Daję loga ponieważ podejrzewam że mam wirusa. Antywirus pokazuje że zablokował groźną operację coś takiego, ale niczym nie mogę tego usunąćjeślioś się zna na tych logach proszę o pomoc tu mam link do loga: http://wklejto.pl/7537
Bądź bezpośrednio niech ktoś to przeczyta:
ComboFix 08-08-07.01 - Pawo 2020-07-28 23:29:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.216 [GMT 2:00]
Running from: C:\Documents and Settings\Pawo\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\autorun.ini
.
((((((((((((((((((((((((( Files Created from 2020-06-28 to 2020-07-28 )))))))))))))))))))))))))))))))
.
2020-07-28 23:21 . 2020-07-28 23:21
2020-07-28 23:21 . 2020-07-28 23:22
2020-07-28 23:21 . 2020-07-28 23:21 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2020-07-28 23:11 . 2020-07-28 23:11
2020-07-28 23:01 . 2020-07-28 23:01
2020-07-28 23:01 . 2020-07-28 23:02
2020-07-28 14:00 . 2020-07-28 14:00
2020-07-28 14:00 . 2007-08-18 09:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2020-07-28 09:07 . 2020-07-28 23:23 233,324 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2020-07-28 09:07 . 2020-07-28 17:57 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2020-07-28 09:02 . 2007-06-06 11:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2020-07-28 09:02 . 2020-07-28 09:02 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2020-07-28 09:00 . 2020-07-28 09:00
2020-07-28 08:58 . 2007-07-12 14:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2020-07-28 08:58 . 2007-05-23 16:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2020-07-27 19:45 . 2020-07-27 19:46 357,156 --a------ C:\WINDOWS\system32\27031_winhtb.exe
2020-07-27 19:45 . 2020-07-27 19:45 54 --a------ C:\WINDOWS\system32\x
2020-07-27 18:43 . 2020-07-27 19:12
2020-07-22 19:38 . 2020-07-28 18:42
2020-07-22 19:36 . 2020-07-22 19:36
2020-07-22 19:35 . 2020-07-22 19:35
2020-07-22 19:22 . 2020-07-22 19:22
2020-07-22 19:21 . 2020-07-22 19:21
2020-07-22 19:16 . 2020-07-22 19:16
2020-07-22 19:12 . 2020-07-28 18:06 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2020-07-22 19:03 . 2020-07-22 19:03
2020-07-22 19:03 . 2020-07-22 19:03
2020-07-22 18:55 . 2020-07-22 18:55
2020-07-22 18:55 . 2020-07-22 18:55
2020-07-22 18:47 . 2020-07-28 08:58
2020-07-22 14:37 . 2020-07-22 14:37
2020-07-22 14:28 . 2020-07-28 22:36
2020-07-22 14:27 . 2020-07-22 14:27
2020-07-22 14:27 . 2020-07-22 14:27 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2020-07-22 14:27 . 2020-07-22 14:27 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2020-07-22 11:02 . 2020-07-22 09:19 261 --a------ C:\WINDOWS\system32$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-07-28 21:23 233,324 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2020-07-28 15:57 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2020-07-28 11:55 --------- d-----w C:\Program Files\SubEdit-Player
2020-07-28 07:00 --------- d–h--w C:\Program Files\InstallShield Installation Information
2020-07-22 13:00 75,776 ----a-w C:\WINDOWS\system32\hqghumea.dll
2020-07-22 08:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2020-07-22 08:10 140,800 --sh–r C:\WINDOWS\Fonts\wmsncs.exe
2020-07-22 07:39 --------- d-----w C:\Program Files\foobar2000
2020-07-22 07:31 --------- d-----w C:\Program Files\ImgBurn
2020-07-22 07:31 --------- d-----w C:\Program Files\CCleaner
2020-07-22 07:29 --------- d-----w C:\Program Files\Common Files\Adobe
2020-07-22 07:29 --------- d-----w C:\Documents and Settings\Pawo\Dane aplikacji\InterTrust
2020-07-22 07:27 --------- d-----w C:\Program Files\VIA Technologies, INC
2020-07-22 07:26 --------- d-----w C:\Program Files\ASUSTeK
2020-07-22 07:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2020-07-22 07:16 --------- d-----w C:\Program Files\microsoft frontpage
2020-07-22 07:14 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29 13312]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14 1077277]
“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” [2008-03-20 18:39 216520]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2005-03-30 04:48 5898240]
“NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2005-03-30 04:48 86016]
“Soltek”=“C:\WINDOWS\System32\autorun.exe” [2001-10-29 16:00 61440]
“Wmsncs Service”=“C:\WINDOWS\Fonts\wmsncs.exe” [2020-07-22 10:10 140800]
