przez Squosh 15 Maj 2008, 21:25
Niestety dalej się wyświetla...
O to log z Combo:
- Kod: Zaznacz wszystko
ComboFix 08-05-12.1 - Włodek 2008-05-15 21:14:27.4 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.376 [GMT 2:00]
Running from: C:\Documents and Settings\Włodek\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.
2008-05-15 20:07 . 2008-05-15 20:18 718 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-15 19:32 . 2008-05-15 19:32 359,684 --a------ C:\Documents and Settings\Wcatchme.zip
2008-05-15 17:03 . 2008-05-15 17:03 94,272 --a------ C:\WINDOWS\system32\kypcykpj.dll
2008-05-15 16:55 . 2008-05-15 16:55 108,608 --a------ C:\WINDOWS\system32\okghdexr.dll
2008-05-15 16:26 . 2008-05-15 16:26 108,608 --a------ C:\WINDOWS\system32\csdqtsvp.dll
2008-05-15 16:23 . 2008-05-15 16:23 94,208 --------- C:\WINDOWS\system32\fhpytoms.dll
2008-05-15 16:15 . <DIR> C:\Documents and Settings\W-odek
2008-05-15 16:15 . 2008-05-15 16:15 294 ---hs---- C:\WINDOWS\system32\appajspr.ini
2008-05-15 15:36 . 2008-05-15 15:36 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-15 15:33 . 2008-05-15 20:48 2,298 --a------ C:\WINDOWS\TSCTNDBG.INI
2008-05-14 22:00 . 2008-05-14 22:00 <DIR> d-------- C:\SDFix
2008-05-14 21:54 . 2008-05-14 21:54 <DIR> d-------- C:\Documents and Settings\Włodek\.javaws
2008-05-14 21:54 . 2008-05-14 21:54 <DIR> d-------- C:\Documents and Settings\Włodek\.javaws
2008-05-14 20:38 . 2008-05-14 20:38 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-14 20:38 . 2008-05-14 20:38 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-14 20:36 . 2008-05-14 20:36 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-14 20:36 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-05-14 18:49 . 2008-05-14 18:49 <DIR> d-------- C:\Documents and Settings\Włodek\Dane aplikacji\Gadu-Gadu
2008-05-14 18:49 . 2008-05-14 18:49 <DIR> d-------- C:\Documents and Settings\Włodek\Dane aplikacji\Gadu-Gadu
2008-05-14 18:49 . 2008-05-14 18:49 <DIR> d-------- C:\Documents and Settings\Włodek\Dane aplikacji\Gadu-Gadu
2008-05-14 18:46 . 2008-05-14 18:46 <DIR> d-------- C:\Program Files\Gadu-Gadu
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 17:00 --------- d-----w C:\Program Files\Lx_cats
2008-05-14 19:54 --------- d-----w C:\Program Files\Java Web Start
2008-05-14 18:38 --------- d-----w C:\Program Files\Nokia
2008-05-14 18:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-05-12 18:40 --------- d-----w C:\Program Files\eMule
2008-05-05 19:20 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-05 19:19 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-02 17:36 --------- d-----w C:\Documents and Settings\Włodek\Dane aplikacji\uTorrent
2008-05-02 17:36 --------- d-----w C:\Documents and Settings\Włodek\Dane aplikacji\uTorrent
2008-05-02 17:36 --------- d-----w C:\Documents and Settings\Włodek\Dane aplikacji\uTorrent
2008-03-20 14:17 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-03-19 21:35 --------- d-----w C:\Program Files\eTeacher 4 Niemiecki
2008-03-17 19:01 --------- d-----w C:\Documents and Settings\Włodek\Dane aplikacji\Nokia
2008-03-17 19:01 --------- d-----w C:\Documents and Settings\Włodek\Dane aplikacji\Nokia
2008-03-17 19:01 --------- d-----w C:\Documents and Settings\Włodek\Dane aplikacji\Nokia
2008-03-17 19:00 --------- d-----w C:\Documents and Settings\Włodek\Dane aplikacji\PC Suite
2008-03-17 19:00 --------- d-----w C:\Documents and Settings\Włodek\Dane aplikacji\PC Suite
2008-03-17 19:00 --------- d-----w C:\Documents and Settings\Włodek\Dane aplikacji\PC Suite
2008-03-17 19:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-03-17 18:52 --------- d-----w C:\Program Files\DIFX
2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@2008-05-15_16.14.42.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 14:10:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 19:09:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"Start WingMan Profiler"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 00:44 159744]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-05 18:24:18 113664]
Remote Controller.lnk - C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE [2007-12-05 22:13:26 106496]
TV Scheduler.lnk - C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE [2007-12-05 22:13:26 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:55 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\Gry\\Colin McRae 4.0\\Colin McRae Rally 04\\cmr4.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"D:\\Gry\\Quake III Arena pr. 1.32\\quake3.exe"=
"D:\\Gry\\Quake III Arena pr. 1.31\\quake3.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"D:\\Gry\\Football Manager 2008\\fm.exe"=
"D:\\Gry\\Counter Strike Source\\hl2.exe"=
"D:\\Gry\\Counter Strike Source\\srcds.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
S2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2003-03-26 16:48]
S2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2003-01-16 18:14]
S2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2003-01-16 18:14]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 18:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 18:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 18:59]
*Newly Created Service* - BTTUNER
*Newly Created Service* - BTXBAR
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 21:15:56
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-15 21:17:13
ComboFix-quarantined-files.txt 2008-05-15 19:16:51
ComboFix2.txt 2008-05-15 17:59:52
ComboFix3.txt 2008-05-15 14:15:41
Pre-Run: 14,755,815,424 bajtów wolnych
Post-Run: 14,746,677,248 bajtów wolnych
125
A o to log z hijacka (scan robiony na normalnym trybie, myślę że nie robi to różnicy)
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 21:22:51, on 2008-05-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Instalki\Bezpieczeństwo\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
O4 - Global Startup: TV Scheduler.lnk = C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Dodam, że nie skanowałem jeszcze systemu trzema AV podanymi przez okocze.
edit: A dlaczego nie uruchamia mi się antyvirus (nod32) podczas startu komputera?
pzdr. Adam
Jestem jedną z tych osób, które potrafią manipulować twoim czasem.
Wiesz dlaczego??
Bo tracisz go czytając mój podpis który nie ma w ogóle sensu.
jeśli nie to powtórz w awaryjnym. jeśli nie to tak jak mówiłem
znowu nie robiłem tego w awaryjnym i komp się wyłącza.
