Błąd przy otwieraniu dysku.

Mam problem, gdyż po próbie włamu na mój komputer nie mogę otworzyć któregokolwiek z dysków. Po dwukrotnym kliknięciu na niego pojawia się okienko "Otwieranie pliku za pomocą"i win chce abym podał mu program dzięki któremu ma otworzyć folder dysku. Po wybraniu explorera otwiera sie ten folder ale nie mogę ustawić aby była to domyślna akcja do otwierania dysku. Po Kliknięciu na Start->uruchom: "c:\" też działa. Ale jak ustawić żeby domyślnie wykonywał akcję otwarcia dysku przez explorera. Problem jest jak mi sie wydaje trywialny ale nie mogę znaleźć żadnych opcji w win xp które by rozwiązały ten problem. Proszę więc o pomoc bardziej doświadczonych użytkowników i pozdrawiam

Odpowiedzi: 14

[color=darkred]Proszę o nie dopisywanie się do wygasłych wątków! Proszę założyć nowy, podać ew. link nawiązujący do tego, czy innego z już istniejących. Wszelkie logi proszę wstawiać na wklejto.pl (lub podone) i tutaj doklejać tylko linki do wstawek.[/color] A jak się nie wie, co zrobić z rejestrem - proszę go przeczyścić odpowiednim programem, który będzie lepiej wiedział, co można a co nie. (RegCleaner, CCleaner, Odkurzacz itp.) Jest w czym wybierać. Zamykam.
XanTyp
Dodano
16.02.2010 23:42:50
Witam, miałem ten sam problem z otwieraniem partycji dysków. Byl to jakis syf pochodzący z dysku flash. po potraktowaniu go ComboFixem, zostaly usuniete pliki autorun.inf i problem się skonczyl. Przypuszczam jednak,ze nalezy tez wyczyscic cos w rejestrze, bardzo proszę, czy ktos moglby rzucic okiem na moj log z ComboFixa i podać mi co zrobic w rejestrze jesli to konieczne? Będę bardzo wdzieczny:) pozdrawiam!
cloudwithabow
Dodano
16.02.2010 14:49:56
odświeżam, gdyż mam ten sam problem ComboFix 09-04-27.03 - D620 2009-04-28 7:54.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.502.226 [GMT 2:00] Uruchomiony z: c:\documents and settings\D620\Pulpit\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090427-0] *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf D:\Autorun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2009-05-28 do 2009-4-28 ))))))))))))))))))))))))))))))) . 2009-04-20 15:02 . 2009-04-20 15:02 -------- d-----w c:\windows\system32\pl-pl 2009-04-20 15:02 . 2009-04-20 15:02 -------- d-----w c:\windows\l2schemas 2009-04-20 15:02 . 2009-04-20 15:02 -------- d-----w c:\windows\system32\pl 2009-04-20 15:02 . 2009-04-20 15:02 -------- d-----w c:\windows\system32\bits 2009-04-20 15:00 . 2009-04-20 15:00 -------- d-----w c:\windows\ServicePackFiles 2009-04-20 14:47 . 2009-04-20 14:47 -------- d-----w c:\windows\system32\NtmsData 2009-04-16 16:38 . 2008-04-21 21:16 218112 ------w c:\windows\system32\dllcache\wordpad.exe 2009-04-16 16:31 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 16:31 . 2009-02-09 11:26 2190336 ------w c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-16 16:31 . 2009-03-06 14:22 285696 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-16 16:31 . 2009-02-09 11:25 111104 ------w c:\windows\system32\dllcache\services.exe 2009-04-16 16:31 . 2009-02-09 10:53 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 16:31 . 2009-02-09 10:53 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 16:31 . 2009-02-09 10:53 686592 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 16:31 . 2009-02-09 10:53 731136 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 16:31 . 2009-02-09 10:53 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 16:31 . 2009-02-09 10:53 722944 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 16:31 . 2009-02-09 11:26 2146816 ------w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-16 16:31 . 2009-02-09 11:26 2025472 ------w c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-13 21:33 . 2008-06-14 17:36 273024 ------w c:\windows\system32\dllcache\bthport.sys 2009-04-13 21:27 . 2008-05-08 14:02 203136 ------w c:\windows\system32\dllcache\rmcast.sys 2009-04-13 21:27 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys 2009-04-13 21:26 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys 2009-04-13 21:26 . 2008-04-11 19:06 691712 ------w c:\windows\system32\dllcache\inetcomm.dll 2009-04-13 21:25 . 2008-10-15 16:36 337408 ------w c:\windows\system32\dllcache\netapi32.dll 2009-04-13 21:24 . 