Skocz do zawartości


Zdjęcie

Logi - Komputer się sam wyłącza

Rozpoczęty przez Szib , 06 12 2007 13:54

  • Zamknięty Temat jest zamknięty
8 odpowiedzi w tym temacie

#1 Szib

Szib

    Początkujący

  • 14 postów

Napisano 06 12 2007 - 13:54

komp się sam wyłączył?



Logfile of HijackThis v1.99.1
Scan saved at 12:05:39, on 2007-12-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\SolidWorks\COSMOS\FloWorks\bincfw\StandAloneSlv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
D:\Program Files\Eset\nod32kui.exe
D:\PROGRA~1\NEOSTR~1\CnxMon.exe
D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Eset\nod32.exe
G:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\secpol.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NVRTCLK] D:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{19EDE275-7238-40C9-89D7-90BB4C983318}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - D:\Program Files\SolidWorks\COSMOS\FloWorks\bincfw\StandAloneSlv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

  • 0

#2 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 06 12 2007 - 16:11

Odpal hjt.Wybierz opcję do a system scan only .Zrobi Ci się log i zaznacz kwadrat obok poniższego wpisu i daj fix


O20 - Winlogon Notify: NavLogon - D:\WINDOWS\

  • 0

#3 Szib

Szib

    Początkujący

  • 14 postów

Napisano 06 12 2007 - 17:54

Dzieki
A tak z ciekawości co to jest za wpis?
  • 0

#4 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 07 12 2007 - 17:15

Nazywa się Winlogon Notify.Znajduję w HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify.
  • 0

#5 Szib

Szib

    Początkujący

  • 14 postów

Napisano 14 12 2007 - 11:17

Wstawiam jeszcze loga z comboFix

ComboFix 07-12-10.1 - Artur 2007-12-14 10:13:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.230 [GMT 1:00]
Running from: D:\Documents and Settings\Artur\Pulpit\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-14 to 2007-12-14 )))))))))))))))))))))))))))))))
.

