Problem z temp2.exe

creasy87 · 21 Maj 2007 03:53

Witam mam podobny problem…ale bez restartu, wyskakuje tylko błąd i to że partycje otwierają się w innych oknach.

LOG z HIJACK

Logfile of HijackThis v1.99.1 Scan saved at 05:23:49, on 2007-05-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Programy\A4Tech\Keyboard\Ikeymain.exe C:\PROGRA~1\Programy\A4Tech\Mouse\Amoumain.exe C:\Program Files\Programy\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Programy\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Programy\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Programy\Gadu-Gadu\gg.exe C:\Program Files\Programy\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Programy\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Programy\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Programy\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Programy\Opera\Opera.exe C:\WINDOWS\system32\temp1.exe C:\Documents and Settings\Kryhu\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ssl.bsk.com.pl/bskonl/login.ac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Programy\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Programy\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [iKeyWorks] C:\PROGRA~1\Programy\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\Programy\A4Tech\Mouse\Amoumain.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Programy\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Programy\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\Programy\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Programy\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Programy\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Programy\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\Programy\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Programy\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Programy\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: NBService - Nero AG - C:\Program Files\Programy\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

LOG z SILENT RUNNERS

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Programy\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “iKeyWorks” = “C:\PROGRA~1\Programy\A4Tech\Keyboard\Ikeymain.exe” [“A4Tech Co.,Ltd.”] “WheelMouse” = “C:\PROGRA~1\Programy\A4Tech\Mouse\Amoumain.exe” [“A4Tech Co., Ltd.”] “HP Software Update” = “C:\Program Files\Programy\HP\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”] “SunJavaUpdateSched” = ““C:\Program Files\Programy\Java\jre1.6.0_01\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “PCSuiteTrayApplication” = “C:\Program Files\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup” [“Nokia”] “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “DAEMON Tools” = ““C:\Program Files\Programy\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Programy\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Programy\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\Programy\WinRAR\rarext.dll” [null data] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “Nokia Phone Browser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Programy\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}” = “NeroCoverEd Live Icons” -> {HKLM…CLSID} = “NeroCoverEdLiveIcons Class” \InProcServer32(Default) = “C:\Program Files\Programy\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “load” = “C:\WINDOWS\svchost.exe” [empty string] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Programy\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Cover Designer(Default) = “{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}” -> {HKLM…CLSID} = “NeroCoverEdContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Programy\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\Programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\Programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\Programy\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Kryhu\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “Kryhu” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Programy\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “HP Digital Imaging Monitor” -> shortcut to: “C:\Program Files\Programy\HP\Digital Imaging\bin\hpqtra08.exe” [“Hewlett-Packard Co.”] “HP Image Zone - szybkie uruchamianie” -> shortcut to: “C:\Program Files\Programy\HP\Digital Imaging\bin\hpqthb08.exe -s” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Poszukaj” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Programy\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Programy\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Pml Driver HPZ12, Pml Driver HPZ12, “C:\WINDOWS\system32\HPZipm12.exe” [“HP”] ServiceLayer, ServiceLayer, ““C:\Program Files\PC Connectivity Solution\ServiceLayer.exe”” [“Nokia.”] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, “C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup” {“C:\WINDOWS\System32\WUDFSvc.dll” [MS]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] PCL Language Monitor\Driver = “hpz3l3xu.dll” [“Hewlett-Packard Company”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 26 seconds, including 7 seconds for message boxes)

BŁĘDY W PODGLĄDZIE ZDARZEN

Typ zdarzenia: Błąd Źródło zdarzenia: Application Error Kategoria zdarzenia: Brak Identyfikator zdarzenia: 1000 Data: 2007-05-21 Godzina: 05:17:15 Użytkownik: Brak Komputer: KRYCHU Opis: Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e. Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej. Dane: 0000: 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 74 65 6d ure tem 0018: 70 32 2e 65 78 65 20 30 p2.exe 0 0020: 2e 30 2e 30 2e 30 20 69 .0.0.0 i 0028: 6e 20 74 65 6d 70 32 2e n temp2. 0030: 65 78 65 20 30 2e 30 2e exe 0.0. 0038: 30 2e 30 20 61 74 20 6f 0.0 at o 0040: 66 66 73 65 74 20 30 30 ffset 00 0048: 30 30 31 32 36 65 0d 0a 00126e…

Złączono Posta : 21.05.2007 (Pon) 5:55

Witam mam podobny problem…ale bez restartu, wyskakuje tylko błąd i to że partycje otwierają się w innych oknach.

LOG z HIJACK

Logfile of HijackThis v1.99.1 Scan saved at 05:23:49, on 2007-05-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Programy\A4Tech\Keyboard\Ikeymain.exe C:\PROGRA~1\Programy\A4Tech\Mouse\Amoumain.exe C:\Program Files\Programy\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Programy\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Programy\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Programy\Gadu-Gadu\gg.exe C:\Program Files\Programy\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Programy\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Programy\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Programy\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Programy\Opera\Opera.exe C:\WINDOWS\system32\temp1.exe C:\Documents and Settings\Kryhu\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ssl.bsk.com.pl/bskonl/login.ac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Programy\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Programy\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [iKeyWorks] C:\PROGRA~1\Programy\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\Programy\A4Tech\Mouse\Amoumain.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Programy\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Programy\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\Programy\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Programy\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Programy\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Programy\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\Programy\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Programy\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Programy\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: NBService - Nero AG - C:\Program Files\Programy\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

