Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
20 Kwi 2008, 17:26
To są w wiekszości dobre wpisy powtórz moją wcześniejsza wskazówkę
20 Kwi 2008, 17:36
Na początku powiem że jak włączyłem combofix to pokazał sie komunikat z paska że windows/prefetch/findstr jest uszkodzony i nienadaje sie do odczytu i mam włączyć chdsk (czy jakoś tak) Potem jak tam usuwał wyskakiwały juz errory z tym samym co chwile. Bo ale log
Moj brat uruchomił msconfig i w uruchamianie odznaczył NvcPL i nwiz. I nie wiem, mam to zaznaczyć czy nie?
- Kod:
ComboFix 08-04-18.3 - Maaciek 2008-04-20 17:32:59.7 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1637 [GMT 2:00]
Running from: C:\Documents and Settings\Maaciek\Pulpit\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Maaciek\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\WINDOWS\msdownld.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\FOUND.000
C:\FOUND.000\FILE0000.CHK
C:\FOUND.000\FILE0001.CHK
C:\FOUND.000\FILE0002.CHK
C:\FOUND.000\FILE0003.CHK
C:\FOUND.000\FILE0004.CHK
C:\FOUND.000\FILE0005.CHK
C:\FOUND.000\FILE0006.CHK
C:\FOUND.000\FILE0007.CHK
C:\FOUND.000\FILE0008.CHK
C:\FOUND.000\FILE0009.CHK
C:\FOUND.000\FILE0010.CHK
C:\FOUND.000\FILE0011.CHK
C:\FOUND.000\FILE0012.CHK
C:\FOUND.000\FILE0013.CHK
C:\FOUND.000\FILE0014.CHK
C:\FOUND.000\FILE0015.CHK
C:\FOUND.000\FILE0016.CHK
C:\FOUND.000\FILE0017.CHK
C:\FOUND.000\FILE0018.CHK
C:\FOUND.000\FILE0019.CHK
C:\FOUND.000\FILE0020.CHK
C:\FOUND.000\FILE0021.CHK
C:\FOUND.000\FILE0022.CHK
C:\FOUND.000\FILE0023.CHK
C:\FOUND.000\FILE0024.CHK
C:\FOUND.000\FILE0025.CHK
C:\FOUND.000\FILE0026.CHK
C:\FOUND.000\FILE0027.CHK
C:\FOUND.000\FILE0028.CHK
C:\FOUND.000\FILE0029.CHK
C:\FOUND.000\FILE0030.CHK
C:\FOUND.000\FILE0031.CHK
C:\FOUND.000\FILE0032.CHK
C:\FOUND.000\FILE0033.CHK
C:\FOUND.000\FILE0034.CHK
C:\FOUND.000\FILE0035.CHK
C:\FOUND.000\FILE0036.CHK
C:\FOUND.000\FILE0037.CHK
C:\FOUND.000\FILE0038.CHK
C:\FOUND.000\FILE0039.CHK
C:\FOUND.000\FILE0040.CHK
C:\FOUND.000\FILE0041.CHK
C:\FOUND.000\FILE0042.CHK
C:\FOUND.000\FILE0043.CHK
C:\FOUND.000\FILE0044.CHK
C:\FOUND.000\FILE0045.CHK
C:\FOUND.000\FILE0046.CHK
C:\FOUND.000\FILE0047.CHK
C:\FOUND.000\FILE0048.CHK
C:\FOUND.000\FILE0049.CHK
C:\FOUND.000\FILE0050.CHK
C:\FOUND.000\FILE0051.CHK
C:\FOUND.000\FILE0052.CHK
C:\FOUND.000\FILE0053.CHK
C:\FOUND.000\FILE0054.CHK
C:\FOUND.000\FILE0055.CHK
C:\FOUND.000\FILE0056.CHK
C:\FOUND.000\FILE0057.CHK
C:\FOUND.000\FILE0058.CHK
C:\FOUND.000\FILE0059.CHK
C:\FOUND.000\FILE0060.CHK
C:\FOUND.000\FILE0061.CHK
C:\FOUND.000\FILE0062.CHK
C:\FOUND.000\FILE0063.CHK
C:\FOUND.000\FILE0064.CHK
C:\FOUND.000\FILE0065.CHK
C:\FOUND.000\FILE0066.CHK
C:\FOUND.000\FILE0067.CHK
C:\FOUND.000\FILE0068.CHK
C:\FOUND.000\FILE0069.CHK
C:\FOUND.000\FILE0070.CHK
C:\FOUND.000\FILE0071.CHK
C:\FOUND.000\FILE0072.CHK
C:\FOUND.000\FILE0073.CHK
C:\FOUND.000\FILE0074.CHK
C:\FOUND.000\FILE0075.CHK
C:\FOUND.000\FILE0076.CHK
C:\FOUND.000\FILE0077.CHK
C:\FOUND.000\FILE0078.CHK
C:\FOUND.000\FILE0079.CHK
C:\FOUND.000\FILE0080.CHK
C:\FOUND.000\FILE0081.CHK
C:\FOUND.000\FILE0082.CHK
C:\FOUND.000\FILE0083.CHK
C:\FOUND.000\FILE0084.CHK
C:\FOUND.000\FILE0085.CHK
C:\FOUND.000\FILE0086.CHK
C:\FOUND.000\FILE0087.CHK
C:\FOUND.000\FILE0088.CHK
C:\FOUND.000\FILE0089.CHK
C:\FOUND.000\FILE0090.CHK
C:\FOUND.000\FILE0091.CHK
C:\FOUND.000\FILE0092.CHK
C:\FOUND.000\FILE0093.CHK
C:\FOUND.000\FILE0094.CHK
C:\FOUND.000\FILE0095.CHK
C:\FOUND.000\FILE0096.CHK
C:\FOUND.000\FILE0097.CHK
C:\FOUND.000\FILE0098.CHK
C:\FOUND.000\FILE0099.CHK
C:\FOUND.000\FILE0100.CHK
C:\FOUND.000\FILE0101.CHK
C:\FOUND.000\FILE0102.CHK
C:\FOUND.000\FILE0103.CHK
C:\FOUND.000\FILE0104.CHK
C:\FOUND.000\FILE0105.CHK
C:\FOUND.000\FILE0106.CHK
C:\FOUND.000\FILE0107.CHK
C:\FOUND.000\FILE0108.CHK
C:\FOUND.000\FILE0109.CHK
C:\FOUND.000\FILE0110.CHK
C:\FOUND.000\FILE0111.CHK
C:\FOUND.000\FILE0112.CHK
C:\FOUND.000\FILE0113.CHK
C:\FOUND.001
C:\FOUND.001\FILE0000.CHK
.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.