2008-07-09 07:57 26488 ----a-w c:\windows\system32\spupdsvc.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-27 20:22 . 2007-05-10 10:50 12 ----a-w c:\windows\bthservsdp.dat 2009-04-20 15:05 . 2007-05-10 09:52 87263 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-03 13:46 . 2004-08-04 08:00 49910 ----a-w c:\windows\system32\perfc015.dat 2009-04-03 13:46 . 2004-08-04 08:00 356068 ----a-w c:\windows\system32\perfh015.dat 2009-03-16 14:45 . 2007-05-10 10:02 17928 ----a-w c:\documents and settings\D620\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-03-06 14:22 . 2004-08-04 08:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-03-05 18:09 . 2008-04-22 13:59 892928 ----a-w c:\windows\system32\iconv.dll 2009-03-05 18:09 . 2008-04-22 13:58 795648 ----a-w c:\windows\system32\xvidcore.dll 2009-03-05 18:09 . 2009-03-05 18:09 130048 ----a-w c:\windows\system32\xvidvfw.dll 2009-03-02 21:04 . 2009-03-02 21:04 -------- d-----w c:\program files\Last.fm 2009-02-20 08:12 . 2006-03-04 01:35 668672 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:12 . 2004-08-04 08:00 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-12 16:17 . 2009-02-12 16:17 410984 ----a-w c:\windows\system32\deploytk.dll 2009-02-12 16:11 . 2009-02-12 16:11 0 ----a-w c:\windows\nsreg.dat 2009-02-09 14:07 . 2004-08-04 08:00 1847040 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:26 . 2005-03-30 15:37 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 11:26 . 2005-03-30 15:37 2146816 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:25 . 2004-08-04 08:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 2004-08-04 08:00 731136 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 2004-08-04 08:00 722944 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:53 . 2004-08-04 08:00 686592 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:53 . 2004-08-04 08:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-06 10:39 . 2004-08-04 08:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:58 . 2004-08-04 08:00 56832 ----a-w c:\windows\system32\secur32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-12 148888] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-05-25 35328] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\AutostartBluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\[u]0[/u]autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R3 memcard;Sterownik karty pamięci PCMCIA;c:\windows\system32\DRIVERS\memcard.sys [2001-08-17 8320] S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S2 KBDriverService;Knorr Bremse Driver Service;c:\16t\KnorrBremse\ST03A V2.4.07\Lib\KbDriverService.exe [2007-05-15 45056] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f7e8134-4f51-11dd-bc75-00188bd96251}] \Shell\AutoRun\command - setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b3812dc-718b-11dc-bc2a-806d6172696f}] \Shell\AutoRun\command - g1ljsm.com \Shell\open\Command - g1ljsm.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e677af42-fee9-11db-b87a-806d6172696f}] \Shell\AutoRun\command - g1ljsm.com \Shell\open\Command - g1ljsm.com . Zawartość folderu 'Zaplanowane zadania' . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\D620\Dane aplikacji\Mozilla\Firefox\Profiles\buzv6fxa.defaultFF - prefs.js: browser.search.selectedEngine - Wikipedia (pl) . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-28 07:56 Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-04-28 7:56 ComboFix-quarantined-files.txt 2009-04-28 05:56 Przed: 6 531 244 032 bajtów wolnych Po: 6 526 156 800 bajtów wolnych 138 --- E O F --- 2009-04-21 22:21 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:58:36, on 2009-04-28 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\16T\KnorrBremse\ST03A V2.4.07\Lib\KbDriverService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe D:\hjt\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=3274 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Knorr Bremse Driver Service (KBDriverService) - Unknown owner - C:\16T\KnorrBremse\ST03A V2.4.07\Lib\KbDriverService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 5659 bytes
mariusz12345
Dodano
28.04.2009 10:00:12
Moim zdaniem na dysku obecny jest plik autorun.inf w głównym katalogu. Należy go usunąć i wszystko powinno wrócić do normy.
