windows\System32\d3dx10_39.dll
2008-07-12 06:18 3,851,784 ----a-w C:\Windows\System32\D3DX9_39.dll
2008-07-12 06:18 1,493,528 ----a-w C:\Windows\System32\D3DCompiler_39.dll
2008-07-07 07:40 56,108 ----a-w C:\Windows\system32\drivers\scdemu.sys
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-30 12:19 507,400 ----a-w C:\Windows\System32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\Windows\System32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\Windows\System32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\Windows\System32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\Windows\System32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\Windows\System32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\Windows\System32\D3DCompiler_38.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-01-21 02:41 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“C:\Program Files\Windows Sidebar\sidebar.exe” [2008-01-21 04:21 1233920]
“Nowe Gadu-Gadu”=“D:\gg\gg.exe” [2008-08-14 12:26 9929312]
“WindowsWelcomeCenter”=“oobefldr.dll” [2008-01-21 04:21 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“egui”=“C:\Program Files\ESET\ESET Smart Security\egui.exe” [2008-06-10 18:52 1447168]
“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2008-05-16 14:01 13535776]
“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2008-05-16 14:01 92704]
“snpstd3”=“C:\Windows\vsnpstd3.exe” [2006-09-18 14:12 843776]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]
“PWRISOVM.EXE”=“C:\Program Files\PowerISO\PWRISOVM.EXE” [2008-07-07 09:34 167936]
“Ulead Photo Express Calendar Checker”=“D:\Unlead\calcheck.exe” [2004-01-12 20:40 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
“EnableFirewall”= 0 (0x0)
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:21]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:21]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.onet.pl/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 19:37:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-24 19:38:46
ComboFix-quarantined-files.txt 2008-08-24 17:38:42
Pre-Run: System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.
Post-Run: 91,016,458,240 bajtów wolnych
133 — E O F — 2008-08-23 14:22:30