- Kod: Zaznacz wszystko
ComboFix 08-06-20.4 - Adam 2008-06-29 11:08:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.24 [GMT 2:00]
Running from: C:\Documents and Settings\Adam\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.
2008-06-20 13:05 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-04 17:56 . 2008-06-04 17:56 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\GanymedeNet
2008-06-04 17:56 . 2008-06-04 17:56 4 --a------ C:\WINDOWS\system32\proc97.bin
2008-06-04 09:30 . 2008-06-28 23:37 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-03 21:49 . 2008-06-03 22:02 <DIR> d-------- C:\Program Files\AdVantage
2008-06-03 21:45 . 2008-06-03 21:59 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-03 21:41 . 2008-06-03 21:41 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Nero
2008-06-03 21:31 . 2008-06-03 21:31 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-06-03 21:25 . 2008-06-03 21:27 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-03 21:25 . 2008-06-03 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-06-03 19:46 . 2008-06-03 19:58 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Ahead
2008-06-03 19:33 . 2008-06-03 19:33 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-06-03 15:49 . 2008-06-03 15:49 <DIR> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2008-06-02 22:04 . 2008-06-02 22:04 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Media Player Classic
2008-06-01 17:41 . 2008-06-01 17:41 <DIR> d-------- C:\Documents and Settings\Adam\Dane aplikacji\Tlen.pl
2008-06-01 12:39 . 2008-06-02 18:22 <DIR> d-------- C:\Program Files\Gabest
2008-06-01 12:39 . 2008-06-01 12:39 <DIR> d-------- C:\Program Files\AviSynth 2.5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 12:11 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\Gadu-Gadu
2008-05-24 11:56 --------- d-----w C:\Program Files\Common Files\Java
2008-05-24 11:47 --------- d-----w C:\Program Files\Temp
2008-05-24 11:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-24 11:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-24 11:18 558,142 ----a-w C:\WINDOWS\java\Packages\7LRHJDB9.ZIP
2008-05-24 11:18 155,995 ----a-w C:\WINDOWS\java\Packages\NDBZJFD3.ZIP
2008-05-24 11:16 --------- d-----w C:\Program Files\Usługi online
2008-04-01 22:28 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Adam^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
--a------ 2007-11-05 11:12 884176 C:\Program Files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-03-20 18:46 217544 D:\Instalki\Programy\Alcohol 120\axcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]
--a------ 2007-11-14 13:30 537328 D:\Instalki\Programy\BCWipe\BCWipeTM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2002-09-20 18:05 13312 C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-16 13:24 167368 D:\Instalki\Programy\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
--a------ 2008-01-15 17:09 6290944 D:\Instalki\Programy\Tlen.pl\tlen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2002-08-20 15:08 1511453 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 C:\WINDOWS\System32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\System32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-15 01:50 233472 D:\Instalki\Programy\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 D:\Instalki\Programy\Java\bin\jusched.exe
S4 BCSWAP;BCSWAP;C:\WINDOWS\System32\drivers\BCSWAP.sys [2007-09-14 06:46]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 11:10:38
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-29 11:12:50
ComboFix-quarantined-files.txt 2008-06-29 09:12:41
Pre-Run: 2,227,056,640 bajtów wolnych
Post-Run: 2,403,811,328 bajtów wolnych
104
Mój problem jest taki że komputer się resetuje 5-10 minut po wlączeniu. Nie mam pojęcie co to może powodować to na pierwszy odszczał idą logi.
PS. Będe bardzo wdzięczny za wszelką pomoc.
)