2007-12-10 11:40 . 2007-12-10 11:40 <DIR> d-------- D:\Program Files\PCPitstop
2007-12-07 14:20 . 2007-12-07 14:20 <DIR> d-------- D:\WINDOWS\system32\Kaspersky Lab
2007-12-07 14:20 . 2007-12-07 14:20 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2007-12-04 10:44 . 2007-08-11 20:52 614,400 --a------ D:\WINDOWS\system32\msvcr80.dll
2007-12-04 10:44 . 2007-08-11 20:50 540,672 --a------ D:\WINDOWS\system32\msvcp80.dll
2007-12-04 10:43 . 2007-12-04 10:43 <DIR> d-------- D:\Program Files\ASGvis
2007-12-01 13:14 . 2002-07-17 09:20 45,056 --a------ D:\WINDOWS\system32\WNASPI32.DLL
2007-12-01 13:14 . 2002-07-17 08:53 16,877 --a------ D:\WINDOWS\system32\drivers\ASPI32.SYS
2007-12-01 13:14 . 2002-07-17 16:22 5,600 --a------ D:\WINDOWS\system\WINASPI.DLL
2007-12-01 13:14 . 2002-07-17 16:22 4,672 --a------ D:\WINDOWS\system\WOWPOST.EXE
2007-11-29 13:10 . 2007-11-29 13:10 <DIR> d-------- D:\Documents and Settings\Artur\Dane aplikacji\Ashampoo
2007-11-29 13:09 . 2007-11-29 13:09 <DIR> d-------- D:\Program Files\Ashampoo
2007-11-29 13:09 . 2007-11-29 13:09 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2007-11-25 14:38 . 2007-11-25 14:38 <DIR> d-------- D:\Documents and Settings\Alfreda\Dane aplikacji\Nero
2007-11-25 13:20 . 2007-11-25 13:20 <DIR> d-------- D:\Documents and Settings\Artur\Dane aplikacji\Nero
2007-11-25 13:17 . 2007-11-25 13:19 <DIR> d-------- D:\Program Files\Common Files\Nero
2007-11-25 13:17 . 2007-11-25 13:17 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-11-20 17:46 . 2007-11-20 17:46 <DIR> d-------- D:\Program Files\Google
2007-11-20 17:44 . 2007-11-20 17:45 <DIR> d-------- D:\WINDOWS\system32\URTTemp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-14 09:20 --------- d-----w D:\Documents and Settings\Artur\Dane aplikacji\Skype
2007-12-14 08:57 --------- d-----w D:\Documents and Settings\Alfreda\Dane aplikacji\Skype
2007-12-13 12:11 --------- d-----w D:\Program Files\Neostrada TP
2007-12-13 12:11 --------- d-----w D:\Program Files\FlashGet
2007-12-13 10:36 --------- d-----w D:\Program Files\Mozilla Thunderbird
2007-12-12 16:46 --------- d-----w D:\Documents and Settings\Artur\Dane aplikacji\SolidWorks
2007-12-10 10:27 --------- d-----w D:\Program Files\Java
2007-12-04 09:43 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-02 11:03 --------- d-----w D:\Program Files\Winamp
2007-11-25 12:17 --------- d-----w D:\Program Files\Nero
2007-11-25 12:05 --------- d-----w D:\Program Files\Common Files\Ahead
2007-11-09 13:08 --------- d-----w D:\Program Files\Common Files\Adobe
2007-11-06 13:23 14,358 ----a-w D:\WINDOWS\system32\secpol.exe
2007-11-05 12:52 --------- d-----w D:\Program Files\Cinema 4D Studio Bundle v10.111
2007-10-23 13:20 972,072 ----a-w D:\WINDOWS\UNNeroMediaHome.exe
2007-10-22 07:51 972,072 ----a-w D:\WINDOWS\UNRecode.exe
2007-10-17 16:52 --------- d-----w D:\Documents and Settings\Alfreda\Dane aplikacji\GanymedeNet
2007-10-17 16:48 --------- d-----w D:\Program Files\Ganymede
2007-09-20 07:55 95,600 ----a-w D:\WINDOWS\system32\NeroCo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 02:45]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRTCLK"="D:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 10:44]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:44 D:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2004-12-15 05:01 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:44 D:\WINDOWS\system32\rundll32.exe]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 D:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 01:42]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-01 11:57]
"Launch LGDCore"="D:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 02:22]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-02-25 13:42]
"WooCnxMon"="D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07]
"SpeedTouch USB Diagnostics"="D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38]
"WOOWATCH"="D:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07]
"WOOTASKBARICON"="D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07]
"NeroFilterCheck"="D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VGAUtil"=D:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
"EasyTuneV"=D:\Program Files\Gigabyte\ET5\GUI.exe

R0 ub1394;Unibrain 1394 Class Driver;D:\WINDOWS\system32\DRIVERS\ub1394.sys
R0 ubsbm;Unibrain 1394 SBM Driver;D:\WINDOWS\system32\DRIVERS\ubsbm.sys
R1 fwdrv;Firewall Driver;D:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;D:\WINDOWS\system32\drivers\khips.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R2 SVKP;SVKP;\??\D:\WINDOWS\system32\SVKP.sys
R2 ubumapi;Unibrain 1394 FireAPI Driver;D:\WINDOWS\system32\DRIVERS\ubumapi.sys
R3 GVCplDrv;GVCplDrv;D:\WINDOWS\system32\drivers\GVCplDrv.sys
R3 ubsbp2;Unibrain SBP2 Bus Driver;D:\WINDOWS\system32\DRIVERS\ubsbp2.sys
S2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
S3 ubohci;Unibrain 1394 OHCI Driver;D:\WINDOWS\system32\DRIVERS\ubohci.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22398cdf-9618-11d9-a3b5-806d6172696f}]
\Shell\AutoRun\command - H:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-30 16:15:00 D:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 10:20:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> D:\Program Files\Eset\pr_imon.dll

PROCESS: D:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> D:\Program Files\Eset\pr_imon.dll
.
Completion time: 2007-12-14 10:21:38 - machine was rebooted
.
--- E O F ---
  • 0

