Zrobiłem wszystko jak kazałeś. Po pierwszym restarcie zrobiło się niebieskie tło i był jakiś błąd ale po kolejnym restarcie wydaję się już być w porządku ( trochę się zcykałem
). Oto wszystkie 3 logi:
SDFix: Version 1.124
Run by Pentium on 2008-01-06 at 14:25
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 14:30:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:79,43,59,1b,4e,08,a0,8b,38,24,5e,7d,bf,8d,f5,f6,c9,10,0a,98,8c,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,80,8a,50,51,d1,9a,b4,ee,b8,09,b8,26,14,2c,93,52,d6,..
"khjeh"=hex:66,8a,59,de,18,fb,50,9f,f9,e3,74,a8,05,e4,61,70,9b,1e,ea,09,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2e,8f,8c,e3,d3,0c,f3,2b,95,e9,a0,cd,33,0b,e7,ab,6d,7e,67,75,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:79,43,59,1b,4e,08,a0,8b,38,24,5e,7d,bf,8d,f5,f6,c9,10,0a,98,8c,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,80,8a,50,51,d1,9a,b4,ee,b8,09,b8,26,14,2c,93,52,d6,..
"khjeh"=hex:66,8a,59,de,18,fb,50,9f,f9,e3,74,a8,05,e4,61,70,9b,1e,ea,09,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2e,8f,8c,e3,d3,0c,f3,2b,95,e9,a0,cd,33,0b,e7,ab,6d,7e,67,75,f5,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS]
"StateIndex"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Sun 4 Dec 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\Pentium\Ustawienia lokalne\Temp\BIT1.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\Pentium\Ustawienia lokalne\Temp\BIT13.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\Pentium\Ustawienia lokalne\Temp\BIT169.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\Pentium\Ustawienia lokalne\Temp\BIT1FB.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\Pentium\Ustawienia lokalne\Temp\BIT281.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\Pentium\Ustawienia lokalne\Temp\BIT371.tmp"
Sun 6 Jan 2008 85,946 A..H. --- "C:\Documents and Settings\Pentium\Ustawienia lokalne\Temp\BIT42B.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\Pentium\Ustawienia lokalne\Temp\BIT43.tmp"
Sun 6 Jan 2008 85,946 A..H. --- "C:\Documents and Settings\Pentium\Ustawienia lokalne\Temp\BIT4C0.tmp"
Sun 6 Jan 2008 0 A..H. --- "C:\Documents and Settings\Pentium\Ustawienia lokalne\Temp\BIT7.tmp"
Sun 6 Jan 2008 302,876 A..H. --- "C:\Documents and Settings\Pentium\Ustawienia lokalne\Temp\BITD9.tmp"
Tue 31 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\31383aab90693af2687520e301606b09\BITA.tmp"
Tue 31 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\55fe03e59c7b98ebc21dc3c36e54eaf0\BITC.tmp"
Tue 31 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\586431add2daa2c113d0928dcedff7fc\BIT8.tmp"
Tue 31 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d4630b482e634466a28ee1e624558dd5\BIT9.tmp"
Tue 31 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd43c53f6dd72556f6c8c981a93ce522\BITB.tmp"
Fri 27 Apr 2007 20,992 ...H. --- "C:\Documents and Settings\Pentium\Dane aplikacji\Microsoft\Word\~WRL0143.tmp"
Fri 27 Apr 2007 27,136 ...H. --- "C:\Documents and Settings\Pentium\Dane aplikacji\Microsoft\Word\~WRL3250.tmp"
Fri 27 Apr 2007 20,480 ...H. --- "C:\Documents and Settings\Pentium\Dane aplikacji\Microsoft\Word\~WRL3912.tmp"
Finished!
ComboFix 08-01-04.1 - Pentium 2008-01-06 14:43:02.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1274 [GMT 1:00]
Running from: C:\Documents and Settings\Pentium\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.
