Skanowalem komputer antyvirusami (NODem, oraz internetowymi : Norton, Panda, mks) i nie wykryly zadnych wirusow.
Nie pomogl nawet format dysku.
Kiedy wylaczylem w opcjach aby sie nie restartowal to teraz po prostu sie zawiesza i monitor sie wylacza, wiec jest to prawdopodobnie bluescreen, jednak nie moge odczytac informacji w nim zawartej poniewaz monitor sie wylacza.
Zalaczam log z HJT
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 11:41:01, on 2007-10-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ULI5289\ALi5289.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Eset\nod32kui.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Gadu-Gadu\gg.exe
H:\PROGRA~1\CACHEM~1\CachemanXP.exe
H:\Program Files\Mozilla Thunderbird\thunderbird.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Eset\nod32.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - H:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - H:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ALi5289] D:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: E-mail.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Winamp Toolbar Search - D:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - H:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
oraz Combofix
- Kod: Zaznacz wszystko
ComboFix 07-10-28.2 - Vlad 2007-10-29 9:59:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.545 [GMT 1:00]
Running from: H:\Downloads\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\WINDOWS\system32\install.exe
D:\WINDOWS\system32\nvrssk.dll
D:\WINDOWS\system32\nvrssl.dll
.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-29 )))))))))))))))))))))))))))))))
.
2007-10-29 09:58 51,200 --a------ D:\WINDOWS\NirCmd.exe
2007-10-29 09:58 28,672 --a------ D:\WINDOWS\system32\drivers\CO_Mon.sys
2007-10-29 09:57 <DIR> d-------- D:\Documents and Settings\Vlad\Dane aplikacji\WholeSecurity
2007-10-29 08:29 <DIR> d-------- D:\Documents and Settings\LocalService\Menu Start
2007-10-29 08:28 <DIR> d---s---- D:\WINDOWS\system32\Microsoft
2007-10-29 03:06 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
2007-10-29 03:02 <DIR> d-------- D:\WINDOWS\ServicePackFiles
2007-10-29 02:58 15,872 --a------ D:\WINDOWS\system32\spupdsvc.exe
2007-10-29 02:53 <DIR> d-------- D:\WINDOWS\EHome
2007-10-28 23:24 <DIR> d-------- D:\WINDOWS\pss
2007-10-28 23:20 <DIR> d-------- H:\Program Files\Hamachi
2007-10-28 23:20 <DIR> d-------- D:\Documents and Settings\Vlad\Dane aplikacji\Hamachi
2007-10-28 23:20 25,280 --a------ D:\WINDOWS\system32\drivers\hamachi.sys
2007-10-28 21:07 114,744 --a------ D:\WINDOWS\system32\hpzlnt04.dll
2007-10-28 21:06 <DIR> d-------- H:\Program Files\hp deskjet 825c series
2007-10-28 21:06 376 --a------ D:\WINDOWS\mozregistry.dat
2007-10-28 21:05 <DIR> d-------- H:\Program Files\Hewlett-Packard
2007-10-28 19:21 <DIR> d-------- D:\Program Files\Common Files\Adobe
2007-10-28 19:20 <DIR> d-------- D:\WINDOWS\Cache
2007-10-28 19:11 <DIR> d-------- H:\Program Files\Winamp Toolbar
2007-10-28 19:11 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2007-10-28 19:10 <DIR> d-------- H:\Program Files\Winamp
2007-10-28 19:10 <DIR> d-------- D:\Documents and Settings\Vlad\Dane aplikacji\Winamp
2007-10-28 11:57 <DIR> d-------- H:\Program Files\Autodesk
2007-10-28 11:57 <DIR> d-------- H:\Program Files\AnswerWorks 4.0
2007-10-28 11:56 <DIR> d-------- H:\Program Files\AutoCAD 2005
2007-10-28 11:56 <DIR> d-------- D:\Program Files\Common Files\Autodesk Shared
