Mam problem . Podczas uruchamiania sie systemu winXP komp w pewnym momencie jakby zatrzymuje sie(twardy dysk miga sporadycznie) , po czym rusza ale pokazuje sie dymek z komunikatem " zadna zapora n ie jest wlaczona" i zaraz znika . Przesylam loga z hijackthis .
Pozdrawiam Jasiu
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:18, on 2008-09-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Multimedia Combo Set Driver\PS2USBKbdDrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Multimedia Combo Set Driver\MouseDrv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\AutoConnect\AutoConnect.exe
D:\mdoku5\torrenty\ferguson\wsp\wsp_0.9.6_lakionline\wsp.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
D:\mdoku5\torrenty\ferguson\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kurnik.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Lexmark Pasek narzędzi - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [wsp] D:\mdoku5\torrenty\ferguson\wsp\wsp_0.9.6_lakionline\wsp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://download.gamedesire.com/g_bin/pl/words_2_0_0_51.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27162451-CD2E-48D9-A902-81B298F2AF43}: NameServer = 83.238.255.76 213.241.79.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{27162451-CD2E-48D9-A902-81B298F2AF43}: NameServer = 83.238.255.76 213.241.79.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{27162451-CD2E-48D9-A902-81B298F2AF43}: NameServer = 83.238.255.76 213.241.79.37
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11626 bytes
oto log z combofixa
- Kod: Zaznacz wszystko
ComboFix 08-08-31.01 - Jasiu 2008-09-01 12:22:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.429 [GMT 2:00]
Running from: D:\mdoku5\torrenty\ferguson\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.
2008-09-01 12:01 . 2008-09-01 12:01 <DIR> d--hs---- C:\Diskeeper
2008-09-01 10:06 . 2008-09-01 10:06 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Diskeeper Corporation
2008-09-01 10:05 . 2008-09-01 10:05 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-09-01 09:44 . 2008-09-01 09:44 <DIR> d-------- C:\Program Files\RegCleaner
2008-08-31 13:15 . 2008-08-31 13:14 655,424 --a------ C:\listado.ird
2008-08-30 09:41 . 2008-08-30 09:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Age of Empires 3
2008-08-30 09:27 . 2008-08-30 09:27 <DIR> d-------- C:\Program Files\Microsoft Games
2008-08-28 22:14 . 2008-08-28 22:21 <DIR> d-------- C:\Documents and Settings\Jasiu\Dane aplikacji\gtk-2.0
2008-08-28 21:41 . 2008-08-28 22:41 <DIR> d-------- C:\Documents and Settings\Jasiu\.gimp-2.4
2008-08-28 21:40 . 2008-08-28 21:40 <DIR> d-------- C:\Program Files\GimPhoto 1.4.3
2008-08-28 21:20 . 2008-08-28 21:20 <DIR> d-------- C:\Documents and Settings\Jasiu\Dane aplikacji\Corel
2008-08-28 21:20 . 2008-08-28 21:22 88 -r-hs---- C:\WINDOWS\system32\6868AB7A7A.sys
2008-08-28 13:47 . 2008-08-28 13:57 <DIR> d-------- C:\Program Files\OSPS
2008-08-24 13:17 . 2008-08-24 13:17 <DIR> d-------- C:\Documents and Settings\Jasiu\Dane aplikacji\Malwarebytes
2008-08-24 13:17 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-24 13:17 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-24 13:16 . 2008-08-24 13:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 13:16 . 2008-08-24 13:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes
2008-08-24 11:34 . 2008-08-24 11:34 69 --a------ C:\WINDOWS\cdplayer.ini
2008-08-22 13:34 . 2008-08-22 13:34 <DIR> d-------- C:\Documents and Settings\Jasiu\Dane aplikacji\Playrix Entertainment
2008-08-22 08:22 . 2008-08-22 08:22 <DIR> d-------- C:\Documents and Settings\Jasiu\Dane aplikacji\DAEMON Tools Pro
2008-08-22 08:22 . 2008-08-22 08:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Pro
2008-08-22 08:19 . 2008-08-22 08:28 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-08-22 08:13 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-08-22 08:13 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-08-22 08:13 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-08-22 08:13 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-08-22 07:45 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-08-18 19:14 . 2008-08-18 19:14 <DIR> d-------- C:\Documents and Settings\Jasiu\Dane aplikacji\Ashampoo
2008-08-18 19:13 . 2008-08-18 19:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\ashampoo
2008-08-08 21:18 . 2008-08-08 21:19 <DIR> d-------- C:\Documents and Settings\Jasiu\Dane aplikacji\fretsonfire
2008-08-08 10:03 . 2008-08-08 10:03 <DIR> d-------- C:\Documents and Settings\Jasiu\Dane aplikacji\HEXelon
2008-08-08 10:03 . 2006-01-13 14:00 15,872 --a------ C:\WINDOWS\system32\drivers\vd_filedisk.sys
2008-08-02 22:06 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-08-02 22:06 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-08-01 13:21 . 2001-08-17 22:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2008-08-01 13:21 . 2001-08-17 22:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 10:25 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\Skype
2008-09-01 08:14 --------- d-----w C:\Program Files\lx_cats
2008-09-01 08:12 --------- d-----w C:\Program Files\AutoConnect
2008-09-01 07:25 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\skypePM
2008-08-30 07:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 19:19 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\Thinstall
2008-08-28 15:41 --------- d-----w C:\Program Files\ArcPad 7.0
2008-08-26 16:38 --------- d-----w C:\Program Files\Pro-Swim Software
2008-08-26 16:17 --------- d-----w C:\Program Files\Opera
2008-08-22 11:34 --------- d-----w C:\Program Files\BigFish
2008-08-22 06:16 --------- d-----w C:\Program Files\Wiedźmin
2008-08-22 06:13 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-08-22 05:45 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-22 05:45 --------- d-----w C:\Program Files\Nokia
2008-08-22 05:45 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-08-22 05:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Installations
2008-08-20 15:11 --------- d-----w C:\Program Files\JAlbumWin
2008-08-08 08:04 --------- d-----w C:\Program Files\TC UP
2008-08-02 20:16 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-26 19:53 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\Apple Computer
2008-07-26 17:14 --------- d-----w C:\Program Files\iTunes
2008-07-26 17:14 --------- d-----w C:\Program Files\iPod
2008-07-26 17:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple Computer
