Witam,
dzisiaj rano komp ostro zwolnił. Prawie każdy program się zawiesza (Nero włącza się 45 sekund po czym zawisa :o ). Logi:
Logfile of HijackThis v1.99.1 Scan saved at 13:07:26, on 2007-08-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\oodag.exe D:\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Ovislink\Common\TurboG-UI.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\taskmgr.exe D:\Nero 7\Nero StartSmart\NeroStartSmart.exe D:\DOWNLOAD\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [AVP] “D:\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKCU…\Run: [ccleaner] “D:\CCleaner\ccleaner.exe” /AUTO O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe O8 - Extra context menu item: Add to Anti-Banner - D:\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour … se8300.cab O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: D:\KASPER~1\KASPER~1.0\adialhk.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - D:\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ccleaner” = ““D:\CCleaner\ccleaner.exe” /AUTO” [“Piriform Ltd”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “AVP” = ““D:\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe”” [“Kaspersky Lab”] “Windows Defender” = ““C:\Program Files\Windows Defender\MSASCui.exe” -hide” [MS] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] {44BBA842-CC51-11CF-AAFA-00AA00B6015B}(Default) = “NetMeeting 3.01” \StubPath = “rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{3028902F-6374-48b2-8DC6-9725E775B926}” = “IE Microsoft AutoComplete” -> {HKLM…CLSID} = “IE Microsoft AutoComplete” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band” -> {HKLM…CLSID} = “History Band” \InProcServer32(Default) = “C:\WINDOWS\system32\shdocvw.dll” [MS] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Web Anti-Virus statistics” -> {HKLM…CLSID} = “Web Anti-Virus statistics” \InProcServer32(Default) = “D:\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”] “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” = “UnlockerShellExtension” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “D:\Unlocker\UnlockerCOM.dll” [null data] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Microsoft Office\Office12\msohevi.dll” [MS] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\WinRAR\rarext.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook” -> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook” \InProcServer32(Default) = “C:\PROGRA~1\WIFD1F~1\MpShHook.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “AppInit_DLLs” = “D:\KASPER~1\KASPER~1.0\adialhk.dll” [“Kaspersky Lab”] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“OODBS” [“O&O Software GmbH”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll” [“Kaspersky Lab”] Notepad++(Default) = “{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}” -> {HKLM…CLSID} = “Notepad++” \InProcServer32(Default) = “D:\Notepad++\nppcm.dll” [“Burgaud.com ”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll” [“Kaspersky Lab”] UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “D:\Unlocker\UnlockerCOM.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension(Default) = “{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}” -> {HKLM…CLSID} = “UnlockerShellExtension” \InProcServer32(Default) = “D:\Unlocker\UnlockerCOM.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoCDBurning” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoRecentDocsHistory” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoInstrumentation” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoUserNameInStartMenu” = (REG_DWORD) hex:0x00000001 {unrecognized setting} “NoStartMenuMFUprogramsList” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} “SynchronousMachineGroupPolicy” = (REG_DWORD) hex:0x00000000 {unrecognized setting} “SynchronousUserGroupPolicy” = (REG_DWORD) hex:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “%APPDATA%\IrfanView\IrfanView_Wallpaper.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Arst12\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Arst12” & “All Users” startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “AirLive Turbo-G Wireless Utility” -> shortcut to: “C:\Program Files\Ovislink\Common\TurboG-UI.exe -s” [“Ovislink Corp”] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task” [“Apple Inc.”] “MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Web Anti-Virus statistics” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “D:\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll” [“Kaspersky Lab”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Kaspersky Internet Security 6.0, AVP, ““D:\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” -r” [“Kaspersky Lab”] O&O Defrag, O&O Defrag, “C:\WINDOWS\system32\oodag.exe” [“O&O Software GmbH”] Windows Defender, WinDefend, ““C:\Program Files\Windows Defender\MsMpEng.exe”” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 45 seconds, including 3 seconds for message boxes)
Zrobiłem jeszcze skan kasperskim i live one care online - nic nie wykryły
Byłbym wdzięczny za pomoc
Monczkin
(Monczkin)
20 Sierpień 2007 11:31
#2
Co to jest przymulony ?? W rzece go trzymasz ?? co to jest zwis ??
Proszę nazwać temat konkretnie i po ludzku. BTW - po co te tagi, skoro piszesz w dziale bezpieczeństwo i logi HT, to chyba… jest to zbędna informacja…
Tak jakoś mi się wpisało, dawno nie byłem na tym forum pewne nawyki zanikły :mrgreen: Już poprawiam
jessica
(jessica)
20 Sierpień 2007 11:51
#4
Nie widzę w tych logach nic podejrzanego.
