sopek44 utworzono 25 czerwca 2007 utworzono 25 czerwca 2007 Ostanio piec bardzo dziwnie pracuje i długo sie włacza wiec prosze o sprawdzenie logów HijackThis: Logfile of HijackThis v1.99.1Scan saved at 03:17:21, on 2007-06-25Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSExplorer.EXEC:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exeC:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exeC:Program FilesGadu-Gadugg.exeC:Program FilesWinampwinamp.exeC:Program FilesMozilla Firefoxfirefox.exeC:WINDOWSsystem32svchost.exeC:Documents and SettingsSopekPulpitHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssbR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.bearshare.com/sidebar.html?src=ssbR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.bearshare.com/sidebar.html?src=ssbR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 168.215.123.44:8080R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dllO4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /trayO4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dllO23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exeO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe Silent Runners: "Silent Runners.vbs", revision R50, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}"AVP" = ""C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"" ["Kaspersky Lab"]HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" InProcServer32(Default) = "C:Program FilesJavajre1.5.0_06binssv.dll" ["Sun Microsystems, Inc."]HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" InProcServer32(Default) = "C:WINDOWSsystem32SHDOCVW.DLL" [MS]"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpoweramp Music Converter" -> {HKLM...CLSID} = "dMCIShell Class" InProcServer32(Default) = "D:Program FilesIllustratedBpowerampdMCShell.dll" ["Illustrate"]"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus statistics" -> {HKLM...CLSID} = "Web Anti-Virus statistics" InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify<<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]<<!>> klogonDLLName = "C:WINDOWSsystem32klogon.dll" ["Kaspersky Lab"]HKLMSoftwareClassesFoldershellexColumnHandlers{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]{FED7043D-346A-414D-ACD7-550D052499A7}(Default) = "dBpoweramp Column Handler" -> {HKLM...CLSID} = "dBpShell Class" InProcServer32(Default) = "D:Program FilesIllustratedBpowerampdBShell.dll" ["Illustrate"]HKLMSoftwareClasses*shellexContextMenuHandlersKaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]HKLMSoftwareClassesDirectoryshellexContextMenuHandlersWinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]HKLMSoftwareClassesFoldershellexContextMenuHandlersKaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer"NoSMBalloonTip" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoSaveSettings" = (REG_DWORD) hex:0x00000000{User Configuration|Administrative Templates|Desktop|Don't save settings at exit}"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001{unrecognized setting}"CDRAutoRun" = (REG_DWORD) hex:0x00000000{unrecognized setting}"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001{unrecognized setting}"MemCheckBoxInRunDlg" = (REG_DWORD) hex:0x00000000{unrecognized setting}"NoClose" = (REG_DWORD) hex:0x00000000{unrecognized setting}"NoAutoTrayNotify" = (REG_DWORD) hex:0x00000000{unrecognized setting}"NoResolveTrack" = (REG_DWORD) hex:0x00000000{unrecognized setting}"NoResolveSearch" = (REG_DWORD) hex:0x00000001{unrecognized setting}"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoStartBanner" = (REG_BINARY) hex:01 00 00 00{Remove "Click here to begin" from Start button}"NoWelcomeScreen" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoSharedDocuments" = (REG_DWORD) hex:0x00000001{User Configuration|Administrative Templates|Windows Components|Windows Explorer|Remove Shared Documents from My Computer}"NoThemesTab" = (REG_DWORD) hex:0x00000000{unrecognized setting}HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer"NoRemoteRecursiveEvents" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoStrCmpLogical" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoClose" = (REG_DWORD) hex:0x00000000{unrecognized setting}HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem"NoDispAppearancePage" = (REG_DWORD) hex:0x00000000{unrecognized setting}"NoColorChoice" = (REG_DWORD) hex:0x00000000{unrecognized setting}"NoDispBackgroundPage" = (REG_DWORD) hex:0x00000000{User Configuration|Administrative Templates|Control Panel|Display|Hide Desktop tab}"NoDispCPL" = (REG_DWORD) hex:0x00000000{User Configuration|Administrative Templates|Control Panel|Display|Remove Display in Control Panel}"NoDispSettingsPage" = (REG_DWORD) hex:0x00000000{unrecognized setting}"NoDispScrSavPage" = (REG_DWORD) hex:0x00000000{unrecognized setting}"NoVisualStyleChoice" = (REG_DWORD) hex:0x00000000{unrecognized setting}"NoSizeChoice" = (REG_DWORD) hex:0x00000000{unrecognized setting}HKLMSoftwarePoliciesMicrosoftInternet ExplorerInfodeliveryRestrictions"NoUpdateCheck" = (REG_DWORD) hex:0x00000001{unrecognized setting}HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"RunStartupScriptSync" = (REG_DWORD) hex:0x00000000{unrecognized setting}"SynchronousMachineGroupPolicy" = (REG_DWORD) hex:0x00000000{unrecognized setting}"SynchronousUserGroupPolicy" = (REG_DWORD) hex:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
CatchMe komentarz 25 czerwca 2007 komentarz 25 czerwca 2007 W HijackThis kasujesz: R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/ - Po akcji wklejasz log z HijackThis i ComboFix.