#6 Tequila

Tequila

    Stały użytkownik

  • 386 postów

Napisano 14 12 2007 - 22:27

Uruchom wiersz polecenia (Start -> uruchom -> cmd) i wydaj tam polecenia:
sc stop SVKP
sc delete SVKP
Skasuj plik D:\WINDOWS\system32\SVKP.sys

Dodatkowo - zajrzyj -> http://wirusy.antivirenkit.pl/pl/opis/Back...32.Rbot.yk.html i poszukaj i skasuj plik tam wymieniony pnpsrv.exe
  • 0

#7 Szib

Szib

    Początkujący

  • 14 postów

Napisano 15 12 2007 - 12:47

Pliku pnpsrv.exe nie znalazłem
  • 0

#8 Tequila

Tequila

    Stały użytkownik

  • 386 postów

Napisano 15 12 2007 - 12:50

No to dobrze :rolleyes:

Pokaz raz jeszcze loga ComboFixa
  • 0

#9 Szib

Szib

    Początkujący

  • 14 postów

Napisano 30 12 2007 - 14:03

Wstawiam loga z combofix'a

ComboFix 07-12-21.4 - Artur 2007-12-30 13:04:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.130 [GMT 1:00]
Running from: D:\Documents and Settings\Artur\Pulpit\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.

2007-12-14 17:39 . 2007-12-25 15:55 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2007-12-14 17:39 . 2007-12-14 17:39 1,409 --a------ D:\WINDOWS\QTFont.for
2007-12-10 11:40 . 2007-12-10 11:40 <DIR> d-------- D:\Program Files\PCPitstop
2007-12-07 14:20 . 2007-12-07 14:20 <DIR> d-------- D:\WINDOWS\system32\Kaspersky Lab
2007-12-07 14:20 . 2007-12-07 14:20 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2007-12-04 10:44 . 2007-08-11 20:52 614,400 --a------ D:\WINDOWS\system32\msvcr80.dll
2007-12-04 10:44 . 2007-08-11 20:50 540,672 --a------ D:\WINDOWS\system32\msvcp80.dll
2007-12-04 10:43 . 2007-12-04 10:43 <DIR> d-------- D:\Program Files\ASGvis
2007-12-01 13:14 . 2002-07-17 09:20 45,056 --a------ D:\WINDOWS\system32\WNASPI32.DLL
2007-12-01 13:14 . 2002-07-17 08:53 16,877 --a------ D:\WINDOWS\system32\drivers\ASPI32.SYS
2007-12-01 13:14 . 2002-07-17 16:22 5,600 --a------ D:\WINDOWS\system\WINASPI.DLL
2007-12-01 13:14 . 2002-07-17 16:22 4,672 --a------ D:\WINDOWS\system\WOWPOST.EXE
2007-11-29 13:10 . 2007-11-29 13:10 <DIR> d-------- D:\Documents and Settings\Artur\Dane aplikacji\Ashampoo
2007-11-29 13:09 . 2007-11-29 13:09 <DIR> d-------- D:\Program Files\Ashampoo
2007-11-29 13:09 . 2007-11-29 13:09 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\ashampoo
2007-11-25 14:38 . 2007-11-25 14:38 <DIR> d-------- D:\Documents and Settings\Alfreda\Dane aplikacji\Nero
2007-11-25 13:20 . 2007-11-25 13:20 <DIR> d-------- D:\Documents and Settings\Artur\Dane aplikacji\Nero
2007-11-25 13:17 . 2007-11-25 13:19 <DIR> d-------- D:\Program Files\Common Files\Nero
2007-11-25 13:17 . 2007-11-25 13:17 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-11-20 17:46 . 2007-11-20 17:46 <DIR> d-------- D:\Program Files\Google
2007-11-20 17:44 . 2007-11-20 17:45 <DIR> d-------- D:\WINDOWS\system32\URTTemp
2007-11-09 14:08 . 2007-11-09 14:08 <DIR> d-------- D:\WINDOWS\system32\Adobe
2007-11-09 14:08 . 2001-10-26 23:16 16,384 --a------ D:\WINDOWS\system32\FileOps.exe
2007-11-09 14:04 . 2007-11-09 14:04 <DIR> d-------- D:\WINDOWS\Adobe Illustrator CS
2007-11-06 14:21 . 2007-11-06 14:23 14,358 --a------ D:\WINDOWS\system32\secpol.exe
2007-11-05 13:51 . 2007-11-05 13:52 <DIR> d-------- D:\Program Files\Cinema 4D Studio Bundle v10.111

