x-kom hosting

Bad Sector or Virus

DiDA
utworzono
utworzono

Witam!

Od jakiegoś czasu po uruchomieniu systemu pojawia mi się komunikat informujący, że problemem "czegoś" może być Bad Sector or Virus. Rzeczywiście, nowe programy i gry świeżo po zainstalowaniu przestają działać. Co o tym sądzicie? Mi się wydaje, ze dysk się psuje (staruszek ma już ładne 4 lata)...

dar55
komentarz
komentarz

a jaki program daje ci takie komendy ?

DiDA
komentarz
komentarz
a jaki program daje ci takie komendy ?

Nie mam pojęcia. Kilka z nich nie działa.

dar55
komentarz
komentarz

skoro tak coś pisze to trzeba posłuchac, :) zainstaluj jakiegoś antywira (kaspersky jest dobry) , ad aware , uaktualnij bazę i skanuj cały komp , to na poczatek

CatchMe
komentarz
komentarz

a ja znam dokładniejszą metodę... Wklej logi z HijackThis, Silent Runners, ComboFix.

DiDA
komentarz
komentarz

Logfile of HijackThis v1.99.1

Scan saved at 12:48:27, on 2007-06-20

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:WINDOWSSystem32smss.exe

D:WINDOWSsystem32winlogon.exe

D:WINDOWSsystem32services.exe

D:WINDOWSsystem32lsass.exe

D:WINDOWSsystem32svchost.exe

D:WINDOWSSystem32svchost.exe

D:WINDOWSsystem32spoolsv.exe

D:WINDOWSsystem32nvsvc32.exe

D:WINDOWSsvchost.exe

D:WINDOWSExplorer.EXE

D:Program FilesCyberLinkPowerDVDPDVDServ.exe

D:Program FilesWLANWConfigWConfig.exe

D:Program FilesMozilla Firefoxfirefox.exe

D:DOCUME~1DiDAUSTAWI~1TempICEOWSViewUpdHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE D:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [bearShare] "D:Program FilesBearShareBearShare.exe" /pause

O4 - HKLM..Run: [RemoteControl] "D:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray

O4 - Global Startup: WConfig.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe

O17 - HKLMSystemCCSServicesTcpip..{A1C0D821-4997-41F2-AF5C-819FFE7C01D6}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:WINDOWSsystem32nvsvc32.exe

_____________________________________________________

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"Gadu-Gadu" = ""D:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}

"NvCplDaemon" = "RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE D:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS]

"BearShare" = ""D:Program FilesBearShareBearShare.exe" /pause" [file not found]

"RemoteControl" = ""D:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects

{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = "My Global Search Bar BHO"

-> {HKLM...CLSID} = "My Global Search Bar BHO"

InProcServer32(Default) = "D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL" ["My Global Search"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

InProcServer32(Default) = "D:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

InProcServer32(Default) = "D:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

InProcServer32(Default) = "D:PROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

InProcServer32(Default) = "D:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

InProcServer32(Default) = "D:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "D:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

InProcServer32(Default) = "D:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]

"{FEB7DAE0-E111-11D0-BFD7-444553540000}" = "ICEOWS"

-> {HKLM...CLSID} = "Folder Iceows"

InProcServer32(Default) = "D:WINDOWSsystem32ShellExtIceGUI.dll" ["Raphaël MOUNIER"]

HKLMSoftwareClasses*shellexContextMenuHandlers

ICEOWS(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}"

-> {HKLM...CLSID} = "Folder Iceows"

InProcServer32(Default) = "D:WINDOWSsystem32ShellExtIceGUI.dll" ["Raphaël MOUNIER"]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers

ICEOWS(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}"

-> {HKLM...CLSID} = "Folder Iceows"

InProcServer32(Default) = "D:WINDOWSsystem32ShellExtIceGUI.dll" ["Raphaël MOUNIER"]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral

"Wallpaper" = "D:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCUControl PanelDesktop

"Wallpaper" = "D:Documents and SettingsDiDAUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Startup items in "DiDA" & "All Users" startup folders:

------------------------------------------------------

D:Documents and SettingsAll UsersMenu StartProgramyAutostart

"WConfig" -> shortcut to: "D:Program FilesWLANWConfigWConfig.exe" ["WirelessLan Technology, Corp."]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E

tries {++}

000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]

000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En

ries {++}

0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%system32rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKLMSoftwareMicrosoftInternet ExplorerToolbar

"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided)

-> {HKLM...CLSID} = "My Global Search Bar"

InProcServer32(Default) = "D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL" ["My Global Search"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions

{FB5F1910-F110-11D2-BB9E-00C04F795683}

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "D:Program FilesMessengermsmsgs.exe" [null data]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

NVIDIA Display Driver Service, NVSvc, "D:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]

Power Manager, PowerManager, "D:WINDOWSsvchost.exe" [MS]

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 75 seconds, including 7 seconds for message boxes)

_____________________________________________________

ComboFix 07-06-18.2 - D:Documents and SettingsDiDAPulpitComboFix.exe

"DiDA" - 2007-06-20 12:56:16 - Dodatek Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

