Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Prosze o sprawdzenie loga HijackThis
10 Gru 2007, 19:10
- Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:27, on 2007-12-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programy\Ares\Ares.exe
C:\WINDOWS\system32\RaConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Programy\Gadu-gadu\GG.EXE
C:\Programy\Firelfox\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dcom Helper] utorrent.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\RunServices: [Dcom Helper] utorrent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dcom Helper] utorrent.exe
O4 - HKCU\..\Run: [ares] "C:\Programy\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programy\Gadu-gadu\GG.EXE" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196194908875
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programy\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.ahct.de/blog/wp-content/uploads/2006/09/winvista-small.jpg
--
End of file - 6392 bytes
11 Gru 2007, 00:46
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [Dcom Helper] utorrent.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
Usuń. Pliki utorrent.exe i tcpipmon.exe ręcznie do kosza.
https://www.instalki.pl/programy/downlo ... eaner.html
Zmień znaki na zielone.
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [Dcom Helper] utorrent.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
Usuń. Pliki utorrent.exe i tcpipmon.exe ręcznie do kosza.
https://www.instalki.pl/programy/downlo ... eaner.html
Zmień znaki na zielone.
11 Gru 2007, 18:19
heh no a może jakieś instrukcje jak to zrobić ??
12 Gru 2007, 20:23
Wpisy 02,03 fix'ujesz w Hijacku
utorrent.exe i tcpipmon.exe usuwasz recznie z katalogu System32 .(C:\Windows\System32 )
Kasuj w trybie awaryjnym przy wyłączonym przywracaniu systemu.
Co do WWDC >>ściągnij>>uruchom>>kliknij w przyciski przy których są czerwone znaczki >>i tyle
utorrent.exe i tcpipmon.exe usuwasz recznie z katalogu System32 .(C:\Windows\System32 )
Kasuj w trybie awaryjnym przy wyłączonym przywracaniu systemu.
Co do WWDC >>ściągnij>>uruchom>>kliknij w przyciski przy których są czerwone znaczki >>i tyle
14 Gru 2007, 22:55
ludzie tych dwóch plików do usunięcia ręcznie nie ma i co teraz
15 Gru 2007, 13:23
marcin56543988 napisał(a):ludzie tych dwóch plików do usunięcia ręcznie nie ma i co teraz
należy jeszcze usunąć
C:\Program Files\MyGlobalSearch
Ale do tego użyj Combofixa https://www.instalki.pl/programy/downlo ... boFix.html
przeskanuj nim system daj log na forum
16 Gru 2007, 00:00
co do logu to chodzi o to:
- Kod:
Deckard's System Scanner v20071014.68
Run by *********** on 2007-12-15 22:52:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 3 Restore Point(s) --
3: 2007-12-15 21:53:14 UTC - RP113 - Deckard's System Scanner Restore Point
2: 2007-12-12 20:30:02 UTC - RP112 - Punkt kontrolny systemu
1: 2007-12-07 11:57:02 UTC - RP111 - Removed Digimax Master
Backed up registry hives.
Performed disk cleanup.
