Skocz do zawartości


Zdjęcie

Logi - Oczyszczenie systemu

Rozpoczęty przez Czarcik_s , 27 03 2009 22:06

  • Zamknięty Temat jest zamknięty
1 odpowiedź w tym temacie

#1 Czarcik_s

Czarcik_s

    Zaawansowany użytkownik

  • 674 postów

Napisano 27 03 2009 - 22:06

Witam
Byłem u szwagra i to co tam zobaczyłem na lapku to było coś.... Oczyściłem kompa, ale dołączam logi bo jeszcze mi się coś nie podoba:
ComboFix:
CODE-BOX
ComboFix 09-03-26.03 - Administrator 2009-03-27 19:39:15.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.350.97 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA Dołączona grafika
.

((((((((((((((((((((((((( Pliki utworzone od 2009-02-27 do 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-27 19:31 . 2009-03-27 19:40 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne
2009-03-27 19:31 . 2009-03-27 19:31 <DIR> dr------- c:\documents and settings\Administrator\Ulubione
2009-03-27 19:31 . 2005-01-25 19:57 <DIR> d--h----- c:\documents and settings\Administrator\Szablony
2009-03-27 19:31 . 2009-03-27 19:34 <DIR> d-------- c:\documents and settings\Administrator\Pulpit
2009-03-27 19:31 . 2009-03-27 19:31 <DIR> dr------- c:\documents and settings\Administrator\Moje dokumenty
2009-03-27 19:31 . 2005-01-25 19:50 <DIR> dr------- c:\documents and settings\Administrator\Menu Start
2009-03-27 19:31 . 2009-03-27 19:31 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji
2009-03-27 19:31 . 2009-03-27 19:31 <DIR> d-------- c:\documents and settings\Administrator
2009-03-27 19:16 . 2003-02-28 18:26 139,536 --a------ c:\windows\system32\javaee.dll
2009-03-27 19:16 . 2003-02-28 18:26 46,352 --a------ c:\windows\setdebug.exe
2009-03-27 19:16 . 2003-02-28 16:54 7,315 --a------ c:\windows\system32\javasup.vxd
2009-03-27 19:16 . 2003-02-28 16:35 6,550 --a------ c:\windows\jautoexp.dat
2009-03-27 19:16 . 2003-02-28 16:38 113 --a------ c:\windows\system32\zonedon.reg
2009-03-27 19:16 . 2003-02-28 16:38 113 --a------ c:\windows\system32\zonedoff.reg
2009-03-26 21:51 . 2009-03-26 21:51 <DIR> d-------- C:\USB Notebook Data