Naruto09
Dodano
04.01.2009 15:43:01
ComboFix 08-06-20.4 - Pshemko 2008-06-30 20:32:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1113 [GMT 2:00] Running from: C:\Documents and Settings\Pshemko\Pulpit\ComboFix.exe.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 ))))))))))))))))))))))))))))))) . 2008-06-30 20:11 . 2008-06-30 20:11 13,646 --a------ C:\WINDOWS\system32\wpa.bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-30 17:44 --------- d-----w C:\Program Files\Alwil Software 2008-06-30 17:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-30 17:36 --------- d-----w C:\Program Files\MultiRes 2008-06-30 17:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-30 17:35 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe 2008-06-30 17:35 --------- d-----w C:\Program Files\Radeon Omega Drivers 2008-06-30 17:22 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-30 17:20 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-30 20:33:23 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-30 20:33:40 ComboFix-quarantined-files.txt 2008-06-30 18:33:38 Pre-Run: 5,147,992,064 bajtów wolnych Post-Run: 5,142,966,272 bajtów wolnych 57
Pshemko11
Dodano
30.06.2008 22:40:01
Mam prośbę...może ktoś sprawdzić te logi? ComboFix 08-06-12.2 - Administrator 2008-06-14 10:35:31.3 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1861 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf D:\Autorun.inf . ---- Previous Run ------- . C:\autorun.inf D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))) . 2008-06-06 15:17 . 2007-12-20 11:48 95,744 --a------ C:\WINDOWS\system32\drivers\Gt51Ip.sys 2008-06-06 15:17 . 2007-12-20 11:48 51,968 --a------ C:\WINDOWS\system32\drivers\gt72ubus.sys 2008-06-06 15:17 . 2007-12-20 11:48 8,064 --a------ C:\WINDOWS\system32\drivers\gtptser.sys 2008-06-06 11:45 . 2008-06-14 10:13 d----c--- C:\WINDOWS\system32\DRVSTORE 2008-06-06 11:45 . 2008-06-06 12:38 d-------- C:\Documents and Settings\TXP.89E42FF660424B9\Dane aplikacji\iPlus 2008-05-29 16:28 . 2008-06-06 12:03 147 --a------ C:\WINDOWS\NView16.dat 2008-05-29 16:25 . 2008-05-29 16:25 d-------- C:\Program Files\DVR 2008-05-29 16:25 . 2008-05-29 16:25 d-------- C:\Documents and Settings\TXP~1~89E\USTAWI~1 2008-05-29 16:25 . 2008-05-29 16:25 d-------- C:\Documents and Settings\TXP~1~89E 2008-05-29 16:25 . 2006-01-20 18:53 512,000 --a------ C:\WINDOWS\system32\ndmpeg4v.dll 2008-05-29 16:25 . 2005-06-24 18:34 487,084 --a------ C:\WINDOWS\setup.bmp 2008-05-29 16:25 . 2006-04-01 12:47 61,440 --a------ C:\WINDOWS\system32\ndmpeg4v.ax 2008-05-29 16:24 . 2008-05-29 16:24 d-------- C:\instalka 2008-05-22 15:20 . 2008-05-22 15:20 d-------- C:\Documents and Settings\TXP.89E42FF660424B9\Dane aplikacji\LGSync 2008-05-22 15:19 . 2008-05-22 15:19 d-------- C:\Program Files\LG Electronics 2008-05-22 15:18 . 2004-09-16 11:31 1,703,936 --a------ C:\WINDOWS\system32\gdiplus.dll 2008-05-22 15:18 . 2005-09-26 22:55 419,240 --a------ C:\WINDOWS\system32\Vsflex7L.ocx 2008-05-22 15:18 . 2000-05-22 00:00 244,416 --a------ C:\WINDOWS\system32\MsflxgrAd.ocx 2008-05-22 15:18 . 2005-06-28 22:12 36,864 --a------ C:\WINDOWS\system32\CSDLGE1LIB.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-14 08:29 98,304 ----a-w C:\WINDOWS\DUMP60dc.tmp 2008-06-14 08:26 98,304 ----a-w C:\WINDOWS\DUMP88e6.tmp 2008-06-14 08:26 33,068 --sh--r C:\WINDOWS\system32\avpo0.dll 2008-06-14 08:23 98,304 ----a-w C:\WINDOWS\DUMP8702.tmp 2008-06-14 08:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-14 08:09 98,304 ----a-w C:\WINDOWS\DUMPd09e.tmp 2008-06-13 13:13 98,304 ----a-w C:\WINDOWS\DUMP7a31.tmp 2008-06-08 09:15 98,304 ----a-w C:\WINDOWS\DUMP8ee2.tmp 2008-06-07 09:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-06-07 09:59 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-06-07 09:57 98,304 ----a-w C:\WINDOWS\DUMP8f20.tmp 2008-06-07 09:34 98,304 ----a-w C:\WINDOWS\DUMP96a2.tmp 2008-06-07 09:26 98,304 ----a-w C:\WINDOWS\DUMP8fad.tmp 2008-06-07 09:23 98,304 ----a-w C:\WINDOWS\DUMPb267.tmp 2008-06-07 09:19 98,304 ----a-w C:\WINDOWS\DUMP8de8.tmp 2008-06-07 09:12 98,304 ----a-w C:\WINDOWS\DUMP8feb.tmp 2008-06-07 09:09 98,304 ----a-w C:\WINDOWS\DUMP8df7.tmp 2008-06-07 09:05 98,304 ----a-w C:\WINDOWS\DUMP8cbf.tmp 2008-06-07 09:02 98,304 ----a-w C:\WINDOWS\DUMP9039.tmp 2008-06-07 08:59 98,304 ----a-w C:\WINDOWS\DUMP8f4f.tmp 2008-06-07 08:55 98,304 ----a-w C:\WINDOWS\DUMP90a7.tmp 2008-06-07 08:52 98,304 ----a-w C:\WINDOWS\DUMP93c4.tmp 2008-06-07 08:49 98,304 ----a-w C:\WINDOWS\DUMP91c0.tmp 2008-06-07 08:46 98,304 ----a-w C:\WINDOWS\DUMP9402.tmp 2008-06-07 08:43 98,304 ----a-w C:\WINDOWS\DUMP92f9.tmp 2008-05-16 15:41 --------- d-----w C:\Program Files\eMule 2008-04-26 18:42 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-04-24 18:26 --------- d-----w C:\Program Files\Kaspersky Lab 2008-04-24 18:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Kaspersky Lab 2008-04-04 16:37 98,304 ----a-w C:\WINDOWS\DUMP9b36.tmp 2008-03-17 13:27 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-03-17 13:22 22,328 ----a-w C:\Documents and Settings\TXP.89E42FF660424B9\Dane aplikacji\PnkBstrK.sys 2007-01-03 16:29 1,179 ----a-w C:\Documents and Settings\TXP\Licence.reg 2007-01-03 16:29 1,179 ----a-w C:\Documents and Settings\Administrator\Licence.reg 2007-01-03 15:29 1,179 ----a-w C:\Documents and