x-kom hosting

Problem z czytaniem plikow z dysku

wikYO
utworzono
utworzono

Witam od paru dni mam problem mam dysk 400gb SATA podzelony na 3 partycje od jakiegos czasu jak wchodze w jaki kolwiek folder gdzie np mam zapisane filmy albo... albo chociazby moje dokumenty Wyskakuje komunikat takiej tresci :

Windows Explorer has encountered a problem and needs to close. We are sorry for inconvenience.

if you were in the middle os something. the information yoy were working might be lost...

i dwie opcje wyslij raport albo nie wyslij... kilkam nie wysylac i explorer wlacza sie odnowa wszystkie ikony znikaja folder sie zamyka..

jezeli znowu nic z tym nie zrobie to pliki w katalogu normalnie dzialaja..

Jest jeszcze 1 komunikat ktory wyskakuje zazwyczaj DaTa Execution Preverntion to help procet yor computer. Windows Has closed this program.....

nie wiem czemu pokajue sie to za karzdym raze moze mi pomozecie sie tego pozbyc

skanowalem system antywirusem nie ma wirusow...

Sean
komentarz
komentarz

Podaj logi z hijackthis i combofix do działu bezpieczeństwo subfora logi:

hjt http://www.forumpc.pl/index.php?showtopic=11017#

combofix http://www.forumpc.pl/index.php?showtopic=11018

Pamiętaj że logi wklejami w tagach code ;]

Co do pierwszego problemu przy otwarciu folderu restartuje ci się proces explorer.exe <_< ten drugi sugeruje mi że masz na kompie jakiegoś szkodnika ... zwróć uwagę na ortografie pozdrawiam

wikYO
komentarz
komentarz

PRZESYLAM LOGI :) LICZE NA POMOC

ntec Shared\ccApp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\foobar2000\foobar2000.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\WINDOWS\system32\drwtsn32.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 10766 bytes

COMBOFIX :

ComboFix 08-06-16.5 - wiktor 2008-06-17 23:43:43.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.1278 [GMT 1:00]

Running from: C:\Documents and Settings\wiktor\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\wiktor\Application Data\inst.exe

.

((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))

.

2008-06-17 23:38 . 2008-06-17 23:38 <DIR> d-------- C:\Program Files\Trend Micro

2008-06-17 22:38 . 2008-06-17 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-06-17 22:33 . 2008-06-17 22:33 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-06-17 22:32 . 2008-06-17 22:32 <DIR> d-------- C:\Program Files\Bonjour

2008-06-17 22:25 . 2008-06-17 22:25 <DIR> d-------- C:\WINDOWS\LastGood

2008-06-15 00:01 . 2008-06-15 00:01 <DIR> d-------- C:\Program Files\iPod

2008-06-15 00:00 . 2008-06-15 00:00 <DIR> d-------- C:\Program Files\QuickTime

2008-06-15 00:00 . 2008-06-15 00:01 <DIR> d-------- C:\Program Files\iTunes

2008-06-15 00:00 . 2008-06-15 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-06-14 23:59 . 2008-06-14 23:59 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-06-14 23:56 . 2008-06-14 23:56 <DIR> d-------- C:\Program Files\Apple Software Update

2008-06-14 23:56 . 2008-06-14 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-06-11 00:23 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 00:23 . 2008-04-14 12:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-07 14:02 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2008-06-07 14:02 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2008-06-07 14:02 . 2008-06-07 14:02 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-06-07 14:02 . 2008-06-07 14:02 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-06-07 14:01 . 2008-06-07 14:03 <DIR> d-------- C:\Documents and Settings\wiktor\Application Data\PC Suite

2008-06-07 14:01 . 2008-06-07 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-06-07 14:00 . 2008-06-07 14:00 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2008-06-07 14:00 . 2008-06-07 14:00 <DIR> d-------- C:\Program Files\Common Files\Nokia

2008-06-07 14:00 . 2008-06-07 14:33 <DIR> d-------- C:\Documents and Settings\wiktor\Application Data\Nokia

2008-06-07 14:00 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-06-07 13:59 . 2008-06-07 14:00 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2008-06-07 13:59 . 2008-06-07 14:00 <DIR> d-------- C:\Program Files\Nokia

2008-06-07 13:59 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-06-07 13:59 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-06-07 13:59 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-06-07 13:59 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-06-07 13:59 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-06-07 13:59 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2008-06-07 13:59 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2008-06-07 13:57 . 2008-06-07 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations

2008-05-31 22:50 . 2008-05-31 22:50 <DIR> d-------- C:\Documents and Settings\wiktor\Application Data\ACD Systems

2008-05-31 22:50 . 2008-05-31 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems

2008-05-31 22:47 . 2008-05-31 22:47 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-05-31 22:46 . 2008-05-31 22:46 <DIR> d-------- C:\Program Files\Corel

2008-05-31 22:46 . 2008-05-31 22:46 <DIR> d-------- C:\Documents and Settings\wiktor\Application Data\InstallShield

2008-05-31 22:43 . 2008-05-31 22:43 <DIR> d-------- C:\Lxkx5150

2008-05-31 22:43 . 2008-05-31 22:43 <DIR> d-------- C:\Documents and Settings\wiktor\WINDOWS

