A wiec tak: sciagałem wwdc i od razu czerwone ikonki, wiec zamknałem porty zresetowałem i juz było ok. Przegladarki zaczely chodzic normalnie. Mam nadzieje ze nie njest to tylko chwilowa poprawa. Zrobiłem takze nastepne kroki a o to i skutki:
sdfix:
- Kod: Zaznacz wszystko
[b]SDFix: Version 1.240 [/b]
Run by Piotr on 2009-04-21 at 14:15
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 14:21:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Fri 15 Feb 2008 327,680 ...H. --- "C:\ASUS.SYS\SplashtopDll.dll"
Wed 15 Apr 2009 8 ..SHR --- "C:\WINDOWS\system32\BE006FCFE8.sys"
Thu 16 Apr 2009 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
[b]Finished![/b]
combofix
- Kod: Zaznacz wszystko
ComboFix 09-04-21.A1 - Piotr 2009-04-21 14:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.524 [GMT 2:00]
Uruchomiony z: G:\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\lo2.txtt
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-20 20:49 . 2009-04-20 20:49 117640 ----a-w C:\test.htm
2009-04-20 13:56 . 2009-04-21 07:17 -------- d-----w c:\windows\ERUNT
2009-04-20 13:52 . 2009-04-21 12:21 -------- d-----w C:\SDFix
2009-04-20 13:28 . 2006-06-19 11:01 69632 ----a-w c:\windows\system32\ztvcabinet.dll
2009-04-20 13:28 . 2006-05-25 13:52 162304 ----a-w c:\windows\system32\ztvunrar36.dll
2009-04-20 13:28 . 2005-08-25 23:50 77312 ----a-w c:\windows\system32\ztvunace26.dll
2009-04-20 13:28 . 2003-02-02 18:06 153088 ----a-w c:\windows\system32\UNRAR3.dll
2009-04-20 13:28 . 2002-03-05 23:00 75264 ----a-w c:\windows\system32\unacev2.dll
2009-04-20 12:14 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-20 12:14 . 2009-03-06 14:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-20 12:14 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-20 12:14 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-20 12:14 . 2009-04-20 12:14 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-04-20 08:45 . 2009-04-21 12:30 -------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-04-20 08:34 . 2009-04-20 08:34 -------- d-----w c:\documents and settings\Piotr\Dane aplikacji\Simply Super Software
2009-04-20 08:34 . 2009-04-20 08:34 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Simply Super Software
2009-04-19 19:47 . 2009-04-19 19:47 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Avira
2009-04-19 18:51 . 2009-04-19 18:51 249 ----a-w c:\windows\system32\PavCPL.dat
2009-04-19 18:51 . 2008-04-28 15:35 84024 ----a-w c:\windows\system32\drivers\pavdrv51.sys
2009-04-19 18:50 . 2007-03-15 17:38 54832 ----a-w c:\windows\system32\pavcpl.cpl
2009-04-19 18:50 . 2008-06-24 12:48 193280 ----a-w c:\windows\system32\TpUtil.dll
2009-04-19 18:07 . 2009-04-19 18:07 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Panda Security
2009-04-19 16:01 . 2009-04-19 17:54 -------- d-----w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Panda Software
2009-04-19 16:01 . 2009-04-19 16:01 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\sentinel
2009-04-19 16:00 . 2009-04-19 17:54 -------- d-----w c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\Panda Software
2009-04-19 15:39 . 2009-04-19 15:39 197 ----a-w c:\windows\system32\MRT.INI
2009-04-18 10:58 . 2009-04-18 10:58 -------- d-----w c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
2009-04-17 19:37 . 2009-04-17 19:37 -------- d-----w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
2009-04-17 17:29 . 2009-04-17 17:29 -------- d-----w c:\documents and settings\Jadwiga\Ustawienia lokalne\Dane aplikacji\Mozilla
2009-04-17 17:29 . 2009-04-17 17:29 12328 ----a-w c:\documents and settings\Jadwiga\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-17 15:03 . 2009-04-17 15:03 -------- d-----w C:\Games
2009-04-17 14:55 . 2009-04-17 14:55 -------- d--h--w c:\windows\PIF
2009-04-17 14:31 . 2009-04-17 14:31 6205 ----a-w c:\windows\system\Kbdvx32a.vxd
2009-04-17 14:21 . 2009-04-17 14:21 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-17 14:11 . 2005-07-11 20:12 929 ----a-r c:\windows\system32\drivers\ativcaxx.vp
2009-04-17 14:11 . 2005-07-11 20:12 524850 ----a-r c:\windows\system32\drivers\ativcaxx.cpa
2009-04-17 14:11 . 2005-06-08 19:45 58560 ----a-r c:\windows\system32\drivers\ativckxx.vp
2009-04-17 14:11 . 2005-08-04 06:20 21712 ----a-r c:\windows\system32\drivers\ativvpxx.vp
2009-04-17 13:59 . 2009-04-17 13:59 544 ----a-w c:\windows\eReg.dat
2009-04-17 10:54 . 2004-08-03 21:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-16 16:23 . 2009-04-16 16:23 -------- d-----w c:\documents and settings\Jadwiga\Ustawienia lokalne\Dane aplikacji\ATI
2009-04-16 16:23 . 2009-04-16 16:23 -------- d-----w c:\documents and settings\Jadwiga\Dane aplikacji\ATI
2009-04-16 14:49 . 2009-04-21 07:41 -------- d-----w c:\documents and settings\Zdzisław
