Prośba O Sprawdzenie Loga :)

[szymciu]

dziś mój avast zaczął krzyczeć że są jakieś robale, były to pliki NIE systemowe więc pousuwałem.

Następnie po paru godzinach avast krzyczy ze znalazł coś w sens.dll i msftpd.dll oba do kwarantanny.

Prośba o sprawdzenie loga zanim coś się zacznie sypać 8O

 

Oraz druga sprawa ( po co zaczynać drugi wątek ;P )

zamieszczam screena

 

Z góry dzięki 8O

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:32:47, on 2008-09-17

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe

C:\Program Files\Razer\Lycosa\razerhid.exe

D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ASUS Xonar D2 Audio\Customapp\Program\ASUSAUDIOCENTER.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ASUS Xonar D2 Audio\Customapp\Program\MXMon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe

C:\Program Files\Razer\Lycosa\razertra.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\WapSter\WapSter AQQ\AQQ.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\uTorrent\uTorrent.exe

D:\Program Files\Winamp\winamp.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\FlashGet\flashget.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [CreativeMS2020] C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe

O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"

O4 - HKLM\..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208102166801

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 7218 bytes

[Kolobos]

Daj log z combofix.

[szymciu]

log z combofixa:

 

 

ComboFix 08-09-16.05 - Pan i Wadca 2008-09-18 18:38:12.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1572 [GMT 2:00]

Uruchomiony z: C:\Documents and Settings\Pan i Wadca\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

 

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Pan i Władca\Cookies\pan_i_władca@r1.beta.ace.advertising[2].txt

C:\Documents and Settings\Pan i Władca\Cookies\pan_i_władca@r1.beta.ace.advertising[3].txt

C:\Program Files\update.exe

C:\WINDOWS\OPTIONS\CABS\_desktop.ini

 

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_6TO4

-------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780}

-------\Service_{DEF85C80-216A-43ab-AF70-1665EDBE2780}

-------\Service_6to4

 

 

((((((((((((((((((((((((( Pliki utworzone od 2008-08-18 do 2008-09-18 )))))))))))))))))))))))))))))))

.

 

2008-09-14 17:18 . 2008-09-14 17:18 <DIR> d--hs---- C:\Diskeeper

2008-09-14 00:35 . 2008-09-14 00:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation

2008-09-14 00:30 . 2008-09-14 00:30 <DIR> d-------- C:\Program Files\Diskeeper Corporation

2008-09-14 00:15 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

2008-09-14 00:14 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-09-14 00:04 . 2008-09-14 00:04 <DIR> d-------- C:\WINDOWS\system32\pl

2008-09-14 00:04 . 2008-09-14 00:04 <DIR> d-------- C:\WINDOWS\system32\bits

2008-09-14 00:04 . 2008-09-14 00:04 <DIR> d-------- C:\WINDOWS\l2schemas

2008-09-14 00:03 . 2008-09-14 00:04 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-09-13 23:53 . 2004-08-04 00:35 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

2008-09-08 18:10 . 2008-09-08 18:10 <DIR> d-------- C:\Documents and Settings\Admin\USTAWI~1

2008-09-08 18:10 . 2008-09-08 18:10 <DIR> d-------- C:\Documents and Settings\Admin

2008-09-07 20:34 . 2008-09-07 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ATI

2008-09-04 18:24 . <DIR> C:\Documents and Settings\Pan i Władca\Dane aplikacji\CyberLink

2008-08-26 21:30 . 2008-08-26 21:30 799 --a------ C:\WINDOWS\system\Cmicnfgp.ini

2008-08-25 13:08 . <DIR> C:\Documents and Settings\Pan i Władca\Dane aplikacji\Ableton

2008-08-25 13:08 . 2008-08-25 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ableton

2008-08-25 13:07 . 2007-05-02 09:54 368,640 --a------ C:\WINDOWS\system32\ReWire.dll

2008-08-25 13:06 . 2008-08-25 13:06 <DIR> d-------- C:\Program Files\Ableton

2008-08-25 13:03 . 2008-08-25 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink

2008-08-25 13:03 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll

2008-08-25 13:02 . 2008-08-25 13:02 <DIR> d-------- C:\Program Files\CyberLink

2008-08-25 13:01 . 2008-08-25 13:01 <DIR> d-------- C:\Program Files\Elecard

2008-08-25 13:01 . 2008-08-25 13:01 <DIR> d-------- C:\Program Files\Common Files\Elecard

2008-08-25 13:00 . 2008-08-25 13:00 <DIR> d-------- C:\Program Files\My Company Name

2008-08-25 12:59 . 2008-08-25 12:59 <DIR> d-------- C:\Program Files\RMAA

2008-08-25 12:59 . 2008-08-25 12:59 <DIR> d-------- C:\Program Files\Common Files\PMP

2008-08-25 12:59 . 2008-08-29 14:15 <DIR> d-------- C:\Program Files\ASUS PMP

2008-08-25 12:59 . 2007-04-03 17:29 311,296 --a------ C:\WINDOWS\system32\KuDevice.dll

2008-08-25 12:59 . 2007-04-13 10:37 106,496 --a------ C:\WINDOWS\system32\vmix.dll

2008-08-25 12:53 . <DIR> C:\Documents and Settings\Pan i Władca\Dane aplikacji\ASUS

2008-08-25 12:50 . 2008-08-25 12:50 <DIR> d-------- C:\Program Files\OpenAL

2008-08-25 12:50 . 2008-08-26 21:30 <DIR> d-------- C:\Program Files\ASUS Xonar D2 Audio

2008-08-25 12:50 . 2008-07-02 20:23 <DIR> d-a------ C:\MediaCenterAudio

2008-08-25 12:50 . 2007-01-16 12:36 782,336 -ra------ C:\WINDOWS\system32\tmp4.tmp

2008-08-25 12:50 . 2008-08-26 21:30 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-08-25 12:50 . 2008-08-26 21:30 102,400 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-08-25 12:50 . 2008-06-04 11:21 77,824 --a------ C:\WINDOWS\CmiPCIUninstall.exe

2008-08-25 12:50 . 2007-04-12 18:35 40,358 --a------ C:\WINDOWS\Xonar D2 Audio.ico

2008-08-25 12:50 . 2007-03-01 10:05 7,680 -r-h----- C:\WINDOWS\Thumbs.db

2008-08-25 12:50 . 2007-06-01 10:59 6,187 -ra------ C:\WINDOWS\Cmicnfgp.ini.cfg

2008-08-25 12:50 . 2008-07-03 13:52 558 --a------ C:\WINDOWS\cmudaxp.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-18 09:26 --------- d-----w C:\Documents and Settings\Pan i Władca\Dane aplikacji\uTorrent

2008-09-14 11:36 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-08 16:35 --------- d-----w C:\Documents and Settings\Pan i Władca\Dane aplikacji\Adobe

2008-09-07 18:32 --------- d-----w C:\Program Files\ATI Technologies

2008-09-05 16:22 --------- d-s---w C:\Documents and Settings\Pan i Władca\Dane aplikacji\Microsoft

2008-08-29 12:03 --------- d-----w C:\Documents and Settings\Pan i Władca\Dane aplikacji\Winamp

2008-08-25 10:42 --------- d-----w C:\Program Files\Realtek

2008-08-10 17:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink

2008-08-10 12:09 528 ----a-w C:\Program Files\CONFIG.INI

2008-08-10 12:08 29 ----a-w C:\Program Files\new_ver.ini

2008-08-10 12:06 --------- d-----w C:\Program Files\GIGABYTE

2008-08-07 22:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-08-01 03:39 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2008-07-30 10:35 --------- d-----w C:\Documents and Settings\Pan i Władca\Dane aplikacji\Skype

2008-07-21 15:00 --------- d-----w C:\Program Files\Razer

2008-07-21 02:34 --------- d-----w C:\Program Files\Common Files\INCA Shared

2008-07-21 01:53 --------- d-----w C:\Program Files\Games-Masters.com

2008-04-13 17:19 3,350 --sha-w C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys

2008-04-13 17:08 88 --sh--r C:\Documents and Settings\All Users\Dane aplikacji\EF10F30C5A.sys