Settings\TXP.89E42FF660424B9\Licence.reg 2007-10-17 14:57 94,945 --sh--r C:\WINDOWS\system32\avpo.exe . ------- Sigcheck ------- 2007-02-17 12:03 578560 6a93565be9b8422eb7538c66ac732d76 C:\WINDOWS\system32\user32.dll 2007-02-17 12:03 667648 b9cd00815effa790279a1d2f0d07323f C:\WINDOWS\ie7\wininet.dll 2007-01-12 10:27 822784 be43d00d802c92f01c8cc952c6f483f8 C:\WINDOWS\system32\wininet.dll 2007-02-17 12:33 360576 bd8686216e34e22c4ed45a2320b2bea1 C:\WINDOWS\system32\drivers\tcpip.sys 2007-02-17 12:02 2018816 54df9001110934c98ecff5691b332f5f C:\WINDOWS\system32\ntkrnlpa.exe 2007-02-17 12:02 2139136 22b96841df0b4186fce1498d8f695bdf C:\WINDOWS\system32\ntoskrnl.exe 2007-01-15 16:12 1549312 e5241037518f63e806dcf75f78dc84a8 C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-13_16.12.39,67 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-13 14:05:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-14 08:29:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-10-14 14:37 110592] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 15:51 774233] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 13:03 94208 C:\WINDOWS\KHALMNPR.Exe] "RTHDCPL"="RTHDCPL.EXE" [2006-12-19 12:12 16062464 C:\WINDOWS\RTHDCPL.EXE] "SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe] "Vistadrv"="C:\Program Files\VistaDrives\vsdrv.exe" [2006-07-30 04:37 121089] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 12:29 49152] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 23:57 30208] "Licence"="Licence.exe" [2007-01-08 20:49 101651 C:\WINDOWS\system32\Licence.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 07:24 286720] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-18 08:55 8523776] "nwiz"="nwiz.exe" [2007-12-18 08:55 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-18 08:55 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-01-08 20:00 124928 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\TXP.89E42FF660424B9\Menu Start\Programy\AutostartBudzik.lnk - C:\Program Files\Budzik\budzik.exe [2008-01-23 04:15:30 24084] Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\AutostartAdobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) "NoUserNameInStartMenu"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoExpandedNewMenu"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoThumbnailCache"= 1 (0x1) "NoTaskGrouping"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) "StartMenuLogoff"= 0 (0x0) "NoUserNameInStartMenu"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoExpandedNewMenu"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoThumbnailCache"= 1 (0x1) "NoTaskGrouping"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "VIDC.WMV3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "D:\\Soldat\\Soldat.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "D:\\dc\\moh_Breakthrough.exe"= "D:\\KONAMI\\Winning Eleven 2007\\we2007.exe"= "C:\\Program Files\\eMule\\emule.exe"= "D:\\cod4\\rzr-cod4\\Setup\\Data\\iw3mp.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "D:\\Stronghold Crusader\\Stronghold Crusader.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 dsnpfd;DeskSoft Service;C:\WINDOWS\system32\DRIVERS\dsnpfd.sys [2007-11-22 20:21] S1 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2006-09-30 12:35] S3 GT72NDISIPXP;GT 72 IP NDIS;C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2007-12-20 11:48] S3 GT72UBUS;GT 72 U BUS;C:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2007-12-20 11:48] S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-12-20 11:48] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08] S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [] *Newly Created Service* - PXHELP20 *Newly Created Service* - RICHVIDEO *Newly Created Service* - SPEEDFAN . Contents of the 'Scheduled Tasks' folder "2008-04-15 05:01:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-14 10:37:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-14 10:37:45 ComboFix-quarantined-files.txt 2008-06-14 08:37:40 ComboFix2.txt 2008-06-13 14:12:57 Pre-Run: 11,100,897,280 bajtów wolnych Post-Run: 11,094,106,112 bajtów wolnych 210 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:43:15, on 2008-06-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ulubione O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Vistadrv] C:\Program Files\VistaDrives\vsdrv.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Licence] Licence.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O13 - DefaultPrefix: http://click.vnn.bz/?hide=1&url= O13 - WWW Prefix: http://click.vnn.bz/?hide=1&url= O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.33/g_bin/pl/poker_2_0_0_49.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7222A512-FABD-4A4B-9E40-DD05C831320E}: NameServer = 192.168.100.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\SYSTEM32\astsrv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing) O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing) O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 6523 bytes
massive
Dodano
14.06.2008 12:53:47