2008-04-20 17:09 . 2008-04-20 17:09 <DIR> d-------- C:\ComboFix
2008-04-19 10:23 . 2008-04-19 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-19 10:22 . 2008-04-19 10:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 09:25 . 2008-04-20 17:32 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-17 07:09 . 2008-04-17 07:09 <DIR> d---s---- C:\Documents and Settings\Maaciek\UserData
2008-04-16 14:50 . 2008-04-16 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-04-16 07:57 . 2008-04-16 07:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-04-15 18:15 . 2008-04-15 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-15 17:22 . 2008-04-15 17:22 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-15 14:05 . 2008-04-15 14:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 10:04 . 2008-04-13 10:04 <DIR> d-------- C:\Documents and Settings\Maaciek\Dane aplikacji\Ubisoft
2008-04-13 10:04 . 2008-04-13 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-04-12 21:05 . 2008-04-12 21:05 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-04-11 18:02 . 2008-04-11 18:02 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-11 16:33 . 2008-04-11 16:33 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-11 16:19 . 2008-04-11 16:19 41 ---hs---- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
2008-04-11 14:13 . 2008-04-20 15:46 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-11 14:13 . 2008-04-11 16:44 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-11 14:13 . 2008-04-20 15:46 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-10 15:38 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-10 15:38 . 2008-03-19 18:29 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-04-10 15:37 . 2008-04-10 15:37 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-05 09:23 . 2008-04-11 16:44 674,600 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-04-03 17:49 . 2008-04-03 17:49 <DIR> d-------- C:\Documents and Settings\Maaciek\Dane aplikacji\DAEMON Tools
2008-04-03 17:49 . 2008-04-03 17:49 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-02 21:55 . 2008-04-02 21:55 <DIR> d-------- C:\Documents and Settings\Maaciek\Dane aplikacji\Ulead Systems
2008-04-02 21:54 . 2008-04-02 21:54 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-04-02 21:54 . 2008-04-02 21:54 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-02 21:53 . 2008-04-02 21:53 <DIR> d-------- C:\Program Files\Windows Media Components
2008-04-01 20:09 . 2008-04-01 20:09 <DIR> d-------- C:\Program Files\Ulead Systems
2008-04-01 20:09 . 2008-04-01 20:09 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-04-01 20:09 . 2008-04-01 20:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-04-01 20:09 . 2001-12-19 15:47 49,152 --------- C:\WINDOWS\system32\TempDel.EXE
2008-04-01 20:09 . 2005-01-06 16:55 9,446 --a------ C:\WINDOWS\system32\drivers\WFIOCTL.sys
2008-04-01 20:09 . 2002-06-03 23:01 8,734 --a------ C:\WINDOWS\system32\WFSch.ICO
2008-04-01 20:05 . 2008-04-01 20:05 <DIR> d-------- C:\WINDOWS\system32\DX9
2008-04-01 20:04 . 2008-04-01 20:04 <DIR> d-------- C:\WINDOWS\system32\WinFox
2008-04-01 20:04 . 2008-04-01 20:04 <DIR> d-------- C:\WINDOWS\system32\WinFast
2008-04-01 20:04 . 2003-09-05 09:57 9,469 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys
2008-04-01 12:12 . 2008-04-01 12:12 <DIR> d-------- C:\Program Files\uTorrent
2008-04-01 12:12 . 2008-04-01 12:12 <DIR> d-------- C:\Documents and Settings\Maaciek\Dane aplikacji\uTorrent
2008-04-01 12:03 . 2008-04-11 16:45 22,328 --a------ C:\Documents and Settings\Maaciek\Dane aplikacji\PnkBstrK.sys
2008-04-01 12:02 . 2008-04-01 12:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-01 12:02 . 2008-04-01 12:02 275 --a------ C:\WINDOWS\game.ini
2008-04-01 11:47 . 2008-04-01 11:47 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-01 08:03 . 2008-04-01 08:03 <DIR> d-------- C:\Documents and Settings\Maaciek\Dane aplikacji\Winamp
2008-04-01 07:58 . 2008-04-01 07:58 1,229 --a------ C:\WINDOWS\mozver.dat
2008-04-01 07:56 . 2008-04-01 07:56 <DIR> d-------- C:\Documents and Settings\Maaciek\Dane aplikacji\Talkback
2008-04-01 07:56 . 2008-04-01 07:56 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-01 07:50 . 2008-04-01 07:50 <DIR> d-------- C:\Program Files\Lexmark 3300 Series
2008-04-01 07:48 . 2008-04-01 07:48 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-01 07:48 . 2008-04-01 07:48 <DIR> d-------- C:\Documents and Settings\Maaciek\Dane aplikacji\Ahead
2008-04-01 07:47 . 2008-04-01 07:47 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-04-01 07:45 . 2008-04-01 07:45 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-01 07:45 . 2008-04-01 07:45 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-01 07:38 . 2007-03-23 13:19 9,715,200 -r------- C:\WINDOWS\RTLCPL.exe
2008-04-01 07:38 . 2007-07-18 13:26 4,547,584 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-04-01 07:38 . 2007-06-15 10:45 1,826,816 -r------- C:\WINDOWS\SkyTel.exe
2008-04-01 07:38 . 2007-01-16 04:39 1,191,936 -r------- C:\WINDOWS\RtlUpd.exe
2008-04-01 07:38 . 2006-08-18 00:58 282,624 -r------- C:\WINDOWS\system32\RTSndMgr.cpl
2008-04-01 07:38 . 2006-07-21 10:14 86,016 -r------- C:\WINDOWS\SoundMan.exe
2008-04-01 07:38 . 2006-08-01 09:02 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-04-01 07:37 . 2008-04-01 07:37 <DIR> d-------- C:\Program Files\Realtek
2008-04-01 07:37 . 2008-04-01 07:37 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 07:37 . 2007-07-05 10:08 16,380,416 -r------- C:\WINDOWS\RTHDCPL.exe
2008-04-01 07:37 . 2006-05-04 10:26 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
2008-04-01 07:37 . 2007-06-28 10:44 2,165,760 -r------- C:\WINDOWS\MicCal.exe
2008-04-01 07:37 . 2007-01-12 10:54 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
2008-04-01 07:37 . 2005-09-21 04:25 299,008 -r------- C:\WINDOWS\system32\ALSndMgr.cpl
2008-04-01 07:37 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-04-01 07:37 . 2006-06-18 23:51 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-04-01 07:36 . 2006-11-07 14:58 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2008-04-01 07:36 . 2006-10-05 16:35 356,352 --------- C:\WINDOWS\system32\nvuide.exe