2008-02-14 12:28 29 ----a-w C:\Program Files\version.ini

2008-02-14 12:23 231,944 ----a-w C:\Program Files\gwflash.exe

2007-09-21 17:42 19,008 ----a-w C:\Program Files\markfun.a64

2007-08-21 17:49 17,912 ----a-w C:\Program Files\markfun.w32

2007-08-21 17:49 125,504 ----a-w C:\Program Files\MarkFunDrv.dll

2007-04-04 16:35 207,680 ----a-w C:\Program Files\updateutility.exe

2007-03-30 02:36 301 ----a-w C:\Program Files\update.ini

2007-03-02 02:48 240,448 ----a-w C:\Program Files\gwf32.exe

2006-11-23 21:47 207,680 ----a-w C:\Program Files\BIOS_Run.exe

2006-11-23 21:40 60,224 ----a-w C:\Program Files\HUADRV.DLL

2005-04-27 17:40 6,800 ----a-w C:\Program Files\W95_HUA.vxd

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 36864]

"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 1953792]

"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]

"CreativeMS2020"="C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe" [2006-05-09 143360]

"Lycosa"="C:\Program Files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]

"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="D:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"VIDC.YV12"= yv12vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\InterVideo WinCinema Manager.lnk

backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 19:51 39792 D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

--a------ 2008-03-26 18:41 1232896 E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2008-04-16 12:53 1079808 E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"PSI_SVC_2"=2 (0x2)

"IviRegMgr"=2 (0x2)

"Bonjour Service"=2 (0x2)

"FLEXnet Licensing Service"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NMIndexingService"=3 (0x3)

"Nero BackItUp Scheduler 3"=2 (0x2)

"MDM"=2 (0x2)

"idsvc"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"usnjsvc"=3 (0x3)

"PLFlash DeviceIoControl Service"=2 (0x2)

"PnkBstrA"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"D:\\Program Files\\FlashFXP\\FlashFXP.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 Dnscache;Klient DNS;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 cmudaxp;ASUS Xonar D2 Audio Interface;C:\WINDOWS\system32\drivers\cmudaxp.sys [2008-06-23 2019456]

R3 ctms2020;Creative HID USB Filter Driver1;C:\WINDOWS\system32\DRIVERS\ctms2020.Sys [2006-05-09 8914]

R3 LycoFltr;Lycosa Keyboard;C:\WINDOWS\system32\Drivers\Lycosa.sys [2007-09-27 21888]

S3 MarkFun_NT;MarkFun_NT;C:\Program Files\markfun.w32 [2007-08-21 17912]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]

S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

.

- - - - USUNIĘTO PUSTE WPISY - - - -

 

HKLM-Run-Cmaudio8788 - cmicnfgp.cpl

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

MSConfigStartUp-MsnMsgr - C:\Program Files\Windows Live\Messenger\msnmsgr.exe

MSConfigStartUp-Alcmtr - ALCMTR.EXE

 

 

.

------- Skan uzupełniający -------

.

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O8 -: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm

O8 -: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm

O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-18 18:41:26

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]

"ImagePath"="\??\C:\Program Files\markfun.w32"

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ASUS Xonar D2 Audio\CustomApp\Program\AsusAudioCenter.exe

C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\CTFaMicetra.exe

C:\Program Files\ASUS Xonar D2 Audio\CustomApp\Program\MXmon.exe

C:\Program Files\Razer\Lycosa\razertra.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\ComboFix\pv.cfexe

.

**************************************************************************

.

Czas ukończenia: 2008-09-18 18:44:10 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-09-18 16:44:07

 

Przed: 8,995,041,280 bajt˘w wolnych

Po: 9,017,667,584 bajt˘w wolnych

 

226 --- E O F --- 2008-08-07 22:02:09

[Kolobos]

Dlaczego zainstalowales program od Gigabyte'a w C:\Program Files\ zamiast w osobnym katalogu?

 

Co do screen'a to o co dokladnie chodzi?

[szymciu]

jest zamieniona kolejność dysków, jak otworze mój komputer jest normalnie, nie wiem z czego to wynika...

dlaczego miałbym instalować soft od gigabytea gdzie indziej?

[Kolobos]

Chodzi o to, ze zainstalowales w C:\Program Files\ zamiast np. w C:\Program Files\Gigabyte.

[szymciu]

a rzeczywiście 8O, to soft do updateu BIOSU