Loluniek radziłbym jednak lepiej użyć Combo w trybie normalnym…
Weź wyłącz anty wirusa, neta i wszystkie inne programy na czas działania CF. Następnie nowe logi.
Loluniek radziłbym jednak lepiej użyć Combo w trybie normalnym…
Weź wyłącz anty wirusa, neta i wszystkie inne programy na czas działania CF. Następnie nowe logi.
robilem w normalnym. zeby jeszcze sie dalo antywira wylaczyc… da sie tylko wszystkie monitory itp wylaczyc. karte sieciaowa moge wylaczyc. a i jak usowalem przez dod usun programy to tam byla tego instalka i jak dalem usun to pokazalo sie:
wystapil blad podczas ladowania
C:\PROGRA~1\MYGLOB~1\bar\1.bin\mgsBar.dll
Złączono Posta : 26.10.2007 (Pią) 14:43
C:\qoobox\Quarantine\C\Program Files hmmm to jest plik CF?? bo teraz tam jest ten folder
Złączono Posta : 26.10.2007 (Pią) 14:44
z my global sresh
Loluniek daj loga z HiJackThis, Silent Runners oraz ComboFix i zobaczymy na czym stoisz.
To są pliki kwarantanny.
Złączono Posta : 26.10.2007 (Pią) 15:41
narazie tyle reszte przysle kolo 18 bo musze leciec
// Poprawiłem Twój post - dodałem tagi quote.
Kaka’
“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”]
“BoostSpeed” = ““C:\PROGRA~1\AUSLOG~1\boostspeed.exe” /Q” [“AusLogics, Inc.”]
“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Skrót do strony właściwości High Definition Audio” = “HDAudPropShortcut.exe” [“Windows ® Server 2003 DDK provider”]
“Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS]
“Control Center” = “C:\Program Files\ASUS\WLAN Card Utilities\Center.exe” [“ASUSTeK COMPUTER INC.”]
“SunJavaUpdateSched” = “C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe” [null data]
“ATIPTA” = ““C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”” [“ATI Technologies, Inc.”]
“RemoteControl” = ““C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]
“SiteAdvisor” = “C:\Program Files\SiteAdvisor\6172\SiteAdv.exe” [“McAfee, Inc.”]
“ASUS Probe” = “C:\Program Files\ASUS\Asus Probe\AsusProb.exe” [null data]
“mkstray” = “C:\Program Files\mks_vir_2007\bin\mkstray.exe” [“MKS Sp z o.o.”]
“mks_mail” = “C:\Program Files\mks_vir_2007\bin\mks_mail.exe” [“MkS Sp. z o.o.”]
“MKSRegmon” = “C:\Program Files\mks_vir_2007\bin\mksregmon.exe” [null data]
“StartCCC” = ““C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”” [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{089FD14D-132B-48FC-8861-0048AE113215}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\SiteAdvisor\6172\SiteAdv.dll” [“McAfee, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]
“{4B4604E0-8961-11D4-A0EC-009099164712}” = “Mój MultiPASS”
-> {HKLM…CLSID} = “Mój MultiPASS”
\InProcServer32(Default) = “C:\Program Files\Canon\MultiPASS4\DTM4.DLL” [file not found]
“{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension”
-> {HKLM…CLSID} = “SimpleShlExt Class”
\InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll” [empty string]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<> “AppInit_DLLs” = “wbsys.dll” [“Stardock.Net, Inc”]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]
<> WB\DLLName = “C:\Program Files\AlienGUIse\fastload.dll” [“Stardock”]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}”
-> {HKLM…CLSID} = “MkS_Vir Shell Extension”
\InProcServer32(Default) = “C:\Program Files\mks_vir_2007\bin\mksshell.dll” [null data]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
MkS_Vir(Default) = “{E64226E0-9DA1-479E-8265-8D65BA327BD4}”
-> {HKLM…CLSID} = “MkS_Vir Shell Extension”
\InProcServer32(Default) = “C:\Program Files\mks_vir_2007\bin\mksshell.dll” [null data]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\mks_vir_2007\bin\mkslsp.dll [null data], 01 - 03, 09
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08
Toolbars, Explorer Bars, Extensions:
Toolbars
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{0BF43445-2F28-4351-9252-17FE6E806AA0}” = “McAfee SiteAdvisor”
-> {HKLM…CLSID} = “McAfee SiteAdvisor”
\InProcServer32(Default) = “C:\Program Files\SiteAdvisor\6172\SiteAdv.dll” [“McAfee, Inc.”]