2007-10-28 11:56 <DIR> d-------- D:\Documents and Settings\Vlad\Dane aplikacji\Autodesk
2007-10-28 11:56 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2007-10-28 11:54 <DIR> d-------- D:\WINDOWS\system32\URTTemp
2007-10-28 11:40 499,229 --a------ D:\WINDOWS\system32\dxmasf.dll
2007-10-28 11:40 246,302 --a------ D:\WINDOWS\system32\strmdll.dll
2007-10-28 11:39 <DIR> d-------- D:\WINDOWS\Historia
2007-10-28 11:25 160,640 --a------ D:\WINDOWS\system32\drivers\a347bus.sys
2007-10-28 11:25 5,248 --a------ D:\WINDOWS\system32\drivers\a347scsi.sys
2007-10-28 11:24 <DIR> d-------- H:\Program Files\Alcohol Soft
2007-10-28 11:10 <DIR> d-------- H:\Program Files\CachemanXP
2007-10-28 11:08 <DIR> d-------- D:\Pulpit 2
2007-10-28 11:06 <DIR> d-------- D:\WINDOWS\ShellNew
2007-10-28 10:33 <DIR> d-------- D:\WINDOWS\Sun
2007-10-28 10:32 <DIR> d-------- H:\Program Files\Java
2007-10-28 10:31 <DIR> d-------- D:\Program Files\Common Files\Java
2007-10-28 10:30 1,467 --a------ D:\WINDOWS\mozver.dat
2007-10-28 10:17 <DIR> d-------- D:\Documents and Settings\Vlad\Dane aplikacji\Gadu-Gadu
2007-10-28 10:13 <DIR> d-------- H:\Program Files\Gadu-Gadu
2007-10-28 10:13 <DIR> d-------- D:\Documents and Settings\Vlad\Gadu-Gadu
2007-10-28 09:42 <DIR> d-------- H:\Program Files\Mozilla Thunderbird
2007-10-28 09:42 <DIR> d-------- D:\Documents and Settings\Vlad\Dane aplikacji\Thunderbird
2007-10-28 09:24 <DIR> d-------- D:\Documents and Settings\Vlad\Dane aplikacji\Talkback
2007-10-28 09:24 0 --a------ D:\WINDOWS\nsreg.dat
2007-10-28 09:15 <DIR> d-------- D:\WINDOWS\system32\Lang
2007-10-27 19:28 1,415,680 --a------ D:\WINDOWS\system32\WMV9VCM.dll
2007-10-27 19:28 921,600 --a------ D:\WINDOWS\system32\vorbisenc.dll
2007-10-27 19:28 237,568 --a------ D:\WINDOWS\system32\OggDS.dll
2007-10-27 19:28 188,416 --a------ D:\WINDOWS\system32\vorbis.dll
2007-10-27 19:28 45,056 --a------ D:\WINDOWS\system32\ogg.dll
2007-10-27 19:27 1,559,040 --a------ D:\WINDOWS\system32\xvidcore.dll
2007-10-27 19:27 740,442 --a------ D:\WINDOWS\system32\DivX.dll
2007-10-27 19:27 245,760 --a------ D:\WINDOWS\system32\mplvpx.dll
2007-10-27 19:27 9,216 --a------ D:\WINDOWS\system32\cpuinf32.dll
2007-10-27 18:00 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2007-10-27 15:50 <DIR> d-------- H:\Program Files\MarBit
2007-10-27 15:44 <DIR> d-------- H:\Program Files\Usługi online
2007-10-27 15:44 <DIR> d-------- H:\Program Files\ULI5289
2007-10-27 15:44 <DIR> d-------- H:\Program Files\Realtek Sound Manager
2007-10-27 15:43 <DIR> d--h----- H:\Program Files\InstallShield Installation Information
2007-10-27 15:43 <DIR> d-------- H:\Program Files\Common Files
2007-10-27 15:43 <DIR> d-------- H:\Program Files\AvRack
2007-10-27 15:43 <DIR> d-------- H:\Program Files\AMD
2007-10-27 15:43 327,743 --a--c--- D:\WINDOWS\system32\dllcache\wmmres.dll
2007-10-27 15:43 163,906 --a--c--- D:\WINDOWS\system32\dllcache\wmmutil.dll
2007-10-27 15:43 110,657 --a--c--- D:\WINDOWS\system32\dllcache\wmmfilt.dll
2007-10-27 15:43 73,728 --a--c--- D:\WINDOWS\system32\dllcache\icwtutor.exe
2007-10-27 15:43 65,536 --a--c--- D:\WINDOWS\system32\dllcache\icwres.dll
2007-10-27 15:43 40,960 --a--c--- D:\WINDOWS\system32\dllcache\trialoc.dll
2007-10-27 15:43 16,384 --a--c--- D:\WINDOWS\system32\dllcache\isignup.exe
2007-10-27 15:40 <DIR> d-------- H:\Program Files\microsoft frontpage
2007-10-27 15:39 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys
