DiDA utworzono 19 czerwca 2007 utworzono 19 czerwca 2007 Witam! Od jakiegoś czasu po uruchomieniu systemu pojawia mi się komunikat informujący, że problemem "czegoś" może być Bad Sector or Virus. Rzeczywiście, nowe programy i gry świeżo po zainstalowaniu przestają działać. Co o tym sądzicie? Mi się wydaje, ze dysk się psuje (staruszek ma już ładne 4 lata)...
DiDA komentarz 19 czerwca 2007 Autor komentarz 19 czerwca 2007 a jaki program daje ci takie komendy ? Nie mam pojęcia. Kilka z nich nie działa.
dar55 komentarz 19 czerwca 2007 komentarz 19 czerwca 2007 skoro tak coś pisze to trzeba posłuchac, zainstaluj jakiegoś antywira (kaspersky jest dobry) , ad aware , uaktualnij bazę i skanuj cały komp , to na poczatek
CatchMe komentarz 19 czerwca 2007 komentarz 19 czerwca 2007 a ja znam dokładniejszą metodę... Wklej logi z HijackThis, Silent Runners, ComboFix.
DiDA komentarz 20 czerwca 2007 Autor komentarz 20 czerwca 2007 Logfile of HijackThis v1.99.1 Scan saved at 12:48:27, on 2007-06-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:WINDOWSSystem32smss.exe D:WINDOWSsystem32winlogon.exe D:WINDOWSsystem32services.exe D:WINDOWSsystem32lsass.exe D:WINDOWSsystem32svchost.exe D:WINDOWSSystem32svchost.exe D:WINDOWSsystem32spoolsv.exe D:WINDOWSsystem32nvsvc32.exe D:WINDOWSsvchost.exe D:WINDOWSExplorer.EXE D:Program FilesCyberLinkPowerDVDPDVDServ.exe D:Program FilesWLANWConfigWConfig.exe D:Program FilesMozilla Firefoxfirefox.exe D:DOCUME~1DiDAUSTAWI~1TempICEOWSViewUpdHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE D:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [bearShare] "D:Program FilesBearShareBearShare.exe" /pause O4 - HKLM..Run: [RemoteControl] "D:Program FilesCyberLinkPowerDVDPDVDServ.exe" O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray O4 - Global Startup: WConfig.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe O17 - HKLMSystemCCSServicesTcpip..{A1C0D821-4997-41F2-AF5C-819FFE7C01D6}: NameServer = 194.204.159.1,194.204.152.34 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:WINDOWSsystem32nvsvc32.exe _____________________________________________________ "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "Gadu-Gadu" = ""D:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "NvCplDaemon" = "RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE D:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS] "BearShare" = ""D:Program FilesBearShareBearShare.exe" /pause" [file not found] "RemoteControl" = ""D:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {37B85A21-692B-4205-9CAD-2626E4993404}(Default) = "My Global Search Bar BHO" -> {HKLM...CLSID} = "My Global Search Bar BHO" InProcServer32(Default) = "D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL" ["My Global Search"] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "D:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" InProcServer32(Default) = "D:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" InProcServer32(Default) = "D:PROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" InProcServer32(Default) = "D:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" InProcServer32(Default) = "D:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "D:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" InProcServer32(Default) = "D:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"] "{FEB7DAE0-E111-11D0-BFD7-444553540000}" = "ICEOWS" -> {HKLM...CLSID} = "Folder Iceows" InProcServer32(Default) = "D:WINDOWSsystem32ShellExtIceGUI.dll" ["Raphaël MOUNIER"] HKLMSoftwareClasses*shellexContextMenuHandlers ICEOWS(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}" -> {HKLM...CLSID} = "Folder Iceows" InProcServer32(Default) = "D:WINDOWSsystem32ShellExtIceGUI.dll" ["Raphaël MOUNIER"] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers ICEOWS(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}" -> {HKLM...CLSID} = "Folder Iceows" InProcServer32(Default) = "D:WINDOWSsystem32ShellExtIceGUI.dll" ["Raphaël MOUNIER"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "D:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "D:Documents and SettingsDiDAUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Startup items in "DiDA" & "All Users" startup folders: ------------------------------------------------------ D:Documents and SettingsAll UsersMenu StartProgramyAutostart "WConfig" -> shortcut to: "D:Program FilesWLANWConfigWConfig.exe" ["WirelessLan Technology, Corp."