Wiatam.
Jak w temacie niewiem dlaczego ale gdy po pewnym czasjie użytkowania kompa zawiesz się myszka (nie kursor) ale lewy klawisz myszki i pasek narzędzi i gdy chcę wciaż noramnie pracować muszę wylogować się z systemu przy pomcy klawiatury bo tylko on wtedy działa.
Dziękuję za pomoc.
Mam problem z myszka
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
5 posty(ów)
• Strona 1 z 1
Oto logi
przez Jose » 22 Kwi 2008, 13:46
UA:
Witam oto są logi z
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 13:36:07, on 2008-04-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NewFon\NewFon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [XSC SIP Client] "C:\Program Files\NewFon\NewFon.exe"
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{63F1756D-A06E-450A-865D-D794DCCD8A82}: NameServer = 217.30.129.149,217.30.137.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
a to z Combofix:
ComboFix 08-04-13.3 - Administrator 2008-04-22 13:40:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.610 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\WINDOWS\system32\winsys.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.
2008-04-21 18:21 . 2008-04-21 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-04-21 18:21 . 2008-04-21 18:21 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead
2008-04-20 21:50 . 2008-04-20 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-04-20 21:47 . 2008-04-20 21:47 <DIR> d-------- C:\Program Files\Bonjour
2008-04-20 21:40 . 2008-04-20 21:40 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-20 12:21 . 2008-04-20 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2008-04-20 12:20 . 2006-09-13 18:19 91,136 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-04-20 12:20 . 2006-09-13 18:19 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-04-20 12:20 . 2006-09-13 18:18 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-04-20 12:20 . 2006-09-13 18:18 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-04-20 12:20 . 2006-09-13 18:19 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-04-19 12:34 . 2008-04-19 12:36 394 --a------ C:\WINDOWS\capture.ini
2008-04-19 11:50 . 2008-04-19 11:50 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Corel
2008-04-19 11:12 . 2008-04-19 11:12 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-04-19 00:50 . 2005-07-26 11:15 93,488 --a------ C:\WINDOWS\system32\drivers\z520mdm.sys
2008-04-19 00:50 . 2005-07-26 11:15 8,336 --a------ C:\WINDOWS\system32\drivers\z520mdfl.sys
2008-04-19 00:50 . 2005-07-26 11:17 6,176 --a------ C:\WINDOWS\system32\drivers\z520cmnt.sys
2008-04-19 00:50 . 2005-07-26 11:17 6,176 --a------ C:\WINDOWS\system32\drivers\z520cm.sys
2008-04-19 00:43 . 2008-04-19 00:43 0 --a------ C:\WINDOWS\mngui.INI
2008-04-19 00:02 . 2005-07-26 11:13 57,648 --a------ C:\WINDOWS\system32\drivers\z520bus.sys
2008-04-19 00:02 . 2005-07-26 11:13 5,808 --a------ C:\WINDOWS\system32\drivers\z520whnt.sys
2008-04-19 00:02 . 2005-07-26 11:13 5,808 --a------ C:\WINDOWS\system32\drivers\z520wh.sys
2008-04-18 15:22 . 2008-04-18 15:22 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-18 15:21 . 2008-04-19 11:11 <DIR> d-------- C:\Program Files\Corel
2008-04-18 15:21 . 2008-04-18 15:21 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-04-18 14:47 . 2006-09-13 18:19 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-18 14:47 . 2006-09-13 18:18 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-18 08:11 . 2008-04-18 08:11 <DIR> d-------- C:\Program Files\uTorrent
2008-04-18 08:11 . 2008-04-20 15:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
2008-04-17 14:55 . 2008-04-19 12:58 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-15 21:15 . 2008-04-21 20:19 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.org2
2008-04-15 20:58 . 2008-04-15 20:58 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-15 20:56 . 2008-04-15 20:57 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4 (pl) Installation Files
2008-04-14 15:04 . 2008-04-14 15:04 <DIR> d-------- C:\Program Files\NewFon
2008-04-13 10:23 . 2008-04-13 10:23 <DIR> d-------- C:\Program Files\AudioCommander
2008-04-13 09:15 . 2008-04-13 09:15 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-12 22:04 . 2008-04-12 22:04 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-12 22:04 . 2008-04-12 22:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-04-12 22:01 . 2008-04-12 22:01 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-12 22:01 . 2008-04-12 22:01 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-04-12 22:01 . 2008-04-12 22:01 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-04-12 21:52 . 2008-04-22 13:33 53 --a------ C:\biosinfo
2008-04-12 21:36 . 2008-04-12 21:36 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-12 21:25 . 2008-04-12 21:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Teleca
2008-04-12 21:25 . 2007-04-23 15:54 108,680 -ra------ C:\WINDOWS\system32\drivers\s115mdm.sys
2008-04-12 21:25 . 2007-04-23 15:54 100,488 -ra------ C:\WINDOWS\system32\drivers\s115mgmt.sys
2008-04-12 21:25 . 2007-04-23 15:54 98,568 -ra------ C:\WINDOWS\system32\drivers\s115obex.sys
2008-04-12 21:25 . 2007-04-23 15:54 83,208 -ra------ C:\WINDOWS\system32\drivers\s115bus.sys
2008-04-12 21:25 . 2007-04-23 15:54 15,112 -ra------ C:\WINDOWS\system32\drivers\s115mdfl.sys
