Tak jak w temacie, mam problemy z kilkoma programami w tym z antywirem (McAfee) nie chce się włączyć okno z ustawieniami.
Będę wdzięczny za wszelaka pomoc…
ComboFix 09-01-31.01 - Karol 2009-01-31 22:36:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1033.18.894.508 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Karol\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\AhnRpta.exe
.
---- Poprzednie uruchomienie -------
.
C:\a2h2.com
C:\autorun.inf
c:\windows\AhnRpta.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-28 do 2009-01-31 )))))))))))))))))))))))))))))))
.
2009-01-31 15:53 . 2009-01-31 15:53
2009-01-31 15:44 . 2005-11-05 04:25
2009-01-31 15:44 . 2005-11-05 05:10
2009-01-31 15:44 . 2005-11-05 04:39
2009-01-31 15:44 . 2005-11-05 05:05
2009-01-31 15:44 . 2005-11-29 23:25
2009-01-31 15:44 . 2005-11-05 05:18
2009-01-31 15:44 . 2009-01-31 15:44
2009-01-31 15:05 . 2009-01-31 15:13
2009-01-30 17:13 . 2009-01-30 17:28 109,127 -rahs---- C:\hl80c6b1.com
2009-01-30 17:13 . 2009-01-31 20:59 95,744 -r-hs---- c:\windows\system32\nmdfgds0.dll
2009-01-22 15:45 . 2009-01-22 15:45 107,385 -rahs---- C:\w98.com
2009-01-16 18:48 . 2009-01-23 21:30
2009-01-16 18:48 . 2009-01-16 18:48 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-16 18:29 . 2009-01-31 16:20 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll
2009-01-16 18:20 . 2009-01-16 19:11 110,003 -rahs---- C:\x2csvg.exe
2009-01-16 18:19 . 2009-01-31 16:20 109,930 -r-hs---- c:\windows\system32\olhrwef.exe
2009-01-16 18:11 . 2009-01-23 21:46
2009-01-16 18:10 . 2009-01-16 18:11
2009-01-16 18:10 . 2009-01-16 18:10
2009-01-16 18:10 . 2009-01-16 18:11
2009-01-08 18:34 . 2009-01-08 18:34
2009-01-08 18:32 . 2009-01-17 11:01
2009-01-06 16:39 . 2009-01-31 14:55
2009-01-06 16:39 . 2009-01-31 14:55
2009-01-06 16:31 . 2009-01-06 16:38
2009-01-06 16:25 . 2009-01-06 16:38
2009-01-06 16:25 . 2009-01-06 16:30
2009-01-04 16:19 . 2009-01-04 16:19
2009-01-04 16:18 . 2009-01-04 16:18
2008-12-18 23:14 . 2008-12-18 23:14
2008-12-18 21:16 . 2008-12-08 19:16 107,045 -rahs---- C:\m9ma.exe
2008-12-17 18:59 . 2008-12-23 21:47
2008-12-17 18:59 . 2008-09-28 19:24 303,104 --a------ c:\windows\Uninstall_tkexe.exe
2008-12-15 21:34 . 2008-12-15 21:35
2008-12-10 15:45 . 2008-12-10 15:45
2008-12-04 19:13 . 2008-12-04 19:13
2008-12-02 21:38 . 2008-12-02 21:38
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 19:20 --------- d-----w c:\program files\Steam
2009-01-31 19:14 --------- d-----w c:\program files\McAfee
2009-01-31 14:54 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-01-31 14:18 --------- d-----w c:\program files\Gadu-Gadu
2009-01-31 14:06 --------- d-----w c:\program files\FlashGet
2009-01-09 11:03 79,304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-01-09 11:03 40,552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-01-09 11:03 35,272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-01-09 11:03 34,216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-01-09 11:03 213,640 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-01-08 17:34 --------- d–h--w c:\program files\InstallShield Installation Information
2009-01-05 16:28 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-22 19:15 --------- d-----w c:\program files\Java
2008-12-22 19:12 --------- d-----w c:\program files\FinePixViewer
2008-12-15 20:40 --------- d-----w c:\documents and settings\Karol\Application Data\GanymedeNet
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2004-03-11 12:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2008-09-11 18:53 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091120080912\index.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ATIPTA”=“c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-08-06 344064]
“SynTPLpr”=“c:\program files\Synaptics\SynTP\SynTPLpr.exe” [2004-10-15 98394]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2004-10-15 688218]
“THotkey”=“c:\program files\Toshiba\Toshiba Applet\thotkey.exe” [2005-11-25 352256]
“Tvs”=“c:\program files\Toshiba\Tvs\TvsTray.exe” [2005-11-10 73728]
“Pinger”=“c:\toshiba\ivp\ism\pinger.exe” [2005-03-18 151552]
“WinampAgent”=“c:\program files\Winamp\Winampa.exe” [2003-04-02 12288]
“mcagent_exe”=“c:\program files\McAfee.com\Agent\mcagent.exe” [2008-07-11 641208]
“RTHDCPL”=“RTHDCPL.EXE” [2005-11-10 c:\windows\RTHDCPL.exe]
“NDSTray.exe”=“NDSTray.exe” [bU]
“TFncKy”=“TFncKy.exe” [bU]
