Pusty pulpit, brak ikonek przy włączeniu komputera

Chillout · 29 Czerwiec 2007 10:42

trzeba kilkakrotnie zrestartować komputer by się pojawiły.

wklejam logi

Logfile of HijackThis v1.99.1 Scan saved at 12:30:22, on 2007-06-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\ARTURI~1\USTAWI~1\Temp\Katalog tymczasowy 2 dla hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{46F72DA9-026D-4549-8878-89D4314A0C9A}: NameServer = 192.168.1.1,217.17.34.10 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “HP Software Update” = “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [“Hewlett-Packard Co.”] “Adobe Reader Speed Launcher” = ““C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”” [“Adobe Systems Incorporated”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe”” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” [“Sun Microsystems, Inc.”] {F6104497-54FD-4688-9162-5115CC8AB0FB}(Default) = “XBTP01621” -> {HKLM…CLSID} = “XBTP01621 Class” \InProcServer32(Default) = “C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll” [“IE Toolbar”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Artur i Iza\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Artur i Iza” & “All Users” startup folders: ------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “HP Digital Imaging Monitor” -> shortcut to: “C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe” [“Hewlett-Packard Co.”] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}” -> {HKLM…CLSID} = “BearShare MediaBar” \InProcServer32(Default) = “C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll” [“IE Toolbar”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}” = (no title provided) -> {HKLM…CLSID} = “BearShare MediaBar” \InProcServer32(Default) = “C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll” [“IE Toolbar”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_10” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_10” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ LIDIL Language Monitor\Driver = “hpzll3xu.dll” [“Hewlett-Packard Company”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 5 seconds. ---------- (total run time: 45 seconds)