LOG z SILENT RUNNERS

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Programy\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “iKeyWorks” = “C:\PROGRA~1\Programy\A4Tech\Keyboard\Ikeymain.exe” [“A4Tech Co.,Ltd.”] “WheelMouse” = “C:\PROGRA~1\Programy\A4Tech\Mouse\Amoumain.exe” [“A4Tech Co., Ltd.”] “HP Software Update” = “C:\Program Files\Programy\HP\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”] “SunJavaUpdateSched” = ““C:\Program Files\Programy\Java\jre1.6.0_01\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “PCSuiteTrayApplication” = “C:\Program Files\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup” [“Nokia”] “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “DAEMON Tools” = ““C:\Program Files\Programy\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Programy\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Programy\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\Programy\WinRAR\rarext.dll” [null data] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “Nokia Phone Browser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Programy\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}” = “NeroCoverEd Live Icons” -> {HKLM…CLSID} = “NeroCoverEdLiveIcons Class” \InProcServer32(Default) = “C:\Program Files\Programy\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “load” = “C:\WINDOWS\svchost.exe” [empty string] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Programy\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Cover Designer(Default) = “{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}” -> {HKLM…CLSID} = “NeroCoverEdContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Programy\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\Programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\Programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\Programy\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Kryhu\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “Kryhu” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Programy\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “HP Digital Imaging Monitor” -> shortcut to: “C:\Program Files\Programy\HP\Digital Imaging\bin\hpqtra08.exe” [“Hewlett-Packard Co.”] “HP Image Zone - szybkie uruchamianie” -> shortcut to: “C:\Program Files\Programy\HP\Digital Imaging\bin\hpqthb08.exe -s” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Poszukaj” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Programy\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Programy\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe”” [MS] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Pml Driver HPZ12, Pml Driver HPZ12, “C:\WINDOWS\system32\HPZipm12.exe” [“HP”] ServiceLayer, ServiceLayer, ““C:\Program Files\PC Connectivity Solution\ServiceLayer.exe”” [“Nokia.”] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, “C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup” {“C:\WINDOWS\System32\WUDFSvc.dll” [MS]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] PCL Language Monitor\Driver = “hpz3l3xu.dll” [“Hewlett-Packard Company”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 26 seconds, including 7 seconds for message boxes)

BŁĘDY W PODGLĄDZIE ZDARZEN

Typ zdarzenia: Błąd Źródło zdarzenia: Application Error Kategoria zdarzenia: Brak Identyfikator zdarzenia: 1000 Data: 2007-05-21 Godzina: 05:17:15 Użytkownik: Brak Komputer: KRYCHU Opis: Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e. Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej. Dane: 0000: 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 74 65 6d ure tem 0018: 70 32 2e 65 78 65 20 30 p2.exe 0 0020: 2e 30 2e 30 2e 30 20 69 .0.0.0 i 0028: 6e 20 74 65 6d 70 32 2e n temp2. 0030: 65 78 65 20 30 2e 30 2e exe 0.0. 0038: 30 2e 30 20 61 74 20 6f 0.0 at o 0040: 66 66 73 65 74 20 30 30 ffset 00 0048: 30 30 31 32 36 65 0d 0a 00126e…

Gutek · 21 Maj 2007 07:41

wpisy usuń HJT, a pliki recznie.

Daj log z Combofix

creasy87 · 21 Maj 2007 10:56

ZROBIŁEM JAK MÓWILEŚ

LOG z COMBOFIX (po usunięciu wpisu HJT i pliku)