D:Program FilesMyGlobalSearch

D:Program FilesMyGlobalSearchbar1.binM9FFXTBR.JAR

D:Program FilesMyGlobalSearchbar1.binM9FFXTBR.MANIFEST

D:Program FilesMyGlobalSearchbar1.binM9NTSTBR.JAR

D:Program FilesMyGlobalSearchbar1.binM9NTSTBR.MANIFEST

D:Program FilesMyGlobalSearchbar1.binM9PLUGIN.DLL

D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

D:Program FilesMyGlobalSearchbar1.binNPMYGLSH.DLL

D:Program FilesMyGlobalSearchbarCache000529E6

D:Program FilesMyGlobalSearchbarCache00054BD1

D:Program FilesMyGlobalSearchbarCache00057032.bin

D:Program FilesMyGlobalSearchbarCache00057367.bin

D:Program FilesMyGlobalSearchbarCache00059A72.bin

D:Program FilesMyGlobalSearchbarCachefiles.ini

D:Program FilesMyGlobalSearchbarHistorysearch

D:Program FilesMyGlobalSearchbarSettingsprevcfg.htm

D:WINDOWSsvchost.exe

((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))

2007-06-20 12:57 <DIR> d-------- D:Program FilesMyGlobalSearch

2007-06-20 12:56 49,152 --a------ D:WINDOWSnircmd.exe

2007-06-18 21:16 <DIR> d-------- D:WINDOWSpss

2007-06-18 12:04 <DIR> d-------- D:Program FilesRockstar Games

2007-06-18 11:56 <DIR> d-------- D:DOCUME~1DiDADANEAP~1CyberLink

2007-06-18 08:32 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1DVD Shrink

2007-06-18 08:30 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1CyberLink

2007-06-18 08:29 <DIR> d-------- D:Program FilesCyberLink

2007-06-18 08:29 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1CyberLink

2007-06-17 20:06 36 --a------ D:DOCUME~1DiDAklextlock.dat

2007-06-17 20:02 <DIR> d-------- D:DOCUME~1DiDADANEAP~1Kazaa Lite

2007-06-17 19:10 <DIR> d-------- D:My Downloads

2007-06-17 11:56 <DIR> d-------- D:DOCUME~1DiDADANEAP~1GanymedeNet

2007-06-16 20:26 9,464 --------- D:WINDOWSsystem32driverscdralw2k.sys

2007-06-16 20:26 9,336 --------- D:WINDOWSsystem32driverscdr4_xp.sys

2007-06-16 20:26 43,528 --------- D:WINDOWSsystem32driversPxHelp20.sys

2007-06-16 20:26 129,784 --------- D:WINDOWSsystem32pxafs.dll

2007-06-16 19:57 <DIR> d-------- D:Program FilesBlender Foundation

2007-06-16 17:49 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1Gadu-Gadu

2007-06-16 17:46 4 --a------ D:WINDOWSsystem32proc12943287.bin

2007-06-16 17:46 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1GanymedeNet