“Artur i Iza” - 2007-06-29 12:33:36 - ComboFix 07-06-27.7 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 ))))))))))))))))))))))))))))))) 2007-06-29 12:33 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-11 20:11 2007-06-11 20:11 2007-06-10 13:35 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-10-06 23:11:45 -------- d-----w C:\Program Files\Common Files\ODBC 2007-10-06 23:11:43 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-06-29 10:32:27 22,418,451 ----a-w C:\WINDOWS\system32\dfl1z32.dll 2007-05-28 18:59:00 -------- d-----w C:\DOCUME~1\ARTURI~1\DANEAP~1\HP 2007-05-28 18:58:45 -------- d-----w C:\DOCUME~1\ARTURI~1\DANEAP~1\Image Zone Express 2007-05-27 06:50:58 145,408 ----a-w C:\WINDOWS\system32\rundll32.exe 2007-05-22 20:14:00 -------- d-----w C:\Program Files\Winamp 2007-05-22 17:08:18 397,824 ----a-w C:\WINDOWS\winhlp32.exe 2007-05-22 17:08:16 2,260,992 ----a-w C:\WINDOWS\UNNMP.exe 2007-05-22 17:08:15 2,400,256 ----a-w C:\WINDOWS\UNNeroVision.exe 2007-05-22 17:08:15 137,728 ----a-w C:\WINDOWS\twunk_32.exe 2007-05-22 17:08:12 127,488 ----a-w C:\WINDOWS\TASKMAN.EXE 2007-05-22 17:08:11 142,848 ----a-w C:\WINDOWS\system32\xcopy.exe 2007-05-22 17:08:09 229,376 ----a-w C:\WINDOWS\system32\wscript.exe 2007-05-22 17:08:09 117,760 ----a-w C:\WINDOWS\system32\write.exe 2007-05-22 17:08:08 144,896 ----a-w C:\WINDOWS\system32\wpnpinst.exe 2007-05-22 17:08:08 144,384 ----a-w C:\WINDOWS\system32\wpabaln.exe 2007-05-22 17:08:07 117,760 ----a-w C:\WINDOWS\system32\winver.exe 2007-05-22 17:08:06 123,904 ----a-w C:\WINDOWS\system32\winmsd.exe 2007-05-22 17:08:05 147,456 ----a-w C:\WINDOWS\system32\winchat.exe 2007-05-22 17:08:05 120,320 ----a-w C:\WINDOWS\system32\winhlp32.exe 2007-05-22 17:08:04 547,840 ----a-w C:\WINDOWS\system32\wiaacmgr.exe 2007-05-22 17:08:04 178,176 ----a-w C:\WINDOWS\system32\wextract.exe 2007-05-22 17:07:56 403,968 ----a-w C:\WINDOWS\system32\vssvc.exe 2007-05-22 17:07:55 159,232 ----a-w C:\WINDOWS\system32\uwdf.exe 2007-05-22 17:07:55 145,920 ----a-w C:\WINDOWS\system32\vssadmin.exe 2007-05-22 17:07:54 196,608 ----a-w C:\WINDOWS\system32\usrmlnka.exe 2007-05-22 17:07:54 188,416 ----a-w C:\WINDOWS\system32\usrshuta.exe 2007-05-22 17:07:54 180,224 ----a-w C:\WINDOWS\system32\usrprbda.exe 2007-05-22 17:07:52 137,216 ----a-w C:\WINDOWS\system32\userinit.exe 2007-05-22 17:07:51 130,560 ----a-w C:\WINDOWS\system32\ups.exe 2007-05-22 17:07:51 129,024 ----a-w C:\WINDOWS\system32\upnpcont.exe 2007-05-22 17:07:51 116,224 ----a-w C:\WINDOWS\system32\unlodctr.exe 2007-05-22 17:07:50 148,992 ----a-w C:\WINDOWS\system32\typeperf.exe 2007-05-22 17:07:50 130,048 ----a-w C:\WINDOWS\system32\tsshutdn.exe 2007-05-22 17:07:50 128,512 ----a-w C:\WINDOWS\system32\tskill.exe 2007-05-22 17:07:49 156,672 ----a-w C:\WINDOWS\system32\tscupgrd.exe 2007-05-22 17:07:49 127,488 ----a-w C:\WINDOWS\system32\tsdiscon.exe 2007-05-22 17:07:49 127,488 ----a-w C:\WINDOWS\system32\tscon.exe 2007-05-22 17:07:48 144,384 ----a-w C:\WINDOWS\system32\tracert6.exe 2007-05-22 17:07:48 124,928 ----a-w C:\WINDOWS\system32\tracert.exe 2007-05-22 17:07:47 372,224 ----a-w C:\WINDOWS\system32\tracerpt.exe 2007-05-22 17:07:46 192,512 ----a-w C:\WINDOWS\system32\tlntsess.exe 2007-05-22 17:07:46 187,392 ----a-w C:\WINDOWS\system32\tlntsvr.exe 2007-05-22 17:07:46 175,616 ----a-w C:\WINDOWS\system32\tlntadmn.exe 2007-05-22 17:07:45 189,440 ----a-w C:\WINDOWS\system32\telnet.exe 2007-05-22 17:07:45 131,584 ----a-w C:\WINDOWS\system32\tcpsvcs.exe 2007-05-22 17:07:45 129,024 ----a-w C:\WINDOWS\system32\tftp.exe 2007-05-22 17:07:44 251,904 ----a-w C:\WINDOWS\system32\taskmgr.exe 2007-05-22 17:07:44 127,488 ----a-w C:\WINDOWS\system32\taskman.exe 2007-05-22 17:07:44 125,440 ----a-w C:\WINDOWS\system32\tcmsetup.exe 2007-05-22 17:07:43 182,272 ----a-w C:\WINDOWS\system32\systeminfo.exe 2007-05-22 17:07:43 115,200 ----a-w C:\WINDOWS\system32\systray.exe 2007-05-22 17:07:42 219,136 ----a-w C:\WINDOWS\system32\sysocmgr.exe 2007-05-22 17:07:42 149,504 ----a-w C:\WINDOWS\system32\syskey.exe 2007-05-22 17:07:41 