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 17:57 --------- d-----w c:\program files\Hewlett-Packard
2009-03-09 19:18 --------- d-----w c:\documents and settings\leszek\Dane aplikacji\MSN6
2009-02-21 18:01 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\MSN6
2009-02-21 17:17 --------- d--h--r c:\documents and settings\Jacek\Dane aplikacji\SecuROM
2009-02-21 17:15 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-21 17:15 --------- d--h--r c:\documents and settings\leszek\Dane aplikacji\SecuROM
2009-02-21 17:07 --------- d-----w c:\program files\Ubisoft
2009-02-10 09:09 --------- d--h--w c:\program files\Zenographics
2009-02-02 21:36 39,936 ------w c:\windows\system32\winblh32.dll
2006-02-28 20:42 20,720 -c--a-w c:\documents and settings\leszek\Dane aplikacji\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-03-27_17.40.04.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-10-08 23:48:21 262,400 ------w c:\windows\Driver Cache\i386\http.sys
+ 2005-01-19 04:26:52 451,584 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2005-03-02 18:08:55 2,137,088 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 18:08:54 2,058,112 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 18:09:00 2,016,768 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 18:09:04 2,180,608 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2004-08-03 23:44:22 10,752 -c--a-w c:\windows\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w c:\windows\hh.exe
+ 2009-03-27 18:16:36 2,678 ----a-w c:\windows\java\Packages\Data\1BZNTFXJ.DAT
+ 2009-03-27 18:16:33 2,678 ----a-w c:\windows\java\Packages\Data\5F1RTBLV.DAT
+ 2009-03-27 18:16:51 2,678 ----a-w c:\windows\java\Packages\Data\CUV5N1ZR.DAT
+ 2009-03-27 18:16:33 2,678 ----a-w c:\windows\java\Packages\Data\F93BVRHN.DAT
+ 2009-03-27 18:16:33 2,678 ----a-w c:\windows\java\Packages\Data\OX3P39BJ.DAT
+ 2009-03-27 18:27:05 4,202 ----a-w c:\windows\SoftwareDistribution\EventCache\{DD53B10D-44A0-4E5B-8A80-74D6C6194111}.bin
- 2004-08-03 23:43:54 56,832 ----a-w c:\windows\system32\authz.dll
+ 2005-03-02 18:18:38 56,832 ----a-w c:\windows\system32\authz.dll
- 2004-08-03 23:43:54 1,017,344 ----a-w c:\windows\system32\browseui.dll
+ 2005-09-02 23:54:56 1,020,416 ----a-w c:\windows\system32\browseui.dll
- 2004-08-03 23:43:54 229,888 -c--a-w c:\windows\system32\catsrv.dll
+ 2005-07-26 04:42:32 225,792 ----a-w c:\windows\system32\catsrv.dll
- 2004-08-03 23:43:54 628,224 -c--a-w c:\windows\system32\catsrvut.dll
+ 2005-07-26 04:42:33 625,152 ----a-w c:\windows\system32\catsrvut.dll
- 2004-08-03 23:43:54 151,040 -c--a-w c:\windows\system32\cdfview.dll
+ 2005-09-02 23:54:56 151,552 ----a-w c:\windows\system32\cdfview.dll
- 2004-08-03 23:43:54 2,067,968 -c--a-w c:\windows\system32\cdosys.dll
+ 2005-09-10 01:55:33 2,067,968 ----a-w c:\windows\system32\cdosys.dll
- 2004-08-03 23:43:54 110,080 -c--a-w c:\windows\system32\clbcatex.dll
+ 2005-07-26 04:42:33 110,080 ----a-w c:\windows\system32\clbcatex.dll
- 2004-08-03 23:43:54 501,248 ----a-w c:\windows\system32\clbcatq.dll
+ 2005-07-26 04:42:33 498,688 ----a-w c:\windows\system32\clbcatq.dll
- 2002-09-20 16:05:16 49,182 -c--a-w c:\windows\system32\clspack.exe
+ 2003-02-28 17:26:26 49,424 ----a-w c:\windows\system32\clspack.exe
- 2004-08-03 23:43:56 62,464 ----a-w c:\windows\system32\colbact.dll
+ 2005-07-26 04:42:33 60,416 ----a-w c:\windows\system32\colbact.dll
- 2004-08-03 23:43:56 195,584 -c--a-w c:\windows\system32\Com\comadmin.dll
+ 2005-07-26 04:42:33 195,072 ----a-w c:\windows\system32\Com\comadmin.dll
- 2001-10-26 17:29:26 82,432 -c--a-w c:\windows\system32\comrepl.dll
+ 2005-07-26 04:42:33 97,792 ----a-w c:\windows\system32\comrepl.dll
