PS> ComboFix mi nie działa bo prosi ciągle o nowszą wersje ;/
log z HJ
- Kod: Zaznacz wszystko
Deckard's System Scanner v20071014.68
Run by AlexV on 2008-08-11 16:19:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
6: 2008-08-11 14:19:53 UTC - RP12 - Deckard's System Scanner Restore Point
5: 2008-08-11 14:14:02 UTC - RP11 - Zainstalowano Windows XP KB842773.
4: 2008-08-11 14:13:56 UTC - RP10 - Zainstalowano Windows Installer KB893803v2.
3: 2008-08-11 14:13:31 UTC - RP9 - Zainstalowano Windows XP KB898461.
2: 2008-08-11 14:13:25 UTC - RP8 - Software Distribution Service 3.0
-- First Restore Point --
1: 2008-08-11 13:26:54 UTC - RP7 - Punkt kontrolny systemu
Backed up registry hives.
Performed disk cleanup.
[color=red]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]
-- HijackThis (run as AlexV.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:34, on 2008-08-11
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\System32\RUNDLL32.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS.0\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS.0\System32\nvsvc32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS.0\System32\wuauclt.exe
C:\Documents and Settings\AlexV.DOM-643PTXUE01S\Pulpit\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\AlexV.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.pl/redirect/startpage/adsl/pol
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.0\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [amva] C:\WINDOWS.0\System32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.0\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.0\web\related.htm
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\System32\nvsvc32.exe
--
End of file - 3535 bytes
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
All drivers whitelisted.
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Kontroler sieci
Device ID: PCI\VEN_1814&DEV_0101&SUBSYS_00101371&REV_00\3&13C0B0C5&0&40
Manufacturer:
Name: Kontroler sieci
PNP Device ID: PCI\VEN_1814&DEV_0101&SUBSYS_00101371&REV_00\3&13C0B0C5&0&40
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Kontroler RAID
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_72111462&REV_80\3&13C0B0C5&0&78
Manufacturer:
Name: Kontroler RAID
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_72111462&REV_80\3&13C0B0C5&0&78
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Generic Digital camera
Device ID: USB\VID_04FC&PID_0561\5&238EC6F9&0&1
Manufacturer:
Name: Generic Digital camera
PNP Device ID: USB\VID_04FC&PID_0561\5&238EC6F9&0&1
Service:
-- Files created between 2008-07-11 and 2008-08-11 -----------------------------
2008-08-11 16:20:26 0 d-------- C:\Program Files\Trend Micro
2008-08-11 16:14:07 0 d-------- C:\WINDOWS.0\System32\bits
2008-08-11 16:13:32 0 d-------- C:\WINDOWS.0\System32\PreInstall
2008-08-11 16:13:29 0 d--h----- C:\WINDOWS.0\$hf_mig$
2008-08-11 15:13:07 0 d-------- C:\WINDOWS.0\System32\SoftwareDistribution
2008-08-11 15:11:18 0 d-------- C:\WINDOWS.0\SoftwareDistribution
2008-08-11 15:11:09 0 d-------- C:\WINDOWS.0\LastGood
2008-08-11 08:48:46 545 --a------ C:\WINDOWS.0\UC.PIF
2008-08-11 08:48:46 545 --a------ C:\WINDOWS.0\RAR.PIF
2008-08-11 08:48:46 545 --a------ C:\WINDOWS.0\PKZIP.PIF
2008-08-11 08:48:46 545 --a------ C:\WINDOWS.0\PKUNZIP.PIF
2008-08-11 08:48:46 545 --a------ C:\WINDOWS.0\NOCLOSE.PIF
2008-08-11 08:48:46 545 --a------ C:\WINDOWS.0\LHA.PIF
2008-08-11 08:48:46 545 --a------ C:\WINDOWS.0\ARJ.PIF
2008-08-11 00:41:53 0 d---s---- C:\WINDOWS.0\System32\Microsoft
2008-07-11 06:38:39 0 d-------- C:\WINDOWS.0\Prefetch
2008-07-11 06:35:32 0 d-------- C:\WINDOWS.0\System32\xircom
2008-07-11 06:35:27 0 -rahs---- C:\MSDOS.SYS
2008-07-11 06:35:27 0 -rahs---- C:\IO.SYS
2008-07-11 06:35:27 0 --a------ C:\CONFIG.SYS
2008-07-11 06:35:27 0 --a------ C:\AUTOEXEC.BAT
2008-07-11 06:34:19 0 dr------- C:\WINDOWS.0\Offline Web Pages
2008-07-11 06:34:19 0 d---s---- C:\WINDOWS.0\Downloaded Program Files
2008-07-11 06:33:49 0 d-------- C:\WINDOWS.0\System32\DirectX
2008-07-11 06:33:11 0 d---s---- C:\WINDOWS.0\Tasks
2008-07-11 06:33:04 0 d-------- C:\WINDOWS.0\srchasst
2008-07-11 06:33:03 0 d-------- C:\WINDOWS.0\System32\Macromed
2008-07-11 06:32:58 0 d-------- C:\WINDOWS.0\PCHealth
2008-07-11 06:32:57 0 d-------- C:\WINDOWS.0\System32\Restore
2008-07-11 06:32:36 21856 --a------ C:\WINDOWS.0\System32\emptyregdb.dat