[color=red]Percentage of Memory in Use: 81% (more than 75%).[/color]
[color=red]Total Physical Memory: 256 MiB (512 MiB recommended).[/color]
-- HijackThis (run as Strączkowski.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:15, on 2007-12-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programy\Ares\Ares.exe
C:\Programy\Gadu-gadu\GG.EXE
C:\WINDOWS\system32\RaConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Programy\Firelfox\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Strączkowski\Pulpit\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Strączkowski.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\RunServices: [Dcom Helper] utorrent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dcom Helper] utorrent.exe
O4 - HKCU\..\Run: [ares] "C:\Programy\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programy\Gadu-gadu\GG.EXE" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196194908875
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programy\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.ahct.de/blog/wp-content/uploads/2006/09/winvista-small.jpg
--
End of file - 5959 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20071214-215115-303 O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
backup-20071214-215115-437 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20071214-215115-216 O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL
backup-20071214-215115-612 O4 - HKLM\..\Run: [Dcom Helper] utorrent.exe
backup-20071214-215115-426 O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
-- File Associations -----------------------------------------------------------
[color=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/color]
[color=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/color]
[color=red].reg - regfile - shell\open\command - "regedit.exe" "%1"[/color]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 RT2400 (RT2400 Wireless Driver) - c:\windows\system32\drivers\rt2400.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11 Wireless PCI Adapters>
R3 SiS7012 (Service for AC'97 Sample Driver (WDM)) - c:\windows\system32\drivers\sis7012.sys <Not Verified; Silicon Integrated Systems Corporation; SiS 7012 Audio Device WDM Driver>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>
S1 eeCtrl (Symantec Eraser Control driver) - c:\program files\common files\symantec shared\eengine\eectrl.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
S3 EraserUtilRebootDrv - c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys (file missing)
S3 suscom (Susteen Serial port driver) - c:\windows\system32\drivers\suscom.sys <Not Verified; Susteen Inc.; Susteen USB-to-Serial Bridge Cable>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 AresChatServer (Ares Chatroom server) - c:\programy\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2007-11-15 and 2007-12-15 -----------------------------
2007-12-10 18:07:46 0 d-------- C:\Program Files\Trend Micro
2007-12-10 17:24:14 0 d--hs---- C:\FOUND.000
2007-12-05 21:41:23 0 d-------- C:\Program Files\Hamachi
2007-11-23 22:45:02 31087 --a------ C:\WINDOWS\system32\xkh1udoe84fkszi4a.dll
2007-11-23 22:45:02 12441 --a------ C:\WINDOWS\system32\qke3kixfeflkszi4a.dll
2007-11-23 22:45:02 25630 --a------ C:\WINDOWS\system32\lap20nh3l4dkszi4a.dll
2007-11-23 22:44:44 0 d-------- C:\Program Files\Code-Crafters
-- Find3M Report ---------------------------------------------------------------
2007-12-11 20:16:18 0 d-------- C:\Documents and Settings\Strączkowski\Dane aplikacji\FTPRush
2007-12-03 21:11:38 0 d-------- C:\Documents and Settings\Strączkowski\Dane aplikacji\Hamachi
2007-11-09 12:09:36 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-11-09 12:08:32 0 d-------- C:\Program Files\BitComet
2007-11-04 11:10:28 0 d-------- C:\Program Files\GameSpy Arcade
2007-10-22 15:11:34 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-21 22:45:40 8 -r-hs---- C:\WINDOWS\system32\F1FDA416BE.sys
2007-10-20 20:27:10 0 d-------- C:\Documents and Settings\Strączkowski\Dane aplikacji\MSN6
2007-10-06 17:07:06 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-24 21:10]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 18:00]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"Dcom Helper"="utorrent.exe" []
"ares"="C:\Programy\Ares\Ares.exe" [2007-02-26 02:40]
"Gadu-Gadu"="C:\Programy\Gadu-gadu\GG.exe" [2007-04-25 17:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Dcom Helper"=utorrent.exe
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
RaConfig.lnk - C:\WINDOWS\system32\RaConfig.exe [2007-01-20 12:45:39]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Strączkowski^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\Strączkowski\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uap1.4]
C:\Documents and Settings\Strączkowski\Pulpit\Energy 2000 vol 9\uap.exe task
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BlueSoleil Hid Service"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\Setup.exe
-- End of Deckard's System Scanner: finished at 2007-12-15 22:56:30 ------------
czy o to:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Polish
CPU 0: AMD Athlon(tm) Processor
Percentage of Memory in Use: 87%
Physical Memory (total/avail): 255.48 MiB / 31.07 MiB
Pagefile Memory (total/avail): 1004.37 MiB / 729.69 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.46 MiB
A: is Removable (No Media)
C: is Fixed (FAT32) - 18.63 GiB total, 5.05 GiB free.