- 2004-08-03 23:43:56 1,251,840 ----a-w c:\windows\system32\comsvcs.dll
+ 2005-07-26 04:42:34 1,267,200 ----a-w c:\windows\system32\comsvcs.dll
- 2004-08-03 23:43:56 540,160 -c--a-w c:\windows\system32\comuid.dll
+ 2005-07-26 04:42:34 540,160 ----a-w c:\windows\system32\comuid.dll
- 2004-08-03 23:43:56 1,055,232 -c--a-w c:\windows\system32\danim.dll
+ 2005-09-02 23:54:57 1,055,232 ----a-w c:\windows\system32\danim.dll
- 2004-08-03 23:43:54 1,017,344 -c--a-w c:\windows\system32\dllcache\browseui.dll
+ 2005-09-02 23:54:56 1,020,416 -c--a-w c:\windows\system32\dllcache\browseui.dll
- 2004-08-03 23:43:54 229,888 -c--a-w c:\windows\system32\dllcache\catsrv.dll
+ 2005-07-26 04:42:32 225,792 -c--a-w c:\windows\system32\dllcache\catsrv.dll
- 2004-08-03 23:43:54 628,224 -c--a-w c:\windows\system32\dllcache\catsrvut.dll
+ 2005-07-26 04:42:33 625,152 -c--a-w c:\windows\system32\dllcache\catsrvut.dll
- 2004-08-03 23:43:54 151,040 -c--a-w c:\windows\system32\dllcache\cdfview.dll
+ 2005-09-02 23:54:56 151,552 -c--a-w c:\windows\system32\dllcache\cdfview.dll
- 2004-08-03 23:43:54 2,067,968 -c--a-w c:\windows\system32\dllcache\cdosys.dll
+ 2005-09-10 01:55:33 2,067,968 -c--a-w c:\windows\system32\dllcache\cdosys.dll
- 2004-08-03 23:43:54 110,080 -c--a-w c:\windows\system32\dllcache\clbcatex.dll
+ 2005-07-26 04:42:33 110,080 -c--a-w c:\windows\system32\dllcache\clbcatex.dll
- 2004-08-03 23:43:54 501,248 -c--a-w c:\windows\system32\dllcache\clbcatq.dll
+ 2005-07-26 04:42:33 498,688 -c--a-w c:\windows\system32\dllcache\clbcatq.dll
- 2004-08-03 23:43:56 195,584 -c--a-w c:\windows\system32\dllcache\comadmin.dll
+ 2005-07-26 04:42:33 195,072 -c--a-w c:\windows\system32\dllcache\comadmin.dll
- 2001-10-26 17:29:26 82,432 -c--a-w c:\windows\system32\dllcache\comrepl.dll
+ 2005-07-26 04:42:33 97,792 -c--a-w c:\windows\system32\dllcache\comrepl.dll
- 2004-08-03 23:43:56 540,160 -c--a-w c:\windows\system32\dllcache\comuid.dll
+ 2005-07-26 04:42:34 540,160 -c--a-w c:\windows\system32\dllcache\comuid.dll
- 2004-08-03 23:43:56 1,055,232 -c--a-w c:\windows\system32\dllcache\danim.dll
+ 2005-09-02 23:54:57 1,055,232 -c--a-w c:\windows\system32\dllcache\danim.dll
- 2004-08-03 23:43:58 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2005-09-02 23:54:57 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2004-08-03 23:44:00 278,016 -c--a-w c:\windows\system32\dllcache\gdi32.dll
+ 2005-10-06 03:18:44 280,064 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2004-08-03 23:44:22 10,752 -c--a-w c:\windows\system32\dllcache\hh.exe
+ 2005-05-26 23:22:01 10,752 -c--a-w c:\windows\system32\dllcache\hh.exe
- 2004-08-03 23:44:00 38,912 -c--a-w c:\windows\system32\dllcache\hhsetup.dll
+ 2005-05-27 02:08:15 41,472 -c--a-w c:\windows\system32\dllcache\hhsetup.dll
- 2001-10-26 17:29:30 77,850 -c--a-w c:\windows\system32\dllcache\hlink.dll
+ 2004-11-16 21:18:03 68,608 -c--a-w c:\windows\system32\dllcache\hlink.dll
- 2004-08-03 23:44:00 253,952 -c--a-w c:\windows\system32\dllcache\icm32.dll
+ 2005-06-29 01:52:57 254,976 -c--a-w c:\windows\system32\dllcache\icm32.dll
- 2004-08-03 23:44:00 249,344 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2005-09-02 23:54:58 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2004-08-03 23:44:02 96,768 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2005-09-02 23:54:58 96,768 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2004-08-03 23:44:02 143,872 -c--a-w c:\windows\system32\dllcache\itircl.dll
+ 2005-05-27 02:08:15 155,136 -c--a-w c:\windows\system32\dllcache\itircl.dll
- 2004-08-03 23:44:02 134,144 -c--a-w c:\windows\system32\dllcache\itss.dll
