KaxxL Opublikowano 27 Czerwca 2007 Zgłoś Opublikowano 27 Czerwca 2007 Hijackthis » Naciśnij, żeby pokazać/ukryć tekst oznaczony jako spoiler... « Logfile of HijackThis v1.99.1Scan saved at 10:14:56, on 2007-06-27Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\pctspk.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exeC:\WINDOWS\system32\RUNDLL32.EXED:\GG1\gg.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Konnekt\konnekt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\System32\WScript.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Documents and Settings\kaxxl\Pulpit\hijackthis\HijackThis.exeO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dllO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pauseO4 - HKCU\..\Run: [Gadu-Gadu] "D:\GG1\gg.exe" /trayO4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - Startup: UniSpiker-2.6.lnk = ?O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htmO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{E77057AB-8D4A-4A64-B1DE-C64F4456122A}: NameServer = 213.241.79.37 83.238.255.76O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Silent Runners » Naciśnij, żeby pokazać/ukryć tekst oznaczony jako spoiler... « "Silent Runners.vbs", revision R50, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"Gadu-Gadu" = ""D:\GG1\gg.exe" /tray" ["sms-express.com"]"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"" ["Kaspersky Lab"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" [file not found]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch" -> {HKLM...CLSID} = "FGCatchUrl" \InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided) -> {HKLM...CLSID} = "FlashGet GetFlash Class" \InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension" -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [file not found]"{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}" = "ShellPlusContextMenu" -> {HKLM...CLSID} = "Burn4Freecontext menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\b4fm.dll" [file not found]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW" -> {HKLM...CLSID} = "Statystyki ochrony WWW" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"]"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View" -> {HKLM...CLSID} = "Contact View" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {HKLM...CLSID} = "Message View" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "Moje miejsca interfejsu Bluetooth" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]HKLM\Software\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\Software\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [file not found]Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll" ["Kaspersky Lab"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll" ["Kaspersky Lab"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ShellPlusContextMenu\(Default) = "{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}" -> {HKLM...CLSID} = "Burn4Freecontext menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\b4fm.dll" [file not found]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableTaskMgr" = (REG_DWORD) hex:0x00000000{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|Remove Task Manager}HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"DisableTaskMgr" = (REG_DWORD) hex:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS][/spoiler] Z gory dzieki za sprawdzenie. Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
CatchMe Opublikowano 27 Czerwca 2007 Zgłoś Opublikowano 27 Czerwca 2007 Logi są czyste. 8O Czemu sądzisz, że masz infekcję w systemie?? - Wklej log z ComboFix. 8O Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
ULLISSES Opublikowano 27 Czerwca 2007 Zgłoś Opublikowano 27 Czerwca 2007 Czemu sądzisz, że masz infekcję w systemie??OT: Bo mu Kasperski zamula system? 8O Odnośnie logów, to wykasowałbym te wszystkie "buttony" dla IE, bo i tak nie używasz IE. » Naciśnij, żeby pokazać/ukryć tekst oznaczony jako spoiler... « O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htmO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe Oraz wywalił z autostartu nwiz.exe i BearShare. Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
