Brak pliku copy.exe

gregston · 10 Maj 2007 16:48

Witam,

Mam taki sam problem w laptopie (Acer). Przeskanowałem go antywirem, część syfu została usunięta, ale przy próbie otwarcia dysków (doubleclick) pojawiał się komunikat, że nie może znaleźć copy.exe

Sformatowałem partycję (niesystemową), przeinstalowałem system i problem dotyczył już tylko dysku wymiennego (w moim przypadku odtwarzacz mp3). Użyłem combofix (log poniżej) i teraz to dopiero są jaja Przy próbie otwarcia dysków c: d: i tego wymiennego otwiera się okno “wyniki wyszukiwania”. Po kliknięciu prawym klawiszem na te dyski wyboldowana jest właśnie na samej górze opcja “wyszukaj”… pomocy…

“ťukasz” - 2007-05-10 18:07:48 Dodatek Service Pack 2 ComboFix 07-05.09.V - Running from: “C:\Program Files\Mozilla Firefox” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) f:\autorun.inf ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-10 )))))))))))))))))))))))))))))))))) 2007-05-10 17:05 2007-05-10 17:05 2007-05-10 01:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-05-10 00:18 2007-05-09 22:39 2007-05-09 13:35 2007-05-09 13:15 2007-05-08 22:36 2007-05-08 22:07 2007-05-08 21:57 2007-05-08 21:57 2007-05-08 21:57 2007-05-08 21:03 2007-05-08 20:36 2007-05-08 19:35 2007-05-08 17:39 2007-05-08 17:33 2007-05-08 17:26 2007-05-08 17:05 1,156 --a------ C:\WINDOWS\mozver.dat 2007-05-08 16:51 0 --a------ C:\WINDOWS\nsreg.dat 2007-05-08 16:37 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-05-08 16:37 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-05-08 16:37 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-05-08 16:37 2007-05-08 16:37 2007-05-08 14:49 2007-05-08 12:20 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-05-08 12:19 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2007-05-08 12:18 123,392 --a------ C:\WINDOWS\system32\dzip32.dll 2007-05-08 12:18 2007-05-08 12:18 2007-05-08 12:17 20,096 --a------ C:\WINDOWS\system32\drivers\PCASp50.SYS 2007-05-08 12:17 2007-05-08 12:17 2007-05-08 12:16 70,388 -ra------ C:\WINDOWS\system32\drivers\WS01UPH.BIN 2007-05-08 12:16 7,936 -ra------ C:\WINDOWS\system32\drivers\gtptser.sys 2007-05-08 12:16 65,152 --a------ C:\WINDOWS\system32\drivers\ewusbser.sys 2007-05-08 12:16 65,152 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys 2007-05-08 12:16 65,152 --a------ C:\WINDOWS\system32\drivers\ewusbapp.sys 2007-05-08 12:16 53,248 -ra------ C:\WINDOWS\system32\drivers\CInsX500.dll 2007-05-08 12:16 53,040 -ra------ C:\WINDOWS\system32\drivers\nmwcdcls.dll 2007-05-08 12:16 4,990 -ra------ C:\WINDOWS\system32\drivers\PCX500MP.SYS 2007-05-08 12:16 4,960 -ra------ C:\WINDOWS\system32\drivers\nmwcdlog.dll 2007-05-08 12:16 38,656 -ra------ C:\WINDOWS\system32\drivers\ZD1UXP.SYS 2007-05-08 12:16 35 --a------ C:\WINDOWS\system32\RTELM.dll 2007-05-08 12:16 32,000 -ra------ C:\WINDOWS\system32\drivers\gtf32bus.sys 2007-05-08 12:16 280,576 -ra------ C:\WINDOWS\system32\drivers\Mrvw123.sys 2007-05-08 12:16 280,448 -ra------ C:\WINDOWS\system32\drivers\Mrvw125.sys 2007-05-08 12:16 18,944 -ra------ C:\WINDOWS\system32\drivers\gtscser.sys 2007-05-08 12:16 169,984 --a------ C:\WINDOWS\system32\drivers\pcx500.sys 2007-05-08 12:15 92,416 -ra------ C:\WINDOWS\system32\drivers\cfvn4c51.sys 2007-05-08 12:15 92,288 -ra------ C:\WINDOWS\system32\drivers\cfvn4c50.sys 2007-05-08 12:15 9,900 -ra------ C:\WINDOWS\system32\drivers\WCMLib2K.sys 2007-05-08 12:15 9,600 -ra------ C:\WINDOWS\system32\drivers\WCMLibXP.sys 2007-05-08 12:15 76,045 -ra------ C:\WINDOWS\system32\drivers\WCMBus2K.sys 2007-05-08 12:15 71,552 -ra------ C:\WINDOWS\system32\drivers\WCMBusXP.sys 2007-05-08 12:15 7,296 -ra------ C:\WINDOWS\system32\drivers\semwlntp.sys 2007-05-08 12:15 6,672 -ra------ C:\WINDOWS\system32\drivers\k600wh95.sys 2007-05-08 12:15 58,856 -ra------ C:\WINDOWS\system32\drivers\dpphys.sys 2007-05-08 12:15 57,536 -ra------ C:\WINDOWS\system32\drivers\WCMVmd2K.sys 2007-05-08 12:15 55,808 -ra------ C:\WINDOWS\system32\drivers\WCMVmdXP.sys 2007-05-08 12:15 52,864 -ra------ C:\WINDOWS\system32\drivers\GTEDGNet.sys 2007-05-08 12:15 51,328 -ra------ C:\WINDOWS\system32\drivers\uart0.sys 2007-05-08 12:15 5,744 -ra------ C:\WINDOWS\system32\drivers\k600whnt.sys 2007-05-08 12:15 4,480 -ra------ C:\WINDOWS\system32\drivers\g3grpm.sys 2007-05-08 12:15 368,896 -ra------ C:\WINDOWS\system32\drivers\semwl5.sys 2007-05-08 12:15 266,496 -ra------ C:\WINDOWS\system32\drivers\gtwl5.sys 2007-05-08 12:15 26,496 -ra------ C:\WINDOWS\system32\drivers\g3grumdm.sys 2007-05-08 12:15 258,560 -ra------ C:\WINDOWS\system32\drivers\MRV8K51.sys 2007-05-08 12:15 258,432 -ra------ C:\WINDOWS\system32\drivers\MRV8K50.SYS 2007-05-08 12:15 23,296 -ra------ C:\WINDOWS\system32\drivers\g3gruser.sys 2007-05-08 12:15 22,284 -ra------ C:\WINDOWS\system32\drivers\WcmSc2K.sys 2007-05-08 12:15 21,888 -ra------ C:\WINDOWS\system32\drivers\GTEDGSC.sys 2007-05-08 12:15 21,224 -ra------ C:\WINDOWS\system32\drivers\DPFDrv.sys 2007-05-08 12:15 21,120 -ra------ C:\WINDOWS\system32\drivers\WcmScXP.sys 2007-05-08 12:15 16,256 -ra------ C:\WINDOWS\system32\drivers\g3grsc.sys 2007-05-08 12:15 107,904 -ra------ C:\WINDOWS\system32\drivers\GTEDG.sys 2007-05-08 12:14 87,456 -ra------ C:\WINDOWS\system32\drivers\k600mdm.sys 2007-05-08 12:14 79,248 -ra------ C:\WINDOWS\system32\drivers\k600mgmt.sys 2007-05-08 12:14 77,952 -ra------ C:\WINDOWS\system32\drivers\nwusbmdm.sys 2007-05-08 12:14 77,072 -ra------ C:\WINDOWS\system32\drivers\k600obex.sys 2007-05-08 12:14 67,840 -ra------ C:\WINDOWS\system32\drivers\NWADIEnum.sys 2007-05-08 12:14 63,360 -ra------ C:\WINDOWS\system32\drivers\nwusbser.sys 2007-05-08 12:14 6,112 -ra------ C:\WINDOWS\system32\drivers\k600cmnt.sys 2007-05-08 12:14 6,096 -ra------ C:\WINDOWS\system32\drivers\k600mdfl.sys 2007-05-08 12:14 57,344 -ra------ C:\WINDOWS\system32\drivers\V620.dll 2007-05-08 12:14 53,248 -ra------ C:\WINDOWS\system32\drivers\GCXXNet.sys 2007-05-08 12:14 52,384 -ra------ C:\WINDOWS\system32\drivers\k600bus.sys 2007-05-08 12:14 50,206 -ra------ C:\WINDOWS\system32\drivers\Serialnw.sys 2007-05-08 12:14 45,161 -ra------ C:\WINDOWS\system32\drivers\GCXXLog.exe 2007-05-08 12:14 3,984 -ra------ C:\WINDOWS\system32\drivers\k600cr.sys 2007-05-08 12:14 269,056 -ra------ C:\WINDOWS\system32\drivers\NWVNdis.sys 2007-05-08 12:14 241,792 -ra------ C:\WINDOWS\system32\drivers\nw620.sys 2007-05-08 12:14 21,888 -ra------ C:\WINDOWS\system32\drivers\GCXXSC.sys 2007-05-08 12:14 114,944 -ra------ C:\WINDOWS\system32\drivers\GCXX.sys 2007-05-08 12:14 10,672 -ra------ C:\WINDOWS\system32\drivers\k600cm95.sys 2007-05-08 12:14 2007-05-07 22:55 2007-05-07 22:48 2007-05-07 22:48 2007-05-07 22:47 2007-05-07 22:37 2007-05-07 22:35 2007-05-07 22:35 2007-05-07 22:34 7,278 -ra------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-05-07 22:34 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-05-07 22:34 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll 2007-05-07 22:34 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-05-07 22:34 128,797 -ra------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-05-07 22:34 10,991 -ra------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-05-07 22:34 10,991 -ra------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:33 2007-05-05 21:54 2007-05-02 12:07 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-05-02 12:05 2007-05-02 12:05 2007-05-02 12:04 2007-04-30 21:37 1,835,008 --ah----- C:\DOCUME~1\Ania\NTUSER.DAT 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 18:39 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-10 13:51:34 68,242 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-10 13:51:34 438,056 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-10 11:12:42 12 ----a-w C:\WINDOWS\bthservsdp.dat 2007-03-28 16:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-03-28 16:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-03-28 16:51:48 189,584 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-03-28 16:51:42 24,208 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-03-28 16:51:36 31,888 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-03-28 16:51:32 28,304 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-03-28 16:51:26 97,936 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-03-28 16:51:20 12,944 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:38:48 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:48 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:48 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:34 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] “{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}”=“c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” “{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}”=“C:\Program Files\Norton AntiVirus\NavShExt.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” “IMJPMIG8.1”="“C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32" “MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC” “PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC” “PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName” “PCMService”="“C:\Program Files\Acer\Acer Arcade\PCMService.exe”" “igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” “igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” “eDataSecurity Loader”=“C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe” “ADMTray.exe”="“C:\Acer\Empowering Technology\admtray.exe”" “ntiMUI”=“C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe” “SkyTel”=“SkyTel.EXE” “Alcmtr”=“ALCMTR.EXE” “BluetoothAuthenticationAgent”=“rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent” “ePower_DMC”=“C:\Acer\Empowering Technology\ePower\ePower_DMC.exe” “Acer ePower Management”=“C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot” “LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe” “eRecoveryService”=“C:\Acer\Empowering Technology\eRecovery\Monitor.exe” “PCSuiteTrayApplication”=“C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” “ccApp”="“C:\Program Files\Common Files\Symantec Shared\ccApp.exe”" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “RTEGPRS”="“C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray" “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 bthsvcs BthServ\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F] [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{856ddd1e-b679-11da-9623-0016d4c8fefd}] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - ťukasz.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-10 18:09:52 Windows 5.1.2600 Dodatek Service Pack 2 FAT scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-10 18:09:55 C:\ComboFix-quarantined-files.txt … 2007-05-10 18:09

Gutek · 10 Maj 2007 17:54

Nie podpinaj się pod cudzy temat

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

gregston · 10 Maj 2007 18:33

Sorry za podpięcie się… Dzięki za szybką odpowiedź, ale niestety nic nie pomogło, wciąż po dwukliku pokazuje się okno wyszukiwania… Masz może jeszcze jakiś pomysł?

