[Rozwiazany]Proszę o sprawdzenie logów

[sopek44]

HijackThis

Logfile of HijackThis v1.99.1Scan saved at 15:30:28, on 2007-07-24Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32RunDll32.exeC:Program FilesATI TechnologiesATI Control Panelatiptaxx.exeC:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exeC:Program FilesGadu-Gadugg.exeC:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exeC:WINDOWSsystem32wuauclt.exeC:WINDOWSsystem32wuauclt.exeC:Program FilesMozilla Firefoxfirefox.exeC:Program FilesWinRARWinRAR.exeC:DOCUME~1DavidUSTAWI~1TempRar$EX00.546HijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:Program FilesInternet Download ManagerIDMIECC.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exeO4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /trayO8 - Extra context menu item: Download All Links with IDM - D:Program FilesInternet Download ManagerIEGetAll.htmO8 - Extra context menu item: Download FLV video content with IDM - D:Program FilesInternet Download ManagerIEGetVL.htmO8 - Extra context menu item: Download with IDM - D:Program FilesInternet Download ManagerIEExt.htmO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dllO23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exeO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)

Silent Runners

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}"Gadu-Gadu" = ""C:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]"ATIPTA" = "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" ["ATI Technologies, Inc."]"AVP" = ""C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"" ["Kaspersky Lab"]HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0055C089-8582-441B-A0BF-17B458C2A3A8}(Default) = "IDM Helper"  -> {HKLM...CLSID} = "IDMIEHlprObj Class"				   InProcServer32(Default) = "D:Program FilesInternet Download ManagerIDMIECC.dll" ["Tonec Inc."]{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"				   InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   InProcServer32(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]"{79BC0345-1015-11D2-A299-006008312725}" = "blue.shell"  -> {HKLM...CLSID} = "Liquid.Project"				   InProcServer32(Default) = "D:Program FilesAvidAvid Liquid 7ProgramBlueShellExt.dll" [null data]"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus statistics"  -> {HKLM...CLSID} = "Web Anti-Virus statistics"				   InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify<<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]<<!>> klogonDLLName = "C:WINDOWSsystem32klogon.dll" ["Kaspersky Lab"]HKLMSoftwareClassesFoldershellexColumnHandlers{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]HKLMSoftwareClasses*shellexContextMenuHandlersKaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"  -> {HKLM...CLSID} = (no title provided)				   InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]MagicISO(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"  -> {HKLM...CLSID} = "MShellExtMenu Class"				   InProcServer32(Default) = "C:Program FilesMagicISOmisosh.dll" ["MagicISO, Inc."]WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]HKLMSoftwareClassesDirectoryshellexContextMenuHandlersMagicISO(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"  -> {HKLM...CLSID} = "MShellExtMenu Class"				   InProcServer32(Default) = "C:Program FilesMagicISOmisosh.dll" ["MagicISO, Inc."]WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]HKLMSoftwareClassesFoldershellexContextMenuHandlersKaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"  -> {HKLM...CLSID} = (no title provided)				   InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]MagicISO(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"  -> {HKLM...CLSID} = "MShellExtMenu Class"				   InProcServer32(Default) = "C:Program FilesMagicISOmisosh.dll" ["MagicISO, Inc."]WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellStateDisplayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCUControl PanelDesktop"Wallpaper" = "(Brak)"Enabled Screen Saver:---------------------HKCUControl PanelDesktop"SCRNSAVE.EXE" = "%SystemRoot%System32logon.scr" [MS]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Etries {++}000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]Transport Service ProvidersHKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Enries {++}0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 11%SystemRoot%system32rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLMSoftwareMicrosoftInternet ExplorerExplorer BarsHKLMSoftwareClassesCLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = "Web Anti-Virus statistics"Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]Extensions (Tools menu items, main toolbar menu buttons)HKLMSoftwareMicrosoftInternet ExplorerExtensions{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}"ButtonText" = "Web Anti-Virus statistics"{FB5F1910-F110-11D2-BB9E-00C04F795683}"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]Kaspersky Anti-Virus 6.0, AVP, ""C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r" ["Kaspersky Lab"]Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]----------<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 17 seconds.---------- (total run time: 55 seconds)

[CatchMe]

Logi są czyste.

