Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Proszę o sprawdzenie loga - zamulony komp
04 Paź 2007, 21:59
log z ComboFix
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Pulpit\internet.lnk
C:\Program Files\Common Files\{382DE~1
C:\Program Files\Common Files\{382DE~1\toolbardll.lzma
C:\Program Files\Common Files\{482DE~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\FunWebProducts
C:\Program Files\inetget2
C:\Program Files\mantec~1
C:\Program Files\mediapipe
C:\Program Files\mediapipe\Agent.dll
C:\Program Files\mediapipe\install.log
C:\Program Files\mediapipe\ItBill_terms.txt
C:\Program Files\mediapipe\MediaPipe.ini
C:\Program Files\mediapipe\p2pinst.exe
C:\Program Files\mediapipe\p2pl.exe
C:\WINDOWS\asembl~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\wnsxs~1
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_COM+_MESSAGES
-------\COM+ Messages
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.
2007-10-04 21:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-30 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Eset
2007-09-30 13:42 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-09-30 13:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-09-30 13:42 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-09-30 13:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-09-28 22:23 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-09-28 09:16 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-09-28 09:16 <DIR> d-------- C:\WINDOWS\nview
2007-09-28 09:15 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-09-28 00:41 <DIR> d-------- C:\Program Files\F-Secure Internet Security
2007-09-26 20:09 <DIR> d--h----- C:\Documents and Settings\NetworkService.ZARZ¤DZANIE NT\Ustawienia lokalne
2007-09-26 20:09 <DIR> d--h----- C:\Documents and Settings\LocalService.ZARZ¤DZANIE NT\Ustawienia lokalne
2007-09-26 20:09 <DIR> d-------- C:\Documents and Settings\NetworkService.ZARZ¤DZANIE NT\Dane aplikacji
2007-09-26 20:09 <DIR> d-------- C:\Documents and Settings\LocalService.ZARZ¤DZANIE NT\Dane aplikacji
2007-09-26 11:55 <DIR> d-------- C:\Program Files\CCleaner
2007-09-26 11:46 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2007-09-26 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
2007-09-25 23:35 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-25 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2007-09-25 13:48 <DIR> d-------- C:\Program Files\Lavalys
2007-09-23 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2007-09-21 09:17 28,680 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-09-21 09:15 33,288 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-09-21 09:15 25,096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-09-13 23:42 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-13 23:31 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-13 23:30 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-09-13 23:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-13 23:30 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-09-11 23:03 <DIR> d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-27 12:42 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-09-27 00:29 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-09-25 22:19 --------- d-------- C:\Program Files\Kaspersky Lab
2007-09-25 21:24 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-14 17:45 --------- d-------- C:\Program Files\Star Defender 3
2007-09-02 16:03 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-09-02 16:03 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2006-01-28 00:23 26958 --a------ C:\Program Files\MovieLand Terms.html
2005-05-03 12:16 933 --a------ C:\Program Files\INSTALL.LOG
2001-11-23 06:08 712704 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1998-04-30 14:56 129024 --a------ C:\Program Files\UNWISE.EXE
C:\Documents and Settings\Łukasz\usbsermptxp.sys
C:\Documents and Settings\Łukasz\usbsermpt.sys
C:\Documents and Settings\Łukasz\mqdmwhnt.sys
C:\Documents and Settings\Łukasz\mqdmserd.sys
C:\Documents and Settings\Łukasz\mqdmmdm.sys
C:\Documents and Settings\Łukasz\mqdmmdfl.sys
C:\Documents and Settings\Łukasz\mqdmcr.sys
C:\Documents and Settings\Łukasz\mqdmcmnt.sys
C:\Documents and Settings\Łukasz\mqdmbus.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BAD1F8D-8B4B-FFC7-6F80-F2AD0C7DB4CE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
"zzzHPSETUP"="E:\Setup.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-09 00:05]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-14 18:47]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-11-16 16:14]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 09:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-11-29 11:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe"
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 musbehco;musbehco;\??\C:\DOCUME~1\UKASZ~1\USTAWI~1\Temp\musbehco.sys
S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 21:41:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
log z HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42:43, on 2007-10-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2BAD1F8D-8B4B-FFC7-6F80-F2AD0C7DB4CE} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\HP\Temp\{9C70E67A-623C-4612-AF57-5014879E79CB}\setup\hpzrcv01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_17.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/d603/mailcfg.ocx
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_26.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_26.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6641 bytes
Proszę o pomoc i wytłumaczenie jak dla laika
Z góry dzięki
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Pulpit\internet.lnk
C:\Program Files\Common Files\{382DE~1
C:\Program Files\Common Files\{382DE~1\toolbardll.lzma
C:\Program Files\Common Files\{482DE~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\FunWebProducts
C:\Program Files\inetget2
C:\Program Files\mantec~1
C:\Program Files\mediapipe
C:\Program Files\mediapipe\Agent.dll
C:\Program Files\mediapipe\install.log
C:\Program Files\mediapipe\ItBill_terms.txt
C:\Program Files\mediapipe\MediaPipe.ini
C:\Program Files\mediapipe\p2pinst.exe
C:\Program Files\mediapipe\p2pl.exe
C:\WINDOWS\asembl~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\wnsxs~1
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_COM+_MESSAGES
-------\COM+ Messages
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.