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLMSoftwareMicrosoftInternet ExplorerToolbar "{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided) -> {HKLM...CLSID} = "My Global Search Bar" InProcServer32(Default) = "D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL" ["My Global Search"] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "D:Program FilesMessengermsmsgs.exe" [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NVIDIA Display Driver Service, NVSvc, "D:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"] Power Manager, PowerManager, "D:WINDOWSsvchost.exe" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 75 seconds, including 7 seconds for message boxes) _____________________________________________________ ComboFix 07-06-18.2 - D:Documents and SettingsDiDAPulpitComboFix.exe "DiDA" - 2007-06-20 12:56:16 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) D:Program FilesMyGlobalSearch D:Program FilesMyGlobalSearchbar1.binM9FFXTBR.JAR D:Program FilesMyGlobalSearchbar1.binM9FFXTBR.MANIFEST D:Program FilesMyGlobalSearchbar1.binM9NTSTBR.JAR D:Program FilesMyGlobalSearchbar1.binM9NTSTBR.MANIFEST D:Program FilesMyGlobalSearchbar1.binM9PLUGIN.DLL D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL D:Program FilesMyGlobalSearchbar1.binNPMYGLSH.DLL D:Program FilesMyGlobalSearchbarCache000529E6 D:Program FilesMyGlobalSearchbarCache00054BD1 D:Program FilesMyGlobalSearchbarCache00057032.bin D:Program FilesMyGlobalSearchbarCache00057367.bin D:Program FilesMyGlobalSearchbarCache00059A72.bin D:Program FilesMyGlobalSearchbarCachefiles.ini D:Program FilesMyGlobalSearchbarHistorysearch D:Program FilesMyGlobalSearchbarSettingsprevcfg.htm D:WINDOWSsvchost.exe ((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 ))))))))))))))))))))))))))))))) 2007-06-20 12:57 <DIR> d-------- D:Program FilesMyGlobalSearch 2007-06-20 12:56 49,152 --a------ D:WINDOWSnircmd.exe 2007-06-18 21:16 <DIR> d-------- D:WINDOWSpss 2007-06-18 12:04 <DIR> d-------- D:Program FilesRockstar Games 2007-06-18 11:56 <DIR> d-------- D:DOCUME~1DiDADANEAP~1CyberLink 2007-06-18 08:32 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1DVD Shrink 2007-06-18 08:30 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1CyberLink 2007-06-18 08:29 <DIR> d-------- D:Program FilesCyberLink 2007-06-18 08:29 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1CyberLink 2007-06-17 20:06 36 --a------ D:DOCUME~1DiDAklextlock.dat 2007-06-17 20:02 <DIR> d-------- D:DOCUME~1DiDADANEAP~1Kazaa Lite 2007-06-17 19:10 <DIR> d-------- D:My Downloads 2007-06-17 11:56 <DIR> d-------- D:DOCUME~1DiDADANEAP~1GanymedeNet 2007-06-16 20:26 9,464 --------- D:WINDOWSsystem32driverscdralw2k.sys 2007-06-16 20:26 9,336 --------- D:WINDOWSsystem32driverscdr4_xp.sys 2007-06-16 20:26 43,528 --------- D:WINDOWSsystem32driversPxHelp20.sys 2007-06-16 20:26 129,784 --------- D:WINDOWSsystem32pxafs.dll 2007-06-16 19:57 <DIR> d-------- D:Program FilesBlender Foundation 2007-06-16 17:49 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1Gadu-Gadu 2007-06-16 17:46 4 --a------ D:WINDOWSsystem32proc12943287.bin 2007-06-16 17:46 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1GanymedeNet 2007-06-16 17:44 <DIR> d-------- D:Program FilesIrfanView 2007-06-16 17:44 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1IrfanView 2007-06-16 17:43 60,273 --a------ D:WINDOWSsystem32pthreadGC2.dll 2007-06-16 17:43 499,712 --a------ D:WINDOWSsystem32msvcp71.dll 2007-06-16 17:43 348,160 --a------ D:WINDOWSsystem32msvcr71.dll 2007-06-16 17:43 10,752 --a------ D:WINDOWSsystem32ff_vfw.dll 2007-06-16 17:43 <DIR> d-------- D:Program Filesffdshow 2007-06-16 17:40 <DIR> d-------- D:DOCUME~1UKASZ~1Gadu-Gadu 2007-06-16 17:39 <DIR> d-------- D:WINDOWSShellNew 2007-06-16 17:39 <DIR> d-------- D:Program FilesICEOWS 2007-06-16 17:31 1,048,576 --ah----- D:DOCUME~1UKASZ~1NTUSER.DAT 2007-06-16 17:31 <DIR> dr-h----- D:DOCUME~1UKASZ~1Dane aplikacji 2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Ulubione 2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Moje dokumenty 2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Menu Start 2007-06-16 17:31 <DIR> d--h----- D:DOCUME~1UKASZ~1Ustawienia lokalne 2007-06-16 17:31 <DIR> d--h----- D:DOCUME~1UKASZ~1Szablony 2007-06-16 17:31 <DIR> d-------- D:DOCUME~1UKASZ~1Pulpit 2007-06-16 15:11 6,400 --a------ D:WINDOWSsystem32driverssplitter.sys 2007-06-16 15:10 82,944 --a------ D:WINDOWSsystem32driverswdmaud.sys 2007-06-16 15:10 7,552 --a------ D:WINDOWSsystem32driversMSKSSRV.sys 2007-06-16 15:10 60,800 --a------ D:WINDOWSsystem32driverssysaudio.sys 2007-06-16 15:10 54,272 --a------ D:WINDOWSsystem32driversswmidi.sys 2007-06-16 15:10 52,864 --a------ D:WINDOWSsystem32driversDMusic.sys 2007-06-16 15:10 5,376 --a------ D:WINDOWSsystem32driversMSPCLOCK.sys 2007-06-16 15:10 4,992 --a------ D:WINDOWSsystem32driversMSPQM.sys 2007-06-16 15:10 3,072 --a------ D:WINDOWSsystem32driversaudstub.sys 2007-06-16 15:10 2,944 --a------ D:WINDOWSsystem32driversdrmkaud.sys 2007-06-16 15:10 171,776 --a------ D:WINDOWSsystem32driverskmixer.sys 2007-06-16 15:10 142,464 --a------ D:WINDOWSsystem32driversaec.sys 2007-06-16 15:09 77,312 --a------ D:WINDOWSsystem32usbui.dll 2007-06-16 15:09 60,288 --a------ D:WINDOWSsystem32driversdrmk.sys 2007-06-16 15:09 58,624 --a------ D:WINDOWSsystem32driversredbook.sys 2007-06-16 15:09 4,527,488 --a------ D:WINDOWSsystem32nv4_disp.dll 2007-06-16 15:09 4,096 --a------ D:WINDOWSsystem32ksuser.dll 2007-06-16 15:09 3,994,624 --a------ D:WINDOWSsystem32driversnv4_mini.sys 2007-06-16 15:09 27,008 --a------ D:WINDOWSsystem32driversSISAGP.SYS 2007-06-16 15:09 2,944 --a------ D:WINDOWSsystem32driversmsmpu401.sys 2007-06-16 15:09 145,792 --a------ D:WINDOWSsystem32driversportcls.sys 2007-06-16 15:09 10,624 --a------ D:WINDOWSsystem32driversgameenum.sys 2007-06-16 15:07 8,192 -ra------ D:WINDOWSsystem32kbdhept.dll 2007-06-16 15:07 6,656 -ra------ D:WINDOWSsystem32kbdhela3.