2007-06-16 17:44 <DIR> d-------- D:Program FilesIrfanView

2007-06-16 17:44 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1IrfanView

2007-06-16 17:43 60,273 --a------ D:WINDOWSsystem32pthreadGC2.dll

2007-06-16 17:43 499,712 --a------ D:WINDOWSsystem32msvcp71.dll

2007-06-16 17:43 348,160 --a------ D:WINDOWSsystem32msvcr71.dll

2007-06-16 17:43 10,752 --a------ D:WINDOWSsystem32ff_vfw.dll

2007-06-16 17:43 <DIR> d-------- D:Program Filesffdshow

2007-06-16 17:40 <DIR> d-------- D:DOCUME~1UKASZ~1Gadu-Gadu

2007-06-16 17:39 <DIR> d-------- D:WINDOWSShellNew

2007-06-16 17:39 <DIR> d-------- D:Program FilesICEOWS

2007-06-16 17:31 1,048,576 --ah----- D:DOCUME~1UKASZ~1NTUSER.DAT

2007-06-16 17:31 <DIR> dr-h----- D:DOCUME~1UKASZ~1Dane aplikacji

2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Ulubione

2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Moje dokumenty

2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Menu Start

2007-06-16 17:31 <DIR> d--h----- D:DOCUME~1UKASZ~1Ustawienia lokalne

2007-06-16 17:31 <DIR> d--h----- D:DOCUME~1UKASZ~1Szablony

2007-06-16 17:31 <DIR> d-------- D:DOCUME~1UKASZ~1Pulpit

2007-06-16 15:11 6,400 --a------ D:WINDOWSsystem32driverssplitter.sys

2007-06-16 15:10 82,944 --a------ D:WINDOWSsystem32driverswdmaud.sys

2007-06-16 15:10 7,552 --a------ D:WINDOWSsystem32driversMSKSSRV.sys

2007-06-16 15:10 60,800 --a------ D:WINDOWSsystem32driverssysaudio.sys

2007-06-16 15:10 54,272 --a------ D:WINDOWSsystem32driversswmidi.sys

2007-06-16 15:10 52,864 --a------ D:WINDOWSsystem32driversDMusic.sys

2007-06-16 15:10 5,376 --a------ D:WINDOWSsystem32driversMSPCLOCK.sys

2007-06-16 15:10 4,992 --a------ D:WINDOWSsystem32driversMSPQM.sys

2007-06-16 15:10 3,072 --a------ D:WINDOWSsystem32driversaudstub.sys

2007-06-16 15:10 2,944 --a------ D:WINDOWSsystem32driversdrmkaud.sys

2007-06-16 15:10 171,776 --a------ D:WINDOWSsystem32driverskmixer.sys

2007-06-16 15:10 142,464 --a------ D:WINDOWSsystem32driversaec.sys

2007-06-16 15:09 77,312 --a------ D:WINDOWSsystem32usbui.dll

2007-06-16 15:09 60,288 --a------ D:WINDOWSsystem32driversdrmk.sys

2007-06-16 15:09 58,624 --a------ D:WINDOWSsystem32driversredbook.sys

2007-06-16 15:09 4,527,488 --a------ D:WINDOWSsystem32nv4_disp.dll

2007-06-16 15:09 4,096 --a------ D:WINDOWSsystem32ksuser.dll

2007-06-16 15:09 3,994,624 --a------ D:WINDOWSsystem32driversnv4_mini.sys

2007-06-16 15:09 27,008 --a------ D:WINDOWSsystem32driversSISAGP.SYS

2007-06-16 15:09 2,944 --a------ D:WINDOWSsystem32driversmsmpu401.sys

2007-06-16 15:09 145,792 --a------ D:WINDOWSsystem32driversportcls.sys

2007-06-16 15:09 10,624 --a------ D:WINDOWSsystem32driversgameenum.sys

2007-06-16 15:07 8,192 -ra------ D:WINDOWSsystem32kbdhept.dll

2007-06-16 15:07 6,656 -ra------ D:WINDOWSsystem32kbdhela3.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdtuq.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdtuf.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdlv1.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdlv.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdhela2.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdgkl.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdest.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdmon.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdlt1.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdlt.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdkyr.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe319.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe220.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdazel.dll

2007-06-16 15:07 <DIR> dr------- D:Program Files

2007-06-16 15:07 <DIR> d--hs---- D:WINDOWSInstaller

2007-06-16 15:07 <DIR> d-------- D:Program FilesCommon FilesSpeechEngines

2007-06-16 15:07 <DIR> d-------- D:Program FilesCommon FilesODBC

2007-06-16 15:06 9,936 --a------ D:WINDOWSsystemLZEXPAND.DLL

2007-06-16 15:06 9,168 --a------ D:WINDOWSsystemVER.DLL

2007-06-16 15:06 85,532 --a------ D:WINDOWSsystem32dgsetup.dll

2007-06-16 15:06 83,456 --a------ D:WINDOWSsystemOLECLI.DLL

2007-06-16 15:06 8,704 --a------ D:WINDOWSsystem32batt.dll

2007-06-16 15:06 75,776 --a------ D:WINDOWSsystem32storprop.dll

2007-06-16 15:06 70,144 --a------ D:WINDOWSNOTEPAD.EXE

2007-06-16 15:06 70,096 --a------ D:WINDOWSsystemAVICAP.DLL

2007-06-16 15:06 7,168 --a------ D:WINDOWSsystem32kbdcz.dll

2007-06-16 15:06 69,552 --a------ D:WINDOWSsystemMMSYSTEM.DLL

2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdycl.dll

2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdsl1.dll

2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdsl.dll

2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdhu.dll

2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdcz2.dll

2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdcz1.dll

2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdcr.dll

2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32KBDAL.DLL

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 13:45:01 972,288 ----a-w D:WINDOWSsystem32nvcplui.exe

2007-06-19 13:40:15 1,622,016 ----a-w D:WINDOWSsystem32nwiz.exe

2007-06-17 05:46:31 12,528 ----a-w D:WINDOWSsystem32driverssecdrv.sys

2007-06-16 11:26:40 49,492 ----a-w D:WINDOWSsystem32perfc015.dat

2007-06-16 11:26:40 355,486 ----a-w D:WINDOWSsystem32perfh015.dat

2007-06-16 11:17:07 -------- d-----w D:Program FilesUsługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"nwiz"="nwiz.exe" [2007-06-19 15:40 D:WINDOWSsystem32nwiz.exe]

"BearShare"="D:Program FilesBearShareBearShare.exe" []

"RemoteControl"="D:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2005-01-12 03:01]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]

D:WINDOWSsystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]

"D:Program FilesCyberLinkPowerDVDPDVDServ.exe"

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-20 12:57:50

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-06-20 12:59:04

D:ComboFix-quarantined-files.txt ... 2007-06-20 12:58

--- E O F ---

__________

Zainstalowałem Kasperskiego, AdAware - pełno mi rzeczy znalazł na komputerze, pousuwał, wyleczył ale problemy są znowu:/

CatchMe
komentarz
komentarz

Przyczyną jest wirus. :)

:arrow: :mowiciel:

D:DOCUME~1DiDADANEAP~1Kazaa Lite

! ? :evil: - nie strasz tym programem...

USUWANIE:

1. Ściągnij: WWDC

- Zmień wszystkie opcje z disable na enable i uruchom ponownie komputer.

- Prawidłowy układ portów przedstawia zdjęcie:

http://www.firewallleaktester.com/images_site/wwdc.jpg

* NetBIOS może być żółty.

Pobierz i uruchom narzędzie : The Avenger

Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

D:WINDOWSsvchost.exe

Folders to delete:

D:Program FilesMyGlobalSearch

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

Po restarcie w HijackThis usuwasz wpis/wpisy:

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

Kasujesz ręcznie z dysku plik: C:Avengerbackup.zip i wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix + 2 logi z GMERA.

DiDA
komentarz
komentarz

Trochę to skomplikowane:)

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

RegistryMachineSystemCurrentControlSetServicesymlhqffw

*******************

Script file located at: ??D:WINDOWSwrfrscta.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:Avenger

*******************

Beginning to process script file:

File D:WINDOWSsvchost.exe not found!

Deletion of file D:WINDOWSsvchost.exe failed!