[sopek44]

Dzisiaj zainstalowałem kasperskiego i znalazł on kilka wirusów. Usunełem je i od tąd gdy klikam dwukrotnie LPM na dysk D: to wyskakuje

[CatchMe]

Wklej log z ComboFix.

[sopek44]

Podczas tworzenia loga Combofixem, Kaspersky wykrył wirusa o nazwie Catchme :lol:

Oto log:

"David" - 2007-07-24 16:24:41 - ComboFix 07-07-23.6 - Dodatek Service Pack 2  NTFS  (((((((((((((((((((((((((   Files Created from 2007-06-24 to 2007-07-24  )))))))))))))))))))))))))))))))2007-07-24 16:06	51,200	--a------	C:WINDOWSnircmd.exe2007-07-24 14:58	23	--ahs----	C:WINDOWSsystem32bcfbadabcfc6_r.dll2007-07-24 14:58	<DIR>	d--------	C:Program Filesjv16 PowerTools 20072007-07-24 14:43	82,258	--a------	C:WINDOWSsystem32driversklin.dat2007-07-24 14:43	82,258	--a------	C:WINDOWSsystem32driversklick.dat2007-07-24 14:43	4,640	--ahs----	C:WINDOWSsystem32driversfidbox2.dat2007-07-24 14:43	331,552	--ahs----	C:WINDOWSsystem32driversfidbox.dat2007-07-24 14:43	<DIR>	d--------	C:Program FilesKaspersky Lab2007-07-24 14:43	<DIR>	d--------	C:DOCUME~1ALLUSE~1DANEAP~1Kaspersky Lab2007-07-23 15:01	<DIR>	d--------	C:WINDOWSsystem32appmgmt2007-07-23 14:44	86,016	--a------	C:WINDOWSunvise32.exe2007-07-23 14:28	30,592	---------	C:WINDOWSsystem32driversrndismpx.sys2007-07-23 14:28	12,800	---------	C:WINDOWSsystem32driversusb8023x.sys2007-07-23 14:28	<DIR>	d--------	C:Program FilesMicrosoft ActiveSync2007-07-23 10:26	31,616	--a------	C:WINDOWSsystem32driversusbccgp.sys2007-07-23 03:57	<DIR>	d--------	C:WINDOWSUlead.dat2007-07-23 03:53	<DIR>	d---s----	C:DOCUME~1DavidUserData2007-07-23 03:49	57,856	--a------	C:WINDOWSsystem32masd32.dll2007-07-23 03:49	27,648	--a------	C:WINDOWSsystem32ma32.dll2007-07-23 03:49	196,096	--a------	C:WINDOWSsystem32macd32.dll2007-07-23 03:49	138,752	--a------	C:WINDOWSsystem32mase32.dll2007-07-23 03:49	136,192	--a------	C:WINDOWSsystem32mamc32.dll2007-07-23 03:48	934,576	--a------	C:WINDOWSsystem32ltr13n.dll2007-07-23 03:48	80,896	--a------	C:WINDOWSsystem32lfwmf13s.dll2007-07-23 03:48	79,360	--a------	C:WINDOWSsystem32lfeps13s.dll2007-07-23 03:48	74,752	--a------	C:WINDOWSsystem32lfgif13s.dll2007-07-23 03:48	70,144	--a------	C:WINDOWSsystem32lfbmp13s.dll2007-07-23 03:48	65,536	--a------	C:WINDOWSsystem32lfpcx13s.dll2007-07-23 03:48	64,000	--a------	C:WINDOWSsystem32lftga13s.dll2007-07-23 03:48	59,904	--a------	C:WINDOWSsystem32lfpcd13s.dll2007-07-23 03:48	487,424	--a------	C:WINDOWSsystem32msvcp70.dll2007-07-23 03:48	466,624	--a------	C:WINDOWSsystem32LTRPR13n.DLL2007-07-23 03:48	393,728	--a------	C:WINDOWSsystem32LFCMP13s.DLL2007-07-23 03:48	344,064	--a------	C:WINDOWSsystem32msvcr70.dll2007-07-23 03:48	304,816	--a------	C:WINDOWSsystem32LTRIO13N.DLL2007-07-23 03:48	283,136	--a------	C:WINDOWSsystem32LFJ2K13s.dll2007-07-23 03:48	194,248	--a------	C:WINDOWSsystem32LTRFD13n.DLL2007-07-23 03:48	185,856	--a------	C:WINDOWSsystem32lfpng13s.dll2007-07-23 03:48	166,400	--a------	C:WINDOWSsystem32lftif13s.dll2007-07-23 03:48	116,224	--a------	C:WINDOWSsystem32lffax13s.dll2007-07-23 03:48	110,080	--a------	C:WINDOWSsystem32lfpsd13s.dll2007-07-23 