2008-04-12 21:25 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115whnt.sys
2008-04-12 21:25 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115wh.sys
2008-04-12 21:25 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cmnt.sys
2008-04-12 21:25 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cm.sys
2008-04-12 21:24 . 2008-04-19 00:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-12 21:23 . 2008-04-19 00:53 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-04-12 21:23 . 2008-04-12 21:23 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Sony Ericsson
2008-04-12 21:22 . 2008-04-19 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-04-12 20:56 . 2008-04-12 20:56 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FMA
2008-04-12 20:43 . 2006-09-13 18:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-10 07:03 . 2008-04-10 07:03 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-04-09 18:25 . 2008-04-09 18:25 <DIR> d-------- C:\WINDOWS\Sun
2008-04-09 00:38 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-09 00:37 . 2008-04-16 19:51 <DIR> d-------- C:\Program Files\Java
2008-04-09 00:37 . 2008-04-09 00:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-09 00:31 . 2008-04-09 00:31 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-09 00:29 . 2008-04-09 00:29 <DIR> d-------- C:\Program Files\Nero
2008-04-09 00:29 . 2008-04-09 00:30 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-09 00:29 . 2008-04-09 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-09 00:27 . 2006-12-07 07:29 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll
2008-04-09 00:14 . 2008-04-09 22:08 <DIR> d-------- C:\WINDOWS\system32\DllCache
2008-04-09 00:04 . 2006-09-13 18:18 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-09 00:04 . 2006-09-13 18:18 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-04-09 00:04 . 2006-09-13 18:19 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-09 00:04 . 2006-09-13 18:18 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-09 00:04 . 2006-09-13 18:19 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-09 00:04 . 2006-09-13 18:18 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-09 00:04 . 2006-09-13 18:18 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-08 22:47 . 2008-04-08 22:47 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-04-08 22:47 . 2008-04-08 22:47 39,713 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-08 22:47 . 2008-04-08 22:47 4,839 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-08 22:46 . 2008-04-08 22:46 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-04-08 22:45 . 2008-04-08 22:45 <DIR> d-------- C:\Program Files\7-Zip
2008-04-08 22:29 . 2008-04-08 22:29 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-08 22:13 . 2008-04-08 22:13 0 --a------ C:\WINDOWS\msicpl.ini
2008-04-08 22:07 . 2008-04-08 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-04-08 22:01 . 2008-04-08 22:01 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-08 22:01 . 2008-04-08 22:01 <DIR> d-------- C:\Program Files\VIA
2008-04-08 22:01 . 2004-05-18 10:55 74,112 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2008-04-08 22:00 . 2008-04-19 11:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 22:00 . 2008-04-19 11:12 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-08 22:00 . 2008-04-08 22:00 <DIR> d-------- C:\Program Files\AMD
2008-04-08 22:00 . 2004-08-11 16:30 39,424 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 11:34 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Skype
2008-04-22 09:39 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\skypePM
2008-04-20 19:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-18 14:00 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-04-08 21:58 --------- d-----w C:\Program Files\Zylom Games
2008-04-08 21:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom
2008-04-08 21:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-08 21:45 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-08 21:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-08 21:28 --------- d-----w C:\Program Files\Winamp
2008-04-08 21:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-08 21:22 --------- d-----w C:\Program Files\Csgware
2008-04-08 21:20 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-08 21:19 --------- d-----w C:\Program Files\Skype
2008-04-08 21:19 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-08 21:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-08 21:17 --------- d-----w C:\Program Files\Alwil Software
2008-04-08 21:14 --------- d-----w C:\Program Files\DSC_Program
2008-04-08 21:14 --------- d-----w C:\Program Files\BearShare
2008-04-08 21:11 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2008-04-08 21:11 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2008-04-08 21:11 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2008-04-08 21:11 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-04-08 21:11 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-04-08 21:11 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2008-04-08 21:11 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv
2008-04-08 21:11 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2008-04-08 21:11 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2008-04-08 21:11 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2008-04-08 21:11 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2008-04-08 21:10 --------- d-----w C:\Program Files\MarBit
2008-04-08 21:08 --------- d-----w C:\Program Files\Lavasoft
2008-04-08 21:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-08 21:05 --------- d-----w C:\Program Files\Gadu-Gadu
2008-04-08 20:47 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-08 19:47 --------- d-----w C:\Program Files\Usługi online
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:35 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 17:31 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-20 08:01 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:01 1,846,144 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-02-20 18:53 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 18:53 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:53 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
2008-02-20 05:23 147,968 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"XSC SIP Client"="C:\Program Files\NewFon\NewFon.exe" [2005-04-15 14:29 3514368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 08:51 7323648]
"nwiz"="nwiz.exe" [2005-12-14 08:51 1519616 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-01-03 04:58 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-01-03 04:59 69632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 08:51 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]
C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 22:47:48 344064]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 14:20:14 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe [2002-09-30 21:09:06 131072]
Y'z Toolbar.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 14:41:10 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\NewFon\\NewFon.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-12 22:01]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 18:19]
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys [2005-07-26 11:13]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z520mdfl.sys [2005-07-26 11:15]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\z520mdm.sys [2005-07-26 11:15]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 13:42:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-22 13:42:19
ComboFix-quarantined-files.txt 2008-04-22 11:42:17
Pre-Run: 12,355,223,552 bajtów wolnych
Post-Run: 12,354,805,760 bajtów wolnych
.
2008-04-20 11:52:26 --- E O F ---
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 13:36:07, on 2008-04-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NewFon\NewFon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [XSC SIP Client] "C:\Program Files\NewFon\NewFon.exe"
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{63F1756D-A06E-450A-865D-D794DCCD8A82}: NameServer = 217.30.129.149,217.30.137.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
a to z Combofix:
ComboFix 08-04-13.3 - Administrator 2008-04-22 13:40:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.610 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\WINDOWS\system32\winsys.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.
2008-04-21 18:21 . 2008-04-21 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-04-21 18:21 . 2008-04-21 18:21 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead
2008-04-20 21:50 . 2008-04-20 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-04-20 21:47 . 2008-04-20 21:47 <DIR> d-------- C:\Program Files\Bonjour
2008-04-20 21:40 . 2008-04-20 21:40 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-20 12:21 . 2008-04-20 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2008-04-20 12:20 . 2006-09-13 18:19 91,136 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-04-20 12:20 . 2006-09-13 18:19 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-04-20 12:20 . 2006-09-13 18:18 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-04-20 12:20 . 2006-09-13 18:18 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-04-20 12:20 . 2006-09-13 18:19 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-04-19 12:34 . 2008-04-19 12:36 394 --a------ C:\WINDOWS\capture.ini
2008-04-19 11:50 . 2008-04-19 11:50 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Corel
2008-04-19 11:12 . 2008-04-19 11:12 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-04-19 00:50 . 2005-07-26 11:15 93,488 --a------ C:\WINDOWS\system32\drivers\z520mdm.sys
2008-04-19 00:50 . 2005-07-26 11:15 8,336 --a------ C:\WINDOWS\system32\drivers\z520mdfl.sys
2008-04-19 00:50 . 2005-07-26 11:17 6,176 --a------ C:\WINDOWS\system32\drivers\z520cmnt.sys
2008-04-19 00:50 . 2005-07-26 11:17 6,176 --a------ C:\WINDOWS\system32\drivers\z520cm.sys
2008-04-19 00:43 . 2008-04-19 00:43 0 --a------ C:\WINDOWS\mngui.INI
2008-04-19 00:02 . 2005-07-26 11:13 57,648 --a------ C:\WINDOWS\system32\drivers\z520bus.sys
2008-04-19 00:02 . 2005-07-26 11:13 5,808 --a------ C:\WINDOWS\system32\drivers\z520whnt.sys
2008-04-19 00:02 . 2005-07-26 11:13 5,808 --a------ C:\WINDOWS\system32\drivers\z520wh.sys
2008-04-18 15:22 . 2008-04-18 15:22 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-18 15:21 . 2008-04-19 11:11 <DIR> d-------- C:\Program Files\Corel