Could not process line:

D:WINDOWSsvchost.exe

Status: 0xc0000034

Folder D:Program FilesMyGlobalSearch deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1

Scan saved at 17:34:47, on 2007-06-20

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:WINDOWSSystem32smss.exe

D:WINDOWSsystem32winlogon.exe

D:WINDOWSsystem32services.exe

D:WINDOWSsystem32lsass.exe

D:WINDOWSsystem32svchost.exe

D:WINDOWSSystem32svchost.exe

D:WINDOWSsystem32spoolsv.exe

D:WINDOWSExplorer.EXE

D:WINDOWSsystem32nvsvc32.exe

D:Program FilesCyberLinkPowerDVDPDVDServ.exe

D:Program FilesGadu-Gadugg.exe

D:Program FilesWLANWConfigWConfig.exe

D:Program FilesMozilla Firefoxfirefox.exe

D:WINDOWSsystem32wuauclt.exe

D:DOCUME~1DiDAUSTAWI~1TempICEOWSViewUpdHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [bearShare] "D:Program FilesBearShareBearShare.exe" /pause

O4 - HKLM..Run: [RemoteControl] "D:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray

O4 - Global Startup: WConfig.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe

O17 - HKLMSystemCCSServicesTcpip..{A1C0D821-4997-41F2-AF5C-819FFE7C01D6}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:WINDOWSsystem32nvsvc32.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - D:WINDOWSsvchost.exe (file missing)

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"Gadu-Gadu" = ""D:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"BearShare" = ""D:Program FilesBearShareBearShare.exe" /pause" [file not found]

"RemoteControl" = ""D:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]

"NvCplDaemon" = "RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

InProcServer32(Default) = "D:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]

ComboFix 07-06-18.2 - D:Documents and SettingsDiDAPulpitComboFix.exe

"DiDA" - 2007-06-20 20:41:02 - Dodatek Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))

2007-06-20 17:28 60,416 --a------ D:WINDOWSsystem32driverssfjep^be.sys

2007-06-20 15:41 <DIR> d-------- D:DOCUME~1DiDADANEAP~1uTorrent

2007-06-20 15:31 <DIR> d-------- D:WINDOWSCache

2007-06-20 13:15 <DIR> d-------- D:WINDOWSsystem32appmgmt

2007-06-20 13:08 <DIR> d-------- D:Program FilesCall of Duty

2007-06-20 12:56 49,152 --a------ D:WINDOWSnircmd.exe

2007-06-18 21:16 <DIR> d-------- D:WINDOWSpss

2007-06-18 12:04 <DIR> d-------- D:Program FilesRockstar Games

2007-06-18 11:56 <DIR> d-------- D:DOCUME~1DiDADANEAP~1CyberLink

2007-06-18 08:32 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1DVD Shrink

2007-06-18 08:30 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1CyberLink

2007-06-18 08:29 <DIR> d-------- D:Program FilesCyberLink

2007-06-18 08:29 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1CyberLink

2007-06-17 20:06 36 --a------ D:DOCUME~1DiDAklextlock.dat

2007-06-17 20:02 <DIR> d-------- D:DOCUME~1DiDADANEAP~1Kazaa Lite

2007-06-17 19:10 <DIR> d-------- D:My Downloads

2007-06-17 11:56 <DIR> d-------- D:DOCUME~1DiDADANEAP~1GanymedeNet

2007-06-16 20:26 9,464 --------- D:WINDOWSsystem32driverscdralw2k.sys

2007-06-16 20:26 9,336 --------- D:WINDOWSsystem32driverscdr4_xp.sys

2007-06-16 20:26 43,528 --------- D:WINDOWSsystem32driversPxHelp20.sys

2007-06-16 20:26 129,784 --------- D:WINDOWSsystem32pxafs.dll

2007-06-16 19:57 <DIR> d-------- D:Program FilesBlender Foundation

2007-06-16 17:49 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1Gadu-Gadu

2007-06-16 17:46 4 --a------ D:WINDOWSsystem32proc12943287.bin

2007-06-16 17:46 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1GanymedeNet