2008-04-01 07:36 . 2006-10-19 09:36 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu
2008-04-01 07:36 . 2006-10-24 13:13 1,732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin
2008-04-01 07:36 . 2006-09-11 15:14 1,570 --------- C:\WINDOWS\system32\nvide.nvu
2008-04-01 07:35 . 2008-04-01 07:35 <DIR> d-------- C:\Documents and Settings\Maaciek\Dane aplikacji\InstallShield
2008-04-01 07:33 . 2008-04-01 07:33 <DIR> d-------- C:\WINDOWS\nview
2008-04-01 07:33 . 2007-09-16 19:07 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-01 07:33 . 2008-04-01 07:34 138,893 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-01 07:33 . 2007-09-16 19:07 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-31 22:08 . 2008-03-31 22:08 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-03-31 22:08 . 2008-03-31 22:08 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-03-31 22:08 . 2008-03-31 22:08 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-03-31 22:06 . 2008-03-31 22:06 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-03-31 22:06 . 2008-03-31 22:06 <DIR> d-------- C:\Program Files\DIFX
2008-03-31 22:06 . 2008-03-31 22:06 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-03-31 22:06 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-31 21:44 . 2008-04-15 16:23 15,600 --a------ C:\WINDOWS\gdrv.sys
2008-03-31 21:44 . 2008-03-31 21:44 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-03-31 19:15 . 2008-03-31 19:15 <DIR> d--hs---- C:\Recycled
2008-03-31 19:13 . 2008-03-31 19:13 <DIR> d-------- C:\Documents and Settings\Maaciek\Gadu-Gadu
2008-03-31 19:13 . 2008-03-31 19:13 <DIR> d-------- C:\Documents and Settings\Maaciek\Dane aplikacji\Gadu-Gadu
2008-03-31 19:09 . 2008-04-20 17:31 558 --a------ C:\WINDOWS\DFC.INI
2008-03-31 19:07 . 2008-03-31 19:07 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-03-31 19:07 . 2007-09-16 19:07 6,853,088 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-03-31 19:07 . 2007-09-16 19:07 6,853,088 --a------ C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-03-31 19:07 . 2007-09-16 19:07 5,783,040 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-03-31 19:07 . 2007-09-16 19:07 5,783,040 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-03-31 19:06 . 2008-03-31 19:06 <DIR> d-------- C:\Program Files\VDOTool
2008-03-31 19:02 . 2008-03-31 18:40 <DIR> d--h----- C:\Documents and Settings\Maaciek\Ustawienia lokalne
2008-03-31 19:02 . 2008-03-31 19:02 <DIR> dr------- C:\Documents and Settings\Maaciek\Ulubione
2008-03-31 19:02 . 2008-03-31 18:40 <DIR> d--h----- C:\Documents and Settings\Maaciek\Szablony
2008-03-31 19:02 . 2008-03-31 18:40 <DIR> d-------- C:\Documents and Settings\Maaciek\Pulpit
2008-03-31 19:02 . 2008-03-31 19:02 <DIR> dr------- C:\Documents and Settings\Maaciek\Moje dokumenty
2008-03-31 19:02 . 2008-03-31 18:40 <DIR> dr------- C:\Documents and Settings\Maaciek\Menu Start
2008-03-31 19:02 . 2008-03-31 18:40 <DIR> dr-h----- C:\Documents and Settings\Maaciek\Dane aplikacji
2008-03-31 19:02 . 2008-03-31 19:02 <DIR> d-------- C:\Documents and Settings\Maaciek
2008-03-31 19:02 . 2008-04-20 17:32 53,248 --ah----- C:\Documents and Settings\Maaciek\ntuser.dat.LOG
2008-03-31 19:01 . 2008-03-31 19:01 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-03-31 19:01 . 2008-03-31 19:01 <DIR> d--h----- C:\Documents and Settings\NetworkService\Ustawienia lokalne
2008-03-31 19:01 . 2008-03-31 19:01 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji
2008-03-31 19:01 . 2008-03-31 19:01 <DIR> d--hs---- C:\Documents and Settings\NetworkService
2008-03-31 19:01 . 2008-03-31 19:01 <DIR> d--h----- C:\Documents and Settings\LocalService\Ustawienia lokalne
2008-03-31 19:01 . 2008-03-31 19:01 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji
2008-03-31 19:01 . 2008-03-31 19:01 <DIR> d--hs---- C:\Documents and Settings\LocalService
2008-03-31 19:01 . 2008-03-31 19:01 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-03-31 19:01 . 2008-04-20 17:11 1,024 --ah----- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
2008-03-31 19:01 . 2008-04-20 17:11 1,024 --ah----- C:\Documents and Settings\LocalService\ntuser.dat.LOG
2008-03-31 19:00 . 2008-03-31 18:40 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne
2008-03-31 19:00 . 2008-03-31 18:40 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Ulubione
2008-03-31 19:00 . 2008-03-31 18:40 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Szablony
2008-03-31 19:00 . 2008-03-31 18:40 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Pulpit
2008-03-31 19:00 . 2008-03-31 18:40 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Moje dokumenty
2008-03-31 19:00 . 2008-03-31 18:40 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Menu Start
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 16:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-31 16:55 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"Gadu-Gadu"="D:\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 19:07 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"WinFast Schedule"="D:\TV\WFWIZ.exe" [2005-03-02 13:21 278528]
"WinampAgent"="D:\Winamp\winampa.exe" [2008-03-27 08:35 36352]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 19:07 8491008]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-16 19:07 8491008 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-09-16 19:07 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\PnkBstrA.exe"=
"C:\\WINDOWS\\System32\\PnkBstrB.exe"=
"D:\\Maciek\\cs\\hl.exe"=
"D:\\Maciek\\COD 4\\iw3mp.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
R3 WFIOCTL;WFIOCTL;D:\TV\WFIOCTL.SYS [2005-01-06 16:55]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-04-15 16:23]
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 17:33:32
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-20 17:33:44
ComboFix-quarantined-files.txt 2008-04-20 15:33:44
Pre-Run: 21,327,446,016 bajtów wolnych
Post-Run: 21,318,025,216 bajtów wolnych
323
Moj brat uruchomił msconfig i w uruchamianie odznaczył NvcPL i nwiz. I nie wiem, mam to zaznaczyć czy nie?