2007-10-27 15:39 298,104 --a------ D:\WINDOWS\system32\imon.dll
2007-10-27 15:39 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys
2007-10-27 15:22 58,624 --a------ D:\WINDOWS\system32\drivers\redbook.sys
2007-10-27 15:22 25,856 --a------ D:\WINDOWS\system32\drivers\usbprint.sys
2007-10-27 15:22 20,992 --a------ D:\WINDOWS\system32\drivers\rtl8139.sys
2007-10-27 15:22 10,624 --a------ D:\WINDOWS\system32\drivers\gameenum.sys
2007-10-27 15:22 3,072 --a------ D:\WINDOWS\system32\drivers\audstub.sys
2007-10-27 15:21 <DIR> d-------- D:\Program Files\Common Files\ODBC
2007-10-27 15:21 774,144 --a--c--- D:\WINDOWS\system32\dllcache\spttseng.dll
2007-10-27 15:21 77,824 --a--c--- D:\WINDOWS\system32\dllcache\spcommon.dll
2007-10-27 15:21 77,312 --a------ D:\WINDOWS\system32\usbui.dll
2007-10-27 15:21 61,440 --a--c--- D:\WINDOWS\system32\dllcache\spcplui.dll
2007-10-27 15:20 <DIR> d-------- D:\Program Files\Common Files\SpeechEngines
2007-10-27 15:20 <DIR> dr------- D:\Program Files
2007-10-27 15:20 <DIR> dr-h----- D:\Documents and Settings\Default User\Ustawienia lokalne
2007-10-27 15:20 <DIR> d-------- D:\Documents and Settings\Default User\Ulubione
2007-10-27 15:20 <DIR> d--h----- D:\Documents and Settings\Default User\Szablony
2007-10-27 15:20 <DIR> d-------- D:\Documents and Settings\Default User\Pulpit
2007-10-27 15:20 <DIR> d-------- D:\Documents and Settings\Default User\Moje dokumenty
2007-10-27 15:20 <DIR> dr------- D:\Documents and Settings\Default User\Menu Start
2007-10-27 15:20 <DIR> dr-h----- D:\Documents and Settings\Default User\Dane aplikacji
2007-10-27 15:20 <DIR> d-------- D:\Documents and Settings\All Users\Ulubione
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 15:09 --------- d-----w H:\Program Files\Combined Community Codec Pack
2007-10-27 13:34 --------- d-----w D:\Program Files\Common Files\InstallShield
2007-10-27 13:26 --------- d-----w D:\Program Files\Common Files\MSSoap
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ H:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= H:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= H:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]
[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289"="D:\Program Files\ULI5289\ALi5289.exe" [2005-03-10 07:56]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 D:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2005-08-02 09:35]
"nwiz"="nwiz.exe" [2005-08-02 09:35 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\System32\NvMcTray.dll" [2005-08-02 09:35]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-10-27 15:38]
"SunJavaUpdateSched"="H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"HPDJ Taskbar Utility"="D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 19:19]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"Gadu-Gadu"="H:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - H:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
Przyspieszenie uruchomienia programu AutoCAD.lnk - D:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-07-01 22:10:06]
R0 m5289;m5289;D:\WINDOWS\system32\DRIVERS\m5289.sys
R0 uliagpkx;ULi AGP Bus Filter Driver;D:\WINDOWS\system32\DRIVERS\agpkx.sys
R2 CachemanXPService;CachemanXP;H:\PROGRA~1\CACHEM~1\CachemanXP.exe
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 10:01:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-29 10:02:16 - machine was rebooted
.
--- E O F ---
Z gory dziekuje za pomoc
.