163,328 ----a-w C:\WINDOWS\system32\syncapp.exe 2007-05-22 17:07:40 126,976 ----a-w C:\WINDOWS\system32\stimon.exe 2007-05-22 17:07:40 121,344 ----a-w C:\WINDOWS\system32\subst.exe 2007-05-22 17:07:36 124,928 ----a-w C:\WINDOWS\system32\spiisupd.exe 2007-05-22 17:07:36 123,904 ----a-w C:\WINDOWS\system32\spnpinst.exe 2007-05-22 17:07:35 135,680 ----a-w C:\WINDOWS\system32\sort.exe 2007-05-22 17:07:34 203,264 ----a-w C:\WINDOWS\system32\smlogsvc.exe 2007-05-22 17:07:33 138,240 ----a-w C:\WINDOWS\system32\skeys.exe 2007-05-22 17:07:33 120,320 ----a-w C:\WINDOWS\system32\smbinst.exe 2007-05-22 17:07:32 190,464 ----a-w C:\WINDOWS\system32\shrpubw.exe 2007-05-22 17:07:32 154,624 ----a-w C:\WINDOWS\system32\shmgrate.exe 2007-05-22 17:07:32 132,608 ----a-w C:\WINDOWS\system32\shutdown.exe 2007-05-22 17:07:31 127,488 ----a-w C:\WINDOWS\system32\shadow.exe 2007-05-22 17:07:30 135,168 ----a-w C:\WINDOWS\system32\setup.exe 2007-05-22 17:07:30 121,856 ----a-w C:\WINDOWS\system32\sfc.exe 2007-05-22 17:07:29 144,896 ----a-w C:\WINDOWS\system32\sethc.exe 2007-05-22 17:07:28 189,952 ----a-w C:\WINDOWS\system32\sdbinst.exe 2007-05-22 17:07:28 131,072 ----a-w C:\WINDOWS\system32\secedit.exe 2007-05-22 17:07:27 240,128 ----a-w C:\WINDOWS\system32\schtasks.exe 2007-05-22 17:07:27 210,432 ----a-w C:\WINDOWS\system32\scardsvr.exe 2007-05-22 17:07:26 143,360 ----a-w C:\WINDOWS\system32\sc.exe 2007-05-22 17:07:26 128,512 ----a-w C:\WINDOWS\system32\rwinsta.exe 2007-05-22 17:07:26 125,952 ----a-w C:\WINDOWS\system32\savedump.exe 2007-05-22 17:07:25 129,024 ----a-w C:\WINDOWS\system32\runas.exe 2007-05-22 17:07:25 126,464 ----a-w C:\WINDOWS\system32\runonce.exe 2007-05-22 17:07:24 244,736 ----a-w C:\WINDOWS\system32\rsvp.exe 2007-05-22 17:07:24 189,952 ----a-w C:\WINDOWS\system32\rtcshare.exe 2007-05-22 17:07:24 175,104 ----a-w C:\WINDOWS\system32\rsopprov.exe 2007-05-22 17:07:23 219,648 ----a-w C:\WINDOWS\system32\rsnotify.exe 2007-05-22 17:07:23 161,280 ----a-w C:\WINDOWS\system32\rsmui.exe 2007-05-22 17:07:23 136,704 ----a-w C:\WINDOWS\system32\rsmsink.exe 2007-05-22 17:07:22 166,400 ----a-w C:\WINDOWS\system32\rsm.exe 2007-05-22 17:07:22 127,488 ----a-w C:\WINDOWS\system32\rsh.exe 2007-05-22 17:07:21 137,728 ----a-w C:\WINDOWS\system32\routemon.exe 2007-05-22 17:07:21 132,608 ----a-w C:\WINDOWS\system32\route.exe 2007-05-22 17:07:21 126,464 ----a-w C:\WINDOWS\system32\rexec.exe 2007-05-22 17:07:19 145,920 ----a-w C:\WINDOWS\system32\relog.exe 2007-05-22 17:07:19 124,928 ----a-w C:\WINDOWS\system32\replace.exe 2007-05-22 17:07:19 121,856 ----a-w C:\WINDOWS\system32\reset.exe 2007-05-22 17:07:16 124,416 ----a-w C:\WINDOWS\system32\regsvr32.exe 2007-05-22 17:07:16 116,736 ----a-w C:\WINDOWS\system32\regwiz.exe 2007-05-22 17:07:15 165,376 ----a-w C:\WINDOWS\system32\reg.exe 2007-05-22 17:07:15 145,920 ----a-w C:\WINDOWS\system32\regini.exe 2007-05-22 17:07:15 115,712 ----a-w C:\WINDOWS\system32\regedt32.exe 2007-05-22 17:07:14 179,200 ----a-w C:\WINDOWS\system32\rdshost.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 15:21] {F6104497-54FD-4688-9162-5115CC8AB0FB}=C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll [2007-03-20 17:27] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2007-05-22 14:19 C:\WINDOWS\system32\nwiz.exe] “SoundMan”=“SOUNDMAN.EXE” [2005-05-17 12:48 C:\WINDOWS\SOUNDMAN.EXE] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 19:42] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2007-05-22 14:12] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 03:06] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” [2007-06-07 09:48] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-29 12:34:03 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-29 12:34:22 — E O F —

będę wdzięczny za pomoc:)

system · 29 Czerwiec 2007 15:29

Wejdź przez płytę XP do konsoli odzyskiwania wpisz fixboot.

Joan · 1 Lipiec 2007 19:05

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll

usun wpisy i folder z dysku

Przeskanuj ten plik na stronie http://virusscan.jotti.org/ i podaj wynik.