20 Kwi 2008, 17:40
Log wygląda na czysty
To co w msconfig odznaczyłeś to było od nividii
To co w msconfig odznaczyłeś to było od nividii
20 Kwi 2008, 20:12
Jako że nie widze żadnej poprawy jutro pojawi sie log z tego kaspersky online skaner. Jeśli będzie czysty a dalej tak bedzie to bedzie format.
21 Kwi 2008, 12:48
Sorry za moją "natarczywość" a tu log
a podczas włączania komputera wyskakiwały mi errowy że xxx/xxx/xxx/temp jest uszkodzony i nie nadaje sie do odczytu i mam uruchomić program chdsk i go włączyłem....
- Kod:
21 kwiecień 2008 12:45:35
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus20/04/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus717511
Ustawienia skanowania
Skanowanie przy użyciu następujących baz danych rozszerzone
Skanuj archiwa tak
Skanuj pocztowe bazy danych tak
Obszar skanowania Mój komputer
A:\
C:\
D:\
E:\
F:\
H:\
Statystyki skanowania
Liczba skanowanych obiektów 54279
Liczba wykrytych wirusów 0
Liczba zainfekowanych obiektów 0
Liczba podejrzanych obiektów 0
Czas trwania skanowania 08:40:49
Nazwa zainfekowanego obiektu Nazwa wirusa Ostatnie działanie
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SYSTEM Object is locked pominięty
C:\WINDOWS\system32\config\SOFTWARE Object is locked pominięty
C:\WINDOWS\system32\config\DEFAULT Object is locked pominięty
C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\wiaservc.log Object is locked pominięty
C:\WINDOWS\wiadebug.log Object is locked pominięty
C:\WINDOWS\Sti_Trace.log Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\Maaciek\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\Maaciek\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\Maaciek\Ustawienia lokalne\Historia\History.IE5\MSHist012008042020080421\index.dat Object is locked pominięty
C:\Documents and Settings\Maaciek\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\Maaciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\Maaciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\Maaciek\Ustawienia lokalne\Dane aplikacji\Ahead\Nero Home\bl.db Object is locked pominięty
C:\Documents and Settings\Maaciek\Ustawienia lokalne\Dane aplikacji\Ahead\Nero Home\is2.db Object is locked pominięty
C:\Documents and Settings\Maaciek\Ustawienia lokalne\Dane aplikacji\Identities\{1376E72E-3DE1-473D-B9AB-69501B476A1D}\Microsoft\Outlook Express\Folders.dbx Object is locked pominięty
C:\Documents and Settings\Maaciek\Ustawienia lokalne\Dane aplikacji\Identities\{1376E72E-3DE1-473D-B9AB-69501B476A1D}\Microsoft\Outlook Express\Offline.dbx Object is locked pominięty
C:\Documents and Settings\Maaciek\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\Maaciek\ntuser.dat.LOG Object is locked pominięty
C:\System Volume Information\_restore{38365434-19F6-4BD8-84E3-DE0D2E0DA392}\RP65\change.log Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
D:\System Volume Information\_restore{38365434-19F6-4BD8-84E3-DE0D2E0DA392}\RP65\change.log Object is locked pominięty
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
Skanowanie zostało przerwane przez użytkownika
a podczas włączania komputera wyskakiwały mi errowy że xxx/xxx/xxx/temp jest uszkodzony i nie nadaje sie do odczytu i mam uruchomić program chdsk i go włączyłem....
21 Kwi 2008, 15:44
Komputer jest czysty od wirusów
Statystyki skanowania
Liczba skanowanych obiektów 54279
Liczba wykrytych wirusów 0
Liczba zainfekowanych obiektów 0
Liczba podejrzanych obiektów 0
Czas trwania skanowania 08:40:49
21 Kwi 2008, 15:53
Hubert, jest gorzej niz myslalem. Sprawdzilem u brata i u niego chodzilo wszystko dobrze. No to robie format. Po formacie internet chodzi jeszcze gorzej niz przedtem i pingi sa caly czas. Co ja mam zrobic zeby to naprawic?? brat ma ten sam internet co ja.... ja juz nie mam pojecia...
Właśnie mi antyvir avira znalazł to found000. Skąd to sie bierze jak po formacie dopiero jestem?? Teraz znalazlo jeszcze cos, jakies malware. Pytam sie zkad to sie bierze jak formaat co przed chwila byl??
Chciałem przeskanować fildery pewne tym kasperskym online i on na dysku d widzi te foldery Found i volume informations
Właśnie mi antyvir avira znalazł to found000. Skąd to sie bierze jak po formacie dopiero jestem?? Teraz znalazlo jeszcze cos, jakies malware. Pytam sie zkad to sie bierze jak formaat co przed chwila byl??
- Kod:
Avira AntiVir Personal
Report file date: 21 kwietnia 2008 15:49
Scanning for 1226990 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Dodatek Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MACIEK-FAE1BD70
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-04-21 13:41:26
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-04-21 13:41:26
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-04-21 13:41:26
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-04-21 13:41:26
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 13:27:16
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:41:26
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 2008-04-11 13:41:26
ANTIVIR3.VDF : 7.0.3.193 461312 Bytes 2008-04-21 13:41:26
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-21 13:41:26
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 2008-04-21 13:41:26
AESCN.DLL : 8.1.0.14 119156 Bytes 2008-04-21 13:41:26
AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-21 13:41:26
AEPACK.DLL : 8.1.1.2 364917 Bytes 2008-04-21 13:41:26
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-21 13:41:26
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 2008-04-21 13:41:26
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-21 13:41:26
AEGEN.DLL : 8.1.0.17 299380 Bytes 2008-04-21 13:41:26
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-21 13:41:26
AECORE.DLL : 8.1.0.27 168310 Bytes 2008-04-21 13:41:26
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-04-21 13:41:26
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-04-21 13:41:26
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-04-21 13:41:26
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-21 13:41:26
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-04-21 13:41:26
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-21 13:41:26
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-04-21 13:41:26
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-21 13:41:26
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-04-21 13:41:23
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-04-21 13:41:23
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 21 kwietnia 2008 15:49
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'gg.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'TBPanel.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '28' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\found.000\dir0000.chk\A0077856.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
D:\System Volume Information\_restore{3FA4C240-76EC-4BDA-B4FF-9C5B36B3B1D9}\RP156\A0117772.dll
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '483d9e0f.qua'!
