Witam!
Ostatnio mój komputer ble ble ble… nie będę tego pisał tak jak wszyscy chodzi mi o to, że gdy użytkuję jakieś aplikacje np grę internetowa co jakiś czas spuszcza mi ją do paska… jest to denerwujące… posiadam atyvirus kasperski wydaje mi się że jest odpowiedni. skana robię co tydzień…
posiadam combofix i wiem mniej więcej jak się to robi:)) będę wdzięczny za pomoc
P.S
mam nadzieje, że mój początkowy żart został dobrze odebrany:))
Podaj pełny log na forum
ups…
Dwuklikiem uruchom combofix i daj na forum powstały log
ComboFix 08-09-16.05 - Rafcio 2008-09-19 15:18:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1539 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Rafcio\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Recycled\Recycled
E:\Autorun.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-19 do 2008-09-19 )))))))))))))))))))))))))))))))
.
2008-09-19 14:31 . 2008-09-19 14:31
2008-09-17 15:25 . 2004-03-09 18:45 212,240 --a------ C:\WINDOWS\system32\richtx32.ocx
2008-09-13 21:25 . 2008-09-13 21:25
2008-09-13 12:20 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-09-13 12:18 . 2008-09-13 12:19
2008-09-13 11:51 . 2008-09-13 11:51
2008-09-06 14:52 . 2008-09-06 14:52
2008-09-06 13:36 . 2008-09-06 13:36
2008-09-06 13:36 . 2008-09-19 12:49
2008-09-06 13:36 . 2008-09-19 15:20 3,032,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-06 13:36 . 2008-09-19 15:20 466,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-06 13:36 . 2008-09-06 13:45 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-06 13:36 . 2008-09-06 13:45 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-06 13:36 . 2008-09-19 15:20 25,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-06 13:36 . 2008-09-19 15:20 3,724 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-06 13:35 . 2008-09-06 13:35
2008-09-02 17:13 . 2008-09-02 17:18
2008-09-02 17:13 . 2008-09-02 17:18
2008-09-02 16:50 . 2008-09-19 15:18
2008-08-26 20:51 . 2008-08-26 20:51
2008-08-26 20:51 . 2008-08-26 20:51
2008-08-26 20:51 . 2008-09-03 18:13
2008-08-26 20:51 . 2008-08-26 20:51
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 13:22 --------- d-----w C:\Program Files\lg_fwupdate
2008-09-19 13:22 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\Hamachi
2008-09-19 13:15 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-09-19 11:21 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-09-17 16:08 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\gtk-2.0
2008-09-15 13:43 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\AVI ReComp
2008-09-14 16:41 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\foobar2000
2008-09-06 17:12 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-06 17:12 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-06 11:34 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\Comodo
2008-08-16 15:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-08-15 22:09 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\Apple Computer
2008-08-15 21:19 --------- d-----w C:\Program Files\Apple Software Update
2008-08-15 21:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-08-15 21:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-08-08 22:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-06 15:58 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-06 12:18 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-08-06 12:18 --------- d-----w C:\Program Files\Monte Cristo
2008-08-05 16:07 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\GanymedeNet
2008-08-04 10:20 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\Nowe Gadu-Gadu
2008-07-24 15:36 --------- d-----w C:\Program Files\RM Converter
2008-07-24 15:27 --------- d-----w C:\Program Files\Real Alternative
2008-07-24 15:27 --------- d-----w C:\Program Files\Media Player Classic
2008-07-22 16:49 --------- d-----w C:\Program Files\hp deskjet 3820 series
2008-07-22 16:48 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-20 11:21 --------- d-----w C:\Program Files\Wanadoo
2008-06-23 16:27 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 15360]
“Steam”=“e:\program files\steam\steam.exe” [2008-06-01 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-04-17 8429568]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-04-17 81920]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 868352]
“Ai Nap”=“C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe” [2007-04-09 1423360]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe” [2008-03-25 144784]
“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe” [2002-03-28 188416]
“LGODDFU”=“C:\Program Files\lg_fwupdate\fwupdate.exe” [2005-04-04 225280]
“QuickTime Task”=“E:\Program Files\QuickTime\QTTask.exe” [2008-05-27 413696]
“AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe” [2008-04-25 201992]
“nwiz”=“nwiz.exe” [2007-04-17 C:\WINDOWS\system32\nwiz.exe]
“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
“autoclk”=“autoclk.exe” [2003-01-30 C:\WINDOWS\autoclk.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 15360]
C:\Documents and Settings\Rafcio\Menu Start\Programy\Autostart\
hamachi.lnk - E:\Program Files\Hamachi\hamachi.exe [2008-09-19 625952]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-06-25 962661]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.ffds”= E:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
“vidc.xvid”= xvid.dll
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^Rafcio^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\Rafcio\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect]
–a------ 2006-12-03 01:14 310784 E:\Program Files\AutoConnect\AutoConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
–a------ 2008-04-01 11:39 486856 E:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:55 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-12 17:13 21741864 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“E:\Program Files\Steam\steamapps\flavio730\counter-strike source\hl2.exe”=
“E:\Program Files\Wolfenstein - Enemy Territory\ET.exe”=
“E:\Program Files\mIRC\mirc.exe”=