Gutek · 10 Maj 2007 19:01

Daj jeszcze raz log z Combo

gregston · 10 Maj 2007 19:19

“ťukasz” - 2007-05-10 21:07:54 Dodatek Service Pack 2 ComboFix 07-05.09.V - Running from: “D:\Downloads” ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-10 )))))))))))))))))))))))))))))))))) 2007-05-10 18:09 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-10 17:05 2007-05-10 01:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-05-10 00:18 2007-05-09 22:39 2007-05-09 13:35 2007-05-09 13:15 2007-05-08 22:36 2007-05-08 22:07 2007-05-08 21:57 2007-05-08 21:57 2007-05-08 21:57 2007-05-08 21:03 2007-05-08 20:36 2007-05-08 19:35 2007-05-08 17:39 2007-05-08 17:33 2007-05-08 17:26 2007-05-08 17:05 1,156 --a------ C:\WINDOWS\mozver.dat 2007-05-08 16:51 0 --a------ C:\WINDOWS\nsreg.dat 2007-05-08 16:37 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-05-08 16:37 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-05-08 16:37 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-05-08 16:37 2007-05-08 16:37 2007-05-08 14:49 2007-05-08 12:20 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-05-08 12:19 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2007-05-08 12:18 123,392 --a------ C:\WINDOWS\system32\dzip32.dll 2007-05-08 12:18 2007-05-08 12:18 2007-05-08 12:17 20,096 --a------ C:\WINDOWS\system32\drivers\PCASp50.SYS 2007-05-08 12:17 2007-05-08 12:17 2007-05-08 12:16 70,388 -ra------ C:\WINDOWS\system32\drivers\WS01UPH.BIN 2007-05-08 12:16 7,936 -ra------ C:\WINDOWS\system32\drivers\gtptser.sys 2007-05-08 12:16 65,152 --a------ C:\WINDOWS\system32\drivers\ewusbser.sys 2007-05-08 12:16 65,152 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys 2007-05-08 12:16 65,152 --a------ C:\WINDOWS\system32\drivers\ewusbapp.sys 2007-05-08 12:16 53,248 -ra------ C:\WINDOWS\system32\drivers\CInsX500.dll 2007-05-08 12:16 53,040 -ra------ C:\WINDOWS\system32\drivers\nmwcdcls.dll 2007-05-08 12:16 4,990 -ra------ C:\WINDOWS\system32\drivers\PCX500MP.SYS 2007-05-08 12:16 4,960 -ra------ C:\WINDOWS\system32\drivers\nmwcdlog.dll 2007-05-08 12:16 38,656 -ra------ C:\WINDOWS\system32\drivers\ZD1UXP.SYS 2007-05-08 12:16 35 --a------ C:\WINDOWS\system32\RTELM.dll 2007-05-08 12:16 32,000 -ra------ C:\WINDOWS\system32\drivers\gtf32bus.sys 2007-05-08 12:16 280,576 -ra------ C:\WINDOWS\system32\drivers\Mrvw123.sys 2007-05-08 12:16 280,448 -ra------ C:\WINDOWS\system32\drivers\Mrvw125.sys 2007-05-08 12:16 18,944 -ra------ C:\WINDOWS\system32\drivers\gtscser.sys 2007-05-08 12:16 169,984 --a------ C:\WINDOWS\system32\drivers\pcx500.sys 2007-05-08 12:15 92,416 -ra------ C:\WINDOWS\system32\drivers\cfvn4c51.sys 2007-05-08 12:15 92,288 -ra------ C:\WINDOWS\system32\drivers\cfvn4c50.sys 2007-05-08 12:15 9,900 -ra------ C:\WINDOWS\system32\drivers\WCMLib2K.sys 2007-05-08 12:15 9,600 -ra------ C:\WINDOWS\system32\drivers\WCMLibXP.sys 2007-05-08 12:15 76,045 -ra------ C:\WINDOWS\system32\drivers\WCMBus2K.sys 2007-05-08 12:15 71,552 -ra------ C:\WINDOWS\system32\drivers\WCMBusXP.sys 2007-05-08 12:15 7,296 -ra------ C:\WINDOWS\system32\drivers\semwlntp.sys 2007-05-08 12:15 6,672 -ra------ C:\WINDOWS\system32\drivers\k600wh95.sys 2007-05-08 12:15 58,856 -ra------ C:\WINDOWS\system32\drivers\dpphys.sys 2007-05-08 12:15 57,536 -ra------ C:\WINDOWS\system32\drivers\WCMVmd2K.sys 2007-05-08 12:15 55,808 -ra------ C:\WINDOWS\system32\drivers\WCMVmdXP.sys 2007-05-08 12:15 52,864 -ra------ C:\WINDOWS\system32\drivers\GTEDGNet.sys 2007-05-08 12:15 51,328 -ra------ C:\WINDOWS\system32\drivers\uart0.sys 2007-05-08 12:15 5,744 -ra------ C:\WINDOWS\system32\drivers\k600whnt.sys 2007-05-08 12:15 4,480 -ra------ C:\WINDOWS\system32\drivers\g3grpm.sys 2007-05-08 12:15 368,896 -ra------ C:\WINDOWS\system32\drivers\semwl5.sys 2007-05-08 12:15 266,496 -ra------ C:\WINDOWS\system32\drivers\gtwl5.sys 2007-05-08 12:15 26,496 -ra------ C:\WINDOWS\system32\drivers\g3grumdm.sys 2007-05-08 12:15 258,560 -ra------ C:\WINDOWS\system32\drivers\MRV8K51.sys 2007-05-08 12:15 258,432 -ra------ C:\WINDOWS\system32\drivers\MRV8K50.SYS 2007-05-08 12:15 23,296 -ra------ C:\WINDOWS\system32\drivers\g3gruser.sys 2007-05-08 12:15 22,284 -ra------ C:\WINDOWS\system32\drivers\WcmSc2K.sys 2007-05-08 12:15 21,888 -ra------ C:\WINDOWS\system32\drivers\GTEDGSC.sys 2007-05-08 12:15 21,224 -ra------ C:\WINDOWS\system32\drivers\DPFDrv.sys 2007-05-08 12:15 21,120 -ra------ C:\WINDOWS\system32\drivers\WcmScXP.sys 2007-05-08 12:15 16,256 -ra------ C:\WINDOWS\system32\drivers\g3grsc.sys 2007-05-08 12:15 107,904 -ra------ C:\WINDOWS\system32\drivers\GTEDG.sys 2007-05-08 12:14 87,456 -ra------ C:\WINDOWS\system32\drivers\k600mdm.sys 2007-05-08 12:14 79,248 -ra------ C:\WINDOWS\system32\drivers\k600mgmt.sys 2007-05-08 12:14 77,952 -ra------ C:\WINDOWS\system32\drivers\nwusbmdm.sys 2007-05-08 12:14 77,072 -ra------ C:\WINDOWS\system32\drivers\k600obex.sys 2007-05-08 12:14 67,840 -ra------ C:\WINDOWS\system32\drivers\NWADIEnum.sys 2007-05-08 12:14 63,360 -ra------ C:\WINDOWS\system32\drivers\nwusbser.sys 2007-05-08 12:14 6,112 -ra------ C:\WINDOWS\system32\drivers\k600cmnt.sys 2007-05-08 12:14 6,096 -ra------ C:\WINDOWS\system32\drivers\k600mdfl.sys 2007-05-08 12:14 57,344 -ra------ C:\WINDOWS\system32\drivers\V620.dll 2007-05-08 12:14 53,248 -ra------ C:\WINDOWS\system32\drivers\GCXXNet.sys 2007-05-08 12:14 52,384 -ra------ C:\WINDOWS\system32\drivers\k600bus.sys 2007-05-08 12:14 50,206 -ra------ C:\WINDOWS\system32\drivers\Serialnw.sys 2007-05-08 12:14 45,161 -ra------ C:\WINDOWS\system32\drivers\GCXXLog.exe 2007-05-08 12:14 3,984 -ra------ C:\WINDOWS\system32\drivers\k600cr.sys 2007-05-08 12:14 269,056 -ra------ C:\WINDOWS\system32\drivers\NWVNdis.sys 2007-05-08 12:14 241,792 -ra------ C:\WINDOWS\system32\drivers\nw620.sys 2007-05-08 12:14 21,888 -ra------ C:\WINDOWS\system32\drivers\GCXXSC.sys 2007-05-08 12:14 114,944 -ra------ C:\WINDOWS\system32\drivers\GCXX.sys 2007-05-08 12:14 10,672 -ra------ C:\WINDOWS\system32\drivers\k600cm95.sys 2007-05-08 12:14 2007-05-07 22:55 2007-05-07 22:48 2007-05-07 22:48 2007-05-07 22:47 2007-05-07 22:37 2007-05-07 22:35 2007-05-07 22:35 2007-05-07 22:34 7,278 -ra------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-05-07 22:34 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-05-07 22:34 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll 2007-05-07 22:34 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-05-07 22:34 128,797 -ra------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-05-07 22:34 10,991 -ra------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-05-07 22:34 10,991 -ra------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:33 2007-05-05 21:54 2007-05-02 12:07 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-05-02 12:05 2007-05-02 12:05 2007-05-02 12:04 2007-04-30 21:37 1,835,008 --ah----- C:\DOCUME~1\Ania\NTUSER.DAT 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 18:39 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-10 18:28:56 68,242 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-10 18:28:56 438,056 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-10 18:23:26 12 ----a-w C:\WINDOWS\bthservsdp.dat 2007-03-28 16:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-03-28 16:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-03-28 16:51:48 189,584 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-03-28 16:51:42 24,208 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-03-28 16:51:36 31,888 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-03-28 16:51:32 28,304 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-03-28 16:51:26 97,936 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-03-28 16:51:20 12,944 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:38:48 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:48 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:48 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:34 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] “{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}”=“c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” “{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}”=“C:\Program Files\Norton AntiVirus\NavShExt.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” “IMJPMIG8.1”="“C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32" “MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC” “PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC” “PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName” “PCMService”="“C:\Program Files\Acer\Acer Arcade\PCMService.exe”" “igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” “igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” “eDataSecurity Loader”=“C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe” “ADMTray.exe”="“C:\Acer\Empowering Technology\admtray.exe”" “ntiMUI”=“C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe” “SkyTel”=“SkyTel.EXE” “Alcmtr”=“ALCMTR.EXE” “BluetoothAuthenticationAgent”=“rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent” “ePower_DMC”=“C:\Acer\Empowering Technology\ePower\ePower_DMC.exe” “Acer ePower Management”=“C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot” “LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe” “eRecoveryService”=“C:\Acer\Empowering Technology\eRecovery\Monitor.exe” “PCSuiteTrayApplication”=“C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” “ccApp”="“C:\Program Files\Common Files\Symantec Shared\ccApp.exe”" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “RTEGPRS”="“C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray" “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 bthsvcs BthServ\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - ťukasz.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-10 21:09:58 Windows 5.1.2600 Dodatek Service Pack 2 FAT scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-10 21:10:01 C:\ComboFix-quarantined-files.txt … 2007-05-10 21:10 C:\ComboFix2.txt … 2007-05-10 18:09