2008-04-18 15:21 . 2008-04-18 15:21 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
2008-04-18 14:47 . 2006-09-13 18:19 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-18 14:47 . 2006-09-13 18:18 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-18 08:11 . 2008-04-18 08:11 <DIR> d-------- C:\Program Files\uTorrent
2008-04-18 08:11 . 2008-04-20 15:05 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
2008-04-17 14:55 . 2008-04-19 12:58 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-15 21:15 . 2008-04-21 20:19 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.org2
2008-04-15 20:58 . 2008-04-15 20:58 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-15 20:56 . 2008-04-15 20:57 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4 (pl) Installation Files
2008-04-14 15:04 . 2008-04-14 15:04 <DIR> d-------- C:\Program Files\NewFon
2008-04-13 10:23 . 2008-04-13 10:23 <DIR> d-------- C:\Program Files\AudioCommander
2008-04-13 09:15 . 2008-04-13 09:15 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-12 22:04 . 2008-04-12 22:04 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-12 22:04 . 2008-04-12 22:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-04-12 22:01 . 2008-04-12 22:01 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-12 22:01 . 2008-04-12 22:01 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-04-12 22:01 . 2008-04-12 22:01 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-04-12 21:52 . 2008-04-22 13:33 53 --a------ C:\biosinfo
2008-04-12 21:36 . 2008-04-12 21:36 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-12 21:25 . 2008-04-12 21:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Teleca
2008-04-12 21:25 . 2007-04-23 15:54 108,680 -ra------ C:\WINDOWS\system32\drivers\s115mdm.sys
2008-04-12 21:25 . 2007-04-23 15:54 100,488 -ra------ C:\WINDOWS\system32\drivers\s115mgmt.sys
2008-04-12 21:25 . 2007-04-23 15:54 98,568 -ra------ C:\WINDOWS\system32\drivers\s115obex.sys
2008-04-12 21:25 . 2007-04-23 15:54 83,208 -ra------ C:\WINDOWS\system32\drivers\s115bus.sys
2008-04-12 21:25 . 2007-04-23 15:54 15,112 -ra------ C:\WINDOWS\system32\drivers\s115mdfl.sys
2008-04-12 21:25 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115whnt.sys
2008-04-12 21:25 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115wh.sys
2008-04-12 21:25 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cmnt.sys
2008-04-12 21:25 . 2007-04-23 15:54 12,424 -ra------ C:\WINDOWS\system32\drivers\s115cm.sys
2008-04-12 21:24 . 2008-04-19 00:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-12 21:23 . 2008-04-19 00:53 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-04-12 21:23 . 2008-04-12 21:23 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Sony Ericsson
2008-04-12 21:22 . 2008-04-19 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-04-12 20:56 . 2008-04-12 20:56 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\FMA
2008-04-12 20:43 . 2006-09-13 18:18 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-10 07:03 . 2008-04-10 07:03 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-04-09 18:25 . 2008-04-09 18:25 <DIR> d-------- C:\WINDOWS\Sun
2008-04-09 00:38 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-09 00:37 . 2008-04-16 19:51 <DIR> d-------- C:\Program Files\Java
2008-04-09 00:37 . 2008-04-09 00:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-09 00:31 . 2008-04-09 00:31 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-04-09 00:29 . 2008-04-09 00:29 <DIR> d-------- C:\Program Files\Nero
2008-04-09 00:29 . 2008-04-09 00:30 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-09 00:29 . 2008-04-09 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-04-09 00:27 . 2006-12-07 07:29 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll
2008-04-09 00:14 . 2008-04-09 22:08 <DIR> d-------- C:\WINDOWS\system32\DllCache
2008-04-09 00:04 . 2006-09-13 18:18 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-09 00:04 . 2006-09-13 18:18 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-04-09 00:04 . 2006-09-13 18:19 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-09 00:04 . 2006-09-13 18:18 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-09 00:04 . 2006-09-13 18:19 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-09 00:04 . 2006-09-13 18:18 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-04-09 00:04 . 2006-09-13 18:18 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-08 22:47 . 2008-04-08 22:47 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-04-08 22:47 . 2008-04-08 22:47 39,713 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-08 22:47 . 2008-04-08 22:47 4,839 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-08 22:46 . 2008-04-08 22:46 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-04-08 22:45 . 2008-04-08 22:45 <DIR> d-------- C:\Program Files\7-Zip
2008-04-08 22:29 . 2008-04-08 22:29 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-08 22:13 . 2008-04-08 22:13 0 --a------ C:\WINDOWS\msicpl.ini
2008-04-08 22:07 . 2008-04-08 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-04-08 22:01 . 2008-04-08 22:01 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-08 22:01 . 2008-04-08 22:01 <DIR> d-------- C:\Program Files\VIA