“E:\Program Files\Steam\steamapps\bartek196\counter-strike\hl.exe”=
“C:\WINDOWS\system32\dpvsetup.exe”=
“E:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe”=
“E:\Program Files\Steam\steamapps\jordi649\counter-strike source\hl2.exe”=
“E:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx9.exe”=
“E:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx10.exe”=
“E:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Launcher.exe”=
“E:\Program Files\TmUnitedForever\TmForever.exe”=
“E:\Program Files\Nowe Gadu-Gadu\gg.exe”=
“E:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe”=
“C:\Program Files\Monte Cristo\Airline Tycoon Evolution\at.exe”=
“E:\Program Files\Steam\steamapps\kris1473\dedicated server\hlds.exe”=
“E:\Program Files\Steam\steamapps\kris1473\counter-strike\hl.exe”=
“C:\Documents and Settings\Rafcio\Pulpit\FIFA08.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
“E:\Program Files\SopCast\adv\SopAdver.exe”=
“E:\Program Files\SopCast\SopCast.exe”=
“E:\Program Files\Steam\steamapps\pichwin\counter-strike\hl.exe”=
“C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Polish\setup.exe”=
“C:\Q3Ademo\quake3.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8461:TCP”= 8461:TCP:GoD High Port
“8462:TCP”= 8462:TCP:GoD Low Port
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{51439248-443b-11dd-91d4-4d6564696130}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Zawartość folderu ‘Zaplanowane zadania’
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Rafcio\Dane aplikacji\Mozilla\Firefox\Profiles\zqoz2h6s.default\
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\NPJava11.dll
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\NPJava12.dll
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\NPJava131_03.dll
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\NPJava32.dll
FF -: plugin - C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\NPOJI600.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\np32dsw.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npganymedenet.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\NPJava11.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\NPJava12.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\NPJava131_03.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\NPJava32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\NPOFFICE.DLL
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\NPOJI600.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin6.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\npqtplugin7.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 3\plugins\nprpjplug.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\npdsplay.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\npganymedenet.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\NPJava11.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\NPJava12.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\NPJava131_03.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\NPJava32.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\nppl3260.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\npqtplugin.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\npqtplugin2.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\npqtplugin3.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\npqtplugin4.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\npqtplugin5.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\npqtplugin6.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\npqtplugin7.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\nprpjplug.dll
FF -: plugin - E:\Program Files\Opera\program\plugins\npwmsdrm.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - E:\Program Files\QuickTime\Plugins\npqtplugin7.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 15:22:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Czas ukończenia: 2008-09-19 15:24:30 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-09-19 13:24:27
Przed: 123,923,996,672 bajt˘w wolnych
Po: 124,933,419,008 bajt˘w wolnych
228 — E O F — 2008-06-22 11:56:29
Wklej do Notatnika:
Folder::
C:\Recycled
>>Plik>>Zapisz jako… >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
–>
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:** Qoobox.**
===================================
K.
ComboFix 08-09-16.05 - Rafcio 2008-09-19 16:09:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1497 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\Rafcio\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rafcio\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Recycled
C:\Recycled\desktop.ini
C:\Recycled\INFO2
.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-19 do 2008-09-19 )))))))))))))))))))))))))))))))
.
2008-09-19 14:31 . 2008-09-19 14:31
2008-09-17 15:25 . 2004-03-09 18:45 212,240 --a------ C:\WINDOWS\system32\richtx32.ocx
2008-09-13 21:25 . 2008-09-13 21:25
2008-09-13 12:20 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-09-13 12:18 . 2008-09-13 12:19
2008-09-13 11:51 . 2008-09-13 11:51
2008-09-06 14:52 . 2008-09-06 14:52
2008-09-06 13:36 . 2008-09-06 13:36
2008-09-06 13:36 . 2008-09-19 12:49
2008-09-06 13:36 . 2008-09-19 15:20 3,032,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-06 13:36 . 2008-09-19 15:20 466,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-06 13:36 . 2008-09-06 13:45 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-06 13:36 . 2008-09-06 13:45 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-06 13:36 . 2008-09-19 15:20 25,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-06 13:36 . 2008-09-19 15:20 3,724 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-06 13:35 . 2008-09-06 13:35
2008-09-02 17:13 . 2008-09-02 17:18
2008-09-02 17:13 . 2008-09-02 17:18
2008-08-26 20:51 . 2008-08-26 20:51
2008-08-26 20:51 . 2008-08-26 20:51
2008-08-26 20:51 . 2008-09-03 18:13
2008-08-26 20:51 . 2008-08-26 20:51
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 14:08 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\foobar2000
2008-09-19 14:04 --------- d-----w C:\Program Files\lg_fwupdate