+ 2005-05-27 02:08:15 137,216 -c--a-w c:\windows\system32\dllcache\itss.dll
+ 2004-08-03 23:44:22 13,312 -c--a-w c:\windows\system32\dllcache\lsass.exe
- 2004-08-03 23:44:04 425,472 -c--a-w c:\windows\system32\dllcache\msdtcprx.dll
+ 2005-07-26 04:42:35 425,472 -c--a-w c:\windows\system32\dllcache\msdtcprx.dll
- 2004-08-03 23:44:04 949,248 -c--a-w c:\windows\system32\dllcache\msdtctm.dll
+ 2005-07-26 04:42:35 945,152 -c--a-w c:\windows\system32\dllcache\msdtctm.dll
- 2004-08-03 23:44:04 161,280 -c--a-w c:\windows\system32\dllcache\msdtcuiu.dll
+ 2005-07-26 04:42:35 161,280 -c--a-w c:\windows\system32\dllcache\msdtcuiu.dll
- 2004-08-03 23:44:06 3,003,392 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2005-10-04 16:27:36 3,013,120 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2004-08-03 23:44:06 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2005-09-02 23:55:02 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2004-08-03 23:44:06 530,432 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2005-09-02 23:55:03 530,432 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2004-08-03 23:44:08 90,112 -c--a-w c:\windows\system32\dllcache\mtxoci.dll
+ 2005-07-26 04:42:35 91,136 -c--a-w c:\windows\system32\dllcache\mtxoci.dll
- 2004-08-03 23:39:10 2,182,272 -c--a-w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2005-03-02 18:09:04 2,180,608 -c--a-w c:\windows\system32\dllcache\ntoskrnl.exe
- 2004-08-03 23:44:08 1,281,024 -c--a-w c:\windows\system32\dllcache\ole32.dll
+ 2005-07-26 04:42:36 1,284,608 -c--a-w c:\windows\system32\dllcache\ole32.dll
- 2001-10-26 17:29:40 69,120 -c--a-w c:\windows\system32\dllcache\olecli32.dll
+ 2005-07-26 04:42:36 75,264 -c--a-w c:\windows\system32\dllcache\olecli32.dll
- 2001-10-26 17:29:40 34,304 -c--a-w c:\windows\system32\dllcache\olecnv32.dll
+ 2005-07-26 04:42:36 37,888 -c--a-w c:\windows\system32\dllcache\olecnv32.dll
- 2004-08-03 23:44:10 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2005-09-02 23:55:03 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-03 23:44:42 139,400 -c--a-w c:\windows\system32\dllcache\rdpwd.sys
+ 2005-06-10 04:11:36 139,528 -c--a-w c:\windows\system32\dllcache\rdpwd.sys
- 2004-08-03 23:44:10 395,776 -c--a-w c:\windows\system32\dllcache\rpcss.dll
+ 2005-07-26 04:42:36 397,824 -c--a-w c:\windows\system32\dllcache\rpcss.dll
- 2004-08-03 23:44:10 1,483,264 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
+ 2005-09-02 23:55:06 1,483,776 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
- 2004-08-03 23:44:10 8,412,672 -c--a-w c:\windows\system32\dllcache\shell32.dll
+ 2005-09-23 03:07:40 8,479,232 -c--a-w c:\windows\system32\dllcache\shell32.dll
- 2004-08-03 23:44:12 473,600 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
+ 2005-09-02 23:55:06 473,600 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-03 23:44:28 14,336 -c--a-w c:\windows\system32\dllcache\svchost.exe
- 2004-08-03 23:44:28 77,312 -c--a-w c:\windows\system32\dllcache\telnet.exe
+ 2005-05-11 02:31:23 77,824 -c--a-w c:\windows\system32\dllcache\telnet.exe
- 2004-08-03 23:44:14 101,376 -c--a-w c:\windows\system32\dllcache\txflog.dll
+ 2005-07-26 04:42:36 101,376 -c--a-w c:\windows\system32\dllcache\txflog.dll
- 2004-08-03 23:44:14 602,112 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2005-09-02 23:55:07 604,672 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2004-08-03 23:44:14 578,560 -c--a-w c:\windows\system32\dllcache\user32.dll
+ 2005-03-02 18:18:38 578,560 -c--a-w c:\windows\system32\dllcache\user32.dll
- 2004-08-03 23:37:28 1,836,160 -c--a-w c:\windows\system32\dllcache\win32k.sys