“{37B85A29-692B-4205-9CAD-2626E4993404}” = (no title provided)
-> {HKLM…CLSID} = “My Global Search Bar”
\InProcServer32(Default) = “C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL” [file not found]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}”
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
“ButtonText” = “Badanie”
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Windows Messenger”
“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”]
Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS]
mks_vir file monitor, MksVirMonSvc, “C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe” [null data]
MksFwall, MksFwall, ““C:\Program Files\mks_vir_2007\bin\MksFwall.exe”” [“MKS Sp z o.o.”]
MksPC, MksPC, ““C:\Program Files\mks_vir_2007\bin\MksPC.exe”” [null data]
MksUpdate, MksUpdate, ““C:\Program Files\mks_vir_2007\bin\mksupdate.exe”” [“MKS Sp. z o. o.”]
Usługa SiteAdvisor, SiteAdvisor Service, “C:\Program Files\SiteAdvisor\6172\SAService.exe” [“McAfee, Inc.”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon MP Language Monitor\Driver = “MPASSMON.DLL” [“Canon Inc.”]
Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]
Port USB programu Canon MultiPASS\Driver = “mpupmon.dll” [file not found]
---------- (launch time: 2007-10-26 18:43:59)
<>: Suspicious data at a malware launch point.
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 56 seconds, including 18 seconds for message boxes)
Złączono Posta : 26.10.2007 (Pią) 18:50
zaraz przysle jeszcze jeden log z HjT bo usunolem ten wpis:
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
Złączono Posta : 26.10.2007 (Pią) 18:51
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51, on 2007-10-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mks_vir_2007\bin\MksFwall.exe
C:\Program Files\mks_vir_2007\bin\MksPC.exe
C:\Program Files\mks_vir_2007\bin\mksupdate.exe
C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\mks_vir_2007\bin\mkstray.exe
C:\Program Files\mks_vir_2007\bin\mks_mail.exe
C:\Program Files\mks_vir_2007\bin\mksregmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AUSLOG~1\boostspeed.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\valve\hl.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM…\Run: [skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM…\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM…\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe
O4 - HKLM…\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe
O4 - HKLM…\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe
O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [boostSpeed] “C:\PROGRA~1\AUSLOG~1\boostspeed.exe” /Q
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ … /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe
O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe
O23 - Service: MksUpdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe
O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe
O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe
O23 - Service: Usługa SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
–
End of file - 6145 bytes
Złączono Posta : 26.10.2007 (Pią) 18:52
dodam ze mam wlaczonego counter strike 1.6
Złączono Posta : 26.10.2007 (Pią) 18:59
Oto log z Combo Fix ale ten przy ktorym system sie zrestartowal znalazlem go poprzez wyszukiwanie. jest starszy niz te logi z HJ i Silent Runners
ComboFix 07-10-23.2 - Admin 2007-10-26 14:19:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\002D1A91
C:\Program Files\myglobalsearch\bar\Cache\002D1F16.bin
C:\Program Files\myglobalsearch\bar\Cache\002D2D4E.bin
C:\Program Files\myglobalsearch\bar\Cache\002D2EC5.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Program Files\myglobalsearch\bar\Settings\settings.dat
C:\Program Files\myglobalsearch\bar\Settings\settings.dat.bak
C:\Program Files\myglobalsearch\bar\Settings\settings.htm
C:\Program Files\myglobalsearch\bar\Settings\settings.htm.bak
C:\WINDOWS\install.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))
.