2009-04-16 14:19 . 2008-06-14 18:01 273024 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-16 14:19 . 2008-06-14 18:01 273024 ------w c:\windows\system32\drivers\bthport.sys
2009-04-16 14:17 . 2009-02-09 11:52 2059008 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-16 14:17 . 2009-02-09 11:52 2017280 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-16 14:17 . 2009-02-09 11:52 2181760 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-16 14:17 . 2009-02-09 11:52 2137600 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-16 14:15 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-16 14:10 . 2009-04-21 07:41 -------- d-----w c:\documents and settings\Aga
2009-04-16 13:26 . 2009-04-21 11:51 -------- d--h--w c:\windows\$hf_mig$
2009-04-16 13:21 . 2009-04-16 13:21 -------- d-----w c:\windows\system32\LogFiles
2009-04-16 12:04 . 2009-04-21 07:41 -------- d-----w c:\documents and settings\Gosia
2009-04-15 18:00 . 2007-03-21 18:33 503808 ----a-w c:\windows\system32\MSVCP71.DL1
2009-04-15 18:00 . 2007-03-21 18:33 348160 ----a-w c:\windows\system32\MSVCR71.DL1
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 08:22 . 2009-04-21 08:22 -------- d-----w c:\program files\VS Revo Group
2009-04-21 08:20 . 2009-04-20 12:14 -------- d-----w c:\program files\Spyware Doctor
2009-04-20 13:31 . 2009-04-20 08:34 -------- d-----w c:\program files\Trojan Remover
2009-04-20 12:15 . 2009-04-20 12:14 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-19 19:47 . 2009-04-19 19:47 -------- d-----w c:\program files\Avira
2009-04-19 18:50 . 2009-04-19 18:07 -------- d-----w c:\documents and settings\Piotr\Dane aplikacji\Panda Security
2009-04-19 18:50 . 2009-04-19 18:50 -------- d-----w c:\program files\Panda Security
2009-04-19 18:48 . 2009-04-19 18:36 -------- d-----w c:\program files\Common Files\Panda Security
2009-04-19 18:43 . 2001-10-26 18:15 74786 ----a-w c:\windows\system32\perfc015.dat
2009-04-19 18:43 . 2001-10-26 18:15 449026 ----a-w c:\windows\system32\perfh015.dat
2009-04-19 18:01 . 2009-04-15 16:33 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-19 15:56 . 2009-04-19 15:56 -------- d-----w c:\program files\Trend Micro
2009-04-19 15:56 . 2004-08-03 21:14 213376 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-19 15:50 . 2009-04-15 17:00 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec
2009-04-19 15:50 . 2009-04-15 16:59 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-19 14:59 . 2009-04-17 14:55 -------- d-----w c:\program files\Deluxe Ski Jump
2009-04-17 19:38 . 2009-04-17 19:38 -------- d-----w c:\program files\Common Files\xing shared
2009-04-17 19:38 . 2009-04-17 19:38 -------- d-----w c:\program files\Common Files\Real
2009-04-17 19:38 . 2009-04-17 19:38 -------- d-----w c:\program files\Real
2009-04-17 19:37 . 2009-04-17 19:37 -------- d-----w c:\program files\Google
2009-04-17 14:45 . 2009-04-17 14:45 -------- d-----w c:\program files\PocketRAR
2009-04-17 14:31 . 2009-04-17 14:31 -------- d-----w c:\program files\Labtec
2009-04-17 14:25 . 2009-04-15 15:38 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-17 13:59 . 2009-04-17 13:59 -------- d-----w c:\program files\EA SPORTS
2009-04-16 14:36 . 2009-04-16 14:36 -------- d-----w c:\program files\MSXML 4.0
2009-04-16 12:06 . 2009-04-15 17:10 2828 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-15 18:38 . 2009-04-15 17:10 -------- d-----w c:\documents and settings\Piotr\Dane aplikacji\Corel
2009-04-15 17:57 . 2009-04-15 17:56 -------- d-----w c:\program files\SubEdit-Player
2009-04-15 17:52 . 2009-04-15 17:52 -------- d-----w c:\documents and settings\Piotr\Dane aplikacji\Gadu-Gadu
2009-04-15 17:42 . 2009-04-15 17:42 -------- d-----w c:\documents and settings\Piotr\Dane aplikacji\ATI
2009-04-15 17:42 . 2009-04-15 17:42 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\ATI
2009-04-15 17:10 . 2009-04-15 17:09 -------- d-----w c:\program files\Common Files\Corel
2009-04-15 17:09 . 2009-04-15 17:09 -------- d-----w c:\program files\Corel
2009-04-15 17:06 . 2009-04-15 17:06 -------- d-----w c:\program files\InterVideo
2009-04-15 16:57 . 2009-04-15 16:57 -------- d-----w c:\program files\Common Files\Adobe
2009-04-15 16:56 . 2008-01-16 12:20 46 ---ha-w C:\splash.idx
2009-04-15 16:55 . 2009-04-15 16:55 -------- d-----w c:\program files\Atheros Communications Inc
2009-04-15 16:54 . 2009-04-15 16:50 -------- d-----w c:\program files\ASUS
2009-04-15 16:50 . 2009-04-15 16:33 -------- d-----w c:\program files\AMD
2009-04-15 16:42 . 2009-04-15 16:42 -------- d-----w c:\program files\Realtek
2009-04-15 16:42 . 2009-04-15 16:42 315392 ----a-w c:\windows\HideWin.exe
2009-04-15 16:41 . 2009-04-15 16:34 -------- d-----w c:\program files\ATI Technologies
