po starcie windy pokazal mi sie taki program. zamknalem go krzyzykiem. jedynym objawem bylo to, ze konnekt.exe [plik wykonalny] przybral ikone takiego zlotego klucza zamiast tej standartowej. mialem pozniej kilka problemow z kompem i przywrocilem system z kopii ghosta 14. w/w program znowu sie uruchomil po jakims czasie i sytuacja z konnektem j/w. zainstalowalem winde od nowa[oryginal HE] ale po ktoryms restarcie pojawil sie w/w program, ale tym razem obylo sie bez innych problemow.
Do czego zmierzam? otoz nie wiem, czy nie mam zadnego syfa.
Antywir nod32[baza aktualna, zero wirusow], windows z najnowszymi łatami.
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:35, on 2008-11-14
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ESET Smart Security\egui.exe
C:\Gmail Notifier\gnotify.exe
C:\Norton Ghost\Agent\VProTray.exe
C:\NetMeter\NetMeter.exe
C:\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\ctfmon.exe
D:\utorrent\uTorrent.exe
C:\Defrag Professional\oodcnt.exe
D:\ważne\Konnekt\konnekt.exe
D:\ważne\foobar2000\foobar2000.exe
C:\Opera\opera.exe
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: bxNewFolder - {51C8BCA8-2524-4523-BF09-738C4EEBFC58} - C:\bxNewFolder\bxNewFolder.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] "C:\ESET Smart Security\nodlogin.exe" /o
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [C:\NetMeter\NetMeter.exe] C:\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [Konnekt] "D:\ważne\Konnekt\konnekt.exe" /autostart
O4 - Startup: MagicDisc.lnk = C:\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195021938609
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Ad-Aware 2007\aawservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\ESET Smart Security\ekrn.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SymSnapService - Symantec - C:\Norton Ghost\Shared\Drivers\SymSnapService.exe
--
End of file - 5221 bytes
- Kod: Zaznacz wszystko
ComboFix 08-11-12.02 - martin 2008-11-14 16:12:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1486 [GMT 1:00]
Uruchomiony z: d:\programy\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Desktop_.ini
c:\windows\system32\drivers\downld
.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-14 do 2008-11-14 )))))))))))))))))))))))))))))))
.
2008-11-14 14:04 . 2008-11-14 14:04 <DIR> d-------- c:\windows\Sun
2008-11-14 12:53 . 2008-11-14 12:53 0 --a------ c:\windows\nsreg.dat
2008-11-14 12:52 . 2008-11-14 14:59 <DIR> d-------- C:\Firefox
2008-11-14 12:45 . 2008-11-14 16:09 <DIR> d-------- c:\documents and settings\martin\Dane aplikacji\uTorrent
2008-11-14 12:38 . 2008-11-14 12:38 <DIR> d-------- c:\windows\LastGood
2008-11-14 12:32 . 2008-10-03 18:26 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-14 12:32 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-14 12:32 . 2007-03-08 06:11 1,036,288 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-14 12:32 . 2008-08-26 09:26 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-14 12:32 . 2008-08-26 09:26 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-14 12:32 . 2008-08-26 09:26 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-14 12:32 . 2008-08-26 09:26 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-14 12:32 . 2008-08-26 09:26 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-14 12:32 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-14 12:21 . 2008-11-14 12:21 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-14 08:10 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-14 08:08 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-14 08:08 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-11-14 08:08 . 2006-03-02 13:00 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-14 08:07 . 2008-08-14 14:26 2,190,464 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-14 08:07 . 2008-08-14 14:26 2,146,816 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-14 08:07 . 2008-08-14 14:26 2,067,328 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-14 08:07 . 2008-08-14 14:26 2,025,472 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-14 08:07 . 2008-09-15 16:27 1,846,656 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-11-14 08:07 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-14 08:02 . 2008-05-01 15:37 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-14 08:01 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-14 08:00 . 2008-06-14 18:36 273,024 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-14 07:59 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2008-11-14 07:55 . 2008-10-15 17:36 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-11-14 07:55 . 2008-11-14 07:55 32 --a------ c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2008-11-14 07:53 . 2008-11-14 07:55 <DIR> d-------- c:\documents and settings\martin\Dane aplikacji\skypePM