2008-07-26 17:13 --------- d-----w C:\Program Files\QuickTime
2008-07-26 17:13 --------- d-----w C:\Program Files\Bonjour
2008-07-26 17:11 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-26 17:11 --------- d-----w C:\Program Files\Apple Software Update
2008-07-26 17:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Apple
2008-07-26 16:41 --------- d-----w C:\Program Files\SecondLife
2008-07-26 16:40 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\SecondLife
2008-07-24 20:26 --------- d-----w C:\Program Files\Cell Phone Manager
2008-07-24 20:26 --------- d-----w C:\Program Files\AnMing
2008-07-24 19:00 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\Nokia
2008-07-24 18:54 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\PC Suite
2008-07-24 18:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-24 18:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-24 18:41 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\PC Suite
2008-07-24 12:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\TEMP
2008-07-24 12:33 --------- d-----w C:\Program Files\BearShare
2008-07-23 18:34 1,015,686 ----a-w C:\WINDOWS\screen saver vgirl 02.scr
2008-07-23 17:23 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-23 14:01 --------- d-----w C:\Program Files\Tomb Raider - Legend
2008-07-23 13:22 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-23 11:49 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-23 09:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Elaborate Bytes
2008-07-23 09:46 --------- d-----w C:\Program Files\Elaborate Bytes
2008-07-22 10:10 --------- d-----w C:\Program Files\Common Files\Totem Shared
2008-07-22 10:00 --------- d-----w C:\Program Files\VPSS
2008-07-22 06:20 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-07-21 11:54 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\BitSpirit
2008-07-19 12:34 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\GlobalSCAPE
2008-07-19 09:58 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\Lexmark Imaging Studio
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 15:03 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\Media Player Classic
2008-07-18 09:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help
2008-07-18 06:13 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\FaxCtr
2008-07-17 07:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\FaxCtr
2008-07-16 16:36 --------- d-----w C:\Program Files\Radmin
2008-07-16 16:32 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\GanymedeNet
2008-07-16 16:28 --------- d-----w C:\Program Files\Multimedia Combo Set Driver
2008-07-16 15:59 --------- d-----w C:\Documents and Settings\Jasiu\Dane aplikacji\Gadu-Gadu
2008-07-16 15:58 --------- d-----w C:\Program Files\Skype
2008-07-16 15:58 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-16 15:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Skype
2008-07-16 15:46 --------- d-----w C:\Program Files\Google
2008-07-16 15:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-16 15:44 --------- d-----w C:\Program Files\Realtek
2008-07-16 15:42 --------- d-----w C:\Program Files\Java
2008-07-16 15:23 --------- d-----w C:\Program Files\Thomson
2008-07-16 14:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\nView_Profiles
2008-07-16 13:33 --------- d-----w C:\Program Files\VDOTool
2008-07-16 13:27 --------- d-----w C:\Program Files\VIA
2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-01-10 14:57 2,421,312 ----a-w C:\Documents and Settings\Jasiu\Dane aplikacji.exe
.
------- Sigcheck -------
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:45 360320 bd191f8194a2fe67c6cc07bed5ce785e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-15 17:31 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27 295424]
"wsp"="D:\mdoku5\torrenty\ferguson\wsp\wsp_0.9.6_lakionline\wsp.exe" [2006-04-14 12:07 276480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 20:17 222592]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:57 1289000]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:55 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="C:\Program Files\VDOTool\TBPanel.exe" [2007-06-26 14:58 2165272]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 04:34 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 04:34 81920]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"WireLessMouse"="C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe" [2005-11-30 12:48 94208]
"WireLessKeyboard"="C:\Program Files\Multimedia Combo Set Driver\StartAutorun.exe" [2005-11-30 12:48 94208]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-13 01:58 291760]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-06 01:32 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-13 02:00 312240]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 00:05 102400]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-08-17 15:01 1195640]
"nwiz"="nwiz.exe" [2007-07-23 04:34 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 10:40 16858112 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]
C:\Documents and Settings\Jacus\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
VOIP321.lnk - C:\Program Files\Philips\VOIP321\VOIP321.exe [2007-05-03 15:52:18 376832]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-08-11 08:31 1124352 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\TC UP\\TOTALCMD.EXE"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 14:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 14:00]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 01:59]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - WMIAPSRV
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-ares - C:\Program Files\Ares\Ares.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.kurnik.pl/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O17 -: HKLM\CCS\Interface\{27162451-CD2E-48D9-A902-81B298F2AF43}: NameServer = 83.238.255.76 213.241.79.37
O16 -: {BFA1F11D-3121-AFE1-4112-894323212DAC} - hxxp://download.gamedesire.com/g_bin/pl/words_2_0_0_51.cab
C:\WINDOWS\Downloaded Program Files\words.inf
C:\WINDOWS\Downloaded Program Files\words.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 12:25:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-01 12:26:29
ComboFix-quarantined-files.txt 2008-09-01 10:26:16
Pre-Run: 25,643,380,736 bajtów wolnych
Post-Run: 26,403,115,008 bajtów wolnych
286 --- E O F --- 2008-08-31 22:22:44
a zapora systemowa jest caly czas wlaczona
zapisz jako 