“Kryhu” - 2007-05-21 12:33:02 Dodatek Service Pack 2 ComboFix 07-05.21.6.V - Running from: “C:\Documents and Settings\Kryhu\Pulpit\Problem temp2.exe” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\temp2.exe c:\autorun.inf c:\copy.exe c:\host.exe d:\autorun.inf d:\copy.exe d:\host.exe e:\autorun.inf e:\copy.exe e:\host.exe C:\WINDOWS\autorun.inf C:\WINDOWS\svchost.exe C:\WINDOWS\xcopy.exe ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 )))))))))))))))))))))))))))))))))) 2007-05-19 12:42 2007-05-19 09:54 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-05-19 09:54 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-05-19 09:43 2007-05-19 09:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-05-19 09:05 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-05-19 09:05 2007-05-17 12:05 2007-05-16 13:40 2007-05-16 13:21 311,808 --a------ C:\WINDOWS\system32\CAMSDKR.DLL 2007-05-16 13:21 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll 2007-05-16 13:21 2007-05-16 13:21 2007-05-15 19:05 10 --a------ C:\WINDOWS\popcinfo.dat 2007-05-13 22:40 2007-05-12 21:49 2007-05-12 20:58 2007-05-12 14:11 30,512 --a------ C:\WINDOWS\system32\mdimon.dll 2007-05-12 14:10 2007-05-12 14:10 2007-05-12 14:08 2007-05-12 14:08 2007-05-12 14:08 2007-05-12 14:02 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-05-12 13:27 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-05-12 13:27 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-05-12 13:27 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-05-12 13:27 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-05-12 13:27 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-05-12 13:27 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-05-12 13:27 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-05-12 13:27 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-05-12 13:27 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-05-12 13:27 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-05-12 13:27 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-05-12 13:27 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-05-12 13:27 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-05-12 13:27 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-05-12 13:27 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-05-12 13:27 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-05-12 13:27 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys 2007-05-12 13:27 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-05-12 13:27 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-05-12 13:27 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-05-12 13:27 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-05-12 13:27 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-05-12 13:26 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-05-12 13:26 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-05-12 13:26 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-05-12 13:26 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-05-12 13:26 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-05-12 13:26 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-05-12 13:26 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-05-12 13:26 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-05-12 13:26 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-05-12 13:26 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-05-12 13:26 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-05-12 13:26 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-05-12 13:26 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-05-12 13:26 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-05-12 13:26 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-05-12 13:26 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-05-12 13:26 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-05-12 13:26 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-05-12 13:26 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-05-12 13:26 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-05-12 13:26 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-05-12 13:26 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-05-12 13:26 2007-05-12 13:26 2007-05-12 13:26 2007-05-12 13:26 2007-05-12 13:25 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-05-12 13:25 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-05-12 13:25 70,144 --a------ C:\WINDOWS\notepad.exe 2007-05-12 13:25 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:24 2007-05-12 13:24 2007-05-12 13:24 2007-05-12 13:24 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:14 2007-05-12 13:13 2007-05-12 13:13 2007-05-12 13:10 2007-05-12 13:10 2007-05-12 13:10 2007-05-12 13:09 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-05-12 13:09 831,048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll 2007-05-12 13:09 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-05-12 13:09 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-05-12 13:09 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-05-12 13:09 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-05-12 13:09 2007-05-12 13:07 2007-05-12 13:00 2007-05-12 13:00 2007-05-12 13:00 2007-05-12 13:00 2007-05-12 12:44 2007-05-12 12:30 2007-05-12 12:29 2007-05-12 12:28 2007-05-12 12:25 47,251 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-05-12 12:24 2,096 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-05-12 12:24 2007-05-12 12:21 2007-05-12 12:20 2007-05-12 12:16 2007-05-12 12:15 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-05-12 12:12 2007-05-12 12:07 2007-05-12 12:07 2007-05-12 12:07 2007-05-12 12:03 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE 2007-05-12 12:03 2007-05-12 11:59 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-05-12 11:59 2007-05-12 11:59 2007-05-12 11:59 2007-05-12 11:59 2007-05-12 11:58 2007-05-12 11:57 2007-05-12 11:57 2007-05-12 11:56 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2007-05-12 11:56 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll 2007-05-12 11:56 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-05-12 11:54 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-05-12 11:54 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-05-12 11:54 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-05-12 11:54 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-05-12 11:54 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-05-12 11:54 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-05-12 11:54 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-05-12 11:50 79,909 --a------ C:\WINDOWS\hpfins05.dat 2007-05-12 11:50 1,547 --------- C:\WINDOWS\hpfmdl05.dat 2007-05-12 11:50 2007-05-12 11:49 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2007-05-12 11:49 49,152 -ra------ C:\WINDOWS\AutoSet.dll 2007-05-12 11:49 45,056 -ra------ C:\WINDOWS\system32\micdrv.dll 2007-05-12 11:49 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-05-12 11:47 2007-05-12 11:44 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-05-12 11:44 2007-05-12 11:41 9,319,936 --a------ C:\WINDOWS\system32\RTLCPL.EXE 2007-05-12 11:41 77,824 --a------ C:\WINDOWS\SOUNDMAN.EXE 2007-05-12 11:41 40,960 --------- C:\WINDOWS\system32\ChCfg.exe 2007-05-12 11:41 208,896 --------- C:\WINDOWS\alcupd.exe 2007-05-12 11:41 2,297,664 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-05-12 11:41 156,672 --a------ C:\WINDOWS\system32\RTLCPAPI.dll 2007-05-12 11:41 139,264 --------- C:\WINDOWS\alcrmv.exe 2007-05-12 11:41 2007-05-12 11:41 2007-05-12 11:41 2007-05-12 11:40 9,728 -ra------ C:\WINDOWS\system32\bdco1ins.dll 2007-05-12 11:40 9,728 -ra------ C:\WINDOWS\system32\bdco1.dll 2007-05-12 11:40 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-05-12 11:40 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys 2007-05-12 11:40 405,504 --a------ C:\WINDOWS\system32\CapabilityTable.exe 2007-05-12 11:40 33,408 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys 2007-05-12 11:40 32,256 -ra------ C:\WINDOWS\system32\nvconrm.dll 2007-05-12 11:40 260,736 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys 2007-05-12 11:40 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe 2007-05-12 11:40 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe 2007-05-12 11:40 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-05-12 11:40 208,896 --a------ C:\WINDOWS\system32\nvuide.exe 2007-05-12 11:40 208,256 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2007-05-12 11:40 200,192 -ra------ C:\WINDOWS\system32\fdco1ins.dll 2007-05-12 11:40 200,192 -ra------ C:\WINDOWS\system32\fdco1.dll 2007-05-12 11:40 12,928 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2007-05-12 11:40 2007-05-12 11:40 2007-05-12 11:38 2007-05-12 11:37 2,359,296 --ah----- C:\DOCUME~1\Kryhu\NTUSER.DAT 2007-05-12 11:37 2007-05-12 11:37 2007-05-12 11:37 2007-05-12 11:37 2007-05-12 11:37 2007-05-12 11:37 2007-05-12 11:35 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-05-12 11:35 2007-05-12 11:35 2007-05-12 11:35 2007-05-12 11:35 2007-05-12 11:34 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-05-12 11:34 2007-05-12 11:34 2007-05-12 11:32 229,376 —h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-05-12 11:32 0 -rahs---- C:\MSDOS.SYS 2007-05-12 11:32 0 -rahs---- C:\IO.SYS 2007-05-12 11:32 0 --a------ C:\CONFIG.SYS 2007-05-12 11:32 0 --a------ C:\AUTOEXEC.BAT 2007-05-12 11:32 2007-05-12 11:32 2007-05-12 11:31 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-05-12 11:31 2007-05-12 11:31 2007-05-12 11:31 2007-05-12 11:31 2007-05-12 11:31 2007-05-12 11:31 2007-05-12 11:30 86,016 --a------ C:\WINDOWS\system32\isign32.dll 2007-05-12 11:30 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-05-12 11:30 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-05-12 11:30 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-05-12 11:30 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-05-12 11:30 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-05-12 11:30 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-05-12 11:30 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-12 11:30 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-05-12 11:30 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-05-12 11:30 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-05-12 11:30 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-05-12 11:30 49,664 --a------ C:\WINDOWS\system32\inetres.dll 2007-05-12 11:30 466,200 --a------ C:\WINDOWS\system32\wuapi.dll 2007-05-12 11:30 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-05-12 11:30 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-05-12 11:30 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-05-12 11:30 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-05-12 11:30 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-05-12 11:30 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-05-12 11:30 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-05-12 11:30 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-05-12 11:30 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-05-12 11:30 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-05-12 11:30 278,528 --a------ C:\WINDOWS\system32\mstask.dll 2007-05-12 11:30 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-05-12 11:30 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-05-12 11:30 240,128 --a------ C:\WINDOWS\system32\srrstr.dll 2007-05-12 11:30 23,040 --a------ C:\WINDOWS\system32\fltmc.exe 2007-05-12 11:30 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-05-12 11:30 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-05-12 11:30 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-05-12 11:30 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-05-12 11:30 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-05-12 11:30 171,008 --a------ C:\WINDOWS\system32\srsvc.dll 2007-05-12 11:30 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-05-12 11:30 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-05-12 11:30 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2007-05-12 11:30 128,280 --a------ C:\WINDOWS\system32\wucltui.dll 2007-05-12 11:30 125,208 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-05-12 11:30 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-05-12 11:30 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-05-12 11:30 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-05-12 11:30 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-05-12 11:30 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-05-12 11:30 2007-05-12 11:30 2007-05-12 11:30 2007-05-12 11:30 2007-05-12 11:30 2007-05-12 11:30 2007-05-12 11:29 97,792 --a------ C:\WINDOWS\system32\comrepl.dll 2007-05-12 11:29 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-05-12 11:29 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-05-12 11:29 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-05-12 11:29 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-05-12 11:29 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-05-12 11:29 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-05-12 11:29 80,896 --a------ C:\WINDOWS\system32\charmap.exe 2007-05-12 11:29 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-05-12 11:29 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-05-12 11:29 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-05-12 11:29 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-05-12 11:29 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-05-12 11:29 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-05-12 11:29 60,928 --a------ C:\WINDOWS\system32\remotepg.dll 2007-05-12 11:29 60,416 --a------ C:\WINDOWS\system32\colbact.dll 2007-05-12 11:29 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-05-12 11:29 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-05-12 11:29 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-05-12 11:29 57,344 --a------ C:\WINDOWS\system32\sol.exe 2007-05-12 11:29 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-05-12 11:29 55,808 --a------ C:\WINDOWS\system32\freecell.exe 2007-05-12 11:29 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-05-12 11:29 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-05-12 11:29 539,136 --a------ C:\WINDOWS\system32\spider.exe 2007-05-12 11:29 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-05-12 11:29 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-05-12 11:29 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-05-12 11:29 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-05-12 11:29 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-05-12 11:29 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-05-12 11:29 408,576 --a------ C:\WINDOWS\system32\mstsc.exe 2007-05-12 11:29 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-05-12 11:29 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-05-12 11:29 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-05-12 11:29 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-05-12 11:29 351,744 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-05-12 11:29 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-05-12 11:29 345,088 --a------ C:\WINDOWS\system32\mspaint.exe 2007-05-12 11:29 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-05-12 11:29 296,448 --a------ C:\WINDOWS\system32\termsrv.dll 2007-05-12 11:29 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-05-12 11:29 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-05-12 11:29 231,424 --a------ C:\WINDOWS\system32\avtapi.dll 2007-05-12 11:29 225,792 --a------ C:\WINDOWS\system32\catsrv.dll 2007-05-12 11:29 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-05-12 11:29 22,528 --a------ C:\WINDOWS\system32\msg.exe 2007-05-12 11:29 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-05-12 11:29 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-05-12 11:29 20,992 --a------ C:\WINDOWS\system32\qprocess.exe 2007-05-12 11:29 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-05-12 11:29 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-05-12 11:29 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-05-12 11:29 187,904 --a------ C:\WINDOWS\system32\cmprops.dll 2007-05-12 11:29 187,904 --a------ C:\WINDOWS\system32\accwiz.exe 2007-05-12 11:29 17,920 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-05-12 11:29 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-05-12 11:29 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-05-12 11:29 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-05-12 11:29 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-05-12 11:29 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-05-12 11:29 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-05-12 11:29 15,872 --a------ C:\WINDOWS\system32\logoff.exe 2007-05-12 11:29 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-05-12 11:29 15,360 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-05-12 11:29 15,360 --a------ C:\WINDOWS\system32\tscon.exe 2007-05-12 11:29 15,360 --a------ C:\WINDOWS\system32\shadow.exe 2007-05-12 11:29 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-05-12 11:29 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-05-12 11:29 141,824 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-05-12 11:29 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-05-12 11:29 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-05-12 11:29 132,608 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-05-12 11:29 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-05-12 11:29 128,000 --a------ C:\WINDOWS\system32\mshearts.exe 2007-05-12 11:29 124,928 --a------ C:\WINDOWS\system32\mplay32.exe 2007-05-12 11:29 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-05-12 11:29 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-05-12 11:29 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-05-12 11:29 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-05-12 11:29 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-05-12 11:29 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-05-12 11:29 103,424 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-05-12 11:29 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-05-12 11:29 1,225 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-05-12 11:29 2007-05-12 11:29 2007-05-12 11:29 2007-05-12 11:29 2007-05-12 11:29 2007-05-12 11:29 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-12 10:25:24 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-05-12 10:21:04 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-12 10:21:04 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-12 09:31:08 -------- d-----w C:\Program Files\Usługi online 2007-04-23 00:15:25 36,624 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-03-27 01:39:14 20,480 ----a-w C:\WINDOWS\system32\ac3config.exe 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Programy\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 06:12] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Programy\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-08-11 15:43] “nwiz”=“nwiz.exe” [2006-08-11 15:43 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-08-11 15:43] “iKeyWorks”=“C:\PROGRA~1\Programy\A4Tech\Keyboard\Ikeymain.exe” [2004-08-31 07:33] “WheelMouse”=“C:\PROGRA~1\Programy\A4Tech\Mouse\Amoumain.exe” [2004-08-31 20:28] “HP Software Update”=“C:\Program Files\Programy\HP\HP Software Update\HPWuSchd2.exe” [2005-05-11 23:12] “SunJavaUpdateSched”=“C:\Program Files\Programy\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “PCSuiteTrayApplication”=“C:\Program Files\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-03-23 13:20] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 15:40] “DAEMON Tools”=“C:\Program Files\Programy\DAEMON Tools\daemon.exe” [2006-11-12 12:48] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “Gadu-Gadu”=“C:\Program Files\Programy\Gadu-Gadu\gg.exe” [2007-01-30 16:58] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Nokia.PCSync”=C:\Program Files\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d9936c12-012a-11dc-874c-0013d4541520}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe *Newly Created Service* -HTTPFILTER *Newly Created Service* -PROCEXP90 ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070521-123051-221 F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-21 12:33:42 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-21 12:33:56 C:\ComboFix-quarantined-files.txt … 2007-05-21 12:33 — E O F —

