ComboFix.txt

Czyżby zainfekowany system Windows Vista ?

ok zrobilem domyśliłem sie ze mam stworzyc w notatniku taki plik o tej nazwie co pisales i wkleic to co mi napisałeś i mam nowy ten plik możesz zerknąć a ten program antywirusowy to jak mam zainstalować usunąć doktor web i zainstalowac i czy moge go zostawic na kompie jako antywirus na stałe bo czytalem same dobre opinie na temat tego programu Dodano po 28 :


ComboFix 09-05-11.01 - AGUSIA I PRZEMUS 12/05/2009 0:12.2 - NTFSx86
Microsoft(R) Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1976.1071 [GMT 1:00]
Running from: d:\przemus\ComboFix.exe
Command switches used :: d:\przemus\CFScript.txt.txt
.

((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-11 16:25 . 2009-05-11 16:25 -------- d-----w c:\program files\ESKK
2009-05-11 16:23 . 2009-05-11 16:28 -------- d-----w c:\program files\ESKK MemoPlus
2009-05-11 16:22 . 2009-05-11 16:23 -------- d-----w c:\program files\ESKK InternetPlus
2009-05-08 18:08 . 2009-05-08 18:08 -------- d-----w c:\programdata\TEMP
2009-05-08 18:08 . 2009-05-08 18:08 -------- d-----w c:\users\All Users\TEMP
2009-05-07 17:28 . 2009-05-07 18:04 680 ----a-w c:\users\AGUSIA I PRZEMUS\AppData\Local\d3d9caps.dat
2009-05-07 16:15 . 2009-05-07 20:07 -------- d-----w c:\users\AGUSIA I PRZEMUS\DoctorWeb
2009-05-07 16:14 . 2009-05-09 12:41 77824 ----atw c:\windows\system32\DRWEBSP.DLL
2009-05-07 16:14 . 2009-05-07 20:38 -------- d-----w c:\program files\DrWeb
2009-05-07 16:14 . 2009-05-07 16:14 -------- d-----w c:\users\AGUSIA I PRZEMUS\AppData\Roaming\InstallShield
2009-05-07 15:55 . 2009-05-07 15:55 -------- d-----w c:\users\AGUSIA I PRZEMUS\AppData\Roaming\ArcaMicroScan
2009-05-07 15:53 . 2009-05-07 18:40 82 ----a-w c:\windows\archivo.bat
2009-05-07 15:45 . 2009-05-07 15:45 135168 ----a-w C:\gimt.exe
2009-05-07 15:32 . 2009-05-07 15:32 2 ---h--w c:\windows\t55ft2692f44.dat
2009-05-07 15:32 . 2009-05-07 16:53 -------- d-----w c:\windows\system32\796525
2009-05-01 09:56 . 2009-05-01 09:56 -------- d-----w c:\program files\Common Files\SWF Studio
2009-04-26 15:46 . 2009-04-26 15:46 -------- d-----w c:\windows\java
2009-04-26 15:45 . 1998-10-29 15:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-26 15:15 . 2004-08-18 12:34 442368 ----a-r c:\windows\system32\vp6vfw.dll
2009-04-25 13:04 . 2000-10-19 14:05 25088 ----a-w c:\windows\system32\msxml3a.dll
2009-04-25 13:00 . 2009-04-25 17:25 -------- d-----w c:\program files\Business-in-a-Box
2009-04-24 12:08 . 2009-04-24 12:08 -------- d-----w c:\temp\Amedia astro ss temp
2009-04-24 12:08 . 2009-04-24 12:08 -------- d-----w C:\Temp
2009-04-23 22:46 . 2009-04-23 22:46 -------- d-----w c:\program files\Sun
2009-04-23 22:44 . 2009-04-23 22:45 -------- d-----w c:\program files\Java
2009-04-23 22:42 . 2009-04-23 22:42 -------- d-----w c:\program files\Common Files\Java
2009-04-17 16:10 . 2009-04-17 16:10 -------- d-----r c:\windows\system32\config\systemprofile\Music
2009-04-16 21:18 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-16 21:18 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-16 21:18 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-16 21:18 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-16 21:18 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-16 21:18 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-16 21:18 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-16 21:18 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-16 21:18 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-16 21:18 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-16 20:54 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-13 19:36 . 2009-04-13 19:36 -------- d-----w c:\program files\Software2000
2009-04-13 19:31 . 1998-01-23 13:15 304640 ----a-w c:\windows\IsUn0415.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 20:43 . 2009-03-18 22:50 99456 ----a-w c:\users\AGUSIA I PRZEMUS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-08 19:43 . 2008-05-15 02:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-07 15:29 . 2008-05-15 02:11 -------- d-----w c:\program files\McAfee
2009-04-24 10:44 . 2008-05-15 02:35 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-02 21:14 . 2008-05-15 02:28 -------- d-----w c:\program files\Common Files\Adobe