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdtuq.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdtuf.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdlv1.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdlv.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdhela2.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdgkl.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdest.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdmon.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdlt1.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdlt.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdkyr.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe319.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe220.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdazel.dll 2007-06-16 15:07 <DIR> dr------- D:Program Files 2007-06-16 15:07 <DIR> d--hs---- D:WINDOWSInstaller 2007-06-16 15:07 <DIR> d-------- D:Program FilesCommon FilesSpeechEngines 2007-06-16 15:07 <DIR> d-------- D:Program FilesCommon FilesODBC 2007-06-16 15:06 9,936 --a------ D:WINDOWSsystemLZEXPAND.DLL 2007-06-16 15:06 9,168 --a------ D:WINDOWSsystemVER.DLL 2007-06-16 15:06 85,532 --a------ D:WINDOWSsystem32dgsetup.dll 2007-06-16 15:06 83,456 --a------ D:WINDOWSsystemOLECLI.DLL 2007-06-16 15:06 8,704 --a------ D:WINDOWSsystem32batt.dll 2007-06-16 15:06 75,776 --a------ D:WINDOWSsystem32storprop.dll 2007-06-16 15:06 70,144 --a------ D:WINDOWSNOTEPAD.EXE 2007-06-16 15:06 70,096 --a------ D:WINDOWSsystemAVICAP.DLL 2007-06-16 15:06 7,168 --a------ D:WINDOWSsystem32kbdcz.dll 2007-06-16 15:06 69,552 --a------ D:WINDOWSsystemMMSYSTEM.DLL 2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdycl.dll 2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdsl1.dll 2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdsl.dll 2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdhu.dll 2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdcz2.dll 2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdcz1.dll 2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdcr.dll 2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32KBDAL.DLL (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-19 13:45:01 972,288 ----a-w D:WINDOWSsystem32nvcplui.exe 2007-06-19 13:40:15 1,622,016 ----a-w D:WINDOWSsystem32nwiz.exe 2007-06-17 05:46:31 12,528 ----a-w D:WINDOWSsystem32driverssecdrv.sys 2007-06-16 11:26:40 49,492 ----a-w D:WINDOWSsystem32perfc015.dat 2007-06-16 11:26:40 355,486 ----a-w D:WINDOWSsystem32perfh015.dat 2007-06-16 11:17:07 -------- d-----w D:Program FilesUsługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "nwiz"="nwiz.exe" [2007-06-19 15:40 D:WINDOWSsystem32nwiz.exe] "BearShare"="D:Program FilesBearShareBearShare.exe" [] "RemoteControl"="D:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2005-01-12 03:01] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36] [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck] D:WINDOWSsystem32NeroCheck.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl] "D:Program FilesCyberLinkPowerDVDPDVDServ.exe" ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-20 12:57:50 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-20 12:59:04 D:ComboFix-quarantined-files.txt ... 2007-06-20 12:58 --- E O F --- __________ Zainstalowałem Kasperskiego, AdAware - pełno mi rzeczy znalazł na komputerze, pousuwał, wyleczył ale problemy są znowu:/
CatchMe komentarz 20 czerwca 2007 komentarz 20 czerwca 2007 Przyczyną jest wirus. :arrow: :mowiciel: D:DOCUME~1DiDADANEAP~1Kazaa Lite ! ? - nie strasz tym programem... USUWANIE: 1. Ściągnij: WWDC - Zmień wszystkie opcje z disable na enable i uruchom ponownie komputer. - Prawidłowy układ portów przedstawia zdjęcie: http://www.firewallleaktester.com/images_site/wwdc.jpg * NetBIOS może być żółty. Pobierz i uruchom narzędzie : The Avenger Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz: Files to delete: D:WINDOWSsvchost.exe Folders to delete: D:Program FilesMyGlobalSearch Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK. Po restarcie w HijackThis usuwasz wpis/wpisy: O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL Kasujesz ręcznie z dysku plik: C:Avengerbackup.zip i wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix + 2 logi z GMERA.