Złączono Posta : 21.05.2007 (Pon) 13:00

ZROBIŁEM JAK MÓWILEŚ

LOG z COMBOFIX (po usunięciu wpisu HJT i pliku)

“Kryhu” - 2007-05-21 12:33:02 Dodatek Service Pack 2 ComboFix 07-05.21.6.V - Running from: “C:\Documents and Settings\Kryhu\Pulpit\Problem temp2.exe” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\temp2.exe c:\autorun.inf c:\copy.exe c:\host.exe d:\autorun.inf d:\copy.exe d:\host.exe e:\autorun.inf e:\copy.exe e:\host.exe C:\WINDOWS\autorun.inf C:\WINDOWS\svchost.exe C:\WINDOWS\xcopy.exe ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 )))))))))))))))))))))))))))))))))) 2007-05-19 12:42 2007-05-19 09:54 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-05-19 09:54 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-05-19 09:43 2007-05-19 09:05 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-05-19 09:05 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-05-19 09:05 2007-05-17 12:05 2007-05-16 13:40 2007-05-16 13:21 311,808 --a------ C:\WINDOWS\system32\CAMSDKR.DLL 2007-05-16 13:21 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll 2007-05-16 13:21 2007-05-16 13:21 2007-05-15 19:05 10 --a------ C:\WINDOWS\popcinfo.dat 2007-05-13 22:40 2007-05-12 21:49 2007-05-12 20:58 2007-05-12 14:11 30,512 --a------ C:\WINDOWS\system32\mdimon.dll 2007-05-12 14:10 2007-05-12 14:10 2007-05-12 14:08 2007-05-12 14:08 2007-05-12 14:08 2007-05-12 14:02 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-05-12 13:27 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-05-12 13:27 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-05-12 13:27 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-05-12 13:27 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-05-12 13:27 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-05-12 13:27 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-05-12 13:27 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-05-12 13:27 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-05-12 13:27 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-05-12 13:27 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-05-12 13:27 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-05-12 13:27 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-05-12 13:27 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-05-12 13:27 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-05-12 13:27 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-05-12 13:27 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-05-12 13:27 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys 2007-05-12 13:27 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-05-12 13:27 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-05-12 13:27 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-05-12 13:27 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-05-12 13:27 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-05-12 13:26 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-05-12 13:26 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-05-12 13:26 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-05-12 13:26 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-05-12 13:26 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-05-12 13:26 70,096 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-05-12 13:26 7,168 --a------ C:\WINDOWS\system32\kbdcz.dll 2007-05-12 13:26 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdycl.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdsl1.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdsl.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdhu.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdcz2.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdcz1.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\kbdcr.dll 2007-05-12 13:26 6,656 --a------ C:\WINDOWS\system32\KBDAL.DLL 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-05-12 13:26 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-05-12 13:26 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-05-12 13:26 5,632 --a------ C:\WINDOWS\system32\kbdro.dll 2007-05-12 13:26 5,632 --a------ C:\WINDOWS\system32\kbdhu1.dll 2007-05-12 13:26 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-05-12 13:26 33,376 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-05-12 13:26 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-05-12 13:26 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-05-12 13:26 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-05-12 13:26 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-05-12 13:26 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-05-12 13:26 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-05-12 13:26 127,008 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-05-12 13:26 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-05-12 13:26 109,488 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-05-12 13:26 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-05-12 13:26 2007-05-12 13:26 2007-05-12 13:26 2007-05-12 13:26 2007-05-12 13:25 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-05-12 13:25 75,776 --a------ C:\WINDOWS\system32\storprop.dll 2007-05-12 13:25 70,144 --a------ C:\WINDOWS\notepad.exe 2007-05-12 13:25 69,552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:25 2007-05-12 13:24 2007-05-12 13:24 2007-05-12 13:24 2007-05-12 13:24 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:20 2007-05-12 13:14 2007-05-12 13:13 2007-05-12 13:13 2007-05-12 13:10 2007-05-12 13:10 2007-05-12 13:10 2007-05-12 13:09 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-05-12 13:09 831,048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll 2007-05-12 13:09 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-05-12 13:09 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-05-12 13:09 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-05-12 13:09 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-05-12 13:09 2007-05-12 13:07 2007-05-12 13:00 2007-05-12 13:00 2007-05-12 13:00 2007-05-12 13:00 2007-05-12 12:44 2007-05-12 12:30 2007-05-12 12:29 2007-05-12 12:28 2007-05-12 12:25 47,251 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-05-12 12:24 2,096 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-05-12 12:24 2007-05-12 12:21 2007-05-12 12:20 2007-05-12 12:16 2007-05-12 12:15 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-05-12 12:12 2007-05-12 12:07 2007-05-12 12:07 2007-05-12 12:07 2007-05-12 12:03 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE 2007-05-12 12:03 2007-05-12 11:59 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-05-12 11:59 2007-05-12 11:59 2007-05-12 11:59 2007-05-12 11:59 2007-05-12 11:58 2007-05-12 11:57 2007-05-12 11:57 2007-05-12 11:56 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2007-05-12 11:56 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll 2007-05-12 11:56 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-05-12 11:54 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-05-12 11:54 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-05-12 11:54 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-05-12 11:54 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-05-12 11:54 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-05-12 11:54 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-05-12 11:54 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-05-12 11:50 79,909 --a------ C:\WINDOWS\hpfins05.dat 2007-05-12 11:50 1,547 --------- C:\WINDOWS\hpfmdl05.dat 2007-05-12 11:50 2007-05-12 11:49 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2007-05-12 11:49 49,152 -ra------ C:\WINDOWS\AutoSet.dll 2007-05-12 11:49 45,056 -ra------ C:\WINDOWS\system32\micdrv.dll 2007-05-12 11:49 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-05-12 11:47 2007-05-12 11:44 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-05-12 11:44 2007-05-12 11:41 9,319,936 --a------ C:\WINDOWS\system32\RTLCPL.EXE 2007-05-12 11:41 77,824 --a------ C:\WINDOWS\SOUNDMAN.EXE 2007-05-12 11:41 40,960 --------- C:\WINDOWS\system32\ChCfg.exe 2007-05-12 11:41 208,896 --------- C:\WINDOWS\alcupd.exe 2007-05-12 11:41 2,297,664 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-05-12 11:41 156,672 --a------ C:\WINDOWS\system32\RTLCPAPI.dll 2007-05-12 11:41 139,264 --------- C:\WINDOWS\alcrmv.exe 2007-05-12 11:41 2007-05-12 11:41 2007-05-12 11:41 2007-05-12 11:40 9,728 -ra------ C:\WINDOWS\system32\bdco1ins.dll 2007-05-12 11:40 9,728 -ra------ C:\WINDOWS\system32\bdco1.dll 2007-05-12 11:40 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-05-12 11:40 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys 2007-05-12 11:40 405,504 --a------ C:\WINDOWS\system32\CapabilityTable.exe 2007-05-12 11:40 33,408 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys 2007-05-12 11:40 32,256 -ra------ C:\WINDOWS\system32\nvconrm.dll 2007-05-12 11:40 260,736 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys 2007-05-12 11:40 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe 2007-05-12 11:40 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe 2007-05-12 11:40 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-05-12 11:40 208,896 --a------ C:\WINDOWS\system32\nvuide.exe 2007-05-12 11:40 208,256 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2007-05-12 11:40 200,192 -ra------ C:\WINDOWS\system32\fdco1ins.dll 2007-05-12 11:40 200,192 -ra------ C:\WINDOWS\system32\fdco1.dll 2007-05-12 11:40 12,928 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2007-05-12 11:40 2007-05-12 11:40 2007-05-12 11:38 2007-05-12 11:37 2,359,296 --ah----- C:\DOCUME~1\Kryhu\NTUSER.DAT 2007-05-12 11:37 2007-05-12 11:37 2007-05-12 11:37 2007-05-12 11:37 2007-05-12 11:37 2007-05-12 11:37 2007-05-12 11:35 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-05-12 11:35 2007-05-12 11:35 2007-05-12 11:35 2007-05-12 11:35 2007-05-12 11:34 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-05-12 11:34 2007-05-12 11:34 2007-05-12 11:32 229,376 —h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-05-12 11:32 0 -rahs---- C:\MSDOS.SYS 2007-05-12 11:32 0 -rahs---- C:\IO.SYS 2007-05-12 11:32 0 --a------ C:\CONFIG.SYS 2007-05-12 11:32 0 --a------ C:\AUTOEXEC.BAT 2007-05-12 11:32 2007-05-12 11:32 2007-05-12 11:31 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-05-12 11:31 2007-05-12 11:31 2007-05-12 11:31 2007-05-12 11:31 2007-05-12 11:31 2007-05-12 11:31 2007-05-12 11:30 86,016 --a------ C:\WINDOWS\system32\isign32.dll 2007-05-12 11:30 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-05-12 11:30 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-05-12 11:30 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-05-12 11:30 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-05-12 11:30 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-05-12 11:30 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-05-12 11:30 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-12 11:30 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-05-12 11:30 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-05-12 11:30 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-05-12 11:30 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-05-12 11:30 49,664 --a------ C:\WINDOWS\system32\inetres.dll 2007-05-12 11:30 466,200 --a------