+ 2005-10-06 03:10:28 1,839,744 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2004-08-03 23:44:16 658,944 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2005-09-02 23:55:08 660,992 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2004-08-03 23:44:18 11,776 -c--a-w c:\windows\system32\dllcache\xolehlp.dll
+ 2005-07-26 04:42:36 11,776 -c--a-w c:\windows\system32\dllcache\xolehlp.dll
- 2004-08-03 22:00:14 263,040 ------w c:\windows\system32\drivers\http.sys
+ 2004-10-08 23:48:21 262,400 ------w c:\windows\system32\drivers\http.sys
- 2004-08-03 22:04:52 134,912 ----a-w c:\windows\system32\drivers\ipnat.sys
+ 2004-09-29 22:28:37 134,912 ----a-w c:\windows\system32\drivers\ipnat.sys
- 2004-08-03 22:15:18 451,456 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2005-01-19 04:26:52 451,584 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2004-08-03 22:20:08 176,512 ----a-w c:\windows\system32\drivers\rdbss.sys
+ 2004-10-28 01:13:58 174,592 ----a-w c:\windows\system32\drivers\rdbss.sys
- 2004-08-03 23:44:42 139,400 -c--a-w c:\windows\system32\drivers\rdpwd.sys
+ 2005-06-10 04:11:36 139,528 ----a-w c:\windows\system32\drivers\rdpwd.sys
- 2004-08-03 22:14:46 336,256 ----a-w c:\windows\system32\drivers\srv.sys
+ 2005-05-10 00:17:51 332,544 ----a-w c:\windows\system32\drivers\srv.sys
- 2004-08-03 22:14:42 359,040 ----a-w c:\windows\system32\drivers\tcpip.sys
+ 2005-05-25 19:04:02 359,808 ----a-w c:\windows\system32\drivers\tcpip.sys
- 2002-09-20 16:03:42 313,856 -c--a-w c:\windows\system32\dx3j.dll
+ 2003-02-28 15:34:42 313,856 ----a-w c:\windows\system32\dx3j.dll
- 2004-08-03 23:43:58 201,728 ----a-w c:\windows\system32\dxtrans.dll
+ 2005-09-02 23:54:57 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2004-08-03 23:43:58 243,200 ----a-w c:\windows\system32\es.dll
+ 2005-07-26 04:42:34 243,200 ----a-w c:\windows\system32\es.dll
- 2004-08-03 23:43:58 55,808 -c----w c:\windows\system32\extmgr.dll
+ 2005-09-02 23:54:57 55,808 ------w c:\windows\system32\extmgr.dll
- 2005-11-20 17:03:29 120,544 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-27 18:30:32 120,544 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-03 23:44:00 278,016 ----a-w c:\windows\system32\gdi32.dll
+ 2005-10-06 03:18:44 280,064 ----a-w c:\windows\system32\gdi32.dll
- 2004-08-03 23:44:00 38,912 -c--a-w c:\windows\system32\hhsetup.dll
+ 2005-05-27 02:08:15 41,472 ----a-w c:\windows\system32\hhsetup.dll
- 2001-10-26 17:29:30 77,850 ----a-w c:\windows\system32\hlink.dll
+ 2004-11-16 21:18:03 68,608 ----a-w c:\windows\system32\hlink.dll
- 2004-08-03 23:44:00 349,696 -c--a-w c:\windows\system32\hypertrm.dll
+ 2004-11-17 17:43:29 351,744 ----a-w c:\windows\system32\hypertrm.dll
- 2004-08-03 23:44:00 253,952 -c--a-w c:\windows\system32\icm32.dll
+ 2005-06-29 01:52:57 254,976 ----a-w c:\windows\system32\icm32.dll
- 2004-08-03 23:44:00 249,344 ----a-w c:\windows\system32\iepeers.dll
+ 2005-09-02 23:54:58 251,392 ----a-w c:\windows\system32\iepeers.dll
- 2004-08-03 23:44:02 96,768 -c--a-w c:\windows\system32\inseng.dll
+ 2005-09-02 23:54:58 96,768 ----a-w c:\windows\system32\inseng.dll
- 2004-08-03 23:44:02 143,872 -c--a-w c:\windows\system32\itircl.dll
+ 2005-05-27 02:08:15 155,136 ----a-w c:\windows\system32\itircl.dll
- 2004-08-03 23:44:02 134,144 -c--a-w c:\windows\system32\itss.dll
+ 2005-05-27 02:08:15 137,216 ----a-w c:\windows\system32\itss.dll
- 2002-09-20 16:04:02 186,911 ----a-w c:\windows\system32\javacypt.dll
+ 2003-02-28 17:26:16 187,152 ----a-w c:\windows\system32\javacypt.dll
- 2002-09-20 16:04:02 63,007 -c--a-w c:\windows\system32\javaprxy.dll
+ 2003-02-28 17:26:18 63,248 ----a-w c:\windows\system32\javaprxy.dll
- 2002-09-20 16:04:02 404,509 ----a-w c:\windows\system32\javart.dll