D:\System Volume Information\_restore{BB161BB1-E1FB-413F-8152-E2F16FB590A3}\RP8\A0002567.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
Begin scan in 'E:\'
End of the scan: 21 kwietnia 2008 16:08
Used time: 19:24 min
The scan has been done completely.
2807 Scanning directories
218541 Files were scanned
2 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
2 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
218539 Files not concerned
1916 Archives were scanned
1 Warnings
3 Notes
Chciałem przeskanować fildery pewne tym kasperskym online i on na dysku d widzi te foldery Found i volume informations
21 Kwi 2008, 16:31
ten kasperski skanuje kilka h. Dam log z avira bo z combofixa sie nie da cos bo wyskakuje mi ze cos usunelo po czym pisze ze system nie moze znalesc sciezki i nic sie nie dzieje.
Log z avira :
To musi być gdzieś wir, bo u mojego brata jest all ok a jak mi po formacie praktycznie odrazu znaiduje jakiś syf to nie jest w porządku. Spróbuje jeszcze z combofixem...
i z combo
teraz widze że zmarnowałem chyba twój czas na marne. W uruchom wpisałem ping -t wp.pl żeby sprawdzić ping do połączenia z wp (czy coś takiego) i co sie okazało?? jest beznadziejny ale mój brat ma nawet gorszy. Z tymi pingami w grze to nie wiem. Może ma tak samo tylko za krótko patrzyłem. Przyidzie mój brat to sie jeszcz eznim skonsultuje. Jak sprawdzi kaspersky to wkleje loga
Log z avira :
- Kod:
Avira AntiVir Personal
Report file date: 21 kwietnia 2008 15:49
Scanning for 1226990 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Dodatek Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MACIEK-FAE1BD70
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-04-21 13:41:26
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-04-21 13:41:26
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-04-21 13:41:26
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-04-21 13:41:26
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 13:27:16
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:41:26
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 2008-04-11 13:41:26
ANTIVIR3.VDF : 7.0.3.193 461312 Bytes 2008-04-21 13:41:26
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-21 13:41:26
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 2008-04-21 13:41:26
AESCN.DLL : 8.1.0.14 119156 Bytes 2008-04-21 13:41:26
AERDL.DLL : 8.1.0.19 418164 Bytes 2008-04-21 13:41:26
AEPACK.DLL : 8.1.1.2 364917 Bytes 2008-04-21 13:41:26
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-21 13:41:26
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 2008-04-21 13:41:26
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-21 13:41:26
AEGEN.DLL : 8.1.0.17 299380 Bytes 2008-04-21 13:41:26
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-21 13:41:26
AECORE.DLL : 8.1.0.27 168310 Bytes 2008-04-21 13:41:26
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-04-21 13:41:26
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-04-21 13:41:26
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-04-21 13:41:26
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-21 13:41:26
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-04-21 13:41:26
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-21 13:41:26
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-04-21 13:41:26
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-21 13:41:26
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-04-21 13:41:23
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-04-21 13:41:23
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 21 kwietnia 2008 15:49
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'gg.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'TBPanel.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '28' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\found.000\dir0000.chk\A0077856.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
D:\System Volume Information\_restore{3FA4C240-76EC-4BDA-B4FF-9C5B36B3B1D9}\RP156\A0117772.dll
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '483d9e0f.qua'!
D:\System Volume Information\_restore{BB161BB1-E1FB-413F-8152-E2F16FB590A3}\RP8\A0002567.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
Begin scan in 'E:\'
End of the scan: 21 kwietnia 2008 16:08
Used time: 19:24 min
The scan has been done completely.
2807 Scanning directories
218541 Files were scanned
2 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
2 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
218539 Files not concerned
1916 Archives were scanned
1 Warnings
3 Notes
To musi być gdzieś wir, bo u mojego brata jest all ok a jak mi po formacie praktycznie odrazu znaiduje jakiś syf to nie jest w porządku. Spróbuje jeszcze z combofixem...
i z combo
- Kod:
ComboFix 08-04-20.5 - Maciek 2008-04-21 17:46:34.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1628 [GMT 2:00]
Running from: C:\Documents and Settings\Maciek\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML
.
((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.
2008-04-21 17:43 . 2008-04-21 17:43 <DIR> d-------- C:\Combo-Fix
2008-04-21 17:40 . 2008-04-21 17:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-21 17:02 . 2008-04-21 17:02 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-21 17:01 . 2008-04-21 17:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-21 17:01 . 2008-04-21 17:01 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-21 16:20 . 2008-04-21 16:20 <DIR> d--hs---- C:\FOUND.001
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-21 15:35 . 2008-04-21 15:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-04-21 15:33 . 2008-04-21 15:33 <DIR> d--hs---- C:\FOUND.000
2008-04-21 15:24 . 2008-04-21 17:43 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-21 15:07 . 2008-04-21 15:07 1,208 --a------ C:\WINDOWS\mozver.dat
2008-04-21 15:06 . 2008-04-21 15:06 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Gadu-Gadu
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 12:46 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-21 12:45 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\Ahead
2008-04-21 12:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-04-21 12:43 --------- d-----w C:\Program Files\Nero
2008-04-21 12:43 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-21 12:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-21 12:38 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\Talkback
2008-04-21 12:31 --------- d-----w C:\Program Files\Lexmark 3300 Series
2008-04-21 12:28 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-04-21 12:27 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-21 12:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 12:27 --------- d-----w C:\Program Files\Realtek
2008-04-21 12:26 --------- d-----w C:\Program Files\DIFX
2008-04-21 12:24 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\InstallShield
2008-04-21 12:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-21 12:19 --------- d-----w C:\Program Files\VDOTool
2008-04-21 12:12 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-21 12:11 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]
"Gadu-Gadu"="D:\GG\gg.exe" [2008-03-20 12:04 2127296]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 19:07 8491008]
"nwiz"="nwiz.exe" [2007-09-16 19:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 19:07 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"avgnt"="D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-21 15:41 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Maciek\\cs\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27050:TCP"= 27050:TCP:smut
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-04-21 14:28]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 17:47:09
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-21 17:47:23
ComboFix-quarantined-files.txt 2008-04-21 15:47:22
Pre-Run: 21,344,813,056 bajtów wolnych
Post-Run: 21,338,472,448 bajtów wolnych
93
teraz widze że zmarnowałem chyba twój czas na marne. W uruchom wpisałem ping -t wp.pl żeby sprawdzić ping do połączenia z wp (czy coś takiego) i co sie okazało?? jest beznadziejny ale mój brat ma nawet gorszy. Z tymi pingami w grze to nie wiem. Może ma tak samo tylko za krótko patrzyłem. Przyidzie mój brat to sie jeszcz eznim skonsultuje. Jak sprawdzi kaspersky to wkleje loga
Ostatnio edytowany przez Jagla 21 Kwi 2008, 17:52, edytowano w sumie 2 razy
21 Kwi 2008, 16:40
Pobierz The Avenger
wklej do niego ten tekst:
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. http://support.microsoft.com/kb/310405/pl
wklej do niego ten tekst:
- Kod:
Folders to delete:
D:\found.000
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. http://support.microsoft.com/kb/310405/pl
21 Kwi 2008, 16:46
tu log, a to przywracanie juz robie
rozumiem ze mam wylaczyc przywracanie systemu i wlaczyc odrazu??