2007-06-16 17:44 <DIR> d-------- D:Program FilesIrfanView

2007-06-16 17:44 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1IrfanView

2007-06-16 17:43 60,273 --a------ D:WINDOWSsystem32pthreadGC2.dll

2007-06-16 17:43 499,712 --a------ D:WINDOWSsystem32msvcp71.dll

2007-06-16 17:43 348,160 --a------ D:WINDOWSsystem32msvcr71.dll

2007-06-16 17:43 10,752 --a------ D:WINDOWSsystem32ff_vfw.dll

2007-06-16 17:43 <DIR> d-------- D:Program Filesffdshow

2007-06-16 17:40 <DIR> d-------- D:DOCUME~1UKASZ~1Gadu-Gadu

2007-06-16 17:39 <DIR> d-------- D:WINDOWSShellNew

2007-06-16 17:39 <DIR> d-------- D:Program FilesICEOWS

2007-06-16 17:31 1,048,576 --ah----- D:DOCUME~1UKASZ~1NTUSER.DAT

2007-06-16 17:31 <DIR> dr-h----- D:DOCUME~1UKASZ~1Dane aplikacji

2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Ulubione

2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Moje dokumenty

2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Menu Start

2007-06-16 17:31 <DIR> d--h----- D:DOCUME~1UKASZ~1Ustawienia lokalne

2007-06-16 17:31 <DIR> d--h----- D:DOCUME~1UKASZ~1Szablony

2007-06-16 17:31 <DIR> d-------- D:DOCUME~1UKASZ~1Pulpit

2007-06-16 15:11 6,400 --a------ D:WINDOWSsystem32driverssplitter.sys

2007-06-16 15:10 82,944 --a------ D:WINDOWSsystem32driverswdmaud.sys

2007-06-16 15:10 7,552 --a------ D:WINDOWSsystem32driversMSKSSRV.sys

2007-06-16 15:10 60,800 --a------ D:WINDOWSsystem32driverssysaudio.sys

2007-06-16 15:10 54,272 --a------ D:WINDOWSsystem32driversswmidi.sys

2007-06-16 15:10 52,864 --a------ D:WINDOWSsystem32driversDMusic.sys

2007-06-16 15:10 5,376 --a------ D:WINDOWSsystem32driversMSPCLOCK.sys

2007-06-16 15:10 4,992 --a------ D:WINDOWSsystem32driversMSPQM.sys

2007-06-16 15:10 3,072 --a------ D:WINDOWSsystem32driversaudstub.sys

2007-06-16 15:10 2,944 --a------ D:WINDOWSsystem32driversdrmkaud.sys

2007-06-16 15:10 171,776 --a------ D:WINDOWSsystem32driverskmixer.sys

2007-06-16 15:10 142,464 --a------ D:WINDOWSsystem32driversaec.sys

2007-06-16 15:09 77,312 --a------ D:WINDOWSsystem32usbui.dll

2007-06-16 15:09 60,288 --a------ D:WINDOWSsystem32driversdrmk.sys

2007-06-16 15:09 58,624 --a------ D:WINDOWSsystem32driversredbook.sys

2007-06-16 15:09 4,527,488 --a------ D:WINDOWSsystem32nv4_disp.dll

2007-06-16 15:09 4,096 --a------ D:WINDOWSsystem32ksuser.dll

2007-06-16 15:09 3,994,624 --a------ D:WINDOWSsystem32driversnv4_mini.sys

2007-06-16 15:09 27,008 --a------ D:WINDOWSsystem32driversSISAGP.SYS

2007-06-16 15:09 2,944 --a------ D:WINDOWSsystem32driversmsmpu401.sys

2007-06-16 15:09 145,792 --a------ D:WINDOWSsystem32driversportcls.sys

2007-06-16 15:09 10,624 --a------ D:WINDOWSsystem32driversgameenum.sys

2007-06-16 15:07 8,192 -ra------ D:WINDOWSsystem32kbdhept.dll

2007-06-16 15:07 6,656 -ra------ D:WINDOWSsystem32kbdhela3.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdtuq.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdtuf.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdlv1.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdlv.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdhela2.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdgkl.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdest.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdmon.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdlt1.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdlt.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdkyr.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe319.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe220.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdazel.dll

2007-06-16 15:07 <DIR> dr------- D:Program Files

2007-06-16 15:07 <DIR> d--hs---- D:WINDOWSInstaller

2007-06-16 15:07 <DIR> d-------- D:Program FilesCommon FilesSpeechEngines

2007-06-16 15:07 <DIR> d-------- D:Program FilesCommon FilesODBC

2007-06-16 15:06 9,936 --a------ D:WINDOWSsystemLZEXPAND.DLL

2007-06-16 15:06 9,168 --a------ D:WINDOWSsystemVER.DLL

2007-06-16 15:06 85,532 --a------ D:WINDOWSsystem32dgsetup.dll

2007-06-16 15:06 83,456 --a------ D:WINDOWSsystemOLECLI.DLL

2007-06-16 15:06 8,704 --a------ D:WINDOWSsystem32batt.dll

2007-06-16 15:06 75,776 --a------ D:WINDOWSsystem32storprop.dll

2007-06-16 15:06 70,144 --a------ D:WINDOWSNOTEPAD.EXE

2007-06-16 15:06 70,096 --a------ D:WINDOWSsystemAVICAP.DLL

2007-06-16 15:06 7,168 --a------ D:WINDOWSsystem32kbdcz.dll

2007-06-16 15:06 69,552 --a------ D:WINDOWSsystemMMSYSTEM.DLL

2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdycl.dll

2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdsl1.dll

2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdsl.dll

2007-06-16 15:06 6,656 --a------ D:WINDOWSsystem32kbdhu.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 13:45:01 972,288 ----a-w D:WINDOWSsystem32nvcplui.exe

2007-06-19 13:40:15 1,622,016 ----a-w D:WINDOWSsystem32nwiz.exe

2007-06-17 05:46:31 12,528 ----a-w D:WINDOWSsystem32driverssecdrv.sys

2007-06-16 11:26:40 49,492 ----a-w D:WINDOWSsystem32perfc015.dat

2007-06-16 11:26:40 355,486 ----a-w D:WINDOWSsystem32perfh015.dat

2007-06-16 11:17:07 -------- d-----w D:Program FilesUsługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"nwiz"="nwiz.exe" [2007-06-19 15:40 D:WINDOWSsystem32nwiz.exe]

"BearShare"="D:Program FilesBearShareBearShare.exe" []

"RemoteControl"="D:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2005-01-12 03:01]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]

D:WINDOWSsystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]

"D:Program FilesCyberLinkPowerDVDPDVDServ.exe"

CatchMe
komentarz
komentarz

Upewnij się czy masz dobrze ustawione porty w WWDC.

Pobierz i uruchom narzędzie : The Avenger

Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Drivers to unload:

Power Manager

Files to delete:

D:WINDOWSsystem32driverssfjep^be.sys

D:WINDOWSsvchost.exe

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

Po restarcie w HijackThis usuwasz wpis/wpisy:

O23 - Service: Power Manager (PowerManager) - Unknown owner - D:WINDOWSsvchost.exe (file missing)

Kasujesz ręcznie z dysku plik: C:Avengerbackup.zip i wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix + KONIECZNIE 2 LOGI Z GMERA!

DiDA
komentarz
komentarz

Wszystkie porty w WWDC ustawione są poprawnie.