+ 2003-02-28 17:26:18 404,752 ----a-w c:\windows\system32\javart.dll
- 2002-09-20 16:05:30 14,878 -c--a-w c:\windows\system32\jdbgmgr.exe
+ 2003-02-28 17:26:30 15,120 ----a-w c:\windows\system32\jdbgmgr.exe
- 2002-09-20 16:04:02 171,034 ----a-w c:\windows\system32\jit.dll
+ 2003-02-28 17:26:20 171,280 ----a-w c:\windows\system32\jit.dll
- 2002-09-20 16:05:32 172,060 -c--a-w c:\windows\system32\jview.exe
+ 2003-02-28 17:26:30 172,304 ----a-w c:\windows\system32\jview.exe
- 2004-08-03 23:44:02 294,400 ----a-w c:\windows\system32\kerberos.dll
+ 2005-06-15 17:51:00 295,936 ----a-w c:\windows\system32\kerberos.dll
- 2004-08-03 23:44:02 18,944 ----a-w c:\windows\system32\linkinfo.dll
+ 2005-09-01 02:28:38 19,968 ----a-w c:\windows\system32\linkinfo.dll
- 2004-08-03 23:44:02 723,968 ----a-w c:\windows\system32\lsasrv.dll
+ 2004-10-28 01:29:00 723,968 ----a-w c:\windows\system32\lsasrv.dll
- 2002-09-20 16:04:10 154,140 ----a-w c:\windows\system32\msawt.dll
+ 2003-02-28 17:26:20 154,384 ----a-w c:\windows\system32\msawt.dll
- 2004-08-03 23:44:04 73,728 ----a-w c:\windows\system32\mscms.dll
+ 2005-06-29 01:52:57 74,240 ----a-w c:\windows\system32\mscms.dll
- 2004-08-03 23:44:04 425,472 -c--a-w c:\windows\system32\msdtcprx.dll
+ 2005-07-26 04:42:35 425,472 ----a-w c:\windows\system32\msdtcprx.dll
- 2004-08-03 23:44:04 949,248 -c--a-w c:\windows\system32\msdtctm.dll
+ 2005-07-26 04:42:35 945,152 ----a-w c:\windows\system32\msdtctm.dll
- 2004-08-03 23:44:04 161,280 -c--a-w c:\windows\system32\msdtcuiu.dll
+ 2005-07-26 04:42:35 161,280 ----a-w c:\windows\system32\msdtcuiu.dll
- 2004-08-03 23:44:06 3,003,392 ----a-w c:\windows\system32\mshtml.dll
+ 2005-10-04 16:27:36 3,013,120 ----a-w c:\windows\system32\mshtml.dll
- 2004-08-03 23:44:06 448,512 ----a-w c:\windows\system32\mshtmled.dll
+ 2005-09-02 23:55:02 448,512 ----a-w c:\windows\system32\mshtmled.dll
- 2002-09-20 16:04:26 945,693 ----a-w c:\windows\system32\msjava.dll
+ 2003-02-28 17:26:26 947,472 ----a-w c:\windows\system32\msjava.dll
- 2002-09-20 16:04:26 21,023 -c--a-w c:\windows\system32\msjdbc10.dll
+ 2003-02-28 17:26:26 21,264 ----a-w c:\windows\system32\msjdbc10.dll
- 2004-08-03 23:44:06 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2005-09-02 23:55:02 146,432 ----a-w c:\windows\system32\msrating.dll
- 2004-08-03 23:44:06 530,432 -c--a-w c:\windows\system32\mstime.dll
+ 2005-09-02 23:55:03 530,432 ----a-w c:\windows\system32\mstime.dll
- 2004-08-03 23:44:06 66,560 ----a-w c:\windows\system32\mtxclu.dll
+ 2005-07-26 04:42:35 66,560 ----a-w c:\windows\system32\mtxclu.dll
- 2004-08-03 23:44:08 90,112 -c--a-w c:\windows\system32\mtxoci.dll
+ 2005-07-26 04:42:35 91,136 ----a-w c:\windows\system32\mtxoci.dll
- 2004-08-03 23:44:08 198,144 ----a-w c:\windows\system32\netman.dll
+ 2005-08-22 18:36:16 197,632 ----a-w c:\windows\system32\netman.dll
- 2004-08-03 23:38:58 2,058,112 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2005-03-02 18:08:54 2,058,112 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2004-08-03 23:39:10 2,182,272 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2005-03-02 18:09:04 2,180,608 ----a-w c:\windows\system32\ntoskrnl.exe
- 2004-08-03 23:44:08 1,281,024 ----a-w c:\windows\system32\ole32.dll
+ 2005-07-26 04:42:36 1,284,608 ----a-w c:\windows\system32\ole32.dll
- 2001-10-26 17:29:40 69,120 ----a-w c:\windows\system32\olecli32.dll
+ 2005-07-26 04:42:36 75,264 ----a-w c:\windows\system32\olecli32.dll
- 2001-10-26 17:29:40 34,304 ----a-w c:\windows\system32\olecnv32.dll
+ 2005-07-26 04:42:36 37,888 ----a-w c:\windows\system32\olecnv32.dll
- 2008-10-26 16:20:12 40,190 -c--a-w c:\windows\system32\perfc009.dat