Gutek · 10 Maj 2007 19:27

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

gregston · 10 Maj 2007 19:45

Niestety wciąż nic, wklejam nowego loga, po ostatniej edycji rejestru…

“ťukasz” - 2007-05-10 21:37:33 Dodatek Service Pack 2 ComboFix 07-05.09.V - Running from: “D:\Downloads” ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-10 )))))))))))))))))))))))))))))))))) 2007-05-10 18:09 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-10 17:05 2007-05-10 01:03 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-05-10 00:18 2007-05-09 22:39 2007-05-09 13:35 2007-05-09 13:15 2007-05-08 22:36 2007-05-08 22:07 2007-05-08 21:57 2007-05-08 21:57 2007-05-08 21:57 2007-05-08 21:03 2007-05-08 20:36 2007-05-08 19:35 2007-05-08 17:39 2007-05-08 17:33 2007-05-08 17:26 2007-05-08 17:05 1,156 --a------ C:\WINDOWS\mozver.dat 2007-05-08 16:51 0 --a------ C:\WINDOWS\nsreg.dat 2007-05-08 16:37 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-05-08 16:37 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-05-08 16:37 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-05-08 16:37 2007-05-08 16:37 2007-05-08 14:49 2007-05-08 12:20 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-05-08 12:19 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2007-05-08 12:18 123,392 --a------ C:\WINDOWS\system32\dzip32.dll 2007-05-08 12:18 2007-05-08 12:18 2007-05-08 12:17 20,096 --a------ C:\WINDOWS\system32\drivers\PCASp50.SYS 2007-05-08 12:17 2007-05-08 12:17 2007-05-08 12:16 70,388 -ra------ C:\WINDOWS\system32\drivers\WS01UPH.BIN 2007-05-08 12:16 7,936 -ra------ C:\WINDOWS\system32\drivers\gtptser.sys 2007-05-08 12:16 65,152 --a------ C:\WINDOWS\system32\drivers\ewusbser.sys 2007-05-08 12:16 65,152 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys 2007-05-08 12:16 65,152 --a------ C:\WINDOWS\system32\drivers\ewusbapp.sys 2007-05-08 12:16 53,248 -ra------ C:\WINDOWS\system32\drivers\CInsX500.dll 2007-05-08 12:16 53,040 -ra------ C:\WINDOWS\system32\drivers\nmwcdcls.dll 2007-05-08 12:16 4,990 -ra------ C:\WINDOWS\system32\drivers\PCX500MP.SYS 2007-05-08 12:16 4,960 -ra------ C:\WINDOWS\system32\drivers\nmwcdlog.dll 2007-05-08 12:16 38,656 -ra------ C:\WINDOWS\system32\drivers\ZD1UXP.SYS 2007-05-08 12:16 35 --a------ C:\WINDOWS\system32\RTELM.dll 2007-05-08 12:16 32,000 -ra------ C:\WINDOWS\system32\drivers\gtf32bus.sys 2007-05-08 12:16 280,576 -ra------ C:\WINDOWS\system32\drivers\Mrvw123.sys 2007-05-08 12:16 280,448 -ra------ C:\WINDOWS\system32\drivers\Mrvw125.sys 2007-05-08 12:16 18,944 -ra------ C:\WINDOWS\system32\drivers\gtscser.sys 2007-05-08 12:16 169,984 --a------ C:\WINDOWS\system32\drivers\pcx500.sys 2007-05-08 12:15 92,416 -ra------ C:\WINDOWS\system32\drivers\cfvn4c51.sys 2007-05-08 12:15 92,288 -ra------ C:\WINDOWS\system32\drivers\cfvn4c50.sys 2007-05-08 12:15 9,900 -ra------ C:\WINDOWS\system32\drivers\WCMLib2K.sys 2007-05-08 12:15 9,600 -ra------ C:\WINDOWS\system32\drivers\WCMLibXP.sys 2007-05-08 12:15 76,045 -ra------ C:\WINDOWS\system32\drivers\WCMBus2K.sys 2007-05-08 12:15 71,552 -ra------ C:\WINDOWS\system32\drivers\WCMBusXP.sys 2007-05-08 12:15 7,296 -ra------ C:\WINDOWS\system32\drivers\semwlntp.sys 2007-05-08 12:15 6,672 -ra------ C:\WINDOWS\system32\drivers\k600wh95.sys 2007-05-08 12:15 58,856 -ra------ C:\WINDOWS\system32\drivers\dpphys.sys 2007-05-08 12:15 57,536 -ra------ C:\WINDOWS\system32\drivers\WCMVmd2K.sys 2007-05-08 12:15 55,808 -ra------ C:\WINDOWS\system32\drivers\WCMVmdXP.sys 2007-05-08 12:15 52,864 -ra------ C:\WINDOWS\system32\drivers\GTEDGNet.sys 2007-05-08 12:15 51,328 -ra------ C:\WINDOWS\system32\drivers\uart0.sys 2007-05-08 12:15 5,744 -ra------ C:\WINDOWS\system32\drivers\k600whnt.sys 2007-05-08 12:15 4,480 -ra------ C:\WINDOWS\system32\drivers\g3grpm.sys 2007-05-08 12:15 368,896 -ra------ C:\WINDOWS\system32\drivers\semwl5.sys 2007-05-08 12:15 266,496 -ra------ C:\WINDOWS\system32\drivers\gtwl5.sys 2007-05-08 12:15 26,496 -ra------ C:\WINDOWS\system32\drivers\g3grumdm.sys 2007-05-08 12:15 258,560 -ra------ C:\WINDOWS\system32\drivers\MRV8K51.sys 2007-05-08 12:15 258,432 -ra------ C:\WINDOWS\system32\drivers\MRV8K50.SYS 2007-05-08 12:15 23,296 -ra------ C:\WINDOWS\system32\drivers\g3gruser.sys 2007-05-08 12:15 22,284 -ra------ C:\WINDOWS\system32\drivers\WcmSc2K.sys 2007-05-08 12:15 21,888 -ra------ C:\WINDOWS\system32\drivers\GTEDGSC.sys 2007-05-08 12:15 21,224 -ra------ C:\WINDOWS\system32\drivers\DPFDrv.sys 2007-05-08 12:15 21,120 -ra------ C:\WINDOWS\system32\drivers\WcmScXP.sys 2007-05-08 12:15 16,256 -ra------ C:\WINDOWS\system32\drivers\g3grsc.sys 2007-05-08 12:15 107,904 -ra------ C:\WINDOWS\system32\drivers\GTEDG.sys 2007-05-08 12:14 87,456 -ra------ C:\WINDOWS\system32\drivers\k600mdm.sys 2007-05-08 12:14 79,248 -ra------ C:\WINDOWS\system32\drivers\k600mgmt.sys 2007-05-08 12:14 77,952 -ra------ C:\WINDOWS\system32\drivers\nwusbmdm.sys 2007-05-08 12:14 77,072 -ra------ C:\WINDOWS\system32\drivers\k600obex.sys 2007-05-08 12:14 67,840 -ra------ C:\WINDOWS\system32\drivers\NWADIEnum.sys 2007-05-08 12:14 63,360 -ra------ C:\WINDOWS\system32\drivers\nwusbser.sys 2007-05-08 12:14 6,112 -ra------ C:\WINDOWS\system32\drivers\k600cmnt.sys 2007-05-08 12:14 6,096 -ra------ C:\WINDOWS\system32\drivers\k600mdfl.sys 2007-05-08 12:14 57,344 -ra------ C:\WINDOWS\system32\drivers\V620.dll 2007-05-08 12:14 53,248 -ra------ C:\WINDOWS\system32\drivers\GCXXNet.sys 2007-05-08 12:14 52,384 -ra------ C:\WINDOWS\system32\drivers\k600bus.sys 2007-05-08 12:14 50,206 -ra------ C:\WINDOWS\system32\drivers\Serialnw.sys 2007-05-08 12:14 45,161 -ra------ C:\WINDOWS\system32\drivers\GCXXLog.exe 2007-05-08 12:14 3,984 -ra------ C:\WINDOWS\system32\drivers\k600cr.sys 2007-05-08 12:14 269,056 -ra------ C:\WINDOWS\system32\drivers\NWVNdis.sys 2007-05-08 12:14 241,792 -ra------ C:\WINDOWS\system32\drivers\nw620.sys 2007-05-08 12:14 21,888 -ra------ C:\WINDOWS\system32\drivers\GCXXSC.sys 2007-05-08 12:14 114,944 -ra------ C:\WINDOWS\system32\drivers\GCXX.sys 2007-05-08 12:14 10,672 -ra------ C:\WINDOWS\system32\drivers\k600cm95.sys 2007-05-08 12:14 2007-05-07 22:55 2007-05-07 22:48 2007-05-07 22:48 2007-05-07 22:47 2007-05-07 22:37 2007-05-07 22:35 2007-05-07 22:35 2007-05-07 22:34 7,278 -ra------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-05-07 22:34 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-05-07 22:34 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll 2007-05-07 22:34 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-05-07 22:34 128,797 -ra------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-05-07 22:34 10,991 -ra------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-05-07 22:34 10,991 -ra------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:34 2007-05-07 22:33 2007-05-05 21:54 2007-05-02 12:07 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-05-02 12:05 2007-05-02 12:05 2007-05-02 12:04 2007-04-30 21:37 1,835,008 --ah----- C:\DOCUME~1\Ania\NTUSER.DAT 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 21:37 2007-04-30 18:39 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-10 19:38:28 68,242 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-10 19:38:28 438,056 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-10 19:32:52 12 ----a-w C:\WINDOWS\bthservsdp.dat 2007-03-28 16:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-03-28 16:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-03-28 16:51:48 189,584 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-03-28 16:51:42 24,208 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-03-28 16:51:36 31,888 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-03-28 16:51:32 28,304 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-03-28 16:51:26 97,936 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-03-28 16:51:20 12,944 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:38:48 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:48 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:48 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:34 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] “{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}”=“c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” “{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}”=“C:\Program Files\Norton AntiVirus\NavShExt.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” “IMJPMIG8.1”="“C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32" “MSPY2002”=“C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC” “PHIME2002ASync”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC” “PHIME2002A”=“C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName” “PCMService”="“C:\Program Files\Acer\Acer Arcade\PCMService.exe”" “igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” “igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” “eDataSecurity Loader”=“C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe” “ADMTray.exe”="“C:\Acer\Empowering Technology\admtray.exe”" “ntiMUI”=“C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe” “SkyTel”=“SkyTel.EXE” “Alcmtr”=“ALCMTR.EXE” “BluetoothAuthenticationAgent”=“rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent” “ePower_DMC”=“C:\Acer\Empowering Technology\ePower\ePower_DMC.exe” “Acer ePower Management”=“C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot” “LManager”=“C:\PROGRA~1\LAUNCH~1\LManager.exe” “eRecoveryService”=“C:\Acer\Empowering Technology\eRecovery\Monitor.exe” “PCSuiteTrayApplication”=“C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” “ccApp”="“C:\Program Files\Common Files\Symantec Shared\ccApp.exe”" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “RTEGPRS”="“C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray" “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 bthsvcs BthServ\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - ťukasz.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-10 21:39:54 Windows 5.1.2600 Dodatek Service Pack 2 FAT scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-10 21:39:57 C:\ComboFix-quarantined-files.txt … 2007-05-10 21:39 C:\ComboFix3.txt … 2007-05-10 18:09 C:\ComboFix2.txt … 2007-05-10 21:10