DiDA komentarz 20 czerwca 2007 Autor komentarz 20 czerwca 2007 Trochę to skomplikowane:) Logfile of The Avenger version 1, by Swandog46 Running from registry key: RegistryMachineSystemCurrentControlSetServicesymlhqffw ******************* Script file located at: ??D:WINDOWSwrfrscta.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at D:Avenger ******************* Beginning to process script file: File D:WINDOWSsvchost.exe not found! Deletion of file D:WINDOWSsvchost.exe failed! Could not process line: D:WINDOWSsvchost.exe Status: 0xc0000034 Folder D:Program FilesMyGlobalSearch deleted successfully. Completed script processing. ******************* Finished! Terminate. Logfile of HijackThis v1.99.1 Scan saved at 17:34:47, on 2007-06-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:WINDOWSSystem32smss.exe D:WINDOWSsystem32winlogon.exe D:WINDOWSsystem32services.exe D:WINDOWSsystem32lsass.exe D:WINDOWSsystem32svchost.exe D:WINDOWSSystem32svchost.exe D:WINDOWSsystem32spoolsv.exe D:WINDOWSExplorer.EXE D:WINDOWSsystem32nvsvc32.exe D:Program FilesCyberLinkPowerDVDPDVDServ.exe D:Program FilesGadu-Gadugg.exe D:Program FilesWLANWConfigWConfig.exe D:Program FilesMozilla Firefoxfirefox.exe D:WINDOWSsystem32wuauclt.exe D:DOCUME~1DiDAUSTAWI~1TempICEOWSViewUpdHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [bearShare] "D:Program FilesBearShareBearShare.exe" /pause O4 - HKLM..Run: [RemoteControl] "D:Program FilesCyberLinkPowerDVDPDVDServ.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray O4 - Global Startup: WConfig.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe O17 - HKLMSystemCCSServicesTcpip..{A1C0D821-4997-41F2-AF5C-819FFE7C01D6}: NameServer = 194.204.159.1,194.204.152.34 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:WINDOWSsystem32nvsvc32.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - D:WINDOWSsvchost.exe (file missing) "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "Gadu-Gadu" = ""D:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "BearShare" = ""D:Program FilesBearShareBearShare.exe" /pause" [file not found] "RemoteControl" = ""D:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."] "NvCplDaemon" = "RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "D:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] ComboFix 07-06-18.2 - D:Documents and SettingsDiDAPulpitComboFix.exe "DiDA" - 2007-06-20 20:41:02 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 ))))))))))))))))))))))))))))))) 2007-06-20 17:28 60,416 --a------ D:WINDOWSsystem32driverssfjep^be.sys 2007-06-20 15:41 <DIR> d-------- D:DOCUME~1DiDADANEAP~1uTorrent 2007-06-20 15:31 <DIR> d-------- D:WINDOWSCache 2007-06-20 13:15 <DIR> d-------- D:WINDOWSsystem32appmgmt 2007-06-20 13:08 <DIR> d-------- D:Program FilesCall of Duty 2007-06-20 12:56 49,152 --a------ D:WINDOWSnircmd.exe 2007-06-18 21:16 <DIR> d-------- D:WINDOWSpss 2007-06-18 12:04 <DIR> d-------- D:Program FilesRockstar Games 2007-06-18 11:56 <DIR> d-------- D:DOCUME~1DiDADANEAP~1CyberLink 2007-06-18 08:32 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1DVD Shrink 2007-06-18 08:30 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1CyberLink 2007-06-18 08:29 <DIR> d-------- D:Program FilesCyberLink 2007-06-18 08:29 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1CyberLink 2007-06-17 20:06 36 --a------ D:DOCUME~1DiDAklextlock.dat 2007-06-17 20:02 <DIR> d-------- D:DOCUME~1DiDADANEAP~1Kazaa Lite 2007-06-17 19:10 <DIR> d-------- D:My Downloads 2007-06-17 11:56 <DIR> d-------- D:DOCUME~1DiDADANEAP~1GanymedeNet 2007-06-16 20:26 9,464 --------- D:WINDOWSsystem32driverscdralw2k.sys 2007-06-16 20:26 9,336 --------- D:WINDOWSsystem32driverscdr4_xp.sys 2007-06-16 20:26 43,528 --------- D:WINDOWSsystem32driversPxHelp20.sys 2007-06-16 20:26 129,784 --------- D:WINDOWSsystem32pxafs.dll 2007-06-16 19:57 <DIR> d-------- D:Program FilesBlender Foundation 2007-06-16 17:49 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1Gadu-Gadu 2007-06-16 17:46 4 --a------ D:WINDOWSsystem32proc12943287.bin 2007-06-16 17:46 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1GanymedeNet 2007-06-16 17:44 <DIR> d-------- D:Program FilesIrfanView 2007-06-16 17:44 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1IrfanView 2007-06-16 17:43 60,273 --a------ D:WINDOWSsystem32pthreadGC2.dll 2007-06-16 17:43 499,712 --a------ D:WINDOWSsystem32msvcp71.dll 2007-06-16 17:43 348,160 --a------ D:WINDOWSsystem32msvcr71.dll 2007-06-16 17:43 10,752 --a------ D:WINDOWSsystem32ff_vfw.dll 2007-06-16 17:43 <DIR> d-------- D:Program Filesffdshow 2007-06-16 17:40 <DIR> d-------- D:DOCUME~1UKASZ~1Gadu-Gadu 2007-06-16 17:39 <DIR> d-------- D:WINDOWSShellNew 2007-06-16 17:39 <DIR> d-------- D:Program FilesICEOWS 2007-06-16 17:31 1,048,576 --ah----- D:DOCUME~1UKASZ~1NTUSER.DAT 2007-06-16 17:31 <DIR> dr-h----- D:DOCUME~1UKASZ~1Dane aplikacji 2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Ulubione 2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Moje dokumenty 2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Menu Start 2007-06-16 17:31 <DIR> d--h----- D:DOCUME~1UKASZ~1Ustawienia lokalne 2007-06-16 17:31 <DIR> d--h----- D:DOCUME~1UKASZ~1Szablony 