“NvidMediaCenter”=“C:\Program Files\Common Files\System\wmsncs.exe” [2020-07-22 10:10 140800]
“Spool Driver Service”=“C:\WINDOWS\System32\spool\drivers\wmsncs.exe” [2020-07-22 10:10 140800]
“Wins Service”=“C:\WINDOWS\System32\wins\wmsncs.exe” [2020-07-22 10:10 140800]
“APVXDWIN”=“C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE” [2007-07-23 18:30 406832]
“SCANINICIO”=“C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe” [2007-07-11 15:17 27952]
“nwiz”=“nwiz.exe” [2005-03-30 04:48 1519616 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2001-10-26 19:29 13312]
“Wmsncs Service”=“C:\WINDOWS\Fonts\wmsncs.exe” [2020-07-22 10:10 140800]
“NvidMediaCenter”=“C:\Program Files\Common Files\System\wmsncs.exe” [2020-07-22 10:10 140800]
“Spool Driver Service”=“C:\WINDOWS\System32\spool\drivers\wmsncs.exe” [2020-07-22 10:10 140800]
“Wins Service”=“C:\WINDOWS\System32\wins\wmsncs.exe” [2020-07-22 10:10 140800]
C:\Documents and Settings\Pawo\Menu Start\Programy\Autostart\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2020-07-22 14:27:39 624416]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
wmsncs.exe [2020-07-22 10:10:11 140800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Shell”=“explorer.exe “C:\WINDOWS\Fonts\wmsncs.exe””
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.ac3filter”= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
“DisableNotifications”= 1 (0x1)
R0 pxark;pxark;C:\WINDOWS\System32\drivers\pxark.sys [2020-07-28 23:21]
R1 APPFLT;App Filter Plugin;C:\WINDOWS\System32\Drivers\APPFLT.SYS [2007-05-11 09:33]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\System32\Drivers\DSAFLT.SYS [2007-05-11 09:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\System32\Drivers\fnetmon.SYS [2007-05-11 09:33]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\System32\Drivers\IDSFLT.SYS [2007-07-11 11:39]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\System32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-23 16:40]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\System32\Drivers\SMSFLT.SYS [2007-05-11 09:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\System32\Drivers\WNMFLT.SYS [2007-05-11 09:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\System32\Drivers\cpoint.sys [2007-06-08 08:44]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2020-07-28 23:21]
R2 NET Runtime Optimization Service v2.1.41329_X86;NET Runtime Optimization Service v2.1.41329_X86;C:\WINDOWS\Fonts\wmsncs.exe [2020-07-22 10:10]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\System32\DRIVERS\PavProc.sys [2007-07-12 14:49]
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\System32\drivers\av5flt.sys []
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\System32\DRIVERS\netimflt.sys [2007-04-24 15:43]
R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\System32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\System32\PavTPK.sys []
S2 Microsoft Windows TCP Protocol;Microsoft Windows TCP Protocol;C:\WINDOWS\System32\dllcache\wintcps.exe []
*Newly Created Service* - CATCHME
*Newly Created Service* - CSISCANNER
*Newly Created Service* - PSEXESVC
*Newly Created Service* - PXARK
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{103L3C30-C3B3-4130-9363-E59E1375PERM}]
C:\WINDOWS\Fonts\wmsncs.exe
.
-
-
-
- ORPHANS REMOVED - - - -
-
-
URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
HKCU-Run-Windows Services Aganter - RegKey.exe
HKLM-Run-Windows Services Aganter - RegKey.exe
HKLM-RunServices-Windows Services Aganter - RegKey.exe
HKU-Default-Run-Windows Services Aganter - RegKey.exe
HKU-Default-RunOnce-Windows Services Aganter - RegKey.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Pawo\Dane aplikacji\Mozilla\Firefox\Profiles\x5heekwn.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2020-07-28 23:30:44
Windows 5.1.2600 NTFS
detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile
scanning hidden processes …
C:\WINDOWS\Fonts\wmsncs.exe [204] 0x81221BC8
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2020-07-28 23:33:42
ComboFix-quarantined-files.txt 2020-07-28 21:33:33
Pre-Run: 32,090,255,360 bajtów wolnych
Post-Run: 32,345,276,416 bajtów wolnych
171
Nie znam się na tym wjęc proszę o pomoc