Witam wszystkich, również mam podobny problem, czym mógłbym w związku z tym o sprawdzenie logów. Z góry dziękuję za pomoc. Oto logi: [code] ComboFix 07-10-29.1 - Adrian 2007-10-31 20:17:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1369 [GMT 1:00] Running from: C:\Documents and Settings\Adrian\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll . ((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-31 ))))))))))))))))))))))))))))))) . 2007-10-31 20:17 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-31 19:51 d-------- C:\WINDOWS\pss 2007-10-31 19:36 d-------- C:\Program Files\iolo 2007-10-31 19:36 d-------- C:\Documents and Settings\LocalService\Dane aplikacji\iolo 2007-10-31 19:36 378,216 --a------ C:\WINDOWS\system32\Incinerator.dll 2007-10-31 19:36 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe 2007-10-31 19:36 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe 2007-10-31 19:34 d-------- C:\Documents and Settings\All Users\Dane aplikacji\iolo 2007-10-31 19:34 d-------- C:\Documents and Settings\Adrian\Dane aplikacji\iolo 2007-10-31 19:34 74,703 --a------ C:\WINDOWS\system32\mfc45.dll 2007-10-31 18:53 d-------- C:\Documents and Settings\Adrian\Dane aplikacji\Tlen.pl 2007-10-31 16:44 d-------- C:\Program Files\Tlen.pl 2007-10-31 16:40 d-------- C:\WINDOWS\ShellNew 2007-10-31 14:17 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Macrovision 2007-10-31 14:16 d-------- C:\Program Files\Common Files\Macromedia Shared 2007-10-31 14:15 d-------- C:\Program Files\Macromedia 2007-10-31 14:15 d-------- C:\Program Files\Common Files\Macromedia 2007-10-31 13:24 d-------- C:\WINDOWS\system32\LogFiles 2007-10-31 10:07 d-------- C:\Documents and Settings\Adrian\Dane aplikacji\AdobeUM 2007-10-31 00:30 d-------- C:\Documents and Settings\Adrian\Dane aplikacji\foobar2000 2007-10-30 23:50 d-------- C:\Documents and Settings\Adrian\Dane aplikacji\Talkback 2007-10-30 23:44 d-------- C:\Documents and Settings\Adrian\Dane aplikacji\Thunderbird 2007-10-30 23:44 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-30 23:43 d-------- C:\Program Files\Mozilla Thunderbird 2007-10-30 23:43 d-------- C:\Program Files\BitComet 2007-10-30 23:42 d-------- C:\Program Files\foobar2000 2007-10-30 23:41 d-------- C:\Program Files\MarBit 2007-10-30 23:40 d-------- C:\Program Files\IrfanView 2007-10-30 23:32 d-------- C:\WINDOWS\system32\windows media 2007-10-30 23:32 d--h----- C:\WINDOWS\msdownld.tmp 2007-10-30 21:30 d-------- C:\Program Files\Common Files\Adobe 2007-10-30 19:24 d-------- C:\WINDOWS\system32\Futuremark 2007-10-30 19:24 d-------- C:\Program Files\Futuremark 2007-10-30 19:24 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-10-30 19:24 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2007-10-30 18:33 822,272 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS 2007-10-30 17:06 d-------- C:\Program Files\Broadcom 2007-10-30 16:52 d-------- C:\Documents and Settings\Adrian\Bluetooth Software 2007-10-30 16:51 d-------- C:\Program Files\WIDCOMM 2007-10-30 16:51 868,298 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys 2007-10-30 16:51 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll 2007-10-30 16:51 67,960 --a------ C:\WINDOWS\system32\drivers\btwusb.sys 2007-10-30 16:50 d-------- C:\SWSetup 2007-10-30 16:30 d-------- C:\Program Files\Lavalys 2007-10-30 16:06 d-------- C:\Program Files\Alwil Software 2007-10-30 16:06 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-10-30 16:06 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-10-30 16:06 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-10-30 16:06 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-30 16:06 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-30 16:06 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-30 16:06 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-30 16:06 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-30 15:48 d-------- C:\Program Files\PowerQuest 2007-10-29 23:16 d-------- C:\Program Files\Hp 2007-10-29 23:14 d-------- C:\Program Files\Common Files\LightScribe 2007-10-29 23:11 124,928 --a------ C:\WINDOWS\system32\accelerometerST.exe 2007-10-29 23:11 22,016 --a------ C:\WINDOWS\system32\drivers\Accelerometer.sys 2007-10-29 23:11 17,920 --a------ C:\WINDOWS\system32\drivers\hpdskflt.sys 2007-10-29 23:11 7,680 --a------ C:\WINDOWS\system32\accelerometerdll.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-31 13:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-30 14:47 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-29 22:48 --------- d-----w C:\Program Files\Hewlett-Packard 2007-10-29 22:33 --------- d-----w C:\Program Files\HPQ 2007-10-29 22:27 1,786 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq 6715b (GC049ES#AKD)_YN_0U_QCNU73712FW_EU_46_I30C2_SHP_VKBC Version 71.28_B68YTT Ver. F.07_T070716_WXP2_L415_M1920_J160_7AMD_8Turion 64 X2 Technology TL-56_91.8_#071029_N14E41693_(GC049ES#AKD).MRK 2007-10-29 21:56 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\Infineon 2007-10-29 21:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Infineon 2007-10-29 21:54 --------- d-----w C:\Documents and Settings\Adrian\Dane aplikacji\Infineon 2007-10-29 21:50 --------- d-----w C:\Program Files\Common Files\ActivIdentity 2007-10-29 21:50 --------- d-----w C:\Program Files\ActivIdentity 2007-10-29 21:48 155,136 ----a-w C:\WINDOWS\system32\imapihp.exe 2007-10-29 21:42 --------- d-----w C:\Documents and Settings\Adrian\Dane aplikacji\hpqLog 2007-10-29 21:40 --------- d-----w C:\Program Files\HP PCMCIA Smart Card Reader 2007-10-29 21:28 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-10-29 