D: is Fixed (FAT32) - 18.62 GiB total, 4.01 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST340810A - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 18.64 GiB - C:
\PARTITION1 - Rozszerzona z rozszerzonym przerwaniem 13 - 18.63 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\StrĄczkowski\Dane aplikacji
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KOMP1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\StrĄczkowski
LOGONSERVER=\\KOMP1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Programy\Firelfox\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;D:\PROGRA~1\ATITEC~1\ATICON~1
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0402
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\STR¤CZ~1\USTAWI~1\Temp
TMP=C:\DOCUME~1\STR¤CZ~1\USTAWI~1\Temp
USERDOMAIN=KOMP1
USERNAME=StrĄczkowski
USERPROFILE=C:\Documents and Settings\StrĄczkowski
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Strączkowski [i](admin)[/i]
Administrator [i](admin)[/i]
-- Add/Remove Programs ---------------------------------------------------------
--> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ability FTP Server 1.18 --> "C:\Program Files\Code-Crafters\Ability FTP Server\unins000.exe"
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Archiwizator WinRAR --> C:\Programy\WinRAR\uninstall.exe
Ares 2.0.7 --> "C:\Programy\Ares\uninstall.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
µTorrent --> "C:\Documents and Settings\Strączkowski\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
BearShare --> C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
BitComet 0.96 --> C:\Program Files\BitComet\uninst.exe
CCleaner (remove only) --> "C:\Programy\Cclearen\CCleaner\uninst.exe"
EasyRecovery Professional --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1033
EVEREST Home Edition v2.01 --> "C:\Programy\EVEREST Home Edition\EVEREST Home Edition\unins000.exe"
Expressivo --> C:\Program Files\ivo\Expressivo\UsunExpressivo.exe
FIFA 06 --> D:\Gry\FIFA 06 (Windows xp)\EAUninstall.exe
Gadu-Gadu 7.7 --> C:\Programy\Gadu-gadu\Setup.exe
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Hamachi 1.0.2.4 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman - Codename 47 --> "d:\gry\hitman\uninstall.exe" C:\WINDOWS\ISUNINST.EXE -y -f"d:\gry\hitman\uninstall.isu"
HP OrderReminder --> "C:\Program Files\Hewlett-Packard\OrderReminder\uninstall\hpuninstaller.exe" hp_LaserJet_1018
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Kozacy - Powrót na wojnę --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5BFDB060-06A4-11D0-9C4F-00A0C705475F}
LaserJet 1018 --> C:\Program Files\Zenographics\{7173BF94-201F-4408-B67B-A904A3A358C3}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010415-78E1-11D2-B60F-006097C998E7}
Mozilla Firefox (2.0.0.9) --> C:\Programy\Firelfox\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.6) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Multimedialna Nowa Encyklopedia Powszechna PWN --> C:\WINDOWS\IsUn0415.exe -f"C:\Program Files\PWN\MNEP\Uninst.isu"
My Global Search Bar --> rundll32 C:\PROGRA~1\MYGLOB~1\bar\2.bin\mgsBar.dll,O
Narzędzie Software Uninstall Utility firmy ATI --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Nero 7 Premium --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
No One Lives Forever --> C:\WINDOWS\uninst.exe -f"c:\gry\no one liefs forever\DeIsL1.isu"
Pakiet zgodności dla systemu Office 2007 --> MsiExec.exe /X{90120000-0020-0415-0000-0000000FF1CE}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
RealSpeak Solo 4.0 SAPI5 Polish Agata --> MsiExec.exe /I{30233C19-872D-4412-9050-7DC263824A96}
RT2400 Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9198A23F-C33C-4907-9715-96DE7D4AF27D}\Setup.exe" -l0x9
Samsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything
SiS Audio Driver --> C:\Progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
Skaner on-line mks_vir --> C:\WINDOWS\system32\SkanerOnlineUninstall.exe
Sony Ericsson Themes Creator 3.06 --> C:\Documents and Settings\Strączkowski\Pulpit\Nowy folder\Themes Creator\Uninstall.exe
Sp5 --> MsiExec.exe /I{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}
Sp5Intl --> MsiExec.exe /I{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}
Sp5TTInt --> MsiExec.exe /I{E415C943-37E5-473F-8BAE-043C56734124}
SpCommon --> MsiExec.exe /I{6C3959C6-943E-44B3-BAAD-570B04B134E5}
SpPhones --> MsiExec.exe /I{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}
SubEdit-Player --> "C:\Programy\SubEdition Player\SubEdit-Player\unins000.exe"
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
VideoLAN VLC media player 0.8.4a --> C:\Programy\VLC\uninstall.exe
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VSO Image Resizer 1.0.7 --> "C:\Programy\Image Resizer\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Yahoo! Toolbar --> C:\PROGRA~1\YAHOO!\COMMON\unyt.exe
YouTube Video Downloader V2.0 --> "C:\Programy\You Tube Video\YouTube Video Downloader\unins000.exe"
-- Application Event Log -------------------------------------------------------
Event Record #/Type6535 / Error
Event Submitted/Written: 12/15/2007 10:04:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł powodujący błąd urlmon.dll, wersja 6.0.2900.3020, adres błędu 0x0003a1be.