2008-07-11 06:32:31 0 d-------- C:\WINDOWS.0\Registration
2008-07-11 06:31:34 0 d-------- C:\WINDOWS.0\System32\MsDtc
2008-07-11 06:31:33 0 d-------- C:\WINDOWS.0\System32\Com
-- Find3M Report ---------------------------------------------------------------
2008-08-11 15:11:16 0 d--h----- C:\Program Files\WindowsUpdate
2008-08-11 00:08:10 0 d-------- C:\Documents and Settings\AlexV.DOM-643PTXUE01S\Dane aplikacji\Winamp
2008-07-11 06:33:03 0 d-------- C:\Program Files\Movie Maker
2008-07-11 06:32:29 355486 --a------ C:\WINDOWS.0\System32\perfh015.dat
2008-07-11 06:32:29 49492 --a------ C:\WINDOWS.0\System32\perfc015.dat
2008-07-11 06:31:58 0 d-------- C:\Program Files\Windows NT
2008-07-10 22:55:30 0 d-------- C:\Program Files\VirtualDJ
2008-07-10 22:49:00 0 d-------- C:\Documents and Settings\AlexV.DOM-643PTXUE01S\Dane aplikacji\Google
2008-07-10 22:34:58 0 d-------- C:\Program Files\Winamp
2008-07-10 22:22:56 62 --ahs---- C:\Documents and Settings\AlexV.DOM-643PTXUE01S\Dane aplikacji\desktop.ini
2008-07-10 22:19:12 8 --a------ C:\WINDOWS.0\System32\nvModes.dat
2008-07-10 22:17:08 0 d-------- C:\Program Files\Avira
2008-07-10 22:00:28 0 d-------- C:\Program Files\VIAudioi
2008-07-10 21:45:36 0 --a------ C:\WINDOWS.0\nsreg.dat
2008-07-10 21:45:33 0 d-------- C:\Documents and Settings\AlexV.DOM-643PTXUE01S\Dane aplikacji\Mozilla
2008-07-10 21:44:09 0 d-------- C:\Program Files\Google
2008-07-10 21:44:01 0 d-------- C:\Documents and Settings\AlexV.DOM-643PTXUE01S\Dane aplikacji\Macromedia
2008-07-10 21:43:43 0 d-------- C:\Documents and Settings\AlexV.DOM-643PTXUE01S\Dane aplikacji\Adobe
2008-07-10 21:39:35 0 d-------- C:\Documents and Settings\AlexV.DOM-643PTXUE01S\Dane aplikacji\Identities
2008-07-09 00:25:22 0 d-------- C:\Program Files\Messenger
2008-07-09 00:21:50 0 d-------- C:\Program Files\MSXML 4.0
2008-07-08 17:49:42 0 d-------- C:\Program Files\Common Files
2008-07-07 17:16:09 0 d-------- C:\Program Files\ADSL Drivers
2008-07-06 10:44:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-05 09:55:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-05 09:53:19 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-05 00:47:10 0 d-------- C:\Program Files\WLAN
2008-07-05 00:42:41 0 d-------- C:\Program Files\microsoft frontpage
2008-07-05 00:41:32 0 d-------- C:\Program Files\Usługi online
2008-07-05 00:40:45 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-05 00:39:54 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-04 21:11:43 0 d-------- C:\Program Files\Java
2008-07-04 21:06:21 0 d-------- C:\Program Files\Common Files\Java
2008-07-04 20:17:29 0 d-------- C:\Program Files\Gadu-Gadu <GADU-G~1>
2008-07-04 19:14:40 0 d-------- C:\Program Files\VIA
2008-07-04 19:14:35 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-04 16:28:25 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-04 16:28:22 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-04 16:25:20 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-04 16:25:12 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-04 16:24:49 0 d-------- C:\Program Files\Common Files\HP
2008-07-04 16:12:13 0 d-------- C:\Program Files\MarBit
2008-07-04 16:07:30 0 d-------- C:\Program Files\Common Files\Nero
2008-07-04 16:05:27 0 d-------- C:\Program Files\Common Files\Ahead
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS.0\System32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS.0\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS.0\System32\NvMcTray.dll" [2006-10-22 12:22]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-03-20 16:26]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 23:33]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\System32\ctfmon.exe" [2002-09-23 14:00]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04]
"amva"="C:\WINDOWS.0\System32\amvo.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ed24704-4ec5-11dd-99a2-806d6172696f}]
AutoRun\command- oq.cmd
explore\Command- oq.cmd
open\Command- oq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ed24705-4ec5-11dd-99a2-806d6172696f}]
AutoRun\command- oq.cmd
explore\Command- oq.cmd
open\Command- oq.cmd
*Newly Created Service* - BITS
-- End of Deckard's System Scanner: finished at 2008-08-11 16:22:39 ------------
Proszę o pomoc
) a czy coś jeszcze groźnego widzisz (widzicie w tym logu ?)
P tylko powiedzcie mi jak można jak usunąć starego windowsa jak jest na tej samej Partycji ?