monika073
(Monika073)
11 Listopad 2007 17:31
#1
witam, mam takie same objawy, żadna z partycji po dwukrotnym naciśnięciu nie otwiera sie. Byłam wczoraj u koleżanki z dyskiem i podejżewam ze mogłam coś złapać. Z góry dzięki za pomoc. Log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:25:10, on 2007-11-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\AdsGone\AdsGone.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=62548 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\AdsGone.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - ProtocolDefaults: ‘@ivt ’ protocol is in My Computer Zone, should be Intranet Zone (HKLM) O15 - ProtocolDefaults: ‘file’ protocol is in My Computer Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: ‘ftp’ protocol is in My Computer Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: ‘http’ protocol is in My Computer Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: ‘https’ protocol is in My Computer Zone, should be Internet Zone (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho … wflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe – End of file - 4625 bytes
monika073
(Monika073)
11 Listopad 2007 19:31
#3
Po usunięciu tych 5 wpisów, partycje otwierają się. Dziękuje
Ale oto log z ComboFix :
ComboFix 07-11-08.1 - Monika 2007-11-11 20:24:28.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.200 [GMT 1:00] Running from: C:\Documents and Settings\Monika\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\Documents and Settings\Monika\Dane aplikacji\inst.exe C:\Documents and Settings\Monika\Dane aplikacji\macromedia\Flash Player#SharedObjects\2JGFR8HX\www.broadcaster.com C:\Documents and Settings\Monika\Dane aplikacji\macromedia\Flash Player#SharedObjects\2JGFR8HX\www.broadcaster.com \played_list.sol C:\Documents and Settings\Monika\Dane aplikacji\macromedia\Flash Player#SharedObjects\2JGFR8HX\www.broadcaster.com \video_queue.sol C:\Documents and Settings\Monika\Dane aplikacji\macromedia\Flash Player\macromedia.com \support\flashplayer\sys#www.broadcaster.com C:\Documents and Settings\Monika\Dane aplikacji\macromedia\Flash Player\macromedia.com \support\flashplayer\sys#www.broadcaster.com \settings.sol C:\Program Files\inetget2 C:\WINDOWS\wr.txt D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))) . 2007-11-11 20:21 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-11 18:33 2007-11-11 18:33 2007-11-11 18:33 2007-11-11 18:32 2007-11-11 18:24 2007-11-10 15:26 2007-11-10 14:55 348,160 —hs---- C:\msvcr71.dll 2007-11-09 23:25 92,208 --a------ C:\WINDOWS\system32\WING.DLL 2007-11-09 23:25 12,800 --a------ C:\WINDOWS\system32\WING32.DLL 2007-11-09 21:42 2007-11-09 20:42 2007-11-09 17:27 139,264 --a------ C:\WINDOWS\system32\AfpT.dll 2007-11-09 17:27 43,904 --a------ C:\WINDOWS\system32\drivers\AFPAnsi.sys 2007-11-09 17:26 2007-11-09 00:32 2007-11-09 00:32 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-11-09 00:32 47,360 --a------ C:\Documents and Settings\Monika\Dane aplikacji\pcouffin.sys 2007-11-05 23:11 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-11-05 23:08 1,044,480 --a------ C:\WINDOWS\system32\ROBOEX32.DLL 2007-11-05 23:08 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2007-11-05 23:08 49,152 --a------ C:\WINDOWS\system32\Inetwh32.dll 2007-11-01 13:54 2007-10-25 22:14 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll 2007-10-25 22:14 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll 2007-10-25 22:05 2007-10-25 22:05 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-10-25 21:57 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-11 19:04 --------- d-----w C:\Documents and Settings\Monika\Dane aplikacji\Skype 2007-11-11 17:15 --------- d-----w C:\Documents and Settings\Monika\Dane aplikacji\uTorrent 2007-11-09 22:20 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-09 17:47 --------- d-----w C:\Program Files\eMule 2007-11-09 17:05 --------- d-----w C:\Documents and Settings\Monika\Dane aplikacji\Ahead 2007-11-09 16:30 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-09 15:59 --------- d-----w C:\Documents and Settings\Monika\Dane aplikacji\Image Zone Express 2007-11-07 20:25 --------- d-----w C:\Program Files\Elaborate Bytes 2007-11-01 14:52 --------- d-----w C:\Program Files\Real Alternative 2007-11-01 12:22 --------- d-----w C:\Program Files\Java 2007-10-20 14:30 --------- d-----w C:\Program Files\Winamp 2007-10-11 20:58 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-26 21:26 --------- d-----w C:\Program Files\Gronzo 2007-09-19 14:34 --------- d-----w C:\Program Files\IrfanView 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-08-17 02:49] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^SnagIt 8.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\SnagIt 8.lnk backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Monika^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=C:\Documents and Settings\Monika\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Monika^Menu Start^Programy^Autostart^AdsGone.lnk] path=C:\Documents and Settings\Monika\Menu Start\Programy\Autostart\AdsGone.lnk backup=C:\WINDOWS\pss\AdsGone.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService] C:\WINDOWS\System32\nvraidservice.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop] C:\Program Files\WinPop\winpop.exe R0 AFPAnsi;G-DATA Ukrywacz Ansi;C:\WINDOWS\system32\Drivers\AFPAnsi.sys S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys S0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys *Newly Created Service* - CATCHME *Newly Created Service* - SCSIACCESS . Contents of the ‘Scheduled Tasks’ folder “2007-06-27 17:34:27 C:\WINDOWS\Tasks\AdsGone.job” - C:\Program Files\AdsGone\AdsGone.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 20:26:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-11 20:27:44 . — E O F —
monika073
(Monika073)
11 Listopad 2007 23:33
#5
Tak zrobiłam, czy teraz wszystko jest ok ?
Dzieki
http://wklej.org/id/bcaf37485f