Sprawdzenie logów z ComboFixa oraz HJT

Main Page -> Forum Index -> Bin -> Bin Archives -> Sprawdzenie logów z ComboFixa oraz HJT

Author

Message

cinek2107
Poziom 17

Joined: 02 Jul 2007
Posts: 367
Location: Nysa

01 May 2009 15:24

Sprawdzenie logów z ComboFixa oraz HJT

Witam otóż pisze w ciągu dalszym tego problemu:
Linux Ok XP wolny

Pomyślałem że skoro nie otrzymałem tam odpowiedzi to może ktoś mi przeanalizuje logi, i oto one.

1) Combofix

Code:

ComboFix 09-04-30.05 - 193 2009-05-01 16:09:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1022.485 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\193\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090430-0] *On-access scanning disabled* (Updated)

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\burnlib.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\dsp_sps.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\enc_aacplus.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\enc_flac.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\enc_flake.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\enc_lame.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\enc_vorbis.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\enc_wav.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\enc_wma.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\gen_crasher.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\gen_dropbox.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\gen_ff.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\gen_hotkeys.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\gen_ml.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\gen_tray.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_cdda.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_dshow.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_flac.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_flv.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_linein.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_midi.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_mod.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_mp3.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_mp4.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_nsv.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_swf.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_vorbis.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_wave.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\in_wm.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_autotag.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_bookmarks.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_dash.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_disc.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_history.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_impex.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_local.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_nowplaying.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_online.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_orb.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_playlists.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_plg.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_pmp.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_rg.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_transcode.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\ml_wire.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\out_disk.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\out_ds.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\out_wave.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\playlist.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\pmp_activesync.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\pmp_ipod.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\pmp_njb.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\pmp_p4s.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\pmp_usb.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\tagz.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\vis_avs.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\vis_milk2.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\vis_nsfs.lng
C:\DOCUME~1\193\USTAWI~1\Temp\WLZ6AC3.tmp\winamp.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\burnlib.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\dsp_sps.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\enc_aacplus.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\enc_flac.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\enc_flake.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\enc_lame.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\enc_vorbis.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\enc_wav.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\enc_wma.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\gen_crasher.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\gen_dropbox.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\gen_ff.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\gen_hotkeys.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\gen_ml.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\gen_tray.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_cdda.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_dshow.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_flac.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_flv.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_linein.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_midi.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_mod.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_mp3.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_mp4.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_nsv.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_swf.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_vorbis.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_wave.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\in_wm.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_autotag.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_bookmarks.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_dash.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_disc.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_history.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_impex.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_local.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_nowplaying.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_online.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_orb.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_playlists.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_plg.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_pmp.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_rg.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_transcode.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\ml_wire.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\out_disk.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\out_ds.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\out_wave.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\playlist.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\pmp_activesync.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\pmp_ipod.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\pmp_njb.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\pmp_p4s.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\pmp_usb.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\tagz.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\vis_avs.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\vis_milk2.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\vis_nsfs.lng
C:\Documents and Settings\193\Ustawienia lokalne\temp\WLZ6AC3.tmp\winamp.lng
.
---- Poprzednie uruchomienie -------
.
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\2.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\2.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\00132F02
C:\Program Files\myglobalsearch\bar\Cache\002BF357.bin
C:\Program Files\myglobalsearch\bar\Cache\002BFD98.bin
C:\Program Files\myglobalsearch\bar\Cache\002C0345.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_oreans32