sopek44 komentarz 25 czerwca 2007 Autor komentarz 25 czerwca 2007 HijackThis: Logfile of HijackThis v1.99.1Scan saved at 17:19:37, on 2007-06-25Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSExplorer.EXEC:Program FilesGadu-Gadugg.exeC:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exeC:WINDOWSsystem32HPZipm12.exeC:PROGRA~1MOZILL~1FIREFOX.EXEC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32NOTEPAD.EXEC:Documents and SettingsSopekPulpitHijackThis.exeR1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 168.215.123.44:8080R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:Program FilesInternet Download ManagerIDMIECC.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dllO4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /trayO4 - HKCU..Run: [iDMan] D:Program FilesInternet Download ManagerIDMan.exe /onbootO4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exeO8 - Extra context menu item: Download All Links with IDM - D:Program FilesInternet Download ManagerIEGetAll.htmO8 - Extra context menu item: Download with IDM - D:Program FilesInternet Download ManagerIEExt.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dllO23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exeO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe ComboFix: "Sopek" - 2007-06-25 16:58:56 - ComboFix 07-06-23.5 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:Program FilesMyGlobalSearchC:Program FilesMyGlobalSearchbarHistorysearch((((((((((((((((((((((((( Files Created from 2007-05-25 to 2007-06-25 )))))))))))))))))))))))))))))))2007-06-25 16:58 49,152 --a------ C:WINDOWSnircmd.exe2007-06-21 16:55 <DIR> d-------- C:DOCUME~1SopekCG Cache2007-06-21 16:51 665,424 --a------ C:WINDOWSsystem32wmv8dmoe.dll2007-06-21 16:51 572,752 --a------ C:WINDOWSsystem32wmvdmoe.dll2007-06-21 16:51 438,608 --a------ C:WINDOWSsystem32wmv8dmod.dll2007-06-21 16:51 1,683,792 --a------ C:WINDOWSsystem32wmvcore2.dll2007-06-21 16:51 <DIR> d-------- C:Program Filesdirectx2007-06-21 08:39 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Adobe Systems2007-06-21 08:31 <DIR> d-------- C:Program FilesCommon FilesAdobe Systems Shared2007-06-21 08:29 82,432 --a------ C:WINDOWSsystem32msxml4r.dll2007-06-21 08:29 1,233,920 --a------ C:WINDOWSsystem32msxml4.dll2007-06-21 01:39 82,258 --a------ C:WINDOWSsystem32driversklin.dat2007-06-21 01:39 82,258 --a------ C:WINDOWSsystem32driversklick.dat2007-06-21 01:38 28,192 --ahs---- C:WINDOWSsystem32driversfidbox2.dat2007-06-21 01:38 1,838,624 --ahs---- C:WINDOWSsystem32driversfidbox.dat2007-06-21 01:38 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Kaspersky Lab2007-06-21 00:54 <DIR> d-------- C:Program FilesKaspersky Lab2007-06-21 00:53 <DIR> d-------- C:KAV2007-06-21 00:21 2,560 --a------ C:WINDOWS_MSRSTRT.EXE2007-06-21 00:12 299,520 --a------ C:WINDOWSuninst.exe2007-06-21 00:12 <DIR> d-------- C:DOCUME~1SopekWINDOWS2007-06-20 09:53 202,424 --a------ C:WINDOWSsystem32idmmbc.dll2007-06-06 22:56 <DIR> d-------- C:WINDOWSsystem32rserver302007-06-06 22:50 <DIR> d-------- C:DOCUME~1SopekDANEAP~1Radmin2007-06-06 17:50 <DIR> d-------- C:DOCUME~1SopekDANEAP~1Image Zone Express2007-06-06 17:25 <DIR> d-------- C:Program FilesCommon FilesHP2007-06-06 17:25 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1HP2007-06-06 17:22 <DIR> d-------- C:Program FilesCommon FilesHewlett-Packard2007-06-06 17:18 94,208 --a------ C:WINDOWSsystem32HPZipt12.dll2007-06-06 17:18 69,632 --a------ C:WINDOWSsystem32HPZipm12.exe2007-06-06 17:18 61,440 --a------ C:WINDOWSsystem32HPZinw12.exe2007-06-06 17:18 57,344 --a------ C:WINDOWSsystem32HPZisn12.dll2007-06-06 17:18 278,584 --a------ C:WINDOWSsystem32HPZidr12.dll2007-06-06 17:18 204,800 --a------ C:WINDOWSsystem32HPZipr12.dll2007-06-06 16:08 <DIR> d-------- C:DOCUME~1SopekDANEAP~1HP2007-06-03 14:41 <DIR> d-------- C:Program FilesTower Blaster2007-06-02 11:54 <DIR> d-------- C:Program FilesRegCleaner2007-05-28 19:28 26,056 --a------ C:WINDOWSsystem32drivershamachi.sys2007-05-28 19:28 <DIR> d-------- C:DOCUME~1SopekDANEAP~1Hamachi(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-06-25 14:56:09 -------- d-----w C:DOCUME~1SopekDANEAP~1DMCache2007-06-25 14:52:59 -------- d-----w C:DOCUME~1SopekDANEAP~1IDM2007-06-20 22:39:40 41 ----a-w C:WINDOWSsystem32afdebc5_s.dll2007-06-20 22:25:48 -------- d--h--w C:Program FilesInstallShield Installation Information2007-05-18 12:57:41 -------- d-----w C:Program FilesCommon FilesXara2007-05-13 13:30:50 13,015 ----a-w C:WINDOWSsystem32SpoonUninstall-dBpoweramp Music Converter.dat2007-05-13 13:29:55 4,112,760 ----a-w C:WINDOWSsystem32SpoonUninstall.exe2007-05-09 22:17:02 223,128 ----a-w C:WINDOWSsystem32driversdtscsi.sys2007-05-09 22:17:02 -------- d-----w C:Program FilesDAEMON Tools2007-05-06 13:50:47 -------- d-----w C:DOCUME~1SopekDANEAP~1RapidGet2007-04-30 22:22:50 -------- d-----w C:Program FilesTotal Video Converter2007-04-28 23:14:31 -------- d-----w C:DOCUME~1SopekDANEAP~1Gadu-Gadu2007-04-28 23:13:15 -------- d-----w C:Program FilesGadu-Gadu2007-04-27 13:20:00 163,644 ----a-w C:WINDOWSsystem32driverssecdrv.sys2007-04-04 14:18:35 49,492 ----a-w C:WINDOWSsystem32perfc015.dat2007-04-04 14:18:35 355,486 ----a-w C:WINDOWSsystem32perfh015.dat2007-03-31 13:59:40 8,192 ----a-w C:WINDOWSd3dx.dat2007-03-30 15:09:40 3,451 ----a-w C:WINDOWSmozver.dat2007-03-30 15:04:19 0 ----a-w C:WINDOWSnsreg.dat2007-03-30 15:04:16 107,132 ----a-w C:WINDOWSUninstallFirefox.exe2007-03-30 14:25:34 0 --sha-r C:MSDOS.SYS2007-03-30 14:25:34 0 --sha-r C:IO.SYS2007-03-30 14:25:34 0 ----a-w C:CONFIG.SYS2007-03-30 14:25:34 0 ----a-w C:AUTOEXEC.BAT2007-03-30 14:21:50 21,856 ----a-w C:WINDOWSsystem32emptyregdb.dat((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects]{0055C089-8582-441B-A0BF-17B458C2A3A8}=D:Program FilesInternet Download ManagerIDMIECC.dll [2007-06-19 15:20]{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2005-09-24 