Wpisy usunięte, indeksowanie wyłączone.
Niestety, jak się okna dalej ciągnęły, tak się ciągną... Co do sterowników płyty głównej, to mam spory problem, bo nie mogę ich nigdzie znaleźć, strona producenta - soltek.de nie działa, inne odsyłają do soltek.com.tk, która też nie działa...
Dostałam sugestię, że to może być wina dysku. Że jego godzina nadeszła. Czy to może być prawda?
wrzucę logi od nowa, z obu programów
Logfile of HijackThis v1.99.1
Scan saved at 16:19:06, on 2007-12-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\EXPLORER.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIDA32 - Personal System Information\aida32.bin
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Documents and Settings\Meg\Moje dokumenty\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
ComboFix 07-12-17.1 - Meg 2007-12-19 16:23:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.84 [GMT 1:00]
Running from: C:\Documents and Settings\Meg\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\windows\system32\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-05 13:47 . 2007-12-05 13:47 <DIR> d-------- C:\Program Files\Disc2Phone
2007-12-05 13:34 . 2007-12-05 13:34 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-12-04 17:57 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-04 17:57 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-04 17:46 . 2007-12-04 17:47 <DIR> d-------- C:\Program Files\mp3DirectCut
2007-12-03 22:52 . 2006-11-07 09:42 97,056 -ra------ C:\WINDOWS\system32\drivers\w200mdm.sys
2007-12-03 22:52 . 2006-11-07 09:42 88,560 -ra------ C:\WINDOWS\system32\drivers\w200mgmt.sys
2007-12-03 22:52 . 2006-11-07 09:42 86,368 -ra------ C:\WINDOWS\system32\drivers\w200obex.sys
2007-12-03 22:52 . 2006-11-07 09:42 61,504 -ra------ C:\WINDOWS\system32\drivers\w200bus.sys
2007-12-03 22:52 . 2006-11-07 09:42 9,328 -ra------ C:\WINDOWS\system32\drivers\w200mdfl.sys
2007-12-03 22:52 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cmnt.sys
2007-12-03 22:52 . 2006-11-07 09:42 6,208 -ra------ C:\WINDOWS\system32\drivers\w200cm.sys
2007-12-03 22:52 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200whnt.sys
2007-12-03 22:52 . 2006-11-07 09:42 5,840 -ra------ C:\WINDOWS\system32\drivers\w200wh.sys
2007-12-03 22:50 . 2007-12-03 22:51 <DIR> d-------- C:\Documents and Settings\Meg\Dane aplikacji\Teleca
2007-12-03 22:50 . 2007-12-03 22:50 <DIR> d-------- C:\Documents and Settings\Meg\Dane aplikacji\Sony Ericsson
2007-12-03 22:45 . 2007-12-03 22:48 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-03 22:45 . 2007-12-03 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Documents
2007-12-03 22:44 . 2007-12-03 22:44 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-12-03 22:44 . 2007-12-03 22:45 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-12-03 22:44 . 2007-12-03 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2007-12-03 22:44 . 2007-12-03 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2007-12-03 22:42 . 2007-12-03 22:43 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-29 13:57 . 2007-11-29 13:57 <DIR> d-------- C:\Program Files\AC3Filter
2007-11-29 13:57 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
2007-11-29 13:56 . 2007-11-29 13:56 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-22 16:53 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-22 16:53 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-11-22 16:53 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-11-22 16:53 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-11-22 16:50 . 2007-11-22 16:50 <DIR> d-------- C:\Program Files\dir
2007-11-20 21:24 . 2007-11-23 14:50 <DIR> d-------- C:\Documents and Settings\Meg\Dane aplikacji\Move Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 22:03 --------- d-----w C:\Documents and Settings\Meg\Dane aplikacji\foobar2000
2007-12-16 17:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 19:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-13 14:15 --------- d-----w C:\Program Files\DivX
2007-12-12 22:43 --------- d-----w C:\Program Files\Lx_cats
2007-12-04 16:47 --------- d-----w C:\Program Files\MediaCoder
2007-11-29 13:58 --------- d-----w C:\Program Files\DC++
2007-11-13 14:08 --------- d-----w C:\Documents and Settings\Meg\Dane aplikacji\atitray
2007-11-13 14:03 --------- d-----w C:\Program Files\MultiRes
2007-11-13 14:01 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
2007-11-13 14:01 --------- d-----w C:\Program Files\Radeon Omega Drivers
2007-11-12 18:20 --------- d-----w C:\Program Files\FLVPlayer
2007-11-11 21:22 --------- d-----w C:\Program Files\Riva
2007-11-11 21:22 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-11-11 20:56 --------- d-----w C:\Program Files\Replay Converter
2007-11-11 20:50 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-11-11 20:50 --------- d-----w C:\Documents and Settings\Meg\Dane aplikacji\GetRightToGo
2007-11-11 17:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-11-06 12:51 --------- d-----w C:\Program Files\Java
2007-11-01 18:43 --------- d-----w C:\Documents and Settings\Meg\Dane aplikacji\GanymedeNet
2007-10-29 11:14 --------- d-----w C:\Program Files\Google
2007-10-28 14:36 --------- d-----w C:\Documents and Settings\Meg\Dane aplikacji\MegauploadToolbar
2007-10-28 14:26 --------- d-----w C:\Program Files\FlashGet
2007-10-28 14:06 --------- d-----w C:\Program Files\MegauploadToolbar
2007-10-22 14:19 --------- d-----w C:\Program Files\Common Files\Adobe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"wsctf.exe"="wsctf.exe" []
"EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 14:23 C:\WINDOWS\explorer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 13:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 18:47]
"AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 C:\WINDOWS\system32\atiptaxx.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44]
C:\Documents and Settings\Meg\Menu Start\Programy\Autostart\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-09-19 18:25:10]
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.sys [2006-02-28 22:55]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
R3 AIDA32Driver;AIDA32Driver;C:\Program Files\AIDA32 - Personal System Information\aida32.sys [2004-02-23 03:07]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3782d7c2-a27a-11dc-8fa1-00e04c097038}]
\Shell\AutoRun\command - H:\EXPLORER.EXE
\Shell\explore\Command - H:\EXPLORER.EXE
\Shell\open\Command - H:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3782d7c3-a27a-11dc-8fa1-00e04c097038}]
\Shell\AutoRun\command - I:\EXPLORER.EXE
\Shell\explore\Command - I:\EXPLORER.EXE
\Shell\open\Command - I:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4701d360-6ab3-11dc-8f29-00e04c097038}]
\Shell\AutoRun\command - H:\EXPLORER.EXE
\Shell\explore\Command - H:\EXPLORER.EXE
\Shell\open\Command - H:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8b4aee3-95de-11dc-8f8f-00e04c097038}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9338984-80a9-11dc-8f65-00e04c097038}]
\Shell\AutoRun\command - H:\EXPLORER.EXE
\Shell\explore\Command - H:\EXPLORER.EXE
\Shell\open\Command - H:\EXPLORER.EXE
*Newly Created Service* - AIDA32DRIVER
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 16:28:13
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-19 16:29:53
.
2007-10-10 13:36:19 --- E O F ---
Fairies? Never seen one.
No i żeby nie zdarli ze mnie za bardzo... Brak rozeznania w temacie prowokuje czasem nieetyczne zachowania strony zorientowanej...