((((((((((((((((((((((((( Pliki utworzone od 2009-04-01 do 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-05-01 13:58:29 . 2009-05-01 13:58:29 0 d-----w C:\Program Files\Trend Micro
2009-05-01 13:50:11 . 2009-05-01 13:50:11 0 d-----w C:\Documents and Settings\193\Dane aplikacji\Malwarebytes
2009-05-01 13:50:09 . 2009-04-06 13:32:46 15504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2009-05-01 13:50:06 . 2009-04-06 13:32:54 38496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-05-01 13:50:05 . 2009-05-01 13:50:05 0 d-----w C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2009-05-01 13:50:04 . 2009-05-01 13:50:10 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-04-27 19:23:18 . 2009-04-27 19:23:18 0 d-----w C:\Documents and Settings\193\Dane aplikacji\Nitro PDF
2009-04-27 19:22:35 . 2009-04-27 19:22:35 0 d-----w C:\Program Files\Nitro PDF
2009-04-27 19:22:35 . 2009-04-27 19:22:35 0 d-----w C:\Program Files\Common Files\BCL Technologies
2009-04-27 19:22:35 . 2009-04-27 19:22:35 0 d-----w C:\Program Files\Common Files\Nitro PDF
2009-04-27 19:22:35 . 2009-04-27 19:22:35 0 d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nitro PDF
2009-04-27 18:55:55 . 2009-04-27 18:55:55 0 d-----w C:\WINDOWS\Downloaded Installations
2009-04-27 18:42:14 . 2009-04-27 18:42:14 0 d-----w C:\Program Files\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 14:12:52 . 2008-07-24 22:45:54 0 d-----w C:\Program Files\cFosSpeed
2009-05-01 13:44:17 . 2008-12-23 00:15:17 0 d-----w C:\Program Files\Steam
2009-04-27 18:36:59 . 2009-03-29 11:39:01 75264 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2009-04-27 18:36:59 . 2009-03-29 11:39:01 0 d-----w C:\Program Files\PDF Editor 2
2009-04-26 18:08:28 . 2001-10-26 16:15:16 74648 ----a-w C:\WINDOWS\system32\perfc015.dat
2009-04-26 18:08:28 . 2001-10-26 16:15:16 448586 ----a-w C:\WINDOWS\system32\perfh015.dat
2009-04-04 07:30:45 . 2009-03-22 09:18:10 0 d-----w C:\Program Files\EA Games
2009-03-30 13:19:12 . 2009-03-30 13:15:26 0 d-----w C:\Program Files\Valve
2009-03-26 16:16:44 . 2009-03-22 09:33:14 138184 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2009-03-26 16:16:32 . 2009-03-22 09:33:10 183112 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2009-03-25 17:27:45 . 2009-03-25 17:27:36 0 d-----w C:\Program Files\WorldUnlock Codes Calculator
2009-03-22 10:00:39 . 2009-03-22 09:33:16 66872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2009-03-22 07:51:33 . 2008-07-19 17:30:22 0 d-----w C:\Program Files\BearShare
2009-03-17 14:56:25 . 2009-02-15 18:51:34 0 d-----w C:\Program Files\Nowe Gadu-Gadu
2009-03-16 22:15:50 . 2009-02-02 13:23:06 0 d-----w C:\Program Files\SlySoft
2009-03-16 22:15:09 . 2008-12-22 19:12:50 0 d-----w C:\Program Files\NAPI-PROJEKT
2009-03-16 22:14:57 . 2008-11-25 16:19:09 0 d-----w C:\Program Files\NSS
2009-03-16 22:14:28 . 2009-01-10 16:11:34 0 d-----w C:\Program Files\Spritefixer
2009-03-16 22:13:52 . 2009-01-11 09:36:27 0 d-----w C:\Program Files\Common Files\Wise Installation Wizard
2009-03-16 22:13:51 . 2009-01-11 09:40:50 0 d-----w C:\Program Files\VentSrv
2009-03-16 22:13:21 . 2009-01-17 23:25:44 0 d-----w C:\Program Files\Mumble
2009-03-16 22:13:05 . 2008-07-18 09:17:32 0 d--h--w C:\Program Files\InstallShield Installation Information
2009-03-16 17:46:33 . 2008-07-19 10:00:08 0 d-----w C:\Program Files\Sony Ericsson
2009-03-12 21:38:33 . 2008-10-28 15:06:38 0 d-----w C:\Program Files\sXe Injected
2009-03-07 09:53:36 . 2009-03-07 09:53:08 0 d-----w C:\Program Files\Any Video Converter
2009-03-04 16:55:31 . 2009-03-04 16:55:31 0 d-----w C:\Program Files\Common Files\Skype
2009-03-04 16:55:31 . 2008-07-18 11:24:10 0 d-----r C:\Program Files\Skype
2009-03-04 15:34:28 . 2009-03-04 15:34:28 508200 ----a-w C:\WINDOWS\system32\ICCProfiles.dll
2009-03-04 15:16:20 . 2009-03-04 15:16:18 0 d-----w C:\Program Files\Notepad++
2009-03-03 10:17:57 . 2009-03-03 10:17:57 0 d-----w C:\Program Files\HHD Software
2009-02-28 21:48:03 . 2009-02-28 21:48:03 46139 ----a-w C:\Documents and Settings\193\Ustawienia lokalne\Dane aplikacji\Bron.tok.A18.em.bin
2009-02-02 13:23:59 . 2009-02-02 13:23:21 24 --sh--w C:\WINDOWS\S12FC5872.tmp
2009-01-31 22:58:34 . 2009-01-31 22:59:31 3913728 ----a-w C:\unetbtin.exe
2008-04-14 20:50:40 . 2008-04-14 20:50:40 1384479 --sh--r C:\WINDOWS\system32\msvbvm60.dll
2008-10-19 15:03:22 . 2008-10-19 15:03:22 10 --sh--r C:\WINDOWS\system32\sistem.sys
.