21:28 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf 2007-10-29 21:27 --------- d-----w C:\Documents and Settings\Adrian\Dane aplikacji\InstallShield 2007-10-29 21:26 --------- d-----w C:\Program Files\Fingerprint Sensor 2007-10-29 21:24 --------- d-----w C:\Program Files\Synaptics 2007-10-29 21:21 --------- d-----w C:\Program Files\DIFX 2007-10-29 21:18 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\ATI 2007-10-29 21:13 --------- d-----w C:\Program Files\Analog Devices 2007-10-29 21:07 --------- d-----w C:\Documents and Settings\Adrian\Dane aplikacji\ATI 2007-10-29 21:04 --------- d-----w C:\Program Files\ATI Technologies 2007-10-29 20:57 --------- d-----w C:\Documents and Settings\Adrian\Dane aplikacji\U3 2007-10-29 20:42 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-29 20:40 --------- d-----w C:\Program Files\Usługi online 2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 17:36] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 17:47] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 09:47] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 15:13] "PTHOSTTR"="c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 15:52] "CognizanceTS"="c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17:12] "accrdsub"="c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-03 18:51] "IFXSPMGT"="C:\WINDOWS\system32\ifxspmgt.exe" [2007-05-23 14:04] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35] C:\Documents and Settings\All Users\Menu Start\Programy\AutostartBTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 15:14:00] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] c:\WINDOWS\system32\ackpbsc.dll 2007-05-03 18:51 112640 c:\WINDOWS\system32\ackpbsc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] c:\Program Files\ActivIdentity\ActivClient\acunlock.dll 2007-05-03 18:51 281088 c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] DeviceNP.dll 2007-04-30 08:19 49152 C:\WINDOWS\system32\DeviceNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= SbHpNp scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe" R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys R2 accoca;ActivClient Middleware Service;"c:\Program Files\ActivIdentity\ActivClient\accoca.exe" R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k Cognizance R2 HpFkCryptService;Drive Encryption Service;"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe" R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS S2 ASBroker;Logon Session Broker;C:\WINDOWS\System32\svchost.exe -k Cognizance S3 DAMDrv;DAMDrv;C:\WINDOWS\system32\DRIVERS\DAMDrv.sys S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\WINDOWS\system32\flcdlock.exe S3 HP24X;HP PC Card Smart Card Reader;C:\WINDOWS\system32\DRIVERS\HP24X.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance ASBroker ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d13a91f7-8660-11dc-8175-a2f7e52cff7a}] AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d13a91f8-8660-11dc-8175-a2f7e52cff7a}] AutoRun\command - ntde1ect.com explore\Command - ntde1ect.com open\Command - ntde1ect.com [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb . ************************************************************************** catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-31 20:20:39 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-31 20:21:40 - machine was rebooted . --- E O F --- [/code] oraz HijackThisa: [code] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:23:44, on 2007-10-31 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\WINDOWS\system32\ifxspmgt.exe C:\WINDOWS\system32\ifxtcs.exe C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\IfxPsdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wpabaln.exe C:\Documents and Settings\Adrian\Pulpit\HiJackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: CCC.lnk = ? O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe -- End of file - 8285 bytes [/code]
adrianello
Dodano
31.10.2007 21:28:59
Odbuduje - przynajmniej powinien. Jestes pewny że po restarcie a nie po włożeniu pednriva ?? Ale ten jest akurat OK
Żółty
Dodano
24.10.2007 20:52:17
Skasowanie nawet całego klucza HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 nie ma skutków ubocznych.Po restarcie komputera klucz się samoczynnie odbuduje i rozpocznie się nowe mapowanie :neutral:
Leon$
Dodano
24.10.2007 20:47:38
O16 wskazany prez Leon$a jest OK Klucz HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23844ed7-9417-11db-8fde-0018de309ab5} jest OK Jeszcze pliki spod mountpointsów są do usunięcia. [quote]RavMonE.exe .\recycled\info.exe F:\ie.exe F:\Recycled\ctfmon.exe ntde1ect.com F:\activexdebugger32.exe[/quote] Jeśli masz jakieś pendrivy to z nich pliki autorun.inf skasować należy i tych plików co wymieniłem wyżej poszukać i skasować. Zwracaj uwage na ścieżki i na niuanse w nazwach (np systemowy plik ntde[b]T[/b]ect.com - syf do usunięcia - ntde[b]1[/b]ect.com) Dodatkowo do zafixowania wpis [quote]O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe[/quote] a plik do usunięcia Z tym mogą byc jaja - poszukaj i skasuj jeszcze plik C:\WINDOWS\system32\avpo0.dll Jak będą problemy z kasacja plików to kasuj Killboxem albo uruchom konsolę odzyskiwania i poleceniem del kasuj. Komplet logów po robocie. Temet wędruje do Bezpieczeństwa.