Gutek · 10 Maj 2007 20:24

Sorki daj mi jeszcze log z Silenta

gregston · 10 Maj 2007 20:35

Jakie sorki? To ja dziękuję za poświęcony czas

Wklejam loga, tylko dodam, że zmieniłem sobie w międzyczasie w opcjach folderów akcje podejmowaną dla dysków i folderów z “find” na “open” i teraz niby się już otwierają, ale w nowym oknie… (w opcjach zaznaczone jest otwieranie w tym samym oknie oczywiście)

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “RTEGPRS” = ““C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray” [“SmartCom”] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “AzMixerSel” = “C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [“Realtek Semiconductor Corp.”] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “IMJPMIG8.1” = ““C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32” [MS] “MSPY2002” = “C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC” [null data] “PHIME2002ASync” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC” [MS] “PHIME2002A” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName” [MS] “PCMService” = ““C:\Program Files\Acer\Acer Arcade\PCMService.exe”” [“CyberLink Corp.”] “igfxhkcmd” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”] “igfxpers” = “C:\WINDOWS\system32\igfxpers.exe” [“Intel Corporation”] “eDataSecurity Loader” = “C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe” [“HiTRUST”] “ADMTray.exe” = ““C:\Acer\Empowering Technology\admtray.exe”” [“Avocent Inc.”] “ntiMUI” = “C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe” [null data] “(Default)” = “(empty string)” [file not found] “SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”] “Alcmtr” = “ALCMTR.EXE” [“Realtek Semiconductor Corp.”] “BluetoothAuthenticationAgent” = “rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent” [MS] “ePower_DMC” = “C:\Acer\Empowering Technology\ePower\ePower_DMC.exe” [“Acer Incorporated”] “Acer ePower Management” = “C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot” [“Acer Value Labs, Taiwan”] “LManager” = “C:\PROGRA~1\LAUNCH~1\LManager.exe” [“Dritek System Inc.”] “eRecoveryService” = “C:\Acer\Empowering Technology\eRecovery\Monitor.exe” [“acer Inc.”] “PCSuiteTrayApplication” = “C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” [“Nokia”] “ccApp” = ““C:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}(Default) = “NAV Helper” -> {HKLM…CLSID} = “CNavExtBho Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{6af09ec9-b429-11d4-a1fb-0090960218cb}” = “My Bluetooth Places” -> {HKLM…CLSID} = “Moje miejsca interfejsu Bluetooth” \InProcServer32(Default) = “C:\WINDOWS\system32\btneighborhood.dll” [“Broadcom Corporation.”] “{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}” = “EPM-PO Shell Extension” -> {HKLM…CLSID} = “EPM-PO Shell Extensions” \InProcServer32(Default) = “epm-po.dll” [“Acer Labs USA”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ EDSshellExt(Default) = “{29FF7AB0-BE34-4992-A30B-53A9D86EE239}” -> {HKLM…CLSID} = “eDSshlExt Class” \InProcServer32(Default) = “C:\WINDOWS\system32\eDSshellExt.dll” [“HiTRUST”] Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ EDSshellExt(Default) = “{29FF7AB0-BE34-4992-A30B-53A9D86EE239}” -> {HKLM…CLSID} = “eDSshlExt Class” \InProcServer32(Default) = “C:\WINDOWS\system32\eDSshellExt.dll” [“HiTRUST”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Łukasz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Łukasz” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “BTTray” -> shortcut to: “C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe” [“Broadcom Corporation.”] Enabled Scheduled Tasks: ------------------------ “Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [“Symantec Corporation”] “Norton AntiVirus - Run Full System Scan - Łukasz” -> launches: “C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:“C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca”” [“Symantec Corporation”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\system32\wshbth.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{C4069E3A-68F1-403E-B40E-20066696354B}” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}” = (no title provided) -> {HKLM…CLSID} = “Acer eDataSecurity Management” \InProcServer32(Default) = “C:\WINDOWS\system32\eDStoolbar.dll” [“HiTRUST”] “{C4069E3A-68F1-403E-B40E-20066696354B}” = “Norton AntiVirus” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AdminWorks Agent X6, AWService, ““C:\Acer\Empowering Technology\admServ.exe”” [“Avocent Inc.”] Bluetooth Service, btwdins, “c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe” [“Broadcom Corporation.”] Bluetooth Support Service, BthServ, “C:\WINDOWS\system32\svchost.exe -k bthsvcs” {“C:\WINDOWS\System32\bthserv.dll” [MS]} CyberLink Background Capture Service (CBCS), CLCapSvc, ““C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe”” [empty string] CyberLink Media Library Service, CyberLink Media Library Service, ““C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe”” [“Cyberlink”] Cyberlink RichVideo Service(CRVS), RichVideo, ““C:\Program Files\CyberLink\Shared Files\RichVideo.exe”” [empty string] CyberLink Task Scheduler (CTS), CLSched, ““C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe”” [empty string] LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] Norton AntiVirus Auto-Protect Service, navapsvc, ““C:\Program Files\Norton AntiVirus\navapsvc.exe”” [“Symantec Corporation”] Norton AntiVirus Firewall Monitor Service, NPFMntor, ““C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe”” [“Symantec Corporation”] Norton Protection Center Service, NSCService, ““C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE”” [“Symantec Corporation”] ServiceLayer, ServiceLayer, ““C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe”” [“Nokia.”] SPBBCSvc, SPBBCSvc, ““C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe”” [“Symantec Corporation”] Symantec Core LC, Symantec Core LC, ““C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe”” [“Symantec Corporation”] Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] Symantec Network Drivers Service, SNDSrvc, ““C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe”” [“Symantec Corporation”] Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] Microsoft Shared Fax Monitor\Driver = “FXSMON.DLL” [MS] Port drukarki interfejsu Bluetooth\Driver = “bthcrp.dll” [“Broadcom Corporation.”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 38 seconds. ---------- (total run time: 97 seconds)

Złączono Posta : 10.05.2007 (Czw) 22:36

Jakie sorki? To ja dziękuję za poświęcony czas

Wklejam loga, tylko dodam, że zmieniłem sobie w międzyczasie w opcjach folderów akcje podejmowaną dla dysków i folderów z “find” na “open” i teraz niby się już otwierają, ale w nowym oknie… (w opcjach zaznaczone jest otwieranie w tym samym oknie oczywiście)