Oto logi:

Logfile of HijackThis v1.99.1

Scan saved at 12:16:28, on 2007-06-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:WINDOWSSystem32smss.exe

D:WINDOWSsystem32winlogon.exe

D:WINDOWSsystem32services.exe

D:WINDOWSsystem32lsass.exe

D:WINDOWSsystem32svchost.exe

D:WINDOWSSystem32svchost.exe

D:WINDOWSsystem32spoolsv.exe

D:WINDOWSsystem32nvsvc32.exe

D:WINDOWSsystem32wuauclt.exe

D:WINDOWSExplorer.EXE

D:Program FilesCyberLinkPowerDVDPDVDServ.exe

D:Program FilesQuickTimeqttask.exe

D:Program FilesiTunesiTunesHelper.exe

D:WINDOWSsystem32spooldriversw32x863hpztsb04.exe

D:Program FilesGadu-Gadugg.exe

D:Program FilesWLANWConfigWConfig.exe

D:Program FilesiPodbiniPodService.exe

D:Program FilesMozilla Firefoxfirefox.exe

D:DOCUME~1DiDAUSTAWI~1TempICEOWSViewUpdHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [bearShare] "D:Program FilesBearShareBearShare.exe" /pause

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [RemoteControl] "D:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [NeroFilterCheck] D:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [QuickTime Task] "D:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [iTunesHelper] "D:Program FilesiTunesiTunesHelper.exe"

O4 - HKLM..Run: [HPDJ Taskbar Utility] D:WINDOWSsystem32spooldriversw32x863hpztsb04.exe

O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray

O4 - Global Startup: WConfig.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe

O17 - HKLMSystemCCSServicesTcpip..{A1C0D821-4997-41F2-AF5C-819FFE7C01D6}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: iPod Service - Apple Inc. - D:Program FilesiPodbiniPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:WINDOWSsystem32nvsvc32.exe

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"Gadu-Gadu" = ""D:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"BearShare" = ""D:Program FilesBearShareBearShare.exe" /pause" [file not found]

"NvCplDaemon" = "RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]

"RemoteControl" = ""D:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]

"NeroFilterCheck" = "D:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]

"QuickTime Task" = ""D:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Inc."]

"iTunesHelper" = ""D:Program FilesiTunesiTunesHelper.exe"" ["Apple Inc."]

"HPDJ Taskbar Utility" = "D:WINDOWSsystem32spooldriversw32x863hpztsb04.exe" ["HP"]

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

RegistryMachineSystemCurrentControlSetServicesfvhxiaxq

*******************

Script file located at: ??D:WINDOWSsystem32brmevjcn.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:Avenger

*******************

Beginning to process script file:

Registry key RegistryMachineSystemCurrentControlSetServicesPower Manager not found!

Unload of driver Power Manager failed!

Could not process line:

Power Manager

Status: 0xc0000034

File D:WINDOWSsystem32driverssfjep^be.sys deleted successfully.

File D:WINDOWSsvchost.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logi z GMERA dam potem.

CatchMe
komentarz
komentarz

Log z HijackThis jest czysty. Silent Runners jest urwany (wklej jeszcze raz cały).

Czekam na logi z Gmera i ComboFixa. :)

DiDA
komentarz
komentarz

Faktycznie, log urwany - spieszyłem się i nie zauważyłem:)

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"Gadu-Gadu" = ""D:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"BearShare" = ""D:Program FilesBearShareBearShare.exe" /pause" [file not found]

"NvCplDaemon" = "RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]

"RemoteControl" = ""D:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]

"NeroFilterCheck" = "D:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]

"QuickTime Task" = ""D:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Inc."]

"iTunesHelper" = ""D:Program FilesiTunesiTunesHelper.exe"" ["Apple Inc."]

"HPDJ Taskbar Utility" = "D:WINDOWSsystem32spooldriversw32x863hpztsb04.exe" ["HP"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

InProcServer32(Default) = "D:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

InProcServer32(Default) = "D:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

InProcServer32(Default) = "D:PROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

InProcServer32(Default) = "D:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

InProcServer32(Default) = "D:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "D:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

InProcServer32(Default) = "D:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]

"{FEB7DAE0-E111-11D0-BFD7-444553540000}" = "ICEOWS"

-> {HKLM...CLSID} = "Folder Iceows"

InProcServer32(Default) = "D:WINDOWSsystem32ShellExtIceGUI.dll" ["Raphaël MOUNIER"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

InProcServer32(Default) = "D:Program FilesiTunesiTunesMiniPlayer.dll" ["Apple Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers

ICEOWS(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}"

-> {HKLM...CLSID} = "Folder Iceows"

InProcServer32(Default) = "D:WINDOWSsystem32ShellExtIceGUI.dll" ["Raphaël MOUNIER"]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers

ICEOWS(Default) = "{FEB7DAE0-E111-11D0-BFD7-444553540000}"

-> {HKLM...CLSID} = "Folder Iceows"

InProcServer32(Default) = "D:WINDOWSsystem32ShellExtIceGUI.dll" ["Raphaël MOUNIER"]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral

"Wallpaper" = "D:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCUControl PanelDesktop

"Wallpaper" = "D:Documents and SettingsDiDAUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Startup items in "DiDA" & "All Users" startup folders:

------------------------------------------------------

D:Documents and SettingsAll UsersMenu StartProgramyAutostart

"WConfig" -> shortcut to: "D:Program FilesWLANWConfigWConfig.exe" ["WirelessLan Technology, Corp."]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E

tries {++}

000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]

000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En

ries {++}

0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%system32rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions

{FB5F1910-F110-11D2-BB9E-00C04F795683}

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "D:Program FilesMessengermsmsgs.exe" [null data]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

iPod Service, iPod Service, ""D:Program FilesiPodbiniPodService.exe"" ["Apple Inc."]