2007-10-04 21:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-30 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Eset
2007-09-30 13:42 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-09-30 13:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-09-30 13:42 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-09-30 13:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-09-28 22:23 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-09-28 09:16 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-09-28 09:16 <DIR> d-------- C:\WINDOWS\nview
2007-09-28 09:15 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-09-28 00:41 <DIR> d-------- C:\Program Files\F-Secure Internet Security
2007-09-26 20:09 <DIR> d--h----- C:\Documents and Settings\NetworkService.ZARZ¤DZANIE NT\Ustawienia lokalne
2007-09-26 20:09 <DIR> d--h----- C:\Documents and Settings\LocalService.ZARZ¤DZANIE NT\Ustawienia lokalne
2007-09-26 20:09 <DIR> d-------- C:\Documents and Settings\NetworkService.ZARZ¤DZANIE NT\Dane aplikacji
2007-09-26 20:09 <DIR> d-------- C:\Documents and Settings\LocalService.ZARZ¤DZANIE NT\Dane aplikacji
2007-09-26 11:55 <DIR> d-------- C:\Program Files\CCleaner
2007-09-26 11:46 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2007-09-26 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
2007-09-25 23:35 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-25 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2007-09-25 13:48 <DIR> d-------- C:\Program Files\Lavalys
2007-09-23 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2007-09-21 09:17 28,680 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-09-21 09:15 33,288 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-09-21 09:15 25,096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-09-13 23:42 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-13 23:31 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-13 23:30 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-09-13 23:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-13 23:30 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-09-11 23:03 <DIR> d-------- C:\Program Files\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-27 12:42 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-09-27 00:29 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-09-25 22:19 --------- d-------- C:\Program Files\Kaspersky Lab
2007-09-25 21:24 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-14 17:45 --------- d-------- C:\Program Files\Star Defender 3
2007-09-02 16:03 271360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-09-02 16:03 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2006-01-28 00:23 26958 --a------ C:\Program Files\MovieLand Terms.html
2005-05-03 12:16 933 --a------ C:\Program Files\INSTALL.LOG
2001-11-23 06:08 712704 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1998-04-30 14:56 129024 --a------ C:\Program Files\UNWISE.EXE
C:\Documents and Settings\Łukasz\usbsermptxp.sys
C:\Documents and Settings\Łukasz\usbsermpt.sys
C:\Documents and Settings\Łukasz\mqdmwhnt.sys
C:\Documents and Settings\Łukasz\mqdmserd.sys
C:\Documents and Settings\Łukasz\mqdmmdm.sys
C:\Documents and Settings\Łukasz\mqdmmdfl.sys
C:\Documents and Settings\Łukasz\mqdmcr.sys
C:\Documents and Settings\Łukasz\mqdmcmnt.sys
C:\Documents and Settings\Łukasz\mqdmbus.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BAD1F8D-8B4B-FFC7-6F80-F2AD0C7DB4CE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
"zzzHPSETUP"="E:\Setup.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-09 00:05]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-14 18:47]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-11-16 16:14]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"egui"="C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" [2007-09-21 09:16]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-11-29 11:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe"
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 musbehco;musbehco;\??\C:\DOCUME~1\UKASZ~1\USTAWI~1\Temp\musbehco.sys
S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 21:41:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
log z HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42:43, on 2007-10-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2BAD1F8D-8B4B-FFC7-6F80-F2AD0C7DB4CE} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPZRCV01.LNK = C:\Program Files\HP\Temp\{9C70E67A-623C-4612-AF57-5014879E79CB}\setup\hpzrcv01.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_17.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/d603/mailcfg.ocx
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_26.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_26.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\Eset\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6641 bytes
Proszę o pomoc i wytłumaczenie jak dla laika
Z góry dzięki
05 Paź 2007, 10:40
Na początek przeczytaj ten temat: http://instalki.pl/forum/viewtopic.php?t=10892 i poczekaj, ktoś sprawdzi logi
05 Paź 2007, 11:02
Dzięki Bozz, napewno się przyda i czekam cierpliwie na sprawdzenie logów
05 Paź 2007, 11:12
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O2 - BHO: (no name) - {2BAD1F8D-8B4B-FFC7-6F80-F2AD0C7DB4CE} - (no file)
To można usunąć, bo jakiś śmieci specjalnie nie widzę.
ATF Cleaner Powinien usunąć śmieci z TEMP-ów.
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O2 - BHO: (no name) - {2BAD1F8D-8B4B-FFC7-6F80-F2AD0C7DB4CE} - (no file)
To można usunąć, bo jakiś śmieci specjalnie nie widzę.
ATF Cleaner Powinien usunąć śmieci z TEMP-ów.
05 Paź 2007, 11:28
Dzięki za rade pp3088.
Zastosuję się do niej.
Napisz, czy może być jeszcze jakaś przyczyna, jeżeli twoja rada i Bozza nie pomoże ? Dodam, że sprawdzałem kompa antyvirami (adaware,nod, kaspersky) jak również robiłem defragmenacje diskeeperem.
Z góry dzięki za odpowiedź
Zastosuję się do niej.
Napisz, czy może być jeszcze jakaś przyczyna, jeżeli twoja rada i Bozza nie pomoże ? Dodam, że sprawdzałem kompa antyvirami (adaware,nod, kaspersky) jak również robiłem defragmenacje diskeeperem.
Z góry dzięki za odpowiedź