Złączono Posta : 21.05.2007 (Pon) 13:21

i druga czesc

C:\WINDOWS\system32\wuapi.dll 2007-05-12 11:30 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-05-12 11:30 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-05-12 11:30 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-05-12 11:30 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-05-12 11:30 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-05-12 11:30 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-05-12 11:30 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-05-12 11:30 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-05-12 11:30 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-05-12 11:30 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-05-12 11:30 278,528 --a------ C:\WINDOWS\system32\mstask.dll 2007-05-12 11:30 278,528 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-05-12 11:30 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-05-12 11:30 240,128 --a------ C:\WINDOWS\system32\srrstr.dll 2007-05-12 11:30 23,040 --a------ C:\WINDOWS\system32\fltmc.exe 2007-05-12 11:30 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-05-12 11:30 192,000 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-05-12 11:30 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-05-12 11:30 175,384 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-05-12 11:30 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-05-12 11:30 171,008 --a------ C:\WINDOWS\system32\srsvc.dll 2007-05-12 11:30 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-05-12 11:30 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-05-12 11:30 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2007-05-12 11:30 128,280 --a------ C:\WINDOWS\system32\wucltui.dll 2007-05-12 11:30 125,208 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-05-12 11:30 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-05-12 11:30 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-05-12 11:30 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-05-12 11:30 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-05-12 11:30 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-05-12 11:30 2007-05-12 11:30 2007-05-12 11:30 2007-05-12 11:30 2007-05-12 11:30 2007-05-12 11:30 2007-05-12 11:29 97,792 --a------ C:\WINDOWS\system32\comrepl.dll 2007-05-12 11:29 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-05-12 11:29 94,720 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-05-12 11:29 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-05-12 11:29 9,728 --a------

Gutek · 21 Maj 2007 14:21

Już jest Ok

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

creasy87 · 21 Maj 2007 14:44

Dzieki za pomoc, mam jeszcze jedno pytanie. Czy jak mam dwa kompy polączone routerem i na drugim tez mam ten sam problem to moge zrobic to co mi napisales czy moze mam podać dane z HJT…z tego drugiego kompa ?

Gutek · 21 Maj 2007 15:17

Logi z drugiego kompa wklej.

creasy87 · 21 Maj 2007 15:33

Logi z HJT

Logfile of HijackThis v1.99.1 Scan saved at 17:27:33, on 2007-05-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Programy\DAEMON Tools\daemon.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\temp1.exe C:\Program Files\Programy\Winamp\winamp.exe C:\Program Files\Programy\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Programy\Gadu-Gadu\gg.exe C:\Program Files\Programy\Microsoft Office\OFFICE11\EXCEL.EXE C:\Documents and Settings\Kamilek\Pulpit\Problem temp2.exe\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Programy\adobe Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\Programy\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Programy\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - Startup: Registration Prince of Persia T2T.LNK = E:\Gry\Prince Of Persia 2\Support\Register\RegistrationReminder.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Programy\adobe Reader\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Logi z Silent Runnera

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Programy\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “swg” = “C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [“Google Inc.”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}” = ““C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”” [“Nero AG”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Avance Logic, Inc.”] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “DAEMON Tools” = ““C:\Program Files\Programy\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “RegistryMechanic” = “(empty string)” [file not found] “NWEReboot” = “(empty string)” [file not found] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Programy\adobe Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Programy\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\Programy\WinRar\rarext.dll” [null data] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <> “load” = “C:\WINDOWS\svchost.exe” [empty string] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Programy\adobe Reader\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\Programy\WinRar\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\Programy\WinRar\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\Programy\WinRar\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Kamilek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Kamilek” & “All Users” startup folders: --------------------------------------------------------- C:\Documents and Settings\Kamilek\Menu Start\Programy\Autostart “Registration Prince of Persia T2T” -> shortcut to: “E:\Gry\Prince Of Persia 2\Support\Register\RegistrationReminder.exe -d 802984 -l english -r 7 -g Prince of Persia T2T -c gb -i 2428” [file not found] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Programy\adobe Reader\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] Pml Driver HPZ12, Pml Driver HPZ12, “C:\WINDOWS\system32\HPZipm12.exe” [“HP”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ HP Standard TCP/IP Port\Driver = “HpTcpMon.dll” [“Hewlett Packard”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] PCL Language Monitor\Driver = “hpz3l3xu.dll” [“Hewlett-Packard Company”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 59 seconds, including 14 seconds for message boxes)