2007-06-16 17:31 <DIR> d-------- D:DOCUME~1UKASZ~1Pulpit 2007-06-16 15:11 6,400 --a------ D:WINDOWSsystem32driverssplitter.sys 2007-06-16 15:10 82,944 --a------ D:WINDOWSsystem32driverswdmaud.sys 2007-06-16 15:10 7,552 --a------ D:WINDOWSsystem32driversMSKSSRV.sys 2007-06-16 15:10 60,800 --a------ D:WINDOWSsystem32driverssysaudio.sys 2007-06-16 15:10 54,272 --a------ D:WINDOWSsystem32driversswmidi.sys 2007-06-16 15:10 52,864 --a------ D:WINDOWSsystem32driversDMusic.sys 2007-06-16 15:10 5,376 --a------ D:WINDOWSsystem32driversMSPCLOCK.sys 2007-06-16 15:10 4,992 --a------ D:WINDOWSsystem32driversMSPQM.sys 2007-06-16 15:10 3,072 --a------ D:WINDOWSsystem32driversaudstub.sys 2007-06-16 15:10 2,944 --a------ D:WINDOWSsystem32driversdrmkaud.sys 2007-06-16 15:10 171,776 --a------ D:WINDOWSsystem32driverskmixer.sys 2007-06-16 15:10 142,464 --a------ D:WINDOWSsystem32driversaec.sys 2007-06-16 15:09 77,312 --a------ D:WINDOWSsystem32usbui.dll 2007-06-16 15:09 60,288 --a------ D:WINDOWSsystem32driversdrmk.sys 2007-06-16 15:09 58,624 --a------ D:WINDOWSsystem32driversredbook.sys 2007-06-16 15:09 4,527,488 --a------ D:WINDOWSsystem32nv4_disp.dll 2007-06-16 15:09 4,096 --a------ D:WINDOWSsystem32ksuser.dll 2007-06-16 15:09 3,994,624 --a------ D:WINDOWSsystem32driversnv4_mini.sys 2007-06-16 15:09 27,008 --a------ D:WINDOWSsystem32driversSISAGP.SYS 2007-06-16 15:09 2,944 --a------ D:WINDOWSsystem32driversmsmpu401.sys 2007-06-16 15:09 145,792 --a------ D:WINDOWSsystem32driversportcls.sys 2007-06-16 15:09 10,624 --a------ D:WINDOWSsystem32driversgameenum.sys 2007-06-16 15:07 8,192 -ra------ D:WINDOWSsystem32kbdhept.dll 2007-06-16 15:07 6,656 -ra------ D:WINDOWSsystem32kbdhela3.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdtuq.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdtuf.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdlv1.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdlv.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdhela2.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdgkl.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdest.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdmon.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdlt1.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdlt.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdkyr.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe319.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe220.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdazel.dll 2007-06-16 15:07 <DIR> dr------- D:Program Files 2007-06-16 15:07 <DIR> d--hs---- D:WINDOWSInstaller 2007-06-16 15:07 <DIR> d-------- D:Program FilesCommon FilesSpeechEngines 2007-06-16 15:07 <DIR> d-------- D:Program FilesCommon FilesODBC 2007-06-16 15:06 9,936 --a------ D:WINDOWSsystemLZEXPAND.DLL 2007-06-16 15:06 9,168 --a------ D:WINDOWSsystemVER.DLL 2007-06-16 15:06 85,532 --a------ D:WINDOWSsystem32dgsetup.dll 2007-06-16 15:06 83,456 --a------ D:WINDOWSsystemOLECLI.DLL 2007-06-16 15:06 8,704 --a------ D:WINDOWSsystem32batt.dll 2007-06-16 15:06 75,776 --a------ D:WINDOWSsystem32storprop.dll 2007-06-16 15:06 70,144 --a------ D:WINDOWSNOTEPAD.EXE 2007-06-16 15:06 70,096 --a------ D:WINDOWSsystemAVICAP.DLL 2007-06-16 15:06 7,168 --a------ D:WINDOWSsystem32kbdcz.dll 2007-06-16 15:06 69,552 --a------ D:WINDOWSsystemMMSYSTEM.DLL 2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdycl.dll 2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdsl1.dll 2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdsl.dll 2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdhu.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-19 13:45:01 972,288 ----a-w D:WINDOWSsystem32nvcplui.exe 2007-06-19 13:40:15 1,622,016 ----a-w D:WINDOWSsystem32nwiz.exe 2007-06-17 05:46:31 12,528 ----a-w D:WINDOWSsystem32driverssecdrv.sys 2007-06-16 11:26:40 49,492 ----a-w D:WINDOWSsystem32perfc015.dat 2007-06-16 11:26:40 355,486 ----a-w D:WINDOWSsystem32perfh015.dat 2007-06-16 11:17:07 -------- d-----w D:Program FilesUsługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "nwiz"="nwiz.exe" [2007-06-19 15:40 D:WINDOWSsystem32nwiz.exe] "BearShare"="D:Program FilesBearShareBearShare.exe" [] "RemoteControl"="D:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2005-01-12 03:01] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36] [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck] D:WINDOWSsystem32NeroCheck.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl] "D:Program FilesCyberLinkPowerDVDPDVDServ.exe"
CatchMe komentarz 22 czerwca 2007 komentarz 22 czerwca 2007 Upewnij się czy masz dobrze ustawione porty w WWDC. Pobierz i uruchom narzędzie : The Avenger Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz: Drivers to unload: Power Manager Files to delete: D:WINDOWSsystem32driverssfjep^be.sys D:WINDOWSsvchost.exe Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK. Po restarcie w HijackThis usuwasz wpis/wpisy: O23 - Service: Power Manager (PowerManager) - Unknown owner - D:WINDOWSsvchost.exe (file missing) Kasujesz ręcznie z dysku plik: C:Avengerbackup.zip i wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix + KONIECZNIE 2 LOGI Z GMERA!