2009-04-15 16:38 . 2009-04-15 16:38 -------- d-----w c:\program files\Common Files\ATI Technologies
2009-04-15 16:35 . 2009-04-15 16:34 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-15 16:33 . 2009-04-15 16:33 -------- d-----w c:\documents and settings\Piotr\Dane aplikacji\InstallShield
2009-04-15 15:44 . 2009-04-15 15:44 12328 ----a-w c:\documents and settings\Piotr\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-15 15:39 . 2009-04-15 15:39 -------- d-----w c:\program files\microsoft frontpage
2009-04-15 15:37 . 2009-04-15 15:37 -------- d-----w c:\program files\Usługi online
2009-04-15 15:36 . 2009-04-15 15:36 21856 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:47 . 2004-08-03 22:44 285184 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:32 . 2004-08-03 22:44 662016 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:32 . 2004-08-03 22:44 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:19 . 2004-08-03 22:37 1846528 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:52 . 2004-08-04 00:38 2059008 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:52 . 2004-08-03 22:39 2181760 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:22 . 2004-08-03 22:44 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:22 . 2004-08-03 22:44 725504 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:22 . 2004-08-03 22:43 686080 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:22 . 2004-08-03 22:43 722944 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:10 . 2004-08-03 22:44 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-10-26 19:30 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 20:11 . 2004-08-03 22:44 55808 ----a-w c:\windows\system32\secur32.dll
.
------- Sigcheck -------
[-] 2009-04-19 15:56 213376 5F69E08248BAC654A6C7A6B89188951F c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-19 15:56 213376 5F69E08248BAC654A6C7A6B89188951F c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AODAssist.exe"="c:\program files\AMD\AMD OverDrive\AODAssist.exe" [2007-12-19 53248]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-01-28 1413120]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"ASUS Energy Saving"="c:\program files\ASUS\AI Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 478800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 14:58 58672 ----a-w c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PskSvcRetail"=2 (0x2)
"PSIMSVC"=2 (0x2)
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)
"PAVFNSVR"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Gadu-Gadu\\gg.exe"=
R2 EraserSvc10910;Symantec Eraser Service; [x]
R2 gupdate1c9bf93f44d1f44;Usługa Google Update (gupdate1c9bf93f44d1f44);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 133104]
R4 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe [2008-06-25 28928]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2008-06-19 28544]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
S2 Gwmsrv;Panda Goodware Cache Manager; [x]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2008-02-07 179640]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l151x86.sys [2007-11-01 36864]
S3 PavTPK.sys;PavTPK.sys; [x]
--- Inne Usługi/Sterowniki w Pamięci ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
.
Zawartość folderu 'Zaplanowane zadania'
2009-04-21 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 19:37]
.
.
------- Skan uzupełniający -------
.
FF - ProfilePath - c:\documents and settings\Piotr\Dane aplikacji\Mozilla\Firefox\Profiles\bnfa4fml.default\
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 14:31
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll
- - - - - - - > 'explorer.exe'(3900)
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Panda Security\Panda Antivirus Pro 2009\WebProxy.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ASUS\AASP\1.00.59\aaCenter.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-04-21 14:32 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-04-21 12:32
Przed: 35 390 443 520 bajtów wolnych
Po: 35 382 951 936 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
253 --- E O F --- 2009-04-19 15:39
hijack:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:12, on 2009-04-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program Files\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Eraser Service (EraserSvc10910) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Usługa Google Update (gupdate1c9bf93f44d1f44) (gupdate1c9bf93f44d1f44) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
--
End of file - 4277 bytes
czy jeszcze cos do wywalenia?
NIestety problem jednak nie zniknął ;/ A przy właczanie wwdc pierwszy port znowu na czerwono i netbios tak samo. Po resecie ok, ale netbios pozostał czerwony
oraz skasuj folder C:\