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 06:56 --------- d-----w c:\documents and settings\martin\Dane aplikacji\Skype
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 05:02 730,368 ----a-w c:\windows\system32\oodsvct.exe
2008-09-04 05:02 1,295,616 ----a-w c:\windows\system32\oodag.exe
2008-09-04 05:01 2,524,416 ----a-w c:\windows\system32\oodtray.exe
2008-09-04 05:01 194,816 ----a-w c:\windows\system32\oodbs.exe
2008-09-04 04:58 9,984 ----a-w c:\windows\system32\oodbsrs.dll
2008-09-04 04:58 894,208 ----a-w c:\windows\system32\oodtrrs.dll
2008-09-04 04:58 8,448 ----a-w c:\windows\system32\oodagrs.dll
2008-09-04 04:58 15,616 ----a-w c:\windows\system32\oodagmg.dll
2008-08-30 04:20 15,104 ----a-w c:\windows\system32\ootmapi.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:26 2,146,816 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:26 2,025,472 ----a-w c:\windows\system32\ntkrnlpa.exe
.
------- Sigcheck -------
2007-11-13 16:49 361344 68f06fe0021b01e670af37b8c5964fdf c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\netmeter\NetMeter.exe"="c:\netmeter\NetMeter.exe" [2007-08-11 331264]
"Konnekt"="d:\ważne\Konnekt\konnekt.exe" [2005-05-24 503808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\eset smart security\egui.exe" [2008-03-13 1443072]
"NodLogin"="c:\eset smart security\nodlogin.exe" [2008-09-15 359202]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\gmail notifier\gnotify.exe" [2005-07-15 479232]
"Norton Ghost 14.0"="c:\norton ghost\Agent\VProTray.exe" [2008-01-19 2245984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-25 8433664]
c:\documents and settings\martin\Menu Start\Programy\Autostart\
MagicDisc.lnk - c:\magicdisc\MagicDisc.exe [2007-11-13 547840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\utorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2006-02-17 58288]
R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2006-02-17 8336]
R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2006-02-17 94064]
R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2006-02-17 85408]
R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2006-02-17 83344]
R3 SymSnapService;SymSnapService;c:\norton ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1553896]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2008-04-14 5120]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Zawartość folderu 'Zaplanowane zadania'
2007-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\martin\Dane aplikacji\Mozilla\Firefox\Profiles\8vzrvi0a.default\
FF -: plugin - c:\acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\firefox\plugins\npnul32.dll
FF -: plugin - c:\k-lite codec pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\k-lite codec pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\opera\program\plugins\npdsplay.dll
FF -: plugin - c:\opera\program\plugins\NPOFF12.DLL
FF -: plugin - c:\opera\program\plugins\NPSWF32.dll
FF -: plugin - c:\opera\program\plugins\npwmsdrm.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - c:\quicktime\Plugins\npqtplugin.dll
FF -: plugin - c:\quicktime\Plugins\npqtplugin2.dll
FF -: plugin - c:\quicktime\Plugins\npqtplugin3.dll
FF -: plugin - c:\quicktime\Plugins\npqtplugin4.dll
FF -: plugin - c:\quicktime\Plugins\npqtplugin5.dll
FF -: plugin - c:\quicktime\Plugins\npqtplugin6.dll
FF -: plugin - c:\quicktime\Plugins\npqtplugin7.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 16:12:57
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-11-14 16:13:36
ComboFix-quarantined-files.txt 2008-11-14 15:13:29
Przed: 4 088 090 624 bajtów wolnych
Po: 4,078,116,864 bajtów wolnych
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
164 --- E O F --- 2008-11-14 11:38:25