2007-10-26 14:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-25 21:40 114,688 --a------ C:\WINDOWS\system32\OdiOlDVR.dll
2007-10-25 21:40 86,016 --a------ C:\WINDOWS\system32\STRDEVAPI.dll
2007-10-25 21:40 53,248 --a------ C:\WINDOWS\system32\OdiAPI.dll
2007-10-25 21:26 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL
2007-10-25 21:26 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS
2007-10-25 21:25
2007-10-25 21:22 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll
2007-10-25 21:22 38,496 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys
2007-10-25 21:01
2007-10-25 20:51
2007-10-25 20:51
2007-10-25 20:51
2007-10-25 20:51
2007-10-25 19:57
2007-10-24 18:41
2007-10-24 18:41
2007-10-24 14:53
2007-10-24 14:26 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-10-23 12:23
2007-10-23 12:23
2007-10-23 12:23
2007-10-23 12:23
2007-10-23 12:17 61,440 -ra------ C:\WINDOWS\system32\MPASSMON.DLL
2007-10-14 15:29 996,872 --a------ C:\WINDOWS\system\CP3240MT.DLL
2007-10-14 15:29 458,752 --a------ C:\WINDOWS\system\COMCTL32.DLL
2007-10-14 15:29 29,952 --a------ C:\WINDOWS\system\BORLNDMM.DLL
2007-10-14 15:29 6,656 --a------ C:\WINDOWS\system32\drivers\AsProbe.sys
2007-10-14 15:28 6,272 --a------ C:\WINDOWS\system32\drivers\ASLM75.SYS
2007-10-14 15:21 299,008 --a------ C:\WINDOWS\uninst.exe
2007-10-14 15:01
2007-10-14 14:53
2007-10-14 14:19 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-10-14 14:19 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-10-14 14:19 15,360 --a–c— C:\WINDOWS\system32\dllcache\streamip.sys
2007-10-14 14:19 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-10-14 14:19 11,136 --a–c— C:\WINDOWS\system32\dllcache\slip.sys
2007-10-14 14:19 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-10-14 14:19 10,880 --a–c— C:\WINDOWS\system32\dllcache\ndisip.sys
2007-10-14 14:19 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-10-14 14:19 5,504 --a–c— C:\WINDOWS\system32\dllcache\mstee.sys
2007-10-14 14:17 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-10-14 14:16
2007-10-13 17:39
2007-10-12 21:58
2007-10-12 21:58
2007-10-12 21:29
2007-10-12 21:29
2007-10-12 21:29 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-10-12 21:29 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-10-12 21:29 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2007-10-12 21:29 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll
2007-10-12 21:29 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-10-12 21:29 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll
2007-10-12 21:29 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-10-12 19:34
2007-10-11 22:00
2007-10-10 22:04
2007-10-10 22:04
2007-10-10 20:36 81,728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2007-10-10 20:23 89,872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys
2007-10-10 20:23 55,216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys
2007-10-10 20:23 6,576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2007-10-10 20:23 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2007-10-10 20:23 6,144 -ra------ C:\WINDOWS\system32\drivers\k750cm.sys
2007-10-10 20:23 5,744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys
2007-10-10 20:23 5,744 -ra------ C:\WINDOWS\system32\drivers\k750wh.sys
2007-10-09 19:43
2007-10-09 19:42
2007-10-07 14:54 845 --a------ C:\Documents and Settings\Admin\kurs_skrypt02.vbs
2007-10-07 14:48 220 --a------ C:\Documents and Settings\Admin\kompname.vbs
2007-10-06 19:34
2007-10-06 19:34
2007-10-06 19:34 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2007-10-06 16:05