właśnie na dysku d zobaczyłem folder avenger a wnim ten found.000 i go usunołem
- Kod:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Folder "D:\found.000" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
rozumiem ze mam wylaczyc przywracanie systemu i wlaczyc odrazu??
właśnie na dysku d zobaczyłem folder avenger a wnim ten found.000 i go usunołem
21 Kwi 2008, 17:39
Dobrze wszsyko się powiodło daj po kolei logi:
HijackThis
ComboFix
http://www.kaspersky.pl/virusscanner.html
HijackThis
ComboFix
http://www.kaspersky.pl/virusscanner.html
21 Kwi 2008, 17:42
Bede edytował, jak chcesz cos napisac to pisz.
log z hjt:
Zeedytowałem zły post. Zaraz poprawie...
teraz widze że zmarnowałem chyba twój czas na marne. W uruchom wpisałem ping -t wp.pl żeby sprawdzić ping do połączenia z wp (czy coś takiego) i co sie okazało?? jest beznadziejny ale mój brat ma podobny. Z tymi pingami w grze to nie wiem. Może ma tak samo tylko za krótko patrzyłem. Przyidzie mój brat to sie jeszcz eznim skonsultuje. Jak sprawdzi kaspersky to wkleje loga
log z hjt:
- Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40, on 2008-04-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
D:\GG\gg.exe
D:\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
D:\Maciek\Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\GG\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 4603 bytes
Zeedytowałem zły post. Zaraz poprawie...
- Kod:
ComboFix 08-04-20.5 - Maciek 2008-04-21 17:46:34.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1628 [GMT 2:00]
Running from: C:\Documents and Settings\Maciek\Pulpit\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML
.
((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.
2008-04-21 17:43 . 2008-04-21 17:43 <DIR> d-------- C:\Combo-Fix
2008-04-21 17:40 . 2008-04-21 17:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-21 17:02 . 2008-04-21 17:02 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-21 17:01 . 2008-04-21 17:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-21 17:01 . 2008-04-21 17:01 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-21 16:20 . 2008-04-21 16:20 <DIR> d--hs---- C:\FOUND.001
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-21 15:35 . 2008-04-21 15:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-04-21 15:33 . 2008-04-21 15:33 <DIR> d--hs---- C:\FOUND.000
2008-04-21 15:24 . 2008-04-21 17:43 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-21 15:07 . 2008-04-21 15:07 1,208 --a------ C:\WINDOWS\mozver.dat
2008-04-21 15:06 . 2008-04-21 15:06 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Gadu-Gadu
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 12:46 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-21 12:45 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\Ahead
2008-04-21 12:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-04-21 12:43 --------- d-----w C:\Program Files\Nero
2008-04-21 12:43 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-21 12:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-21 12:38 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\Talkback
2008-04-21 12:31 --------- d-----w C:\Program Files\Lexmark 3300 Series
2008-04-21 12:28 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-04-21 12:27 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-21 12:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 12:27 --------- d-----w C:\Program Files\Realtek
2008-04-21 12:26 --------- d-----w C:\Program Files\DIFX
2008-04-21 12:24 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\InstallShield
2008-04-21 12:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-21 12:19 --------- d-----w C:\Program Files\VDOTool
2008-04-21 12:12 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-21 12:11 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]
"Gadu-Gadu"="D:\GG\gg.exe" [2008-03-20 12:04 2127296]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 19:07 8491008]
"nwiz"="nwiz.exe" [2007-09-16 19:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 19:07 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"avgnt"="D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-21 15:41 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Maciek\\cs\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27050:TCP"= 27050:TCP:smut
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-04-21 14:28]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 17:47:09
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-21 17:47:23
ComboFix-quarantined-files.txt 2008-04-21 15:47:22
Pre-Run: 21,344,813,056 bajtów wolnych
Post-Run: 21,338,472,448 bajtów wolnych
93
teraz widze że zmarnowałem chyba twój czas na marne. W uruchom wpisałem ping -t wp.pl żeby sprawdzić ping do połączenia z wp (czy coś takiego) i co sie okazało?? jest beznadziejny ale mój brat ma podobny. Z tymi pingami w grze to nie wiem. Może ma tak samo tylko za krótko patrzyłem. Przyidzie mój brat to sie jeszcz eznim skonsultuje. Jak sprawdzi kaspersky to wkleje loga
21 Kwi 2008, 17:58
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
Wklej do notatnika:
- Kod:
Folder::
C:\FOUND.000
C:\FOUND.001
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.
21 Kwi 2008, 18:11
jest jeden problem, sciaglem combofixa i gdy przenosze ten tekst to sie laduje ten paseczek i wyskakuje z packa komunikat ze combofic/cmdr(chyba) jest uszkodzony i nie nadaje sie do uzycytku i mam wlaczyc chdksk. Wlaczylem ten chdsk chyab z 10 razy sciagallem i ciagle to samo. A nazwy z - nie da sie zmienic bo wyskakuje komunikat ze nie mozna zmienic....
