Otóż od wczoraj przy włączeniu komputera mam błąd logonui.exe i dopiero po chwili uruchamia mi sie explorer.
Do tego niektóre programy zaczęły się dziwnie zachowywać: Zone alarm stracił wszystkie ustawienia, bearshare wogóle nie działa a niektóre programy działają niestabilnie(ogólnie to chyba tylko pare próbowałem użyć z kilkanstu zepewne). Dodam że kumpel odwiedził mnie z pendrivem dzięki czemu zapewne moje problemy:(
Daje loga
ComboFix 08-10-04.07 - XXX 2008-10-05 18:35:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.517 [GMT 2:00]
Uruchomiony z: G:\Firefox Dl\Nowy folder\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-05 do 2008-10-05 )))))))))))))))))))))))))))))))
.
2008-10-05 18:07 . 2008-10-05 18:07 <DIR> d-------- C:\Program Files\SkanerOnline
2008-10-03 22:21 . 2008-10-03 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
2008-10-03 22:21 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpB4.tmp
2008-10-03 22:21 . 2008-04-28 15:53 805,400 -ra------ C:\WINDOWS\system32\tmpB3.tmp
2008-10-03 13:32 . 2008-10-03 13:32 <DIR> d-------- C:\Documents and Settings\XXX\Dane aplikacji\Leadertech
2008-10-03 13:22 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-09-29 22:52 . 2008-09-29 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-09-29 22:24 . 2008-09-29 22:24 45 --a------ C:\WINDOWS\system32\initdebug.nfo
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 16:14 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\Skype
2008-10-05 15:32 273,128 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-05 15:32 23,568,416 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-05 09:58 118,784 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-10-03 22:05 2,948,608 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-10-03 22:05 1,752,576 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-10-03 20:20 1,751,040 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-10-03 19:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-29 20:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-29 20:19 2,940,416 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-09-29 20:19 1,739,776 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-09-29 20:02 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\skypePM
2008-09-22 14:19 3,157,504 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-09-22 14:19 1,742,336 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-09-21 12:45 2,783,572 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-04 15:06 1,730,048 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-09-01 18:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-09-01 18:48 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-01 18:48 22,328 ----a-w C:\Documents and Settings\XXX\Dane aplikacji\PnkBstrK.sys
2008-09-01 18:48 2,337,865 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-09-01 18:48 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-24 09:04 --------- d--h--r C:\Documents and Settings\XXX\Dane aplikacji\SecuROM
2008-08-19 18:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Media Center Programs
2008-08-19 18:52 --------- d-----w C:\Program Files\AGEIA Technologies
2008-08-19 18:48 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\InstallShield
2008-08-16 15:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-09 14:57 --------- d-----w C:\Documents and Settings\XXX\Dane aplikacji\Winamp
2008-08-09 14:15 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Talkback
2008-08-09 14:11 2,984,448 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-08-08 18:10 1,681,920 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-07-13 10:59 72,748 ----a-w C:\WINDOWS\unins000.exe
2008-07-11 20:30 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
.
------- Sigcheck -------
2008-04-14 00:50 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-04-14 00:50 361344 607c976b22aeb2fcf8a7486bcca1e3bf C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 22:51 1041920 5607709580bbdf41bc55515facde797f C:\WINDOWS\explorer.exe
2008-04-14 22:51 1035264 c791ed9eac5e76d9525e157b1d7a599a C:\WINDOWS\system32\dllcache\explorer.exe
2008-04-14 22:51 22016 bb655c3bee7a714c9ac1a764923fc933 C:\WINDOWS\system32\ctfmon.exe
2008-04-14 22:51 15360 1bd41eda5b869afc99895c39a8de36e1 C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-04-14 22:51 33280 21a9841da405746ea25c3e6b9f4bbe47 C:\WINDOWS\system32\userinit.exe
2008-04-14 22:51 26624 2a5b37d520508be6570a3ea79695f5b5 C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-05_18.31.45.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 06:00:00 168,960 ----a-w C:\WINDOWS\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\ZoneAlarm\zlclient.exe" [2008-04-02 919016]
"DrvIcon"="D:\Drive Icon\DrvIcon.exe" [2007-07-04 53248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^XXX^Menu Start^Programy^Autostart^Neo.lnk]
path=C:\Documents and Settings\XXX\Menu Start\Programy\Autostart\Neo.lnk
backup=C:\WINDOWS\pss\Neo.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 d:\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 19:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-07-04 14:01 148776 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-17 14:20 499144 D:\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 15:08 136136 D:\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 10:10 2015280 d:\FlashGet\flashget.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 12:04 2127296 D:\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 D:\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 D:\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-06-20 12:49 451872 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]
--a------ 2008-05-04 18:33 1347008 D:\Mobile Master\MMAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-07-04 14:20 161064 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-01-26 11:38 873472 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-12-22 11:09 86016 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\BitSpirit\\BitSpirit.exe"= D:\\BitSpirit\\BitSpirit.exe
"D:\\FlashGet\\flashget.exe"=
"D:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"D:\\Microsoft Office\\Office12\\GROOVE.EXE"=
"D:\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\SpaceSiege\\Space Siege\\SpaceSiege.exe"=
"D:\\SpaceSiege\\GPGNet\\GPG.Multiplayer.Client.exe"=
"G:\\Neverwinter Nights 2\\nwn2main.exe"=
"G:\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"G:\\Neverwinter Nights 2\\nwupdate.exe"=
"G:\\Neverwinter Nights 2\\nwn2server.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"F:\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2002-06-10 30920]
S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e464957d-913b-11dd-ba8e-000e501dcf8e}]
\Shell\AutoRun\command - J:\EXPLORER.EXE
\Shell\explore\Command - J:\EXPLORER.EXE
\Shell\open\Command - J:\EXPLORER.EXE
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'
2008-10-04 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1212174876.job
- D:\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe []
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\XXX\Dane aplikacji\Mozilla\Firefox\Profiles\mjud9loh.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/
FF -: plugin - D:\ Firefox\plugins\npnul32.dll
FF -: plugin - d:\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF -: plugin - d:\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - d:\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 18:36:08
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-10-05 18:36:46
ComboFix-quarantined-files.txt 2008-10-05 16:36:41
Przed: 8 328 159 232 bajtów wolnych
Po: 8,314,003,456 bajtów wolnych
186
Z góry dzięki za pomoc.