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 12:02 --------- d-----w D:\Program Files\Neostrada TP
2007-12-30 12:02 --------- d-----w D:\Program Files\FlashGet
2007-12-30 12:01 --------- d-----w D:\Documents and Settings\Artur\Dane aplikacji\Skype
2007-12-30 10:04 --------- d-----w D:\Documents and Settings\Alfreda\Dane aplikacji\Skype
2007-12-26 16:29 --------- d-----w D:\Program Files\Mozilla Thunderbird
2007-12-12 16:46 --------- d-----w D:\Documents and Settings\Artur\Dane aplikacji\SolidWorks
2007-12-10 10:27 --------- d-----w D:\Program Files\Java
2007-12-04 09:43 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-12-02 11:03 --------- d-----w D:\Program Files\Winamp
2007-11-25 12:17 --------- d-----w D:\Program Files\Nero
2007-11-25 12:05 --------- d-----w D:\Program Files\Common Files\Ahead
2007-11-09 13:08 --------- d-----w D:\Program Files\Common Files\Adobe
2007-10-23 13:20 972,072 ----a-w D:\WINDOWS\UNNeroMediaHome.exe
2007-10-22 07:51 972,072 ----a-w D:\WINDOWS\UNRecode.exe
2007-09-20 07:55 95,600 ----a-w D:\WINDOWS\system32\NeroCo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 02:45]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRTCLK"="D:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 10:44]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:44 D:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2004-12-15 05:01 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:44 D:\WINDOWS\system32\rundll32.exe]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 D:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 01:42]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-01 11:57]
"Launch LGDCore"="D:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 02:22]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2007-02-25 13:42]
"WooCnxMon"="D:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07]
"SpeedTouch USB Diagnostics"="D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38]
"WOOWATCH"="D:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07]
"WOOTASKBARICON"="D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07]
"NeroFilterCheck"="D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VGAUtil"=D:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
"EasyTuneV"=D:\Program Files\Gigabyte\ET5\GUI.exe

R0 ub1394;Unibrain 1394 Class Driver;D:\WINDOWS\system32\DRIVERS\ub1394.sys [2004-11-22 16:24]
R0 ubsbm;Unibrain 1394 SBM Driver;D:\WINDOWS\system32\DRIVERS\ubsbm.sys [2004-11-22 16:25]
R1 fwdrv;Firewall Driver;D:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]
R1 khips;Kerio HIPS Driver;D:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 08:51]
R2 ubumapi;Unibrain 1394 FireAPI Driver;D:\WINDOWS\system32\DRIVERS\ubumapi.sys [2004-11-22 16:25]
R3 GVCplDrv;GVCplDrv;D:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 09:47]
R3 ubsbp2;Unibrain SBP2 Bus Driver;D:\WINDOWS\system32\DRIVERS\ubsbp2.sys [2004-11-22 16:24]
S2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-02-23 11:41]
S3 ubohci;Unibrain 1394 OHCI Driver;D:\WINDOWS\system32\DRIVERS\ubohci.sys [2004-11-22 16:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22398cdf-9618-11d9-a3b5-806d6172696f}]
\Shell\AutoRun\command - H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ecd29e4-ae19-11dc-b5c7-000e501db367}]
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 16:15:00 D:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 13:08:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> D:\Program Files\Eset\pr_imon.dll

PROCESS: D:\WINDOWS\explorer.exe [6.00.2900.2180]
-> D:\Program Files\Eset\pr_imon.dll
.
Completion time: 2007-12-30 13:10:16


Pozdrawiam

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·