zamiast - dalem . i poszlo
zamiast - dalem . i poszlo
- Kod:
ComboFix 08-04-20.5 - Maciek 2008-04-21 18:10:37.5 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1576 [GMT 2:00]
Running from: C:\Documents and Settings\Maciek\Pulpit\Combo.Fix.exe
Command switches used :: C:\Documents and Settings\Maciek\Pulpit\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\FOUND.000
C:\FOUND.000\FILE0000.CHK
C:\FOUND.000\FILE0001.CHK
C:\FOUND.000\FILE0002.CHK
C:\FOUND.000\FILE0003.CHK
C:\FOUND.000\FILE0004.CHK
C:\FOUND.000\FILE0005.CHK
C:\FOUND.000\FILE0006.CHK
C:\FOUND.000\FILE0007.CHK
C:\FOUND.000\FILE0008.CHK
C:\FOUND.000\FILE0009.CHK
C:\FOUND.000\FILE0010.CHK
C:\FOUND.000\FILE0011.CHK
C:\FOUND.000\FILE0012.CHK
C:\FOUND.000\FILE0013.CHK
C:\FOUND.000\FILE0014.CHK
C:\FOUND.000\FILE0015.CHK
C:\FOUND.000\FILE0016.CHK
C:\FOUND.000\FILE0017.CHK
C:\FOUND.000\FILE0018.CHK
C:\FOUND.000\FILE0019.CHK
C:\FOUND.000\FILE0020.CHK
C:\FOUND.000\FILE0021.CHK
C:\FOUND.000\FILE0022.CHK
C:\FOUND.000\FILE0023.CHK
C:\FOUND.000\FILE0024.CHK
C:\FOUND.000\FILE0025.CHK
C:\FOUND.000\FILE0026.CHK
C:\FOUND.000\FILE0027.CHK
C:\FOUND.000\FILE0028.CHK
C:\FOUND.000\FILE0029.CHK
C:\FOUND.000\FILE0030.CHK
C:\FOUND.000\FILE0031.CHK
C:\FOUND.000\FILE0032.CHK
C:\FOUND.000\FILE0033.CHK
C:\FOUND.000\FILE0034.CHK
C:\FOUND.000\FILE0035.CHK
C:\FOUND.000\FILE0036.CHK
C:\FOUND.000\FILE0037.CHK
C:\FOUND.000\FILE0038.CHK
C:\FOUND.000\FILE0039.CHK
C:\FOUND.000\FILE0040.CHK
C:\FOUND.000\FILE0041.CHK
C:\FOUND.000\FILE0042.CHK
C:\FOUND.000\FILE0043.CHK
C:\FOUND.000\FILE0044.CHK
C:\FOUND.000\FILE0045.CHK
C:\FOUND.000\FILE0046.CHK
C:\FOUND.000\FILE0047.CHK
C:\FOUND.000\FILE0048.CHK
C:\FOUND.000\FILE0049.CHK
C:\FOUND.000\FILE0050.CHK
C:\FOUND.000\FILE0051.CHK
C:\FOUND.000\FILE0052.CHK
C:\FOUND.000\FILE0053.CHK
C:\FOUND.000\FILE0054.CHK
C:\FOUND.000\FILE0055.CHK
C:\FOUND.000\FILE0056.CHK
C:\FOUND.000\FILE0057.CHK
C:\FOUND.000\FILE0058.CHK
C:\FOUND.000\FILE0059.CHK
C:\FOUND.000\FILE0060.CHK
C:\FOUND.000\FILE0061.CHK
C:\FOUND.000\FILE0062.CHK
C:\FOUND.000\FILE0063.CHK
C:\FOUND.000\FILE0064.CHK
C:\FOUND.000\FILE0065.CHK
C:\FOUND.000\FILE0066.CHK
C:\FOUND.000\FILE0067.CHK
C:\FOUND.000\FILE0068.CHK
C:\FOUND.000\FILE0069.CHK
C:\FOUND.000\FILE0070.CHK
C:\FOUND.000\FILE0071.CHK
C:\FOUND.000\FILE0072.CHK
C:\FOUND.000\FILE0073.CHK
C:\FOUND.000\FILE0074.CHK
C:\FOUND.000\FILE0075.CHK
C:\FOUND.000\FILE0076.CHK
C:\FOUND.000\FILE0077.CHK
C:\FOUND.000\FILE0078.CHK
C:\FOUND.000\FILE0079.CHK
C:\FOUND.000\FILE0080.CHK
C:\FOUND.000\FILE0081.CHK
C:\FOUND.000\FILE0082.CHK
C:\FOUND.000\FILE0083.CHK
C:\FOUND.000\FILE0084.CHK
C:\FOUND.000\FILE0085.CHK
C:\FOUND.000\FILE0086.CHK
C:\FOUND.000\FILE0087.CHK
C:\FOUND.000\FILE0088.CHK
C:\FOUND.000\FILE0089.CHK
C:\FOUND.000\FILE0090.CHK
C:\FOUND.000\FILE0091.CHK
C:\FOUND.000\FILE0092.CHK
C:\FOUND.000\FILE0093.CHK
C:\FOUND.000\FILE0094.CHK
C:\FOUND.000\FILE0095.CHK
C:\FOUND.000\FILE0096.CHK
C:\FOUND.000\FILE0097.CHK
C:\FOUND.000\FILE0098.CHK
C:\FOUND.000\FILE0099.CHK
C:\FOUND.000\FILE0100.CHK
C:\FOUND.000\FILE0101.CHK
C:\FOUND.000\FILE0102.CHK
C:\FOUND.000\FILE0103.CHK
C:\FOUND.000\FILE0104.CHK
C:\FOUND.000\FILE0105.CHK
C:\FOUND.000\FILE0106.CHK
C:\FOUND.000\FILE0107.CHK
C:\FOUND.000\FILE0108.CHK
C:\FOUND.000\FILE0109.CHK
C:\FOUND.000\FILE0110.CHK
C:\FOUND.000\FILE0111.CHK
C:\FOUND.000\FILE0112.CHK
C:\FOUND.000\FILE0113.CHK
C:\FOUND.000\FILE0114.CHK
C:\FOUND.000\FILE0115.CHK
C:\FOUND.000\FILE0116.CHK
C:\FOUND.000\FILE0117.CHK
C:\FOUND.000\FILE0118.CHK
C:\FOUND.000\FILE0119.CHK
C:\FOUND.000\FILE0120.CHK
C:\FOUND.000\FILE0121.CHK
C:\FOUND.000\FILE0122.CHK
C:\FOUND.000\FILE0123.CHK
C:\FOUND.000\FILE0124.CHK
C:\FOUND.000\FILE0125.CHK
C:\FOUND.000\FILE0126.CHK
C:\FOUND.000\FILE0127.CHK
C:\FOUND.000\FILE0128.CHK
C:\FOUND.000\FILE0129.CHK
C:\FOUND.000\FILE0130.CHK
C:\FOUND.000\FILE0131.CHK
C:\FOUND.000\FILE0132.CHK
C:\FOUND.000\FILE0133.CHK
C:\FOUND.000\FILE0134.CHK
C:\FOUND.000\FILE0135.CHK
C:\FOUND.000\FILE0136.CHK
C:\FOUND.000\FILE0137.CHK
C:\FOUND.000\FILE0138.CHK
C:\FOUND.000\FILE0139.CHK
C:\FOUND.000\FILE0140.CHK
C:\FOUND.000\FILE0141.CHK
C:\FOUND.000\FILE0142.CHK
C:\FOUND.000\FILE0143.CHK
C:\FOUND.000\FILE0144.CHK
C:\FOUND.000\FILE0145.CHK
C:\FOUND.000\FILE0146.CHK
C:\FOUND.000\FILE0147.CHK
C:\FOUND.000\FILE0148.CHK
C:\FOUND.000\FILE0149.CHK
C:\FOUND.000\FILE0150.CHK
C:\FOUND.000\FILE0151.CHK
C:\FOUND.000\FILE0152.CHK
C:\FOUND.000\FILE0153.CHK
C:\FOUND.000\FILE0154.CHK
C:\FOUND.000\FILE0155.CHK
C:\FOUND.000\FILE0156.CHK
C:\FOUND.000\FILE0157.CHK
C:\FOUND.000\FILE0158.CHK
C:\FOUND.000\FILE0159.CHK
C:\FOUND.000\FILE0160.CHK
C:\FOUND.000\FILE0161.CHK
C:\FOUND.000\FILE0162.CHK
C:\FOUND.000\FILE0163.CHK
C:\FOUND.000\FILE0164.CHK
C:\FOUND.000\FILE0165.CHK
C:\FOUND.000\FILE0166.CHK