Przetwarzanie zdarzenia określonego nośnika dla [iexplore.exe!ws!]
Event Record #/Type6484 / Error
Event Submitted/Written: 12/13/2007 03:21:01 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplikacja zawieszająca IEXPLORE.EXE, wersja 6.0.2900.2180, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Event Record #/Type6386 / Error
Event Submitted/Written: 12/09/2007 05:58:41 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplikacja zawieszająca IEXPLORE.EXE, wersja 6.0.2900.2180, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Event Record #/Type6364 / Error
Event Submitted/Written: 12/09/2007 00:03:46 AM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł powodujący błąd urlmon.dll, wersja 6.0.2900.3020, adres błędu 0x0003a1be.
Przetwarzanie zdarzenia określonego nośnika dla [iexplore.exe!ws!]
Event Record #/Type6363 / Error
Event Submitted/Written: 12/08/2007 11:57:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplikacja zawieszająca cleanmgr.exe, wersja 6.0.2900.2180, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type59509 / Error
Event Submitted/Written: 12/15/2007 10:52:42 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Komputer utracił połączenie dla swojego adresu IP 10.28.2.121 na karcie
sieciowej o adresie sieciowym 0080C6E89728.
Event Record #/Type59508 / Warning
Event Submitted/Written: 12/15/2007 10:52:42 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Komputer nie mógł odnowić swojego adresu z sieci
(z serwera DHCP) dla karty sieciowej o adresie 0080C6E89728. Wystąpił
następujący błąd:
%%121.
Komputer będzie dalej próbował sam uzyskać adres
z serwera adresów sieciowych (DHCP).
Event Record #/Type59507 / Warning
Event Submitted/Written: 12/15/2007 10:52:35 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Komputer nie mógł odnowić swojego adresu z sieci
(z serwera DHCP) dla karty sieciowej o adresie 0080C6E89728. Wystąpił
następujący błąd:
%%121.
Komputer będzie dalej próbował sam uzyskać adres
z serwera adresów sieciowych (DHCP).
Event Record #/Type59506 / Warning
Event Submitted/Written: 12/15/2007 10:51:35 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Komputer nie mógł odnowić swojego adresu z sieci
(z serwera DHCP) dla karty sieciowej o adresie 0080C6E89728. Wystąpił
następujący błąd:
%%121.
Komputer będzie dalej próbował sam uzyskać adres
z serwera adresów sieciowych (DHCP).
Event Record #/Type59505 / Warning
Event Submitted/Written: 12/15/2007 10:49:33 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Komputer nie mógł odnowić swojego adresu z sieci
(z serwera DHCP) dla karty sieciowej o adresie 0080C6E89728. Wystąpił
następujący błąd:
%%121.
Komputer będzie dalej próbował sam uzyskać adres
z serwera adresów sieciowych (DHCP).
-- End of Deckard's System Scanner: finished at 2007-12-15 22:56:30 ------------
16 Gru 2007, 12:14
marcin56543988
Nie chodzi o to Deckard's System Scanner (DSS)
miałeś przeskanować i zrobić loga z
co do logu to chodzi o to:
Deckard's System Scanner v20071014.68
Run by *********** on 2007-12-15 22:52:48
Computer is in Normal Mode.
Nie chodzi o to Deckard's System Scanner (DSS)
miałeś przeskanować i zrobić loga z
Ale do tego użyj Combofixa https://www.instalki.pl/programy/downlo ... boFix.html
przeskanuj nim system daj log na forum