“TPSMain”=“TPSMain.exe” [2005-05-31 c:\windows\system32\TPSMain.exe]
“CFSServ.exe”=“CFSServ.exe” [bU]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-05 155648]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{BB4C402F-882A-4526-8C08-51278EA437C1}”= “c:\windows\system32\afmain0.dll” [2008-04-14 78848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.avis”= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\TOSHIBA\ivp\NetInt\Netint.exe”=
“c:\TOSHIBA\Ivp\ISM\pinger.exe”= c:\TOSHIBA\IVP\ISM\pinger.exe
“c:\Program Files\Common Files\AOL\Loader\aolload.exe”=
“c:\Program Files\Common Files\AOL\ACS\AOLDial.exe”=
“c:\Program Files\Common Files\AOL\ACS\AOLacsd.exe”=
“c:\Program Files\America Online 9.0\waol.exe”=
“c:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe”=
“c:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe”=
“c:\Program Files\Common Files\AOL\1131163763\EE\AOLServiceHost.exe”=
“c:\Program Files\Common Files\AOL\System Information\sinf.exe”=
“c:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe”=
“c:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe”=
“c:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe”=
“c:\Program Files\Gadu-Gadu\gg.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\FlashGet\flashget.exe”=
“c:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe”=
“c:\Program Files\Steam\steamapps\karull83\counter-strike\hl.exe”=
“c:\Program Files\Steam\steamapps\karull83\condition zero\hl.exe”=
“c:\Program Files\Steam\steamapps\karull83\dedicated server\hlds.exe”=
“c:\Program Files\Ares\Ares.exe”=
“c:\WINDOWS\system32\dpvsetup.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
“c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“17001:TCP”= 17001:TCP:ko.kurnik.pl
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-29 203280]
S4 0196451233429628mcinstcleanup;McAfee Application Installer Cleanup (0196451233429628);c:\windows\TEMP\019645~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\019645~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1820c2bb-614f-11dd-971d-00a0d137fad2}]
\Shell\AutoRun\command - F:\m9ma.exe
\Shell\explore\Command - F:\m9ma.exe
\Shell\open\Command - F:\m9ma.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{70c599a9-cc61-11dd-9747-0016e30ebdb1}]
\Shell\AutoRun\command - F:\p1y2.cmd
\Shell\explore\Command - F:\p1y2.cmd
\Shell\open\Command - F:\p1y2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{88c2d8b9-da3e-11dd-974c-00038a000015}]
\Shell\AutoRun\command - G:\m9ma.exe
\Shell\explore\Command - G:\m9ma.exe
\Shell\open\Command - G:\m9ma.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8b370076-dcf5-11dd-974d-0016e30ebdb1}]
\Shell\AutoRun\command - F:\m9ma.exe
\Shell\explore\Command - F:\m9ma.exe
\Shell\open\Command - F:\m9ma.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c1511b7c-1205-11dd-96fd-00038a000015}]
\Shell\AutoRun\command - F:\p1y2.cmd
\Shell\explore\Command - F:\p1y2.cmd
\Shell\open\Command - F:\p1y2.cmd
.
Zawartość folderu ‘Zaplanowane zadania’
2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]
2008-03-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Ściągnij przy pomocy FlashGet’a - c:\program files\FlashGet\jc_link.htm
IE: &Ściągnij wszystko przy pomocy FlashGet’a - c:\program files\FlashGet\jc_all.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Karol\Application Data\Mozilla\Firefox\Profiles\j95h3hz7.default\
FF - prefs.js: browser.startup.homepage - http://www.wp.pl
FF - component: c:\documents and settings\Karol\Application Data\Mozilla\Firefox\Profiles\j95h3hz7.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-31 22:41:45
Windows 5.1.2600 Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-2147129105-3923764395-1482262009-1006\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
“??”=hex:58,3c,bd,36,d2,ff,e2,29,e6,ad,4e,1d,8a,ad,3c,db,0e,cb,91,0e,09,b1,bc,
ca,f2,b5,70,a9,7e,bb,1f,85,d1,b1,5e,e1,1a,18,a5,44,20,c7,b9,06,75,e9,7e,74,\
“??”=hex:95,8b,77,b7,9e,e8,3e,11,c8,02,68,69,7d,eb,d3,f8
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘winlogon.exe’(600)
-
-
-
-
-
c:\windows\system32\Ati2evxx.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\AhnRpta.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-31 22:44:51 - komputer został uruchomiony ponownie [Karol]
ComboFix-quarantined-files.txt 2009-01-31 21:44:41
Przed: 10,757,570,560 bytes free
Po: 10,742,403,072 bytes free
244 — E O F — 2009-01-14 14:32:11