C:\FOUND.000\FILE0167.CHK
C:\FOUND.000\FILE0168.CHK
C:\FOUND.000\FILE0169.CHK
C:\FOUND.000\FILE0170.CHK
C:\FOUND.000\FILE0171.CHK
C:\FOUND.000\FILE0172.CHK
C:\FOUND.000\FILE0173.CHK
C:\FOUND.000\FILE0174.CHK
C:\FOUND.000\FILE0175.CHK
C:\FOUND.000\FILE0176.CHK
C:\FOUND.000\FILE0177.CHK
C:\FOUND.000\FILE0178.CHK
C:\FOUND.000\FILE0179.CHK
C:\FOUND.000\FILE0180.CHK
C:\FOUND.000\FILE0181.CHK
C:\FOUND.001
C:\FOUND.001\FILE0000.CHK
C:\FOUND.001\FILE0001.CHK
C:\FOUND.001\FILE0002.CHK
C:\FOUND.001\FILE0003.CHK
C:\FOUND.001\FILE0004.CHK
C:\FOUND.001\FILE0005.CHK
C:\FOUND.001\FILE0006.CHK
C:\FOUND.001\FILE0007.CHK
C:\FOUND.001\FILE0008.CHK
C:\FOUND.001\FILE0009.CHK
C:\FOUND.001\FILE0010.CHK
C:\FOUND.001\FILE0011.CHK
C:\FOUND.001\FILE0012.CHK
C:\FOUND.001\FILE0013.CHK
C:\FOUND.001\FILE0014.CHK
C:\FOUND.001\FILE0015.CHK
C:\FOUND.001\FILE0016.CHK
C:\FOUND.001\FILE0017.CHK
C:\FOUND.001\FILE0018.CHK
C:\FOUND.001\FILE0019.CHK
C:\FOUND.001\FILE0020.CHK
C:\FOUND.001\FILE0021.CHK
C:\FOUND.001\FILE0022.CHK
C:\FOUND.001\FILE0023.CHK
C:\FOUND.001\FILE0024.CHK
C:\FOUND.001\FILE0025.CHK
C:\FOUND.001\FILE0026.CHK
C:\FOUND.001\FILE0027.CHK
C:\FOUND.001\FILE0028.CHK
C:\FOUND.001\FILE0029.CHK
C:\FOUND.001\FILE0030.CHK
C:\FOUND.001\FILE0031.CHK
C:\FOUND.001\FILE0032.CHK
C:\FOUND.001\FILE0033.CHK
C:\FOUND.001\FILE0034.CHK
C:\FOUND.001\FILE0035.CHK
C:\FOUND.001\FILE0036.CHK
C:\FOUND.001\FILE0037.CHK
C:\FOUND.001\FILE0038.CHK
.
((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.
2008-04-21 18:01 . 2008-04-21 18:01 <DIR> d-------- C:\ComboFix
2008-04-21 17:43 . 2008-04-21 17:43 <DIR> d-------- C:\Combo-Fix
2008-04-21 17:40 . 2008-04-21 17:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-21 17:02 . 2008-04-21 17:02 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-04-21 17:01 . 2008-04-21 17:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-21 17:01 . 2008-04-21 17:01 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 16:01 . 2008-04-21 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-04-21 15:35 . 2008-04-21 15:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-04-21 15:24 . 2008-04-21 17:43 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-21 15:07 . 2008-04-21 15:07 1,208 --a------ C:\WINDOWS\mozver.dat
2008-04-21 15:06 . 2008-04-21 15:06 <DIR> d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Gadu-Gadu
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 12:46 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-21 12:45 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\Ahead
2008-04-21 12:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-04-21 12:43 --------- d-----w C:\Program Files\Nero
2008-04-21 12:43 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-21 12:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-21 12:38 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\Talkback
2008-04-21 12:31 --------- d-----w C:\Program Files\Lexmark 3300 Series
2008-04-21 12:28 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-04-21 12:27 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-21 12:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 12:27 --------- d-----w C:\Program Files\Realtek
2008-04-21 12:26 --------- d-----w C:\Program Files\DIFX
2008-04-21 12:24 --------- d-----w C:\Documents and Settings\Maciek\Dane aplikacji\InstallShield
2008-04-21 12:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-21 12:19 --------- d-----w C:\Program Files\VDOTool
2008-04-21 12:12 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-21 12:11 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((( snapshot@2008-04-21_17.47.15.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-21 15:44:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-21 16:02:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 17:55 451872]
"Gadu-Gadu"="D:\GG\gg.exe" [2008-03-20 12:04 2127296]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-11-01 13:25 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 19:07 8491008]
"nwiz"="nwiz.exe" [2007-09-16 19:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-16 19:07 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"avgnt"="D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-21 15:41 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\Maciek\\cs\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27050:TCP"= 27050:TCP:smut
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-04-21 14:28]
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 18:11:25
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-21 18:11:39
ComboFix-quarantined-files.txt 2008-04-21 16:11:38
ComboFix2.txt 2008-04-21 15:47:24
Pre-Run: 21,266,579,456 bajtów wolnych
Post-Run: 21,258,829,824 bajtów wolnych
323