+ 2009-03-27 18:33:03 40,190 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-26 16:20:12 49,690 -c--a-w c:\windows\system32\perfc015.dat
+ 2009-03-27 18:33:03 49,690 ----a-w c:\windows\system32\perfc015.dat
- 2008-10-26 16:20:12 311,802 -c--a-w c:\windows\system32\perfh009.dat
+ 2009-03-27 18:33:03 311,802 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-26 16:20:12 355,724 -c--a-w c:\windows\system32\perfh015.dat
+ 2009-03-27 18:33:03 355,724 ----a-w c:\windows\system32\perfh015.dat
- 2004-08-03 23:44:10 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2005-09-02 23:55:03 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2004-08-03 23:44:10 395,776 ----a-w c:\windows\system32\rpcss.dll
+ 2005-07-26 04:42:36 397,824 ----a-w c:\windows\system32\rpcss.dll
- 2004-08-03 23:44:10 1,483,264 ----a-w c:\windows\system32\shdocvw.dll
+ 2005-09-02 23:55:06 1,483,776 ----a-w c:\windows\system32\shdocvw.dll
- 2004-08-03 23:44:10 8,412,672 ----a-w c:\windows\system32\shell32.dll
+ 2005-09-23 03:07:40 8,479,232 ----a-w c:\windows\system32\shell32.dll
- 2004-08-03 23:44:12 473,600 ----a-w c:\windows\system32\shlwapi.dll
+ 2005-09-02 23:55:06 473,600 ----a-w c:\windows\system32\shlwapi.dll
- 2005-02-25 03:36:06 16,096 -c----w c:\windows\system32\spmsg.dll
+ 2005-02-24 19:36:08 16,096 ------w c:\windows\system32\spmsg.dll
- 2004-08-03 23:44:28 57,856 ----a-w c:\windows\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w c:\windows\system32\spoolsv.exe
- 2004-08-03 23:44:12 96,768 ----a-w c:\windows\system32\srvsvc.dll
+ 2004-12-07 19:34:12 96,768 ----a-w c:\windows\system32\srvsvc.dll
- 2004-08-03 23:44:14 246,272 ----a-w c:\windows\system32\tapisrv.dll
+ 2005-07-08 16:29:17 249,344 ----a-w c:\windows\system32\tapisrv.dll
- 2004-08-03 23:44:28 77,312 -c--a-w c:\windows\system32\telnet.exe
+ 2005-05-11 02:31:23 77,824 ----a-w c:\windows\system32\telnet.exe
- 2004-08-03 23:44:14 101,376 -c--a-w c:\windows\system32\txflog.dll
+ 2005-07-26 04:42:36 101,376 ----a-w c:\windows\system32\txflog.dll
- 2004-08-03 23:44:14 118,784 ----a-w c:\windows\system32\umpnpmgr.dll
+ 2005-08-23 03:40:06 123,904 ----a-w c:\windows\system32\umpnpmgr.dll
- 2004-08-03 23:44:14 602,112 ----a-w c:\windows\system32\urlmon.dll
+ 2005-09-02 23:55:07 604,672 ----a-w c:\windows\system32\urlmon.dll
- 2004-08-03 23:44:14 578,560 ----a-w c:\windows\system32\user32.dll
+ 2005-03-02 18:18:38 578,560 ----a-w c:\windows\system32\user32.dll
- 2002-09-20 16:04:58 287,263 ----a-w c:\windows\system32\vmhelper.dll
+ 2003-02-28 17:26:26 286,992 ----a-w c:\windows\system32\vmhelper.dll
- 2004-08-03 23:37:28 1,836,160 ----a-w c:\windows\system32\win32k.sys
+ 2005-10-06 03:10:28 1,839,744 ----a-w c:\windows\system32\win32k.sys
- 2004-08-03 23:44:16 658,944 ----a-w c:\windows\system32\wininet.dll
+ 2005-09-02 23:55:08 660,992 ----a-w c:\windows\system32\wininet.dll
- 2004-08-03 23:44:16 291,328 ----a-w c:\windows\system32\winsrv.dll
+ 2005-09-01 02:28:38 292,352 ----a-w c:\windows\system32\winsrv.dll
- 2002-09-20 16:05:50 171,549 -c--a-w c:\windows\system32\wjview.exe
+ 2003-02-28 17:26:32 171,792 ----a-w c:\windows\system32\wjview.exe
- 2004-08-03 23:44:18 11,776 -c--a-w c:\windows\system32\xolehlp.dll
+ 2005-07-26 04:42:36 11,776 ----a-w c:\windows\system32\xolehlp.dll
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-30 118784]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 286720]
"vptray"="c:\programy\NORTON~1\vptray.exe" [2002-10-07 77824]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-08-24 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winblh32]
2009-02-02 22:36 39936 c:\windows\system32\winblh32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