NVIDIA Display Driver Service, NVSvc, "D:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]

Power Manager, PowerManager, "D:WINDOWSsvchost.exe" [MS]

Print Monitors:

---------------

HKLMSystemCurrentControlSetControlPrintMonitors

hpzlnt04Driver = "hpzlnt04.dll" ["HP"]

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 120 seconds, including 2 seconds for message boxes)

"DiDA" - 2007-06-24 16:33:20 - ComboFix 07-06-23.5 - Dodatek Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

D:Program FilesMyGlobalSearch

D:Program FilesMyGlobalSearchbar1.binM9FFXTBR.JAR

D:Program FilesMyGlobalSearchbar1.binM9FFXTBR.MANIFEST

D:Program FilesMyGlobalSearchbar1.binM9NTSTBR.JAR

D:Program FilesMyGlobalSearchbar1.binM9NTSTBR.MANIFEST

D:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

D:Program FilesMyGlobalSearchbar1.binNPMYGLSH.DLL

D:Program FilesMyGlobalSearchbarCache000214FE

D:Program FilesMyGlobalSearchbarCache000217A7

D:Program FilesMyGlobalSearchbarCache000218F1.bin

D:Program FilesMyGlobalSearchbarCache0002272E.bin

D:Program FilesMyGlobalSearchbarCache000228DD.bin

D:Program FilesMyGlobalSearchbarCachefiles.ini

D:Program FilesMyGlobalSearchbarHistorysearch

D:Program FilesMyGlobalSearchbarSettingsprevcfg.htm

D:WINDOWSsystem32msxml3a.dll

((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))

2007-06-24 11:02 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1Thunderbird

2007-06-24 11:02 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1Talkback

2007-06-23 15:52 151,552 --a------ D:WINDOWSsystem32MSOSS.DLL

2007-06-23 15:42 <DIR> d-------- D:Program FilesCodemasters

2007-06-23 14:45 376 --a------ D:WINDOWSmozregistry.dat

2007-06-23 14:44 <DIR> d-------- D:Program Fileshp deskjet 656c series

2007-06-23 14:44 <DIR> d-------- D:Program FilesHewlett-Packard

2007-06-23 14:43 25,856 --a------ D:WINDOWSsystem32driversusbprint.sys

2007-06-23 13:38 <DIR> d-------- D:DOCUME~1DiDADANEAP~1Apple Computer

2007-06-23 13:37 <DIR> d-------- D:Program FilesiTunes

2007-06-23 13:37 <DIR> d-------- D:Program FilesiPod

2007-06-23 13:35 <DIR> d-------- D:Program FilesQuickTime

2007-06-23 13:34 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1Apple Computer

2007-06-23 10:03 <DIR> d-------- D:Program FilesCommon FilesNero

2007-06-23 09:59 38,912 --------- D:WINDOWSsystem32picn20.dll

2007-06-23 09:59 364,544 --------- D:WINDOWSsystem32TwnLib4.dll

2007-06-23 09:59 3,151,322 --------- D:WINDOWSUNNeroVision.exe

2007-06-23 09:59 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1Ahead

2007-06-23 09:58 <DIR> d-------- D:Program FilesAhead

2007-06-23 09:49 <DIR> d-------- D:Program FilesCyberLink

2007-06-22 18:33 <DIR> d-------- D:Program FilesCall of Duty

2007-06-21 20:36 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1Lavasoft

2007-06-21 12:39 <DIR> d-------- D:Program FilesMarBit

2007-06-21 08:39 <DIR> d-------- D:Program FilesLavasoft

2007-06-21 08:39 <DIR> d-------- D:DOCUME~1DiDADANEAP~1Lavasoft

2007-06-20 15:41 <DIR> d-------- D:DOCUME~1DiDADANEAP~1uTorrent

2007-06-20 15:31 <DIR> d-------- D:WINDOWSCache

2007-06-20 13:15 <DIR> d-------- D:WINDOWSsystem32appmgmt

2007-06-20 12:56 226,780 --a------ D:WINDOWSnircmd.exe

2007-06-18 21:16 <DIR> d-------- D:WINDOWSpss

2007-06-18 11:56 <DIR> d-------- D:DOCUME~1DiDADANEAP~1CyberLink

2007-06-18 08:32 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1DVD Shrink

2007-06-18 08:30 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1CyberLink

2007-06-18 08:29 <DIR> d-------- D:DOCUME~1ALLUSE~1DANEAP~1CyberLink

2007-06-17 20:06 36 --a------ D:DOCUME~1DiDAklextlock.dat

2007-06-17 20:02 <DIR> d-------- D:DOCUME~1DiDADANEAP~1Kazaa Lite

2007-06-17 11:56 <DIR> d-------- D:DOCUME~1DiDADANEAP~1GanymedeNet

2007-06-16 20:26 9,464 --------- D:WINDOWSsystem32driverscdralw2k.sys

2007-06-16 20:26 9,336 --------- D:WINDOWSsystem32driverscdr4_xp.sys

2007-06-16 20:26 43,528 --------- D:WINDOWSsystem32driversPxHelp20.sys

2007-06-16 20:26 129,784 --------- D:WINDOWSsystem32pxafs.dll

2007-06-16 19:57 <DIR> d-------- D:Program FilesBlender Foundation

2007-06-16 17:49 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1Gadu-Gadu

2007-06-16 17:46 4 --a------ D:WINDOWSsystem32proc12943287.bin

2007-06-16 17:46 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1GanymedeNet