2007-10-05 21:04 1,426 --a------ C:\WINDOWS\mozver.dat
2007-10-05 20:58
2007-10-05 20:58 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-05 19:12 598,016 -ra------ C:\WINDOWS\system32\CFFFLWUD.DLL
2007-10-05 19:12 327,740 -ra------ C:\WINDOWS\system32\UCS32P.DLL
2007-10-05 19:12 139,264 -ra------ C:\WINDOWS\system32\mpmasdll.dll
2007-10-05 19:12 119,808 -ra------ C:\WINDOWS\system32\ITLIB32.DLL
2007-10-05 19:12 118,784 -ra------ C:\WINDOWS\system32\MPIMGENH.DLL
2007-10-05 19:12 45,056 -ra------ C:\WINDOWS\system32\CANOIT32.EXE
2007-10-05 19:12 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-05 19:12 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys
2007-10-04 22:02
2007-10-04 21:19
2007-10-04 21:17
2007-10-04 21:16
2007-10-04 21:16
2007-10-04 21:16
2007-10-04 21:16
2007-10-04 21:16
2007-10-04 21:16
2007-10-04 21:16
2007-10-04 21:15
2007-10-04 21:13
2007-10-04 21:13
2007-10-04 21:13
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 19:40 --------- d–h--w C:\Program Files\InstallShield Installation Information
2007-10-24 13:29 --------- d-----w C:\Program Files\DivX
2007-10-24 12:23 --------- d-----w C:\Program Files\ATI Technologies
2007-10-14 13:28 --------- d-----w C:\Program Files\ASUS
2007-10-03 17:33 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-03 17:32 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu
2007-10-03 17:31 --------- d-----w C:\Program Files\Gadu-Gadu
2007-10-03 17:30 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-10-03 17:29 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-03 17:29 --------- d-----w C:\Program Files\Codec
2007-10-03 15:47 --------- d-----w C:\Program Files\Unibrain
2007-10-03 15:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-03 15:43 --------- d-----w C:\Program Files\Silicon Image
2007-10-03 15:43 --------- d-----w C:\Program Files\Java
2007-10-03 15:43 --------- d-----w C:\Program Files\Common Files\Java
2007-10-03 15:42 --------- d-----w C:\Program Files\ITE
2007-10-03 15:34 --------- d-----w C:\Program Files\Intel
2007-10-03 15:26 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-03 15:24 --------- d-----w C:\Program Files\Usługi online
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Skrót do strony właściwości High Definition Audio”=“HDAudPropShortcut.exe” [2004-03-17 16:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
“Cmaudio”=“cmicnfg.cpl” []
“Control Center”=“C:\Program Files\ASUS\WLAN Card Utilities\Center.exe” [2004-11-11 21:17]
“SunJavaUpdateSched”=“C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe” [2003-09-16 19:01]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-06-28 21:05]
“RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2004-11-02 20:24]
“SiteAdvisor”=“C:\Program Files\SiteAdvisor\6172\SiteAdv.exe” [2007-03-30 17:42]
“ASUS Probe”=“C:\Program Files\ASUS\Asus Probe\AsusProb.exe” [2002-12-06 16:07]
“mkstray”=“C:\Program Files\mks_vir_2007\bin\mkstray.exe” [2007-10-04 21:05]
“mks_mail”=“C:\Program Files\mks_vir_2007\bin\mks_mail.exe” [2007-05-24 05:06]
“MKSRegmon”=“C:\Program Files\mks_vir_2007\bin\mksregmon.exe” [2007-05-24 05:06]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 12:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-08 10:47]
“BoostSpeed”=“C:\PROGRA~1\AUSLOG~1\boostspeed.exe” [2005-02-11 11:46]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-09-13 13:31]
Złączono Posta : 26.10.2007 (Pią) 19:00
nie moge zrobic nowszego z CF bo juz za dlugo czekam aby mi sie cos pobralo i nie chce tego wylanczac