2009-03-29 16:38 . 2009-03-29 16:38 -------- d-----w c:\program files\Microsoft Works
2009-03-29 16:38 . 2006-11-02 12:35 -------- d-----w c:\program files\MSBuild
2009-03-29 16:35 . 2008-05-15 02:16 -------- d-----w c:\program files\Microsoft.NET
2009-03-29 16:30 . 2009-03-29 16:30 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-21 09:35 . 2009-03-21 09:35 -------- d-----w c:\program files\SiteAdvisor
2009-03-20 15:05 . 2009-03-19 20:14 952 --sha-w c:\users\All Users\KGyGaAvL.sys
2009-03-20 15:05 . 2009-03-19 20:14 952 --sha-w c:\programdata\KGyGaAvL.sys
2009-03-19 23:53 . 2008-05-15 02:20 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-19 23:50 . 2009-03-19 23:50 -------- d-----w c:\program files\MSXML 4.0
2009-03-19 20:22 . 2009-03-19 20:22 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-03-19 19:19 . 2009-03-18 22:49 -------- d-----w c:\program files\Google
2009-03-18 22:50 . 2008-05-15 02:27 -------- d-----w c:\program files\Acer
2009-03-17 03:38 . 2009-04-16 21:27 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 21:27 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-03-03 04:40 . 2009-04-16 21:27 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:37 . 2009-04-16 21:27 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 02:28 . 2009-04-16 21:27 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 21:27 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-16 21:27 1255936 ----a-w c:\windows\system32\lsasrv.dll
2008-01-21 02:57 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2008-10-24 18:50 . 2008-10-24 18:50 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-05-11_21.59.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:02 . 2009-05-11 22:01 70924 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-18 22:44 . 2009-05-11 22:03 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-18 22:44 . 2009-05-11 03:01 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-18 22:44 . 2009-05-11 22:03 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-18 22:44 . 2009-05-11 03:01 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-18 22:44 . 2009-05-11 22:03 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-18 22:44 . 2009-05-11 03:01 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-18 22:50 . 2009-05-11 22:01 7524 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2449671940-1984963327-309908646-1003_UserData.bin
+ 2009-05-11 21:59 . 2009-05-11 21:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-11 21:59 . 2009-05-11 21:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-05-11 22:05 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-10 22:40 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-10 22:40 105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-11 22:05 105852 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" swg " = " c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe " [2009-03-18 68856]
" ALLUpdate " = " d:\programy\ALLPlayer\ALLUpdate.exe " [2008-11-24 869888]
" WindowsWelcomeCenter " = " oobefldr.dll " - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" BkupTray " = " c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe " [2008-04-07 34040]
" IgfxTray " = " c:\windows\system32\igfxtray.exe " [2008-07-16 150040]
" HotKeysCmds " = " c:\windows\system32\hkcmd.exe " [2008-07-16 170520]
" Persistence " = " c:\windows\system32\igfxpers.exe " [2008-07-16 145944]
" SynTPEnh " = " c:\program files\Synaptics\SynTP\SynTPEnh.exe " [2008-02-22 1037608]
" LManager " = " c:\progra~1\LAUNCH~1\LManager.exe " [2008-07-25 875016]
" ePower_DMC " = " c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe " [2008-08-01 405504]
" Google Desktop Search " = " c:\program files\Google\Google Desktop Search\GoogleDesktop.exe " [2009-03-18 24064]
" ProductReg " = " c:\program files\Acer\WR_PopUp\ProductReg.exe " [2008-09-23 6144]
" GrooveMonitor " = " d:\programy\office 2007\Office12\GrooveMonitor.exe " [2007-08-24 33648]
" Adobe Reader Speed Launcher " = " c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe " [2008-10-15 39792]