2007-06-16 17:44 <DIR> d-------- D:Program FilesIrfanView

2007-06-16 17:44 <DIR> d-------- D:DOCUME~1UKASZ~1DANEAP~1IrfanView

2007-06-16 17:43 60,273 --a------ D:WINDOWSsystem32pthreadGC2.dll

2007-06-16 17:43 499,712 --a------ D:WINDOWSsystem32msvcp71.dll

2007-06-16 17:43 348,160 --a------ D:WINDOWSsystem32msvcr71.dll

2007-06-16 17:43 10,752 --a------ D:WINDOWSsystem32ff_vfw.dll

2007-06-16 17:43 <DIR> d-------- D:Program Filesffdshow

2007-06-16 17:40 <DIR> d-------- D:DOCUME~1UKASZ~1Gadu-Gadu

2007-06-16 17:39 <DIR> d-------- D:WINDOWSShellNew

2007-06-16 17:39 <DIR> d-------- D:Program FilesICEOWS

2007-06-16 17:31 1,310,720 --ah----- D:DOCUME~1UKASZ~1NTUSER.DAT

2007-06-16 17:31 <DIR> dr-h----- D:DOCUME~1UKASZ~1Dane aplikacji

2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Ulubione

2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Moje dokumenty

2007-06-16 17:31 <DIR> dr------- D:DOCUME~1UKASZ~1Menu Start

2007-06-16 17:31 <DIR> d--h----- D:DOCUME~1UKASZ~1Ustawienia lokalne

2007-06-16 17:31 <DIR> d--h----- D:DOCUME~1UKASZ~1Szablony

2007-06-16 17:31 <DIR> d-------- D:DOCUME~1UKASZ~1Pulpit

2007-06-16 15:11 6,400 --a------ D:WINDOWSsystem32driverssplitter.sys

2007-06-16 15:10 82,944 --a------ D:WINDOWSsystem32driverswdmaud.sys

2007-06-16 15:10 7,552 --a------ D:WINDOWSsystem32driversMSKSSRV.sys

2007-06-16 15:10 60,800 --a------ D:WINDOWSsystem32driverssysaudio.sys

2007-06-16 15:10 54,272 --a------ D:WINDOWSsystem32driversswmidi.sys

2007-06-16 15:10 52,864 --a------ D:WINDOWSsystem32driversDMusic.sys

2007-06-16 15:10 5,376 --a------ D:WINDOWSsystem32driversMSPCLOCK.sys

2007-06-16 15:10 4,992 --a------ D:WINDOWSsystem32driversMSPQM.sys

2007-06-16 15:10 3,072 --a------ D:WINDOWSsystem32driversaudstub.sys

2007-06-16 15:10 2,944 --a------ D:WINDOWSsystem32driversdrmkaud.sys

2007-06-16 15:10 171,776 --a------ D:WINDOWSsystem32driverskmixer.sys

2007-06-16 15:10 142,464 --a------ D:WINDOWSsystem32driversaec.sys

2007-06-16 15:09 77,312 --a------ D:WINDOWSsystem32usbui.dll

2007-06-16 15:09 60,288 --a------ D:WINDOWSsystem32driversdrmk.sys

2007-06-16 15:09 58,624 --a------ D:WINDOWSsystem32driversredbook.sys

2007-06-16 15:09 4,527,488 --a------ D:WINDOWSsystem32nv4_disp.dll

2007-06-16 15:09 4,096 --a------ D:WINDOWSsystem32ksuser.dll

2007-06-16 15:09 3,994,624 --a------ D:WINDOWSsystem32driversnv4_mini.sys

2007-06-16 15:09 27,008 --a------ D:WINDOWSsystem32driversSISAGP.SYS

2007-06-16 15:09 2,944 --a------ D:WINDOWSsystem32driversmsmpu401.sys

2007-06-16 15:09 145,792 --a------ D:WINDOWSsystem32driversportcls.sys

2007-06-16 15:09 10,624 --a------ D:WINDOWSsystem32driversgameenum.sys

2007-06-16 15:07 8,192 -ra------ D:WINDOWSsystem32kbdhept.dll

2007-06-16 15:07 6,656 -ra------ D:WINDOWSsystem32kbdhela3.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdtuq.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdtuf.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdlv1.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdlv.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdhela2.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdgkl.dll

2007-06-16 15:07 6,144 -ra------ D:WINDOWSsystem32kbdest.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdmon.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdlt1.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdlt.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdkyr.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe319.dll

2007-06-16 15:07 5,632 -ra------ D:WINDOWSsystem32kbdhe220.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 13:45:01 972,288 ----a-w D:WINDOWSsystem32nvcplui.exe

2007-06-19 13:40:15 1,799,640 ----a-w D:WINDOWSsystem32nwiz.exe

2007-06-17 05:46:31 12,528 ----a-w D:WINDOWSsystem32driverssecdrv.sys

2007-06-16 11:26:40 49,492 ----a-w D:WINDOWSsystem32perfc015.dat

2007-06-16 11:26:40 355,486 ----a-w D:WINDOWSsystem32perfh015.dat

2007-06-16 11:17:07 -------- d-----w D:Program FilesUsługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"nwiz"="nwiz.exe" [2007-06-19 15:40 D:WINDOWSsystem32nwiz.exe]

"BearShare"="D:Program FilesBearShareBearShare.exe" []

"RemoteControl"="D:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2005-01-12 03:01]

"QuickTime Task"="D:Program FilesQuickTimeqttask.exe" [2007-04-27 09:41]

"iTunesHelper"="D:Program FilesiTunesiTunesHelper.exe" [2007-06-01 16:51]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]

D:WINDOWSsystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]

"D:Program FilesCyberLinkPowerDVDPDVDServ.exe"

*Newly Created Service* - POWERMANAGER

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-24 16:36:13

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-06-24 16:37:38

D:ComboFix-quarantined-files.txt ... 2007-06-24 16:37

--- E O F ---

Gdzie zapisuje się log z GMERA?

[/b]

CatchMe
komentarz
komentarz

Logi są czyste. Log z Gmera nigdzie sie nie zapisuje, po skończeniu skanowania klikasz na przycisk KOPIUJ i wklejasz log do notatnika samodzielnie.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.