.
.
------- Skan uzupełniający -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 19:41:01
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe???????????????|?P???? ???B???????????????B? ??????

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\winblh32.dll
.
Czas ukończenia: 2009-03-27 19:42:55
ComboFix-quarantined-files.txt 2009-03-27 18:42:52
ComboFix2.txt 2009-03-27 17:47:10
ComboFix3.txt 2009-03-27 16:41:05

Przed: 8 800 497 664 bajtów wolnych
Po: 8,793,530,368 bajtów wolnych

384

HiJack:
CODE-BOX
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:48, on 2009-03-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programy\Norton Antywirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Programy\Norton Antywirus\Rtvscan.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programy\NORTON~1\vptray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\CTFMON.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Pulpit\HiJackThis.exe
C:\WINDOWS\system32\winver.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [vptray] C:\Programy\NORTON~1\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: winblh32 - C:\WINDOWS\SYSTEM32\winblh32.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Programy\Norton Antywirus\DefWatch.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Klient Symantec AntiVirus (Norton AntiVirus Server) - Symantec Corporation - C:\Programy\Norton Antywirus\Rtvscan.exe

--
End of file - 3422 bytes

Dokładnie to Norton Antywirus (w wersji corporate edition) przyczepia się do tej biblioteki: winblh32.dll, niestety nie zgrałem z niego logu i nie mogę podać nazwy jaką podał, ale po ComboFixie pousuwał kupę badziewia. Szwagier ma zainstalowanych trochę drukarek HP bo korzysta z lapka i w pracy i w domu. zawirusowanie wzięło się z pędraków, z nich wszystko usunąłem i wyłączyłem mu autostart....
Pozdrawiam

  • 0

#2 karolkuich

karolkuich

    Początkujący

  • 141 postów

Napisano 27 03 2009 - 22:18

Wklej do notatnika :
File::
c:\windows\system32\winblh32.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winblh32]

Plik zapisz jako CFScript.txt , przeciągnij i upuść na ikonkę ComboFixa. Wklej loga, który powstanie po usuwaniu.

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·