Niemniej jednak nie mogę uruchomić niektórych rzeczy, nie są bowiem klasyfikowane jako właściwe aplikacje Win32.
Uprzedzam jednak, że w kwestiach rejestrów, wirusów i tego typu zagadnień jestem laikiem, dlatego też prosiłbym o dostosowanie słownictwa do mojej sytuacji.
Wklejam logi, zgodnie z regulaminem i zdrowym rozsądkiem:
ComboFix
ComboFix napisał(a):ComboFix 08-05-15.3 - Kaszub PC 2008-05-18 10:28:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.200 [GMT 2:00]
Running from: C:\Documents and Settings\Kaszub PC\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\avi.dll
C:\WINDOWS\system32\cpuinf32.dll
C:\WINDOWS\system32\DivXsm.exe
C:\WINDOWS\system32\ff_liba52.dll
C:\WINDOWS\system32\ff_libdts.dll
C:\WINDOWS\system32\ff_libfaad2.dll
C:\WINDOWS\system32\ff_libmad.dll
C:\WINDOWS\system32\ff_realaac.dll
C:\WINDOWS\system32\ff_samplerate.dll
C:\WINDOWS\system32\ff_tremor.dll
C:\WINDOWS\system32\ff_unrar.dll
C:\WINDOWS\system32\ff_wmv9.dll
C:\WINDOWS\system32\iconv.dll
C:\WINDOWS\system32\libavcodec.dll
C:\WINDOWS\system32\libmpeg2_ff.dll
C:\WINDOWS\system32\libmplayer.dll
C:\WINDOWS\system32\mkunicode.dll
C:\WINDOWS\system32\mkx.dll
C:\WINDOWS\system32\mkzlib.dll
C:\WINDOWS\system32\mmfinfo.dll
C:\WINDOWS\system32\mp4.dll
C:\WINDOWS\system32\mplvpx.dll
C:\WINDOWS\system32\ogg.dll
C:\WINDOWS\system32\OggDS.dll
C:\WINDOWS\system32\ogm.dll
C:\WINDOWS\system32\ts.dll
C:\WINDOWS\system32\vorbis.dll
C:\WINDOWS\system32\vorbisenc.dll
C:\WINDOWS\system32\WMV9VCM.dll
C:\WINDOWS\system32\xvidcore.dll
.
---- Previous Run -------
.
C:\WINDOWS\svchost.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_POWERMANAGER
-------\Service_PowerManager
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-18 10:16 . 2008-05-18 10:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-16 20:46 . 2008-05-16 20:46 <DIR> d-------- C:\Program Files\Avira
2008-05-16 20:46 . 2008-05-16 20:46 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Avira
2008-05-16 20:31 . 2008-05-16 20:39 <DIR> d-------- C:\Program Files\SkanerOnline
2008-05-16 20:29 . 2008-05-16 20:39 <DIR> d-------- C:\Program Files\Panda Security
2008-05-08 10:36 . 2008-05-08 10:37 <DIR> d-------- C:\Program Files\Mobile Phone Manager
2008-05-08 10:36 . 2008-05-08 10:36 <DIR> d-------- C:\Program Files\Common Files\XCPCSync.OEM
2008-05-08 10:36 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-08 10:36 . 2005-09-12 16:40 27,008 --a------ C:\WINDOWS\system32\drivers\siusbmod.sys
2008-04-27 16:44 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-04-27 16:44 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-04-26 21:18 . 2008-04-26 21:18 <DIR> d-------- C:\Program Files\MarBit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 08:30 233,472 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2008-05-18 08:30 233,472 ---ha-w C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2008-05-18 08:30 233,472 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2008-05-18 08:30 233,472 ---ha-w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2008-05-17 14:50 --------- d-s---w C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft
2008-05-16 18:50 --------- d-----w C:\Program Files\Gadu-Gadu
2008-05-14 06:33 --------- d-----w C:\Documents and Settings\Kaszub PC\Dane aplikacji\Ahead
2008-05-11 10:08 --------- d-----w C:\Documents and Settings\Kaszub PC\Dane aplikacji\Skype
2008-05-08 15:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 11:43 --------- d-----w C:\Documents and Settings\Kaszub PC\Dane aplikacji\teamspeak2
2008-03-21 10:44 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-03-20 19:17 --------- d-----w C:\Documents and Settings\Kaszub PC\Dane aplikacji\backup
2008-03-12 15:30 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-12 15:30 175,616 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-11 14:36 289,468 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5015.exe
2008-03-11 14:36 14,290 ----a-w C:\Program Files\settings.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-17 08:53 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-10-14 08:00 15360]
C:\Documents and Settings\Kaszub PC\Menu Start\Programy\Autostart\
AntiVir Personal Edition.lnk - C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2007-05-24 18:58:46 285224]
Gadwin PrintScreen.lnk - D:\Programy\Gadwin PrintScreen\PrintScreen.exe [2007-05-24 11:38:22 475136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
C:\DOCUME~1\KASZUB~1\USTAWI~1\Temp\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-05-17 08:53 262401 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 01:09 486856 D:\Programy\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-10-14 08:01 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 192000 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-10-14 08:01 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-10-14 08:01 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSync - ScheduleSync]
--a------ 2006-03-30 16:49 45056 C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-06-10 13:12 55296 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 181136 C:\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC Integration]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\DC\\DCPlusPlus.exe"=
"D:\\Programy\\Gadu-Gadu\\gg.exe"=
"D:\\Programy\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Programy\\Opera\\Opera.exe"=
"D:\\Gry\\Warcraft III\\Warcraft III.exe"=
S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2005-09-12 16:40]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 10:31:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-18 10:34:06 - machine was rebooted [Kaszub PC]
ComboFix-quarantined-files.txt 2008-05-18 08:34:03
Pre-Run: 219,340,800 bajtów wolnych
Post-Run: 836,829,184 bajt˘w wolnych
154
HijackThis
HijackThis napisał(a):Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:20, on 2008-05-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Programy\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AntiVir Personal Edition.lnk = C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
O4 - Startup: Gadwin PrintScreen.lnk = D:\Programy\Gadwin PrintScreen\PrintScreen.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\MMICRO~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MMICRO~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
--
End of file - 3671 bytes
Pozdrawiam i z góry dziękuję za pomoc.