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “RTEGPRS” = ““C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray” [“SmartCom”] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “AzMixerSel” = “C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [“Realtek Semiconductor Corp.”] “SynTPEnh” = “C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [“Synaptics, Inc.”] “IMJPMIG8.1” = ““C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32” [MS] “MSPY2002” = “C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC” [null data] “PHIME2002ASync” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC” [MS] “PHIME2002A” = “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName” [MS] “PCMService” = ““C:\Program Files\Acer\Acer Arcade\PCMService.exe”” [“CyberLink Corp.”] “igfxhkcmd” = “C:\WINDOWS\system32\hkcmd.exe” [“Intel Corporation”] “igfxpers” = “C:\WINDOWS\system32\igfxpers.exe” [“Intel Corporation”] “eDataSecurity Loader” = “C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe” [“HiTRUST”] “ADMTray.exe” = ““C:\Acer\Empowering Technology\admtray.exe”” [“Avocent Inc.”] “ntiMUI” = “C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe” [null data] “(Default)” = “(empty string)” [file not found] “SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”] “Alcmtr” = “ALCMTR.EXE” [“Realtek Semiconductor Corp.”] “BluetoothAuthenticationAgent” = “rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent” [MS] “ePower_DMC” = “C:\Acer\Empowering Technology\ePower\ePower_DMC.exe” [“Acer Incorporated”] “Acer ePower Management” = “C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot” [“Acer Value Labs, Taiwan”] “LManager” = “C:\PROGRA~1\LAUNCH~1\LManager.exe” [“Dritek System Inc.”] “eRecoveryService” = “C:\Acer\Empowering Technology\eRecovery\Monitor.exe” [“acer Inc.”] “PCSuiteTrayApplication” = “C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” [“Nokia”] “ccApp” = ““C:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}(Default) = “NAV Helper” -> {HKLM…CLSID} = “CNavExtBho Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{6af09ec9-b429-11d4-a1fb-0090960218cb}” = “My Bluetooth Places” -> {HKLM…CLSID} = “Moje miejsca interfejsu Bluetooth” \InProcServer32(Default) = “C:\WINDOWS\system32\btneighborhood.dll” [“Broadcom Corporation.”] “{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}” = “EPM-PO Shell Extension” -> {HKLM…CLSID} = “EPM-PO Shell Extensions” \InProcServer32(Default) = “epm-po.dll” [“Acer Labs USA”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> igfxcui\DLLName = “igfxdev.dll” [“Intel Corporation”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ EDSshellExt(Default) = “{29FF7AB0-BE34-4992-A30B-53A9D86EE239}” -> {HKLM…CLSID} = “eDSshlExt Class” \InProcServer32(Default) = “C:\WINDOWS\system32\eDSshellExt.dll” [“HiTRUST”] Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ EDSshellExt(Default) = “{29FF7AB0-BE34-4992-A30B-53A9D86EE239}” -> {HKLM…CLSID} = “eDSshlExt Class” \InProcServer32(Default) = “C:\WINDOWS\system32\eDSshellExt.dll” [“HiTRUST”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu(Default) = “{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Łukasz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Łukasz” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “BTTray” -> shortcut to: “C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe” [“Broadcom Corporation.”] Enabled Scheduled Tasks: ------------------------ “Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE” [“Symantec Corporation”] “Norton AntiVirus - Run Full System Scan - Łukasz” -> launches: “C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:“C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca”” [“Symantec Corporation”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\system32\wshbth.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{C4069E3A-68F1-403E-B40E-20066696354B}” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}” = (no title provided) -> {HKLM…CLSID} = “Acer eDataSecurity Management” \InProcServer32(Default) = “C:\WINDOWS\system32\eDStoolbar.dll” [“HiTRUST”] “{C4069E3A-68F1-403E-B40E-20066696354B}” = “Norton AntiVirus” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AdminWorks Agent X6, AWService, ““C:\Acer\Empowering Technology\admServ.exe”” [“Avocent Inc.”] Bluetooth Service, btwdins, “c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe” [“Broadcom Corporation.”] Bluetooth Support Service, BthServ, “C:\WINDOWS\system32\svchost.exe -k bthsvcs” {“C:\WINDOWS\System32\bthserv.dll” [MS]} CyberLink Background Capture Service (CBCS), CLCapSvc, ““C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe”” [empty string] CyberLink Media Library Service, CyberLink Media Library Service, ““C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe”” [“Cyberlink”] Cyberlink RichVideo Service(CRVS), RichVideo, ““C:\Program Files\CyberLink\Shared Files\RichVideo.exe”” [empty string] CyberLink Task Scheduler (CTS), CLSched, ““C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe”” [empty string] LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] Norton AntiVirus Auto-Protect Service, navapsvc, ““C:\Program Files\Norton AntiVirus\navapsvc.exe”” [“Symantec Corporation”] Norton AntiVirus Firewall Monitor Service, NPFMntor, ““C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe”” [“Symantec Corporation”] Norton Protection Center Service, NSCService, ““C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE”” [“Symantec Corporation”] ServiceLayer, ServiceLayer, ““C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe”” [“Nokia.”] SPBBCSvc, SPBBCSvc, ““C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe”” [“Symantec Corporation”] Symantec Core LC, Symantec Core LC, ““C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe”” [“Symantec Corporation”] Symantec Event Manager, ccEvtMgr, ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] Symantec Network Drivers Service, SNDSrvc, ““C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe”” [“Symantec Corporation”] Symantec Settings Manager, ccSetMgr, ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] Microsoft Shared Fax Monitor\Driver = “FXSMON.DLL” [MS] Port drukarki interfejsu Bluetooth\Driver = “bthcrp.dll” [“Broadcom Corporation.”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 38 seconds. ---------- (total run time: 97 seconds)

Gutek · 10 Maj 2007 20:46

No czysto czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Skan AVG Anti-Spyware 7.5 po update

gregston · 10 Maj 2007 21:51

Bardzo dziękuję za pomoc, mam nadzieję, że ostatecznie uda mi się zwalczyć te otwierające się dodatkowe okna pozdrawiam!

Złączono Posta : 11.05.2007 (Pią) 15:47

Rozwiązanie problemu folderów otwierających się w nowym oknie, mimo innych ustawień (u mnie zadziałało):

Start >> Uruchom >> regsvr32 /i shell32