03:48	104,960	--a------	C:WINDOWSsystem32lfpct13s.dll2007-07-23 03:48	1,772,032	--a------	C:WINDOWSsystem32LTCLR13s.dll2007-07-23 03:48	1,060,864	--a------	C:WINDOWSsystem32mfc71.dll2007-07-23 03:48	1,047,552	--a------	C:WINDOWSsystem32mfc71u.dll2007-07-23 03:45	<DIR>	d--------	C:Program FilesPinnacle2007-07-23 03:45	<DIR>	d--------	C:DOCUME~1ALLUSE~1DANEAP~1Pinnacle2007-07-22 21:19	<DIR>	d--------	C:Program Filesxchat2007-07-22 21:19	<DIR>	d--------	C:DOCUME~1DavidDANEAP~1X-Chat 22007-07-21 02:34	92,160	--a------	C:WINDOWSsystem32driversmcdbus.sys2007-07-21 02:20	5,248	--a------	C:WINDOWSsystem32driversd347prt.sys2007-07-21 02:20	155,136	--a------	C:WINDOWSsystem32driversd347bus.sys2007-07-21 02:20	<DIR>	d--------	C:WINDOWSDownloaded Installations2007-07-21 02:20	<DIR>	d--------	C:Program FilesD-Tools2007-07-21 02:05	<DIR>	d--------	C:Program FilesMagicISO2007-07-20 18:24	<DIR>	d--------	C:DOCUME~1DavidDANEAP~1IDM2007-07-20 18:24	<DIR>	d--------	C:DOCUME~1DavidDANEAP~1DMCache2007-07-19 14:32	<DIR>	dr-hs----	C:Recycled2007-07-19 14:09	<DIR>	d--------	C:DOCUME~1DavidDANEAP~1Media Player Classic2007-07-19 14:08	740,442	--a------	C:WINDOWSsystem32divx.dll2007-07-19 14:08	73,728	--a------	C:WINDOWSsystem32dpl100.dll2007-07-19 14:08	630,784	--a------	C:WINDOWSsystem32vp7vfw.dll2007-07-19 14:08	593,920	--a------	C:WINDOWSsystem32xvidcore.dll2007-07-19 14:08	564,224	--a------	C:WINDOWSsystem32x264vfw.dll2007-07-19 14:08	438,272	--a------	C:WINDOWSsystem32vp6vfw.dll2007-07-19 14:08	39,936	--a------	C:WINDOWSsystem32huffyuv.dll2007-07-19 14:08	3,596,288	--a------	C:WINDOWSsystem32qt-dx331.dll2007-07-19 14:08	217,088	--a------	C:WINDOWSsystem32yv12vfw.dll2007-07-19 14:08	217,088	--a------	C:WINDOWSsystem32i420vfw.dll2007-07-19 14:08	180,224	--a------	C:WINDOWSsystem32xvidvfw.dll2007-07-19 14:08	144,384	--a------	C:WINDOWSsystem32Iacenc.dll2007-07-19 14:08	10,752	--a------	C:WINDOWSsystem32ff_vfw.dll2007-07-19 14:08	<DIR>	d--------	C:Program FilesK-Lite Codec Pack2007-07-19 14:08	<DIR>	d--------	C:DOCUME~1ALLUSE~1DANEAP~1Real2007-07-19 03:36	<DIR>	d--------	C:DOCUME~1DavidDANEAP~1DivX2007-07-19 03:35	118,520	---------	C:WINDOWSsystem32pxinsi64.exe2007-07-19 03:35	116,472	---------	C:WINDOWSsystem32pxcpyi64.exe2007-07-19 03:35	<DIR>	d--------	C:Program FilesDivX2007-07-19 02:34	516,096	---------	C:WINDOWSsystem32ati2sgag.exe2007-07-19 02:33	<DIR>	d--h-----	C:Program FilesInstallShield Installation Information2007-07-19 02:33	<DIR>	d--------	C:Program FilesATI Technologies2007-07-19 02:33	<DIR>	d--------	C:ATI2007-07-19 00:58	<DIR>	d--------	C:DOCUME~1DavidDANEAP~1AdobeUM2007-07-18 23:42	<DIR>	d--------	C:Program FilesTotal Video Converter2007-07-18 21:38	<DIR>	d--------	C:DOCUME~1DavidCG Cache2007-07-18 21:08	<DIR>	d--------	C:DOCUME~1ALLUSE~1DANEAP~1Adobe Systems2007-07-18 21:04	<DIR>	d--------	C:Program FilesCommon FilesAdobe Systems Shared2007-07-18 21:03	282,176	--a------	C:WINDOWSsystem32ae700main.dat2007-07-18 20:58	86,016	--a------	C:WINDOWSunvise32qt.exe2007-07-18 20:57	665,424	--a------	