BŁĘDY W PODGLĄDZIE ZDARZEN

Typ zdarzenia: Błąd Źródło zdarzenia: Application Error Kategoria zdarzenia: Brak Identyfikator zdarzenia: 1000 Data: 2007-05-21 Godzina: 13:59:31 Użytkownik: Brak Komputer: BEHERIT Opis: Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e. Aby znaleźć więcej informacji, zobacz http://go.microsoft.com/fwlink/events.asp w Centrum pomocy i obsługi technicznej. Dane: 0000: 41 70 70 6c 69 63 61 74 Applicat 0008: 69 6f 6e 20 46 61 69 6c ion Fail 0010: 75 72 65 20 20 74 65 6d ure tem 0018: 70 32 2e 65 78 65 20 30 p2.exe 0 0020: 2e 30 2e 30 2e 30 20 69 .0.0.0 i 0028: 6e 20 74 65 6d 70 32 2e n temp2. 0030: 65 78 65 20 30 2e 30 2e exe 0.0. 0038: 30 2e 30 20 61 74 20 6f 0.0 at o 0040: 66 66 73 65 74 20 30 30 ffset 00 0048: 30 30 31 32 36 65 0d 0a 00126e…

qrczak13 · 21 Maj 2007 16:46

Pliki na czerwono usuń ręcznie w trybie awaryjnym, a wpisy w HJT

Do notatnika wklej:

Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na

pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.

Daj log z ComboFix.

creasy87 · 21 Maj 2007 17:50

Zrobione, jeszcze raz…WIELKIE DZIĘKI

“Kamilek” - 2007-05-21 19:45:11 Dodatek Service Pack 2 ComboFix 07-05.21.6.V - Running from: “C:\Documents and Settings\Kamilek\Pulpit\Problem temp2.exe” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\temp1.exe C:\WINDOWS\system32\temp2.exe c:\autorun.inf c:\copy.exe c:\host.exe d:\autorun.inf d:\copy.exe d:\host.exe e:\autorun.inf e:\copy.exe e:\host.exe C:\WINDOWS\autorun.inf C:\WINDOWS\svchost.exe C:\WINDOWS\xcopy.exe ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 )))))))))))))))))))))))))))))))))) 2007-05-05 21:40 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-05-05 21:31 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-21 15:29:29 -------- d-----w C:\Program Files\Programy 2007-05-21 09:17:00 10 ----a-w C:\WINDOWS\popcinfo.dat 2007-04-29 09:56:22 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-04-16 16:49:49 -------- d-----w C:\DOCUME~1\Kamilek\DANEAP~1\AdobeUM 2007-04-11 08:00:02 1,168 ----a-w C:\WINDOWS\mozver.dat 2007-04-11 07:55:29 -------- d-----w C:\DOCUME~1\Kamilek\DANEAP~1\Talkback 2007-04-11 07:54:33 0 ----a-w C:\WINDOWS\nsreg.dat 2007-03-29 15:36:55 -------- d-----w C:\DOCUME~1\Kamilek\DANEAP~1\vlc 2007-03-29 15:17:11 -------- d-----w C:\DOCUME~1\Kamilek\DANEAP~1\Media Player Classic 2007-03-29 15:05:48 -------- d-----w C:\Program Files\YouTUBE movie downloader 2007-03-27 18:43:43 4,096 ----a-w C:\WINDOWS\d3dx.dat 2007-03-25 07:58:51 67,298 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-25 07:58:51 436,322 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-03-22 08:00:38 -------- d-----w C:\Program Files\Ubisoft 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-16 14:27:59 -------- d-----w C:\DOCUME~1\Kamilek\DANEAP~1\Ahead 2007-03-16 14:25:20 -------- d-----w C:\Program Files\Common Files\Ahead 2007-03-16 14:25:19 -------- d-----w C:\Program Files\Nero 2007-03-11 11:54:57 -------- d-----w C:\Program Files\Yahoo! 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-28 20:00:42 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-02-24 12:29:55 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-02-24 12:29:55 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-02-24 12:29:55 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-02-14 16:43:03 1 ----a-w C:\WINDOWS\system32\SI.bin 2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Programy\adobe Reader\ActiveX\AcroIEHelper.dll [2005-09-24 06:12] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-29 06:59] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-12 22:05] “DAEMON Tools”=“C:\Program Files\Programy\DAEMON Tools\daemon.exe” [2005-12-10 16:57] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “Gadu-Gadu”=“C:\Program Files\Programy\Gadu-Gadu\gg.exe” [2006-10-10 17:51] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-03-01 19:59] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-09-03 16:18] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{39553cbd-cc76-11db-8b9a-00a1b0a2a1fa}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ed07b838-b38b-11db-8a45-806d6172696f}] AutoRun\command- G:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fa979a2e-d3df-11db-8bb7-00a1b0a2a1fa}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe *Newly Created Service* -HTTPFILTER *Newly Created Service* -PROCEXP90 ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070521-193718-879 F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe backup-20070521-193718-961 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) backup-20070521-123051-221 F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-21 19:47:34 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-21 19:48:03 C:\ComboFix-quarantined-files.txt … 2007-05-21 19:48 — E O F —

Gutek · 21 Maj 2007 18:48

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa