PROŚBA O SPRAWDZENIE LOGA

przez **szczawik** » 05 Cze 2008, 10:50

oto log combofix:

ComboFix 08-06-04.3 - szczawik 2008-06-05 10:28:21.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.118 [GMT 2:00]
Running from: C:\Documents and Settings\szczawik\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\0016ADC9
C:\Program Files\myglobalsearch\bar\Cache\0016B2BA
C:\Program Files\myglobalsearch\bar\Cache\0016B53B.bin
C:\Program Files\myglobalsearch\bar\Cache\0016B80A.bin
C:\Program Files\myglobalsearch\bar\Cache\0016BAB9.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-04 23:29 . 2008-06-04 23:29 <DIR> d-------- C:\Program Files\AskSBar
2008-06-04 17:14 . 2008-06-04 17:14 <DIR> d-------- C:\Documents and Settings\szczawik\Application Data\foobar2000
2008-06-04 17:13 . 2008-06-04 23:29 131 --a------ C:\WINDOWS\wininit.ini
2008-06-04 17:09 . 2008-06-04 17:09 <DIR> d-------- C:\Documents and Settings\szczawik\Application Data\Gadu-Gadu
2008-06-04 17:01 . 2008-06-04 17:01 <DIR> d-------- C:\Documents and Settings\szczawik\Gadu-Gadu
2008-06-04 16:21 . 2008-06-04 16:21 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-06-04 13:49 . 2008-06-04 13:49 <DIR> d-------- C:\My Downloads
2008-06-04 13:48 . 2008-06-04 13:48 1,140 --a------ C:\WINDOWS\mozver.dat
2008-06-04 13:42 . 2008-06-04 13:42 <DIR> d-------- C:\PROGRAMY
2008-06-04 13:42 . 2008-06-04 13:42 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-04 13:34 . 2008-06-04 13:34 <DIR> d--hs---- C:\Recycled
2008-06-04 13:33 . 2004-08-10 20:00 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-04 13:33 . 2004-08-10 20:00 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-04 13:33 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-04 13:33 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-06-04 13:33 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-04 13:33 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-04 13:33 . 2004-08-10 20:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-04 13:33 . 2004-08-10 20:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-04 13:29 . 2008-06-04 16:19 450 --a------ C:\WINDOWS\system32\eRLog.ini
2008-06-04 13:27 . 2008-06-04 13:27 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-04 13:27 . 2008-06-04 13:27 92 --a------ C:\WINDOWS\GridV.UNI
2008-06-04 13:26 . 2008-06-04 13:26 <DIR> d-------- C:\WINDOWS\Options
2008-06-04 13:26 . 2008-06-04 13:26 <DIR> d-------- C:\WINDOWS\Acer
2008-06-04 13:25 . 2005-09-26 16:40 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe
2008-06-04 13:23 . 2008-06-04 13:23 <DIR> d-------- C:\Program Files\Launch Manager
2008-06-04 13:23 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2008-06-04 13:23 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL
2008-06-04 13:23 . 2008-06-04 13:23 83 --a------ C:\WINDOWS\LManager.UNI
2008-06-04 13:22 . 2008-06-04 13:22 <DIR> d-------- C:\Documents and Settings\szczawik\Bluetooth Software
2008-06-04 13:22 . 2006-01-20 15:56 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll
2008-06-04 13:22 . 2006-01-20 15:56 53,248 --a------ C:\WINDOWS\system32\acpimof.dll
2008-06-04 13:18 . 2008-06-04 13:18 <DIR> d-------- C:\Program Files\WIDCOMM
2008-06-04 13:18 . 2008-06-04 13:18 <DIR> d-------- C:\Documents and Settings\szczawik\Application Data\Symantec
2008-06-04 13:16 . 2006-09-06 08:09 <DIR> d-------- C:\Documents and Settings\szczawik\Application Data\Acer
2008-06-04 13:16 . 2008-06-04 13:16 <DIR> d-------- C:\Documents and Settings\szczawik
2008-06-04 13:10 . 2006-09-17 19:38 1,154,584 --a------ C:\WINDOWS\YTB.EXE
2008-06-04 13:10 . 2006-09-28 18:43 261,627 --a------ C:\WINDOWS\EMEAWG.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-04 23:29 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-06-04 23:29 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]
"LaunchApp"="Alaunch" []
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 15:27 52848]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557]
Kalendarz XP.lnk - C:\PROGRAMY\Kalendarz XP\Kalendarz.exe [2008-06-04 17:35:10 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\PROGRAMY\\BearShare\\BearShare.exe"=

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - tym8a.exe
\Shell\explore\Command -
\Shell\open\Command -

*Newly Created Service* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder
"2008-06-04 12:22:18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - szczawik.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 10:36:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\DOCUME~1\szczawik\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-05 10:45:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 08:44:40

Pre-Run: 47,325,282,304 bytes free
Post-Run: 47,263,973,376 bytes free

178 --- E O F --- 2008-06-05 01:00:54

przez **Arexe** » 05 Cze 2008, 13:13

1. Otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Z menu Notatnika

Plik

Zapisz jako

Zmień rozszerzenie z .txt na wszystkie pliki

zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer.

2. Wyłącz i włącz Przywracanie systemu na dyskach: Instrukcja Tutaj

3. Ja bym usuną jeszcze AskBar z Programów...

4. Pokaż potem nowy log z ComboFix

przez **huber2t** » 06 Cze 2008, 05:37

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko: Folder:: C:\Program Files\AskSBar Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

Plik

zapisz jako

CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

PROŚBA O SPRAWDZENIE LOGA

PROŚBA O SPRAWDZENIE LOGA

Kto jest na forum