06:12]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:Program FilesJavajre1.5.0_06binssv.dll [2005-11-10 13:22][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2007-04-25 17:27]"IDMan"="D:Program FilesInternet Download ManagerIDMan.exe" [2007-06-25 16:52][HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]"RunStartupScriptSync"=0 (0x0)"SynchronousMachineGroupPolicy"=0 (0x0)"SynchronousUserGroupPolicy"=0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciessystem]"NoDispAppearancePage"=0 (0x0)"NoColorChoice"=0 (0x0)"NoDispBackgroundPage"=0 (0x0)"NoDispCPL"=0 (0x0)"NoDispSettingsPage"=0 (0x0)"NoDispScrSavPage"=0 (0x0)"NoVisualStyleChoice"=0 (0x0)"NoSizeChoice"=0 (0x0)[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]"NoRemoteRecursiveEvents"=1 (0x1)"NoStrCmpLogical"=1 (0x1)"NoClose"=0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]"NoSMBalloonTip"=1 (0x1)"NoSaveSettings"=0 (0x0)"NoRecentDocsHistory"=1 (0x1)"NoLowDiskSpaceChecks"=1 (0x1)"MemCheckBoxInRunDlg"=0 (0x0)"NoClose"=0 (0x0)"NoAutoTrayNotify"=0 (0x0)"NoResolveTrack"=0 (0x0)"NoResolveSearch"=1 (0x1)"LinkResolveIgnoreLinkInfo"=1 (0x1)"NoStartBanner"=01000000"NoWelcomeScreen"=1 (0x1)"NoRecentDocsNetHood"=1 (0x1)"NoDesktopCleanupWizard"=1 (0x1)"NoSharedDocuments"=1 (0x1)"NoThemesTab"=0 (0x0)[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{56cb90fb-df78-11db-97d0-000e8e0243b5}]AutoRuncommand- G:autostart.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{84eae743-2003-11dc-948f-000e8e0243b5}]AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledctfmon.exeOpen(&0)command- F:Recycledctfmon.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{924af611-ded8-11db-ac81-806d6172696f}]AutoRuncommand- E:setup.exe**************************************************************************catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.netRootkit scan 2007-06-25 17:00:19Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-06-25 17:00:59C:ComboFix-quarantined-files.txt ... 2007-06-25 17:00 --- E O F ---
CatchMe komentarz 25 czerwca 2007 komentarz 25 czerwca 2007 Taki mądry jesteś ? W takim razie czekamy na analizę ComboFixa. Pozdrawiam.
rafales komentarz 25 czerwca 2007 komentarz 25 czerwca 2007 hmmm...rozumiem, że zainteresowany interpretacja loga wyłączył przywracanie systemu przed usuwaniem HJT ??
sopek44 komentarz 26 czerwca 2007 Autor komentarz 26 czerwca 2007 CatchMe, Dobrze wiesz ze Dziniu, nic nie odpisze. A więc co z logami?
CatchMe komentarz 26 czerwca 2007 komentarz 26 czerwca 2007 Plik do skanowania na www.virustotal.com : C:WINDOWSsystem32afdebc5_s.dll Wklej wynik ze skanowania na forum.
CatchMe komentarz 27 czerwca 2007 komentarz 27 czerwca 2007 W takim razie czysto. Chcesz abym sprawdził logi z Gmer`a dla pewności? :>
sopek44 komentarz 27 czerwca 2007 Autor komentarz 27 czerwca 2007 Nie, wydaje mi sie ze juz jest ok dzieki za pomoc
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.