Żółty
Dodano
24.10.2007 20:04:00
Wpisy [quote]O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll (file missing) O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll (file missing) O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_43.cab [/quote] usuń HijackThisem >> Fix checked Otwórz notatnik i wklej [quote]File:: C:\Program Files\Save\Save.exe Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WhenUSave"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23844ed7-9417-11db-8fde-0018de309ab5}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27a354be-ac66-11db-9026-0018f3af4c19}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e2ba688-d7e4-11db-908a-0018f3af4c19}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a7d3fbc-d0e3-11db-9079-0018f3af4c19}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71550b01-1298-11dc-90fa-0018f3af4c19}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71a83f80-ed06-11db-90b9-0018f3af4c19}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d33f53a-1ced-11dc-9109-0018f3af4c19}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d33f53b-1ced-11dc-9109-0018f3af4c19}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d33f53c-1ced-11dc-9109-0018f3af4c19}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4ea3e04-e80e-11db-90ae-0018f3af4c19}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e0457c-2350-11dc-9110-0018f3af4c19}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e0457d-2350-11dc-9110-0018f3af4c19}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbbebc61-23e0-11dc-9112-0018f3af4c19}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd768edc-a4b7-11db-9011-0018f3af4c19}][/quote] zapisz jako [b]CFScript[/b] (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe na pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER Powinno rozpocząć się usuwanie Po restarcie usuń ręcznie folder C: \Qoobox Po wszystkim nowe logi Combo i HijackThis :neutral:
Leon$
Dodano
24.10.2007 18:28:16
Oka wrzucam logi z tych programów i jak ktoś coś z nich wyczyta to proszę o odpowiedź. ComboFix: [code] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\Documents and Settings\Kamila\Dane aplikacji\macromedia\Flash Player\#SharedObjects\5VLK6V6X\iforex.com C:\Documents and Settings\Kamila\Dane aplikacji\macromedia\Flash Player\#SharedObjects\5VLK6V6X\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\Kamila\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\Kamila\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Program Files\internet explorer\iekey.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 ))))))))))))))))))))))))))))))) . 2007-10-24 15:39 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-23 11:55 d-------- C:\WINDOWS\system32\NtmsData 2007-10-17 20:03 180,224 --a------ C:\WINDOWS\system32\Ijl11.dll 2007-10-17 20:03 24,626 --a------ C:\WINDOWS\system32\scrrntr.dll 2007-10-17 20:03 19,456 --a------ C:\WINDOWS\system32\KTKBDHK3.DLL 2007-10-17 20:03 52 --a------ C:\WINDOWS\system\ACD2.CMD 2007-10-17 20:03 52 --a------ C:\WINDOWS\system\ACD.CMD 2007-10-10 09:44 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-09 16:45 d-------- C:\Documents and Settings\NetworkService\Dane aplikacji 2007-10-09 13:51 d-------- C:\Documents and Settings\LocalService\Dane aplikacji 2007-10-05 13:38 d-------- C:\Program Files\WeatherCast 2007-10-05 13:38 d-------- C:\Program Files\Save 2007-10-04 16:40 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-10-02 17:29 d-------- C:\Documents and Settings\Kamila\Dane aplikacji\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-08-22 13:19 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll 2007-08-22 13:19 661,504 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-22 13:19 616,448 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-22 13:19 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-22 13:19 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-22 13:19 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-08-22 13:19 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-22 13:19 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-22 13:19 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-08-22 13:19 3,079,168 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-22 13:19 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-08-22 13:19 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-22 13:19 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-22 13:19 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-08-22 13:19 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-22 13:19 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-08-22 13:19 1,055,744 ------w C:\WINDOWS\system32\dllcache\danim.dll 2007-08-22 13:19 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:18 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 03:01] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 02:27] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 14:25] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "BearShare"="C:\Program Files\BearShare\BearShare.