2008-09-19 13:37 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3
2008-09-19 13:24 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\Hamachi
2008-09-19 11:21 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-09-17 16:08 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\gtk-2.0
2008-09-15 13:43 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\AVI ReComp
2008-09-06 17:12 137,472 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-06 17:12 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-06 11:34 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\Comodo
2008-08-16 15:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-08-15 22:09 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\Apple Computer
2008-08-15 21:19 --------- d-----w C:\Program Files\Apple Software Update
2008-08-15 21:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-08-15 21:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-08-08 22:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-06 15:58 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-06 12:18 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-08-06 12:18 --------- d-----w C:\Program Files\Monte Cristo
2008-08-05 16:07 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\GanymedeNet
2008-08-04 10:20 --------- d-----w C:\Documents and Settings\Rafcio\Dane aplikacji\Nowe Gadu-Gadu
2008-07-24 15:36 --------- d-----w C:\Program Files\RM Converter
2008-07-24 15:27 --------- d-----w C:\Program Files\Real Alternative
2008-07-24 15:27 --------- d-----w C:\Program Files\Media Player Classic
2008-07-22 16:49 --------- d-----w C:\Program Files\hp deskjet 3820 series
2008-07-22 16:48 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-20 11:21 --------- d-----w C:\Program Files\Wanadoo
2008-06-23 16:27 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 15360]
“Steam”=“e:\program files\steam\steam.exe” [2008-06-01 1271032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-04-17 8429568]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-04-17 81920]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 868352]
“Ai Nap”=“C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe” [2007-04-09 1423360]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe” [2008-03-25 144784]
“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe” [2002-03-28 188416]
“LGODDFU”=“C:\Program Files\lg_fwupdate\fwupdate.exe” [2005-04-04 225280]
“QuickTime Task”=“E:\Program Files\QuickTime\QTTask.exe” [2008-05-27 413696]
“AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe” [2008-04-25 201992]
“nwiz”=“nwiz.exe” [2007-04-17 C:\WINDOWS\system32\nwiz.exe]
“BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
“autoclk”=“autoclk.exe” [2003-01-30 C:\WINDOWS\autoclk.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 15360]
C:\Documents and Settings\Rafcio\Menu Start\Programy\Autostart\
hamachi.lnk - E:\Program Files\Hamachi\hamachi.exe [2008-09-19 625952]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-06-25 962661]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.ffds”= E:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
“vidc.xvid”= xvid.dll
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^Rafcio^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\Rafcio\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect]
–a------ 2006-12-03 01:14 310784 E:\Program Files\AutoConnect\AutoConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
–a------ 2008-04-01 11:39 486856 E:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:55 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-12 17:13 21741864 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“E:\Program Files\Steam\steamapps\flavio730\counter-strike source\hl2.exe”=
“E:\Program Files\Wolfenstein - Enemy Territory\ET.exe”=
“E:\Program Files\mIRC\mirc.exe”=
“E:\Program Files\Steam\steamapps\bartek196\counter-strike\hl.exe”=
“C:\WINDOWS\system32\dpvsetup.exe”=
“E:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe”=
“E:\Program Files\Steam\steamapps\jordi649\counter-strike source\hl2.exe”=
“E:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx9.exe”=
“E:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Dx10.exe”=
“E:\Program Files\Ubisoft\Assassin’s Creed\AssassinsCreed_Launcher.exe”=
“E:\Program Files\TmUnitedForever\TmForever.exe”=
“E:\Program Files\Nowe Gadu-Gadu\gg.exe”=
“E:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe”=
“C:\Program Files\Monte Cristo\Airline Tycoon Evolution\at.exe”=
“E:\Program Files\Steam\steamapps\kris1473\dedicated server\hlds.exe”=
“E:\Program Files\Steam\steamapps\kris1473\counter-strike\hl.exe”=
“C:\Documents and Settings\Rafcio\Pulpit\FIFA08.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
“E:\Program Files\SopCast\adv\SopAdver.exe”=
“E:\Program Files\SopCast\SopCast.exe”=
“E:\Program Files\Steam\steamapps\pichwin\counter-strike\hl.exe”=
“C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\Polish\setup.exe”=
“C:\Q3Ademo\quake3.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“8461:TCP”= 8461:TCP:GoD High Port
“8462:TCP”= 8462:TCP:GoD Low Port
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{51439248-443b-11dd-91d4-4d6564696130}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
Zawartość folderu ‘Zaplanowane zadania’
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 16:10:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-09-19 16:10:36
ComboFix-quarantined-files.txt 2008-09-19 14:10:33
ComboFix2.txt 2008-09-19 13:24:31
Przed: 124,915,892,224 bajt˘w wolnych
Po: 124,904,849,408 bajt˘w wolnych
167 — E O F — 2008-06-22 11:56:29
Log wyglada na czysty
usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.
Przeczyść komputer Ccleanerem
Wykonaj optymalizację autostartu
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum
lub
wszystko jest już okej! dziękuje za pomoc;]
Przeskanuj jeszcze antywirusem i daj z niego raport na forum
Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ
Pozdrawiam Gutek2222
Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052