2008-01-06 14:24 . 2008-01-06 14:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-06 13:09 . 2008-01-06 13:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-06 13:09 . 2008-01-06 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-01-06 13:08 . 2008-01-06 13:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 16:19 . 2008-01-05 18:46 <DIR> d-------- C:\Program Files\XoftSpy
2008-01-05 09:09 . 2008-01-06 14:18 2,612 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-04 22:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 22:07 . 2008-01-04 22:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 21:12 . 2008-01-04 21:12 164 --a------ C:\install.dat
2008-01-04 16:40 . 2008-01-04 16:52 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-04 16:40 . 2008-01-04 16:52 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-04 16:39 . 2008-01-04 16:39 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-04 16:39 . 2008-01-06 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-01-04 16:39 . 2008-01-06 14:40 7,684,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-04 16:39 . 2008-01-06 14:40 103,988 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-04 16:39 . 2008-01-06 14:40 40,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-04 16:39 . 2008-01-06 14:40 4,892 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-04 16:37 . 2008-01-04 16:37 <DIR> d-------- C:\KAV
2008-01-02 17:56 . 2008-01-02 17:56 <DIR> d-------- C:\Program Files\iTunes
2008-01-02 17:56 . 2008-01-02 17:56 <DIR> d-------- C:\Program Files\iPod
2008-01-02 17:56 . 2008-01-02 17:56 <DIR> d-------- C:\Documents and Settings\Pentium\Dane aplikacji\Apple Computer
2008-01-02 17:55 . 2008-01-02 17:55 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-27 13:33 . 2008-01-06 14:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 13:33 . 2007-12-27 13:33 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-27 13:32 . 2007-12-27 13:33 <DIR> d-------- C:\Program Files\QuickTime
2007-12-27 13:32 . 2007-12-27 13:32 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-27 13:32 . 2008-01-02 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-12-27 13:32 . 2007-12-27 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple
2007-12-15 17:14 . 2007-12-15 17:18 <DIR> d-------- C:\Program Files\MTA San Andreas
2007-12-15 16:14 . 2007-12-15 16:14 <DIR> d-------- C:\Program Files\Rockstar Games
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 13:37 --------- d-----w C:\Program Files\eMule
2008-01-06 12:06 --------- d-----w C:\Documents and Settings\Pentium\Dane aplikacji\Lavasoft
2008-01-05 21:12 --------- d-----w C:\Program Files\Google
2008-01-05 19:53 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-22 17:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 20:11 --------- d-----w C:\Program Files\Tlen.pl
2007-12-18 16:33 --------- d-----w C:\Program Files\Valve
2007-12-15 09:19 --------- d-----w C:\Program Files\sXe Injected
2007-12-13 18:20 --------- d-----w C:\Documents and Settings\Pentium\Dane aplikacji\Ahead
2007-12-02 08:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2007-12-02 08:45 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-02 08:43 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-02 08:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2007-12-02 08:41 --------- d-----w C:\Program Files\Nero
2007-12-02 08:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-12-02 08:39 --------- d-----w C:\Program Files\CyberLink
2007-12-02 08:38 --------- d-----w C:\Program Files\Ahead
2007-11-19 15:54 --------- d-----w C:\Documents and Settings\Pentium\Dane aplikacji\dvdcss
2007-11-18 14:16 --------- d-----w C:\Program Files\Codemasters
2007-11-18 14:12 --------- d-----w C:\Program Files\EA GAMES
2007-11-18 13:36 --------- d-----w C:\Program Files\RACE 07 Offline
2007-11-18 13:31 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-17 11:56 --------- d-----w C:\Program Files\DivX
2007-11-17 11:47 --------- d-----w C:\Program Files\Yahoo!
2007-11-17 11:46 --------- d-----w C:\Program Files\Bradbury
2007-11-16 21:17 --------- d-----w C:\Documents and Settings\Pentium\Dane aplikacji\Tlen.pl
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TransparentTaskBar"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 13:20 81920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-11-07 15:33 6234624]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-02 13:00 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-23 16:19 180269]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-02 13:00 33280 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2007-03-09 20:50 200768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-03-02 13:00 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=???,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeyBoard]
2003-09-19 16:26 49152 --a------ C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-09-28 20:26 32881 --a------ C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys [2007-11-25 00:39]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-09 04:26]
S3 SF-620;SF-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\SF-620.sys [2004-08-12 03:18]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 13:00]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 16:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 14:47:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-06 14:48:29
ComboFix2.txt 2008-01-06 10:40:08
.
2007-12-12 19:34:51 --- E O F ---
). Oto wszystkie 3 logi:
Wcześniej tak nie było...
tez dobre antywirusy