C:WINDOWSsystem32wmv8dmoe.dll2007-07-18 20:57	572,752	--a------	C:WINDOWSsystem32wmvdmoe.dll2007-07-18 20:57	438,608	--a------	C:WINDOWSsystem32wmv8dmod.dll2007-07-18 20:57	1,683,792	--a------	C:WINDOWSsystem32wmvcore2.dll2007-07-18 20:57	<DIR>	d--------	C:WINDOWSsystem32QuickTime2007-07-18 20:57	<DIR>	d--------	C:Program FilesQuickTime2007-07-18 20:57	<DIR>	d--------	C:Program Filesdirectx2007-07-18 20:55	299,520	--a------	C:WINDOWSuninst.exe2007-07-18 20:55	<DIR>	d--------	C:DOCUME~1DavidWINDOWS2007-07-18 13:38	<DIR>	d--------	C:DOCUME~1DavidDANEAP~1Microsoft Games2007-07-18 00:15	<DIR>	d--------	C:Program FilesVideoLAN((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-24 14:18:29	6,104	--sha-w	C:WINDOWSsystem32driversfidbox.idx2007-07-24 14:18:29	1,460	--sha-w	C:WINDOWSsystem32driversfidbox2.idx2007-07-17 17:26:11	74,230	----a-w	C:WINDOWSsystem32perfc015.dat2007-07-17 17:26:11	448,004	----a-w	C:WINDOWSsystem32perfh015.dat2007-07-16 15:22:46	--------	d-----w	C:Program FilesUsługi online(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"Cmaudio"="cmicnfg.cpl" []"ATIPTA"="C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" [2005-05-12 21:05]"AVP"="C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" [2007-01-29 23:02][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2007-07-09 09:39][HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunonce]"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,NR0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:WINDOWSsystem32driverssfvfs02.sysR3 ASAPIW2K;ASAPIW2K;??C:WINDOWSsystem32DriversasapiW2k.sysR3 cmuda;C-Media WDM Audio Interface;C:WINDOWSsystem32driverscmuda.sysR3 mcdbus;Driver for MagicISO SCSI Host Controller;C:WINDOWSsystem32DRIVERSmcdbus.sysR3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:WINDOWSsystem32driversmsmpu401.sysS3 wceusbsh;Windows CE USB Serial Host Driver;C:WINDOWSsystem32DRIVERSwceusbsh.sys[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{62edb888-35f3-11dc-ab23-000e8e0243b5}]AutoRuncommand- C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycledctfmon.exeOpen(&0)command- F:Recycledctfmon.exe[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{8b6dee35-33be-11dc-a7be-806d6172696f}]AutoRuncommand- E:setup.exe**************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-07-24 16:26:30Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden registry entries ...[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderFavoitesA151c]"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-07-24 16:31:27	--- E O F ---

[Dziniu]

ja miałem podobny problem do twojego tylko że nie miałem dostępu do partycji E ale okazało się że to nie wirus a pomogło mi skanowanie dysków lokalnych przy uruchomieniu systemu może i tobie to pomoże spróbuj

PS bałem się że będę musiał tworzyć nową partycję a miałem tam dużo zdjęć i plików ale mi pomogło sprawdzenie dysku

[sopek44]

Jak klikałem dwukrotnie LPM to wyskakiwał bład, a jak PPM i na otówrz to sie otwierał :/ No a teraz jest już ok :> Samo się naprawiło

[CatchMe]

Log czysty.