" SunJavaUpdateSched " = " c:\program files\Java\jre1.6.0_05\bin\jusched.exe " [2008-02-22 144784]
" SpIDerMail " = " c:\program files\DrWeb\spiderml.exe " [2008-06-10 501080]
" RtHDVCpl " = " RtHDVCpl.exe " - c:\windows\RtHDVCpl.exe [2008-05-21 6144000]
" Skytel " = " Skytel.exe " - c:\windows\SkyTel.exe [2007-11-21 1826816]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-2 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
" EnableUIADesktopToggle " = 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
" Taskman " = " c:\recycler\S-1-5-21-9362835551-7049047648-198481470-7722\hd1.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
" AppInit_DLLs " =c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
" DisableMonitoring " =dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
" AntiVirusOverride " =dword:00000001
" AntiSpywareOverride " =dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
" {F28155F0-9F72-4D62-AA05-4A0910E97336} " = UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
" {145EBD80-A429-4AA4-B535-473B6C8AC8CE} " = UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
" {E4FA0595-B1B8-410E-A8D0-78FCD61EC9D3} " = TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
" {0A91A7B6-008C-418F-935F-26B186347094} " = UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
" {68D96487-C398-4FC6-87AF-7ABD2A4BF16F} " = TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
" {4BD37841-14E8-4B72-A2BE-24B07D609E4A} " = TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
" {38A9FC0A-1E9F-48A7-B795-E7D5C631B026} " = UDP:d:\programy\uTorrent.exe:uTorrent (TCP-In)
" {B2EBCB40-A193-47D7-AC46-E090A544A4A0} " = TCP:d:\programy\uTorrent.exe:uTorrent (UDP-In)
" TCP Query User{817253BC-077E-406C-9FF4-94DFF0837121}d:\\programy\\nowe gadu-gadu\\gg.exe " = UDP:d:\programy\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
" UDP Query User{45ED0A04-1C3E-4066-A44B-990D4D70DCC9}d:\\programy\\nowe gadu-gadu\\gg.exe " = TCP:d:\programy\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
" {0B9F55FD-CC8A-4305-B676-89B71DD1AA35} " = TCP:6004|d:\programy\office 2007\Office12\outlook.exe:Microsoft Office Outlook
" {75EFE4B3-0146-404F-AE13-671E7FE960A5} " = UDP:d:\programy\office 2007\Office12\GROOVE.EXE:Microsoft Office Groove
" {7ADF8C44-3428-4540-929E-E288A0B3FFEF} " = TCP:d:\programy\office 2007\Office12\GROOVE.EXE:Microsoft Office Groove
" {236981D6-7607-49D9-AB53-D1B5925A9D18} " = UDP:d:\programy\office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote
" {AFE9B0AC-7B3C-4133-895D-B359D125060C} " = TCP:d:\programy\office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote

R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 21:11 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [15/05/2008 03:27 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [07/04/2008 06:42 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04/04/2008 11:03 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28/03/2008 12:44 210432]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [24/10/2008 19:48 112128]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15/04/2008 19:13 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [08/04/2008 19:46 43736]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18/03/2009 23:49 24064]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\System32\drivers\TpChoice.sys [14/05/2008 08:42 17968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\RunGame.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-07 c:\windows\Tasks\Dr.Web automatic update.job
- c:\program files\DrWeb\drwebupw.exe [2009-05-07 13:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW & l=0809 & s=2 & o=vb32 & d=1008 & m=extensa_5230
LSP: c:\windows\system32\DRWEBSP.DLL
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 00:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
" BlindDial " =dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - & gt; 'Explorer.exe'(5016)
c:\windows\System32\SysHook.dll
.
Completion time: 2009-05-11 0:16
ComboFix-quarantined-files.txt 2009-05-11 23:16
ComboFix2.txt 2009-05-11 22:02

Pre-Run: 34,101,551,104 bytes free
Post-Run: 33,962,086,400 bytes free

211 --- E O F --- 2009-05-09 12:48


Pobierz plik - link do postu