Jeśli chcesz, to możesz dać jeszcze log z ComboFixa:
http://forum.dobreprogramy.pl/viewtopic.php?t=36654 (na dole tej strony z linku) -
Log wklej na http://wklej.org/ , a w poście daj tylko link.
jessi
ComboFix 07-08-17.2 - “Arst12” 2007-08-20 13:53:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.590 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm ((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 ))))))))))))))))))))))))))))))) 2007-08-20 13:52 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-20 12:09 2007-08-20 12:08 2007-08-20 11:55 2007-08-20 11:42 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-08-20 11:42 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-08-20 11:42 2007-08-20 11:36 2007-08-20 11:35 2007-08-20 11:35 2007-08-20 11:08 2007-08-20 10:57 2007-08-20 10:19 2007-08-20 09:30 2007-08-20 09:05 2007-08-20 09:05 2007-08-15 11:17 2007-08-15 09:03 2007-08-13 16:37 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe 2007-08-13 16:37 143,360 -r------- C:\WINDOWS\system32\RtlCPAPI.dll 2007-08-13 16:36 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe 2007-08-13 16:36 86,016 -r------- C:\WINDOWS\SoundMan.exe 2007-08-13 16:36 4,368,896 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2007-08-13 16:36 364,544 -r------- C:\WINDOWS\RtlUpd.exe 2007-08-13 16:36 2,879,488 -r------- C:\WINDOWS\SkyTel.exe 2007-08-13 16:36 2,158,592 -r------- C:\WINDOWS\MicCal.exe 2007-08-13 16:36 16,050,176 -r------- C:\WINDOWS\RTHDCPL.exe 2007-08-13 16:36 2007-08-13 16:35 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2007-08-13 16:35 487,424 -r------- C:\WINDOWS\RtlExUpd.dll 2007-08-13 16:35 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe 2007-08-13 16:35 2007-08-13 12:07 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-08-02 11:10 2007-07-23 11:37 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-07-23 11:37 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-07-23 11:37 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-07-23 11:37 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-07-23 11:37 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-07-23 11:37 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-07-23 11:37 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-07-23 11:37 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-07-23 11:37 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-20 13:56 20237088 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-08-20 13:56 1130016 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-08-20 13:55 277280 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-08-20 13:55 112208 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-08-20 12:18 --------- d-------- C:\DOCUME~1\Arst12\DANEAP~1\foobar2000 2007-08-19 11:38 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-19 11:37 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-07-10 12:07 --------- d-------- C:\DOCUME~1\Arst12\DANEAP~1\Subversion 2007-07-09 08:53 --------- d-------- C:\DOCUME~1\Arst12\DANEAP~1\Media Player Classic 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-23 09:28 --------- d-------- C:\DOCUME~1\Arst12\DANEAP~1\WinRAR 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-17 10:52 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2007-06-13 15:23 1034752 --a------ C:\WINDOWS\explorer.exe 2007-06-08 11:46 2426 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin 2007-06-08 11:45 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin 2007-06-07 22:04 219648 --a------ C:\WINDOWS\system32\uxtheme.dll 2007-05-24 07:00 545 --a------ C:\WINDOWS\UC.PIF 2007-05-24 07:00 545 --a------ C:\WINDOWS\RAR.PIF 2007-05-24 07:00 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-05-24 07:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-05-24 07:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-05-24 07:00 545 --a------ C:\WINDOWS\LHA.PIF 2007-05-24 07:00 545 --a------ C:\WINDOWS\ARJ.PIF 2007-05-22 16:38 0 -rahs---- C:\MSDOS.SYS 2007-05-22 16:38 0 -rahs---- C:\IO.SYS 2007-05-22 16:38 0 --a------ C:\CONFIG.SYS 2007-05-22 16:38 0 --a------ C:\AUTOEXEC.BAT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-11-17 17:29] “AVP”=“D:\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” [2007-01-29 23:02] “Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ccleaner”=“D:\CCleaner\ccleaner.exe” [2007-08-16 09:33] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “DefaultP17MIDI”=MIDIDEF.EXE “DefaultP17”=P17Def.Exe C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ AirLive Turbo-G Wireless Utility.lnk - C:\Program Files\Ovislink\Common\TurboG-UI.exe [2007-06-05 15:20:02] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “SynchronousMachineGroupPolicy”=0 (0x0) “SynchronousUserGroupPolicy”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoRecentDocsHistory”=1 (0x1) “NoInstrumentation”=1 (0x1) “NoUserNameInStartMenu”=1 (0x1) “NoStartMenuMFUprogramsList”=1 (0x1) “MaxRecentDocs”=15 (0xf) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=D:\KASPER~1\KASPER~1.0\adialhk.dll R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys Contents of the ‘Scheduled Tasks’ folder 2007-08-20 09:35:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe 2007-08-20 11:03:47 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-20 13:56:22 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-20 13:57:08 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-08-20 13:57 — E O F —
Cały czas mi sie zawiesza
edit:
Teraz dla odmiany sam mi się wyłącza i włącza proces explorer.exe w odstępach mniej więcej 20 sekundowych :o takiego czegoś jeszcze nie widziałem :shock:
Aż się boje co się będzie działo po kolejnych resetach
jessica
(jessica)
20 Sierpień 2007 12:07
#6
Także i w tym logu nie widzę nic podejrzanego .
Może coś ostatnio zainstalowałeś i dlatego “muli”?
jessi
Aktualna lista programów i aktualizacji z CCleanera:
Dzisiaj usunąłem parę programów ale nic to nie zmienia
No cóż, chyba zrobie kopię kilku rzeczy i format
Gutek
(Gutek)
20 Sierpień 2007 12:30
#8