------- Sigcheck -------

[-] 2008-05-08 18:02:02 361344 8481C6835645E8A9242AAA042A39B90F C:\WINDOWS\system32\drivers\tcpip.sys

[-] 2008-05-08 18:02:06 1571840 9F02C1CF7C3100E4AEA7DD8B6A86A01B C:\WINDOWS\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 21:08:45 81000]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-23 22:15:00 8478720]
"Nitro PDF Printer Monitor"="C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-03-04 15:34:22 209216]
"SoundMan"="SOUNDMAN.EXE" - C:\WINDOWS\SOUNDMAN.EXE [2005-05-19 08:00:42 77824]
"AlcWzrd"="ALCWZRD.EXE" - C:\WINDOWS\ALCWZRD.EXE [2005-05-19 08:07:48 2752000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 20:51:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 16:35:22 1294336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

C:\Documents and Settings\193\Menu Start\Programy\Autostart\
cfosspeed.exe [2006-11-17 822488]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^193^Menu Start^Programy^Autostart^cfosspeed.exe]
path=C:\Documents and Settings\193\Menu Start\Programy\Autostart\cfosspeed.exe
backup=C:\WINDOWS\pss\cfosspeed.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^193^Menu Start^Programy^Autostart^CPUCooL.lnk]
backup=C:\WINDOWS\pss\CPUCooL.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadStudio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tools

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=
"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Steam\\steamapps\\cinek193\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\cinek193\\counter-strike\\hl.exe"=

R1 ntiomin;ntiomin; [x]
R3 BTCFilterService;USB Networking Driver Filter Service;C:\WINDOWS\system32\DRIVERS\motfilt.sys [2007-01-23 19:36:20 6016]
R3 CBEN5;Sterownik rodziny kart Xircom CardBus Ethernet 10/100;C:\WINDOWS\system32\DRIVERS\cben5.sys [2001-08-17 18:13:14 46108]
R3 efipsk;efipsk; [x]
R3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-12-18 20:09:23 10976]
R3 gggen;Generic USB Flash Driver;C:\WINDOWS\system32\DRIVERS\gggen.sys [2006-09-28 12:10:52 11648]
R3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 12:36:10 18176]
R3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 16:33:00 7680]
R3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 14:41:50 42112]
R3 Motousbnet;Motorola USB Networking Driver Service;C:\WINDOWS\system32\DRIVERS\Motousbnet.sys [2008-03-03 14:03:10 23296]
R3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 14:56:19 32377]
R3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2006-11-20 06:47:38 61536]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 21:07:12 20560]
S2 lladrv;lladrv;C:\WINDOWS\system32\Drivers\lladrv.sys [2004-08-22 00:16:38 32544]
S2 U3sHlpDr;U3sHlpDr;C:\WINDOWS\System32\Drivers\U3sHlpDr.sys [2008-12-26 11:55:15 8959]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "C:\Program Files\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Zawartość folderu 'Zaplanowane zadania'

2008-09-13 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\193\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-09-13 15:28:09 . 2008-09-13 15:28:08]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-Bron-Spizaetus-dehrltot - C:\WINDOWS\ShellNew\bbm-totlrhed.exe

.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.entretieneteds.vze.com
IE: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
FF - ProfilePath - C:\Documents and Settings\193\Dane aplikacji\Mozilla\Firefox\Profiles\qozvaz6c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig
FF - plugin: C:\Documents and Settings\193\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
.

2) HJT

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58, on 2009-05-01
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\193\Menu Start\Programy\Autostart\cfosspeed.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.entretieneteds.vze.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Bron-Spizaetus-dehrltot] "C:\WINDOWS\ShellNew\bbm-totlrhed.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF8642.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: cfosspeed.exe
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 5950 bytes

3)Malwarebytes' Anti-Malware

Code:

Malwarebytes' Anti-Malware 1.36
Wersja bazy definicji: 2064
Windows 5.1.2600 Dodatek Service Pack 3

2009-05-01 15:56:31
mbam-log-2009-05-01 (15-56-31).txt

Typ skanowania: Szybkie skanowanie
Przeskanowane obiekty: 77161
Upłynęło: 4 minute(s), 57 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 15
Zainfekowane wartości rejestru: 2
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 1
Zainfekowane pliki: 1

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
C:\WINDOWS\Bifrost (Backdoor.Bifrost) -> Quarantined and deleted successfully.

Zainfekowane pliki:
C:\WINDOWS\Bifrost\klog.dat (Backdoor.Bifrost) -> Quarantined and deleted successfully.

Do tego skanowanie Avastem i nic. Proszę o zobaczenie na te logi ponieważ to moja ostatnia szansa bo jak nie to FORMAT C.

Moderated by jankolo:

Logi umieszczamy w załącznikach: http://www.elektroda.pl/rtvforum/topic1044160.html

Google

Google Adsense

01 May 2009 15:24

Main Page -> Forum Index -> Bin -> Bin Archives -> Sprawdzenie logów z ComboFixa oraz HJT

Page 1 of 1

Similar topics
Dlaczego nie należy używać ComboFixa do tworzenia logów? (1)

Page generation time: 0.108 seconds

FAQ || Administrator || Moderators || Widgets and banners || Contact