DiDA komentarz 24 czerwca 2007 Autor komentarz 24 czerwca 2007 Wszystkie porty w WWDC ustawione są poprawnie. Oto logi: Logfile of HijackThis v1.99.1 Scan saved at 12:16:28, on 2007-06-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:WINDOWSSystem32smss.exe D:WINDOWSsystem32winlogon.exe D:WINDOWSsystem32services.exe D:WINDOWSsystem32lsass.exe D:WINDOWSsystem32svchost.exe D:WINDOWSSystem32svchost.exe D:WINDOWSsystem32spoolsv.exe D:WINDOWSsystem32nvsvc32.exe D:WINDOWSsystem32wuauclt.exe D:WINDOWSExplorer.EXE D:Program FilesCyberLinkPowerDVDPDVDServ.exe D:Program FilesQuickTimeqttask.exe D:Program FilesiTunesiTunesHelper.exe D:WINDOWSsystem32spooldriversw32x863hpztsb04.exe D:Program FilesGadu-Gadugg.exe D:Program FilesWLANWConfigWConfig.exe D:Program FilesiPodbiniPodService.exe D:Program FilesMozilla Firefoxfirefox.exe D:DOCUME~1DiDAUSTAWI~1TempICEOWSViewUpdHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [bearShare] "D:Program FilesBearShareBearShare.exe" /pause O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [RemoteControl] "D:Program FilesCyberLinkPowerDVDPDVDServ.exe" O4 - HKLM..Run: [NeroFilterCheck] D:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [QuickTime Task] "D:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [iTunesHelper] "D:Program FilesiTunesiTunesHelper.exe" O4 - HKLM..Run: [HPDJ Taskbar Utility] D:WINDOWSsystem32spooldriversw32x863hpztsb04.exe O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray O4 - Global Startup: WConfig.lnk = ? O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe O17 - HKLMSystemCCSServicesTcpip..{A1C0D821-4997-41F2-AF5C-819FFE7C01D6}: NameServer = 194.204.159.1,194.204.152.34 O23 - Service: iPod Service - Apple Inc. - D:Program FilesiPodbiniPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:WINDOWSsystem32nvsvc32.exe "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "Gadu-Gadu" = ""D:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "BearShare" = ""D:Program FilesBearShareBearShare.exe" /pause" [file not found] "NvCplDaemon" = "RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup" [MS] "RemoteControl" = ""D:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."] "NeroFilterCheck" = "D:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"] "QuickTime Task" = ""D:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Inc."] "iTunesHelper" = ""D:Program FilesiTunesiTunesHelper.exe"" ["Apple Inc."] "HPDJ Taskbar Utility" = "D:WINDOWSsystem32spooldriversw32x863hpztsb04.exe" ["HP"] Logfile of The Avenger version 1, by Swandog46 Running from registry key: RegistryMachineSystemCurrentControlSetServicesfvhxiaxq ******************* Script file located at: ??D:WINDOWSsystem32brmevjcn.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at D:Avenger ******************* Beginning to process script file: Registry key RegistryMachineSystemCurrentControlSetServicesPower Manager not found! Unload of driver Power Manager failed! Could not process line: Power Manager Status: 0xc0000034 File D:WINDOWSsystem32driverssfjep^be.sys deleted successfully. File D:WINDOWSsvchost.exe deleted successfully. Completed script processing. ******************* Finished! Terminate. Logi z GMERA dam potem.
CatchMe komentarz 24 czerwca 2007 komentarz 24 czerwca 2007 Log z HijackThis jest czysty. Silent Runners jest urwany (wklej jeszcze raz cały). Czekam na logi z Gmera i ComboFixa.
DiDA komentarz 24 czerwca 2007 Autor komentarz 24 czerwca 2007 Faktycznie, log urwany - spieszyłem się i nie zauważyłem:) "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "Gadu-Gadu" = ""D:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "BearShare" = ""D:Program FilesBearShareBearShare.exe" /pause" [file not found] "NvCplDaemon" = "RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup" [MS] "RemoteControl" = ""D:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."] "NeroFilterCheck" = "D:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"] "QuickTime Task" = ""D:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Inc."] "iTunesHelper" = ""D:Program FilesiTunesiTunesHelper.exe"" ["Apple Inc."] "HPDJ Taskbar Utility" = "D:WINDOWSsystem32spooldriversw32x863hpztsb04.exe" ["HP"] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "D:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" InProcServer32(Default) = "D:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" InProcServer32(Default) = "D:PROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" InProcServer32(Default) = "D:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" InProcServer32(Default) = "D:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "D:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" InProcServer32(Default) = "D:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"] "{FEB7DAE0-E111-11D0-BFD7-444553540000}" = "ICEOWS" -> {HKLM...CLSID} = "Folder Iceows" InProcServer32(Default) = "D:WINDOWSsystem32ShellExtIceGUI.dll" ["Raphaël MOUNIER"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" InProcServer32(Default) = "D:Program FilesiTunesiTunesMiniPlayer.dll" ["Apple Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers ICEOWS(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}" -> {HKLM...CLSID} = "Folder Iceows" InProcServer32(Default) = "D:WINDOWSsystem32ShellExtIceGUI.dll" ["Raphaël MOUNIER"] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers ICEOWS(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}" -> {HKLM...CLSID} = "Folder Iceows" InProcServer32(Default) = "D:WINDOWSsystem32ShellExtIceGUI.dll" ["Raphaël MOUNIER"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "D:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "D:Documents and SettingsDiDAUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Startup items in "DiDA" & "All Users" startup folders: ------------------------------------------------------ D:Documents and SettingsAll UsersMenu StartProgramyAutostart "WConfig" -> shortcut to: "D:Program FilesWLANWConfigWConfig.exe" ["WirelessLan Technology, Corp."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {FB5F1910-F110-11D2-BB9E-00C04F795683} "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "D:Program FilesMessengermsmsgs.exe" [null data] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ iPod Service, iPod Service, ""D:Program FilesiPodbiniPodService.exe"" ["Apple Inc."] NVIDIA Display Driver Service, NVSvc, "D:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"] Power Manager, PowerManager, "D:WINDOWSsvchost.exe" [MS] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors hpzlnt04Driver = "hpzlnt04.dll" ["HP"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 120 seconds, including 2 seconds for message boxes) "DiDA" - 2007-06-24 16:33:20 - ComboFix 07-06-23.5 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) D:Program FilesMyGlobalSearch D:Program FilesMyGlobalSearchbar1.binM9FFXTBR.JAR D:Program FilesMyGlobalSearchbar1.binM9FFXTBR.MANIFEST D:Program FilesMyGlobalSearchbar1.binM9NTSTBR.JAR D:Program FilesMyGlobalSearchbar1.binM9NTSTBR.MANIFEST D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL D:Program FilesMyGlobalSearchbar1.binNPMYGLSH.DLL D:Program FilesMyGlobalSearchbarCache000214FE D:Program FilesMyGlobalSearchbarCache000217A7 D:Program FilesMyGlobalSearchbarCache000218F1.bin D:Program FilesMyGlobalSearchbarCache0002272E.bin D:Program FilesMyGlobalSearchbarCache000228DD.bin D:Program FilesMyGlobalSearchbarCachefiles.ini D:Program FilesMyGlobalSearchbarHistorysearch D:Program FilesMyGlobalSearchbarSettingsprevcfg.htm D:WINDOWSsystem32msxml3a.dll ((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 ))))))))))))))))))))))))))))))) 2007-06-24 11:02 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1Thunderbird 2007-06-24 11:02 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1Talkback 2007-06-23 15:52 151,552 --a------ D:WINDOWSsystem32MSOSS.DLL 2007-06-23 15:42 <DIR> d-------- D:Program FilesCodemasters 2007-06-23 14:45 376 --a------ D:WINDOWSmozregistry.dat 2007-06-23 14:44 <DIR> d-------- D:Program Fileshp deskjet 656c series 2007-06-23 14:44 <DIR> d-------- D:Program FilesHewlett-Packard 2007-06-23 14:43 25,856 --a------ D:WINDOWSsystem32driversusbprint.sys 2007-06-23 13:38 <DIR> d-------- D:DOCUME~1DiDADANEAP~1Apple Computer 2007-06-23 13:37 <DIR> d-------- D:Program FilesiTunes 2007-06-23 13:37 <DIR> d-------- D:Program FilesiPod 2007-06-23 13:35 <DIR> d-------- D:Program FilesQuickTime 2007-06-23 13:34 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1Apple Computer 2007-06-23 10:03 <DIR> d-------- D:Program FilesCommon FilesNero 2007-06-23 09:59 38,912 --------- D:WINDOWSsystem32picn20.dll 2007-06-23 09:59 364,544 --------- D:WINDOWSsystem32TwnLib4.dll 2007-06-23 09:59 3,151,322 --------- D:WINDOWSUNNeroVision.exe 2007-06-23 09:59 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1Ahead 2007-06-23 09:58 <DIR> d-------- D:Program FilesAhead 2007-06-23 09:49 <DIR> d-------- D:Program FilesCyberLink 2007-06-22 18:33 <DIR> d-------- D:Program FilesCall of Duty 2007-06-21 20:36 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1Lavasoft 2007-06-21 12:39 <DIR> d-------- D:Program FilesMarBit 2007-06-21 08:39 <DIR> d-------- D:Program FilesLavasoft 2007-06-21 08:39 <DIR> d-------- D:DOCUME~1DiDADANEAP~1Lavasoft 2007-06-20 15:41 <DIR> d-------- D:DOCUME~1DiDADANEAP~1uTorrent 2007-06-20 15:31 <DIR> d-------- D:WINDOWSCache 2007-06-20 13:15 <DIR> d-------- D:WINDOWSsystem32appmgmt 2007-06-20 12:56 226,780 --a------ D:WINDOWSnircmd.exe 2007-06-18 21:16 <DIR> d-------- D:WINDOWSpss 2007-06-18 11:56 <DIR> d-------- D:DOCUME~1DiDADANEAP~1CyberLink 2007-06-18 08:32 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1DVD Shrink 2007-06-18 08:30 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1CyberLink 2007-06-18 08:29 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1CyberLink 2007-06-17 20:06 36 --a------ D:DOCUME~1DiDAklextlock.dat 2007-06-17 20:02 <DIR> d-------- D:DOCUME~1DiDADANEAP~1Kazaa Lite 2007-06-17 11:56 <DIR> d-------- D:DOCUME~1DiDADANEAP~1GanymedeNet 2007-06-16 20:26 9,464 --------- D:WINDOWSsystem32driverscdralw2k.sys 2007-06-16 20:26 9,336 --------- D:WINDOWSsystem32driverscdr4_xp.sys 2007-06-16 20:26 43,528 --------- D:WINDOWSsystem32driversPxHelp20.sys 2007-06-16 20:26 129,784 --------- D:WINDOWSsystem32pxafs.dll 2007-06-16 19:57 <DIR> d-------- D:Program FilesBlender Foundation 2007-06-16 17:49 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1Gadu-Gadu 2007-06-16 17:46 4 --a------ D:WINDOWSsystem32proc12943287.bin 2007-06-16 17:46 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1GanymedeNet 2007-06-16 17:44 <DIR> d-------- D:Program FilesIrfanView 2007-06-16 17:44 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1IrfanView 2007-06-16 17:43 60,273 --a------ D:WINDOWSsystem32pthreadGC2.dll 2007-06-16 17:43 499,712 --a------ D:WINDOWSsystem32msvcp71.dll 2007-06-16 17:43 348,160 --a------ D:WINDOWSsystem32msvcr71.dll 2007-06-16 17:43 10,752 --a------ D:WINDOWSsystem32ff_vfw.dll 2007-06-16 17:43 <DIR> d-------- D:Program Filesffdshow 2007-06-16 17:40 <DIR> d-------- D:DOCUME~1UKASZ~1Gadu-Gadu 2007-06-16 17:39 <DIR> d-------- D:WINDOWSShellNew 2007-06-16 17:39 <DIR> d-------- D:Program FilesICEOWS 2007-06-16 17:31 1,310,720 --ah----- D:DOCUME~1UKASZ~1NTUSER.DAT 2007-06-16 17:31 <DIR> dr-h----- D:DOCUME~1UKASZ~1Dane aplikacji 2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Ulubione 2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Moje dokumenty 2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Menu Start 2007-06-16 17:31 <DIR> d--h----- D:DOCUME~1UKASZ~1Ustawienia lokalne 2007-06-16 17:31 <DIR> d--h----- D:DOCUME~1UKASZ~1Szablony 2007-06-16 17:31 <DIR> d-------- D:DOCUME~1UKASZ~1Pulpit 2007-06-16 15:11 6,400 --a------ D:WINDOWSsystem32driverssplitter.sys 2007-06-16 15:10 82,944 --a------ D:WINDOWSsystem32driverswdmaud.sys 2007-06-16 15:10 7,552 --a------ D:WINDOWSsystem32driversMSKSSRV.sys 2007-06-16 15:10 60,800 --a------ D:WINDOWSsystem32driverssysaudio.sys 2007-06-16 15:10 54,272 --a------ D:WINDOWSsystem32driversswmidi.sys 2007-06-16 15:10 52,864 --a------ D:WINDOWSsystem32driversDMusic.sys 2007-06-16 15:10 5,376 --a------ D:WINDOWSsystem32driversMSPCLOCK.sys 2007-06-16 15:10 4,992 --a------ D:WINDOWSsystem32driversMSPQM.sys 2007-06-16 15:10 3,072 --a------ D:WINDOWSsystem32driversaudstub.sys 2007-06-16 15:10 2,944 --a------ D:WINDOWSsystem32driversdrmkaud.sys 2007-06-16 15:10 171,776 --a------ D:WINDOWSsystem32driverskmixer.sys 2007-06-16 15:10 142,464 --a------ D:WINDOWSsystem32driversaec.sys 2007-06-16 15:09 77,312 --a------ D:WINDOWSsystem32usbui.dll 2007-06-16 15:09 60,288 --a------ D:WINDOWSsystem32driversdrmk.sys 2007-06-16 15:09 58,624 --a------ D:WINDOWSsystem32driversredbook.sys 2007-06-16 15:09 4,527,488 --a------ D:WINDOWSsystem32nv4_disp.dll 2007-06-16 15:09 4,096 --a------ D:WINDOWSsystem32ksuser.dll 2007-06-16 15:09 3,994,624 --a------ D:WINDOWSsystem32driversnv4_mini.sys 2007-06-16 15:09 27,008 --a------ D:WINDOWSsystem32driversSISAGP.SYS 2007-06-16 15:09 2,944 --a------ D:WINDOWSsystem32driversmsmpu401.sys 2007-06-16 15:09 145,792 --a------ D:WINDOWSsystem32driversportcls.sys 2007-06-16 15:09 10,624 --a------ D:WINDOWSsystem32driversgameenum.sys 2007-06-16 15:07 8,192 -ra------ D:WINDOWSsystem32kbdhept.dll 2007-06-16 15:07 6,656 -ra------ D:WINDOWSsystem32kbdhela3.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdtuq.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdtuf.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdlv1.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdlv.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdhela2.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdgkl.dll 2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdest.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdmon.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdlt1.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdlt.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdkyr.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe319.dll 2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe220.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-19 13:45:01 972,288 ----a-w D:WINDOWSsystem32nvcplui.exe 2007-06-19 13:40:15 1,799,640 ----a-w D:WINDOWSsystem32nwiz.exe 2007-06-17 05:46:31 12,528 ----a-w D:WINDOWSsystem32driverssecdrv.sys 2007-06-16 11:26:40 49,492 ----a-w D:WINDOWSsystem32perfc015.dat 2007-06-16 11:26:40 355,486 ----a-w D:WINDOWSsystem32perfh015.dat 2007-06-16 11:17:07 -------- d-----w D:Program FilesUsługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "nwiz"="nwiz.exe" [2007-06-19 15:40 D:WINDOWSsystem32nwiz.exe] "BearShare"="D:Program FilesBearShareBearShare.exe" [] "RemoteControl"="D:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2005-01-12 03:01] "QuickTime Task"="D:Program FilesQuickTimeqttask.exe" [2007-04-27 09:41] "iTunesHelper"="D:Program FilesiTunesiTunesHelper.exe" [2007-06-01 16:51] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36] [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck] D:WINDOWSsystem32NeroCheck.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl] "D:Program FilesCyberLinkPowerDVDPDVDServ.exe" *Newly Created Service* - POWERMANAGER ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-24 16:36:13 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-24 16:37:38 D:ComboFix-quarantined-files.txt ... 2007-06-24 16:37 --- E O F --- Gdzie zapisuje się log z GMERA? [/b]
CatchMe komentarz 24 czerwca 2007 komentarz 24 czerwca 2007 Logi są czyste. Log z Gmera nigdzie sie nie zapisuje, po skończeniu skanowania klikasz na przycisk KOPIUJ i wklejasz log do notatnika samodzielnie.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.