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [] "Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2006-12-29 12:49] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [] "WeatherCast"="C:\Program Files\WeatherCast\Weather.exe" [2003-01-08 11:47] "WhenUSave"="C:\Program Files\Save\Save.exe" [2006-08-25 14:45] "avpa"="C:\WINDOWS\system32\avpo.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Bluetooth Manager.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Bluetooth Manager.lnk backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kamila^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.lnk] path=C:\Documents and Settings\Kamila\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.lnk backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl] C:\WINDOWS\ATK0100\HControl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23844ed7-9417-11db-8fde-0018de309ab5}] AutoRun\command - G:\USBNB.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27a354be-ac66-11db-9026-0018f3af4c19}] AutoRun\command - ie.exe explore\Command - ie.exe open\Command - ie.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e2ba688-d7e4-11db-908a-0018f3af4c19}] Auto\command - F:\RavMonE.exe e AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a7d3fbc-d0e3-11db-9079-0018f3af4c19}] AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe Open(&0)\command - F:\Recycled\ctfmon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71550b01-1298-11dc-90fa-0018f3af4c19}] Auto\command - F:\RavMonE.exe e AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71a83f80-ed06-11db-90b9-0018f3af4c19}] Auto\command - RavMonE.exe e AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d33f53a-1ced-11dc-9109-0018f3af4c19}] AutoRun\command - F:\ie.exe explore\Command - F:\ie.exe open\Command - F:\ie.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d33f53b-1ced-11dc-9109-0018f3af4c19}] AutoRun\command - F:\ie.exe explore\Command - F:\ie.exe open\Command - F:\ie.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d33f53c-1ced-11dc-9109-0018f3af4c19}] AutoRun\command - F:\ie.exe explore\Command - F:\ie.exe open\Command - F:\ie.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4ea3e04-e80e-11db-90ae-0018f3af4c19}] AutoRun\command - ie.exe explore\Command - ie.exe open\Command - ie.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e0457c-2350-11dc-9110-0018f3af4c19}] 1\Command - .\recycled\info.exe AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5e0457d-2350-11dc-9110-0018f3af4c19}] AutoRun\command - G:\USBNB.exe AutoRun\command - F:\ie.exe explore\Command - F:\ie.exe open\Command - F:\ie.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbbebc61-23e0-11dc-9112-0018f3af4c19}] Auto\command - F:\activexdebugger32.exe f AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f explore\Command - F:\activexdebugger32.exe f open\Command - F:\activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd768edc-a4b7-11db-9011-0018f3af4c19}] AutoRun\command - ntde1ect.com explore\Command - ntde1ect.com open\Command - ntde1ect.com *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-08-17 19:45:18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Kamila.job" - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe "2007-10-19 06:48:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-24 15:43:07 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-24 15:43:33 - machine was rebooted . --- E O F --- [/code] HiJackThis: [code] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:45:14, on 2007-10-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WeatherCast\Weather.exe C:\Program Files\Save\Save.exe C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe C:\WINDOWS\system32\wuauclt.exe c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Documents and Settings\Kamila\Pulpit\Nowy folder\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" O4 - HKCU\..\Run: [WeatherCast] C:\Program Files\WeatherCast\Weather.exe /q O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166553332678 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166553306570 O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_43.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{11DB2466-68E2-4D4C-A4BB-FD287870AC6E}: NameServer = 150.254.5.4,150.254.5.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{73D6A6D7-1CFA-4B4E-B36E-FA844FA6A01C}: NameServer = 150.254.5.4,150.254.5.110 O17 - HKLM\System\CS1\Services\Tcpip\..\{11DB2466-68E2-4D4C-A4BB-FD287870AC6E}: NameServer = 150.254.5.4,150.254.5.11 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9581 bytes [/code]
franko
Dodano
24.10.2007 17:50:30
Prawdopodobnie w prawokliku masz opcje Autoodtwarzanie. Pobierz ComboFixa [url=http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642&#entry395642]instalka wraz z opisem[/url] przeskanuj nim system ,zrób loga i daj na forum daj również loga HijackThisa [url=http://www.searchengines.pl/Narzedzia-HijackThis-i-Silent-Runners-t15989.html]instalka wraz z opisem[/url] :neutral:
Leon$
Dodano
23.10.2007 19:51:44
Mój komputer>zakładka narzędzia>opcje folderów> typy plików . Nazwa "dysk" - ustaw domyślnie. Możesz jeszcze spróbować polecenia : Start > Uruchom > regsvr32 /i shell32 Bardzo możliwe , że złapałeś rootkita lub trojana.
Seeker
Dodano
23.10.2007 16:56:06
franko
Dodano:
23.10.2007 15:18:57
Komentarzy:
14
Strona 1 / 1