2008-04-08 22:01 . 2004-05-18 10:55 74,112 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2008-04-08 22:00 . 2008-04-19 11:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-08 22:00 . 2008-04-19 11:12 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-08 22:00 . 2008-04-08 22:00 <DIR> d-------- C:\Program Files\AMD
2008-04-08 22:00 . 2004-08-11 16:30 39,424 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 11:34 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Skype
2008-04-22 09:39 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\skypePM
2008-04-20 19:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-18 14:00 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp
2008-04-08 21:58 --------- d-----w C:\Program Files\Zylom Games
2008-04-08 21:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom
2008-04-08 21:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-04-08 21:45 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-08 21:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-04-08 21:28 --------- d-----w C:\Program Files\Winamp
2008-04-08 21:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-08 21:22 --------- d-----w C:\Program Files\Csgware
2008-04-08 21:20 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-08 21:19 --------- d-----w C:\Program Files\Skype
2008-04-08 21:19 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-08 21:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-04-08 21:17 --------- d-----w C:\Program Files\Alwil Software
2008-04-08 21:14 --------- d-----w C:\Program Files\DSC_Program
2008-04-08 21:14 --------- d-----w C:\Program Files\BearShare
2008-04-08 21:11 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2008-04-08 21:11 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2008-04-08 21:11 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2008-04-08 21:11 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-04-08 21:11 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-04-08 21:11 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2008-04-08 21:11 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv
2008-04-08 21:11 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2008-04-08 21:11 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2008-04-08 21:11 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2008-04-08 21:11 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2008-04-08 21:10 --------- d-----w C:\Program Files\MarBit
2008-04-08 21:08 --------- d-----w C:\Program Files\Lavasoft
2008-04-08 21:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-08 21:05 --------- d-----w C:\Program Files\Gadu-Gadu
2008-04-08 20:47 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-04-08 19:47 --------- d-----w C:\Program Files\Usługi online
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:35 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 17:31 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-20 08:01 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:01 1,846,144 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-02-20 18:53 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 18:53 45,568 ------w C:\WINDOWS\system32\DllCache\dnsrslvr.dll
2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:53 282,624 ------w C:\WINDOWS\system32\DllCache\gdi32.dll
2008-02-20 05:23 147,968 ------w C:\WINDOWS\system32\DllCache\dnsapi.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"XSC SIP Client"="C:\Program Files\NewFon\NewFon.exe" [2005-04-15 14:29 3514368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 08:51 7323648]
"nwiz"="nwiz.exe" [2005-12-14 08:51 1519616 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-01-03 04:58 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-01-03 04:59 69632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 08:51 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]
C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 22:47:48 344064]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 14:20:14 180224]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe [2002-09-30 21:09:06 131072]
Y'z Toolbar.lnk - C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 14:41:10 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\NewFon\\NewFon.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-12 22:01]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-09-13 18:19]
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys [2005-07-26 11:13]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z520mdfl.sys [2005-07-26 11:15]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\z520mdm.sys [2005-07-26 11:15]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 13:42:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-22 13:42:19
ComboFix-quarantined-files.txt 2008-04-22 11:42:17
Pre-Run: 12,355,223,552 bajtów wolnych
Post-Run: 12,354,805,760 bajtów wolnych
.
2008-04-20 11:52:26 --- E O F ---
- Jose
- Forumowicz
- Posty: 16
- Dołączenie: 23 Lip 2007, 13:38
- Miejscowość: Luxemburg
przez huber2t » 22 Kwi 2008, 15:35
UA:
fix w HijackThis
W drugim logu nic nie widzę
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
W drugim logu nic nie widzę
-
huber2t - Zasłużony działacz forum
- Posty: 2798
- Dołączenie: 21 Mar 2008, 10:07
- Pochwały: 42
5 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Bing [Bot]