Skocz do zawartości
cezar_baron

Logi z ComboFix ;)

Polecane posty

Witam Serdecznie :D

 

Mam pytanko, czy ktoś byłby w stanie sprawdzić moje logi z ComboFix ??

 

dzięki z góry za odp. i pozdrawiam :)

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

zapodaj :D

Udostępnij ten post


Link to postu
Udostępnij na innych stronach
ComboFix 11-01-31.02 - baron 2011-02-04  20:46:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1250.48.1045.18.3070.1980 [GMT 1:00]
Uruchomiony z: c:\users\baron\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\baron\AppData\Roaming\EurekaLog

.
(((((((((((((((((((((((((   Pliki utworzone od 2011-01-04 do 2011-02-04  )))))))))))))))))))))))))))))))
.

2011-02-04 12:27 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F7C4FF2-DCA5-4E26-B8CB-659309027023}\mpengine.dll
2011-01-31 15:12 . 2008-09-10 19:56	144960	----a-w-	c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-01-31 15:12 . 2008-09-10 19:37	94208	----a-w-	c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-01-31 15:12 . 2011-01-31 15:12	--------	d-----w-	c:\program files\Real Alternative
2011-01-31 15:12 . 2011-01-31 15:12	--------	d-----w-	c:\users\baron\AppData\Local\Real
2011-01-31 15:07 . 2008-09-24 19:41	839680	----a-w-	c:\windows\system32\lameACM.acm
2011-01-31 15:07 . 2010-12-27 08:00	80896	----a-w-	c:\windows\system32\ff_vfw.dll
2011-01-31 15:07 . 2010-12-07 18:40	183808	----a-w-	c:\windows\system32\xvidvfw.dll
2011-01-31 15:07 . 2010-12-07 18:22	810496	----a-w-	c:\windows\system32\xvidcore.dll
2011-01-31 15:07 . 2010-11-03 19:08	237568	----a-w-	c:\windows\system32\yv12vfw.dll
2011-01-31 15:07 . 2010-01-17 16:18	151552	----a-w-	c:\windows\system32\ac3acm.acm
2011-01-31 15:07 . 2011-01-31 15:08	--------	d-----w-	c:\program files\K-Lite Codec Pack
2011-01-31 14:56 . 2011-01-31 14:56	--------	d-----w-	c:\users\baron\AppData\Roaming\Media Player Classic
2011-01-31 14:53 . 2010-03-15 10:31	165376	----a-w-	c:\windows\system32\unrar.dll
2011-01-30 23:25 . 2011-01-30 23:25	--------	d-----w-	c:\programdata\KONAMI
2011-01-11 21:35 . 2010-12-28 15:55	413696	----a-w-	c:\windows\system32\odbc32.dll
2011-01-11 21:35 . 2010-12-28 15:53	253952	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 21:35 . 2010-12-28 15:53	241664	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 21:35 . 2010-12-28 15:53	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 21:35 . 2010-12-28 15:53	57344	----a-w-	c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-11 21:35 . 2010-12-28 15:53	180224	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 21:35 . 2010-12-14 14:49	1169408	----a-w-	c:\windows\system32\sdclt.exe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-30 14:17 . 2010-07-25 18:40	45056	----a-w-	c:\windows\system32\acovcnt.exe
2010-11-12 17:53 . 2010-07-25 19:55	472808	----a-w-	c:\windows\system32\deployJava1.dll
2008-07-02 02:28 . 2008-07-02 02:28	61440	----a-w-	c:\program files\Common Files\CPInstallAction.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2010-12-24 8790016]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"ALLUpdate"="d:\program files\ALLPlayer\ALLUpdate.exe" [2010-11-02 1432064]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2010-07-26 47672]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2010-07-26 33136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"CLMLServer"="d:\program files\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"P2Go_Menu"="d:\program files\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
20Dollars2Surf.lnk - c:\program files\20Dollars2Surf\20dollars2surf.exe [2010-9-2 89088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-01 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-07-26 8192]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'

2011-02-04 c:\windows\Tasks\User_Feed_Synchronization-{13FBF77A-3296-4D87-8BE5-F4F554F31EDD}.job
- c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.asus.com
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\baron\AppData\Roaming\Mozilla\Firefox\Profiles\mysp15j9.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - %profile%\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-04 20:53
Windows 6.0.6002 Service Pack 2 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  


C:\ADSM_PData_0150

skanowanie pomyślnie ukończone
ukryte pliki: 1

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'Explorer.exe'(868)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Czas ukończenia: 2011-02-04  20:55:25
ComboFix-quarantined-files.txt  2011-02-04 19:55

Przed: 90 003 574 784 bajtów wolnych
Po: 89 965 002 752 bajtów wolnych

Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 109C491BDB7B00FB97D4BA237947F87D

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

Bądź aktywny! Zaloguj się lub utwórz konto

Tylko zarejestrowani użytkownicy mogą komentować zawartość tej strony

Utwórz konto

Zarejestruj nowe konto, to proste!

Zarejestruj nowe konto

Zaloguj się

Posiadasz własne konto? Użyj go!

Zaloguj się


×