2008-05-31 01:03 . 2008-05-31 01:03 <DIR> d-------- C:\Program Files\uTorrent

2008-05-31 01:03 . 2008-06-17 23:44 <DIR> d-------- C:\Documents and Settings\wiktor\Application Data\uTorrent

2008-05-27 23:41 . 2008-05-27 23:41 <DIR> d-------- C:\Program Files\Ubisoft

2008-05-27 10:50 . 2008-05-27 10:50 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-05-27 10:50 . 2008-05-27 10:50 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-05-25 22:46 . 2008-05-25 22:46 22,980 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-05-24 21:20 . 2008-05-24 21:20 <DIR> d-------- C:\Program Files\Matroska Pack

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-17 22:29 --------- d-----w C:\Program Files\eMule

2008-06-17 21:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-06-17 21:37 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-17 21:23 --------- d-----w C:\Documents and Settings\wiktor\Application Data\skypePM

2008-06-17 21:23 --------- d-----w C:\Documents and Settings\wiktor\Application Data\Skype

2008-06-17 20:47 --------- d-----w C:\Program Files\Gadu-Gadu

2008-06-17 16:10 --------- d-----w C:\Documents and Settings\wiktor\Application Data\foobar2000

2008-06-16 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-06-14 23:01 --------- d-----w C:\Documents and Settings\wiktor\Application Data\Apple Computer

2008-06-07 22:14 --------- d-----w C:\Program Files\EA GAMES

2008-06-07 22:06 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-30 22:08 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-05-30 22:08 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2008-05-30 22:08 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-05-30 22:08 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-05-30 22:08 --------- d-----w C:\Program Files\Symantec

2008-05-27 22:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-27 22:48 --------- d-----w C:\Program Files\AGEIA Technologies

2008-05-21 19:46 --------- d-----w C:\Program Files\Picasa2

2008-05-18 20:57 --------- d-----w C:\Program Files\HighGrow

2008-05-09 15:18 --------- d-----w C:\Documents and Settings\wiktor\Application Data\Aptana

2008-05-09 15:16 --------- d-----w C:\Program Files\Aptana

2008-05-09 06:40 --------- d-----w C:\Program Files\free-downloads.net

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-06 18:15 --------- d-----w C:\Program Files\Google

2008-05-06 18:14 --------- d-----w C:\Program Files\Western Digital

2008-05-03 13:07 --------- d-----w C:\Program Files\MSXML 4.0

2008-05-02 23:05 --------- d-----w C:\Program Files\Disc2Phone

2008-05-02 23:02 --------- d-----w C:\Documents and Settings\wiktor\Application Data\Teleca

2008-05-02 23:02 --------- d-----w C:\Documents and Settings\wiktor\Application Data\Sony Ericsson

2008-05-02 23:00 --------- d-----w C:\Program Files\Sony Ericsson

2008-05-02 23:00 --------- d-----w C:\Program Files\Common Files\Teleca Shared

2008-05-02 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca

2008-05-02 23:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-21 20:46 --------- d-----w C:\Program Files\Norton 360

2008-04-21 20:25 --------- d-----w C:\Program Files\Alwil Software

2008-04-09 08:16 47,360 ----a-w C:\Documents and Settings\wiktor\Application Data\pcouffin.sys

2008-03-30 22:15 98,304 ----a-w C:\WINDOWS\system32\qttask.exe

2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-24 20:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2008-03-23 22:43 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-03-23 22:26 32,768 ------w C:\WINDOWS\system32\MWLPS.dll

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]

2008-05-09 07:40 1470488 --a------ C:\Program Files\free-downloads.net\tbfre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfre1.dll" [2008-05-09 07:40 1470488]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfre1.dll [2008-05-09 07:40 1470488]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-03 17:06 68856]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 17:46 217544]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20 1079296]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 11:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 12:57 16855552 C:\WINDOWS\RTHDCPL.exe]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59 115816]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]

"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"BVRPLiveUpdate"="C:\Program Files\Avanquest update\Engine\Setup.exe" [ ]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-06 19:15 1838592]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 02:23 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 21:25:14 745472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.iac2"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax

"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm

"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL

"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll

"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll

"vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll

"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll

"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=

"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

"C:\\Program Files\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"=

"C:\\Program Files\\Ubisoft\\Lost Via Domus\\gu.exe"=

"C:\\Program Files\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]

S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 12:38]

*Newly Created Service* - BONJOUR_SERVICE

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

*Newly Created Service* - FLEXNET_LICENSING_SERVICE

.

Contents of the 'Scheduled Tasks' folder

"2008-06-14 22:56:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-06-12 23:27:11 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-03-23 23:29:53 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

"2008-06-12 10:50:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"

- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

"2008-03-24 11:49:38 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"

- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-17 23:45:00

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"

.

Completion time: 2008-06-17 23:45:43

ComboFix-quarantined-files.txt 2008-06-17 22:45:39

Pre-Run: 78,490,243,072 bytes free

Post-Run: 78,957,146,112 bytes free

221 --- E O F --- 2008-06-10 23:36:30

Sean
komentarz
komentarz

HJT Fix dla wpisów

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640

Nic więcej nie widzę uciąłeś początek loga :)

Combofix sprawdzi ktoś inny :P

wikYO
komentarz
komentarz
HJT Fix dla wpisów

Nic więcej nie widzę uciąłeś początek loga :)

Combofix sprawdzi ktoś inny :P

i co mam z tym zrobic ??

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.