KaxxL Opublikowano 27 Czerwca 2007 Zgłoś Opublikowano 27 Czerwca 2007 Uwazam tak dlatego ze: -mam zamuly sytemu przy starcie -znowu mam roba co mi myszke muli i wiesza (1klik = 2) i ciezko zaznaczyc tekst czasami Kaspersky w miare dobrze mi sie spisuje ;> (ew co polecacie zamiast niego?) Myszka to Razer Krait to napewno nie jej wina juz kiedys tak mialem i tylko format pomagal a nie chce mi sie narazie robic formata 8O Daje logi z combofixa: » Naciśnij, żeby pokazać/ukryć tekst oznaczony jako spoiler... « "kaxxl" - 2007-06-27 11:50:08 - ComboFix 07-06-27.7 - Dodatek Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))2007-06-27 11:49 49,152 --a------ C:\WINDOWS\nircmd.exe2007-06-26 22:47 <DIR> d-------- C:\Program Files\Common Files\DirectX2007-06-26 20:17 <DIR> d-------- C:\Program Files\EA GAMES2007-06-24 13:13 <DIR> d-------- C:\WINDOWS\speech2007-06-24 13:12 <DIR> d-------- C:\Program Files\ivo2007-06-18 22:28 <DIR> d-------- C:\Program Files\Real Alternative2007-06-18 22:28 <DIR> d-------- C:\Program Files\Media Player Classic2007-06-18 22:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Real2007-06-18 22:16 <DIR> d-------- C:\Program Files\Real2007-06-18 22:16 <DIR> d-------- C:\Program Files\Common Files\Real2007-06-18 22:15 <DIR> d-------- C:\DOCUME~1\kaxxl\DANEAP~1\Real2007-06-18 21:31 <DIR> d-------- C:\Program Files\NAPI-PROJEKT2007-06-18 17:52 <DIR> d-------- C:\Downloads2007-06-18 17:35 <DIR> d-------- C:\Program Files\FlashGet2007-06-18 14:51 <DIR> d-------- C:\Program Files\DAEMON Tools2007-06-14 16:22 <DIR> d--hs---- C:\FOUND.0122007-06-13 18:56 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll2007-06-13 18:56 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll2007-06-13 18:23 737,280 --a------ C:\WINDOWS\iun6002.exe2007-06-13 18:13 3,655,608 --a------ C:\Program Files\FLV PlayerRCATSetup.exe2007-06-13 18:13 <DIR> d-------- C:\Program Files\Replay Media Catcher2007-06-13 18:12 <DIR> d-------- C:\Program Files\Replay Converter2007-06-13 18:07 25,990,392 --a------ C:\Program Files\FLV PlayerRCSetup.exe2007-06-13 18:06 <DIR> d-------- C:\WINDOWS\FLV Player2007-06-13 18:06 <DIR> d-------- C:\Program Files\FLV Player2007-06-13 17:40 <DIR> d-------- C:\Program Files\YouTube Video Downloader2007-06-11 15:39 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe2007-06-11 15:38 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE2007-06-11 15:38 <DIR> d-------- C:\NVIDIA2007-06-10 21:49 <DIR> d-------- C:\WINDOWS\Prefetch2007-06-10 21:32 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll2007-06-10 21:32 13,312 --a------ C:\WINDOWS\system32\irclass.dll2007-06-10 17:58 <DIR> d--hs---- C:\FOUND.0112007-06-10 16:58 <DIR> d--hs---- C:\FOUND.0102007-06-05 15:16 <DIR> d--hs---- C:\FOUND.0092007-06-03 17:46 <DIR> d-------- C:\Program Files\Infogrames2007-06-03 17:45 306,688 --a------ C:\WINDOWS\IsUninst.exe2007-06-03 15:15 <DIR> d-------- C:\Program Files\EAGLE-4.16r22007-06-03 15:14 299,520 --a------ C:\WINDOWS\uninst.exe2007-06-03 15:14 <DIR> d-------- C:\DOCUME~1\kaxxl\WINDOWS2007-06-02 14:01 <DIR> d--hs---- C:\FOUND.0082007-06-01 16:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Bluetooth2007-06-01 16:13 <DIR> d-------- C:\Program Files\IVT Corporation2007-05-31 13:33 <DIR> d--hs---- C:\FOUND.0072007-05-30 17:04 <DIR> d-------- C:\Program Files\Headshot Player2007-05-30 16:58 87,040 --a------ C:\WINDOWS\UnGins.exe2007-05-30 16:58 <DIR> d-------- C:\Program Files\Reflex2007-05-29 15:31 <DIR> d-------- C:\strona2007-05-27 13:54 <DIR> d-------- C:\Program Files\Konnekt2007-05-27 13:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\stamina(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-06-18 12:45:48 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2007-06-10 20:02:34 50,968 ----a-w C:\WINDOWS\system32\perfc015.dat2007-06-10 20:02:34 359,046 ----a-w C:\WINDOWS\system32\perfh015.dat2007-06-10 19:41:10 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat2007-06-10 19:37:12 456 ----a-w C:\WINDOWS\system32\pthsp.dat2007-06-03 12:31:28 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll2007-05-31 06:44:56 740,442 ----a-w C:\WINDOWS\system32\divx.dll2007-05-23 15:04:08 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\TVU Networks2007-05-23 14:57:40 -------- d-----w C:\Program Files\TVUPlayer2007-05-17 04:55:44 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\Samsung2007-05-10 16:49:34 -------- d-----w C:\Program Files\Softick2007-05-10 15:25:00 17,264 ----a-w C:\WINDOWS\desctemp.dat2007-05-10 14:46:00 -------- d-----w C:\Program Files\Cell Phone Manager2007-05-10 14:23:54 -------- d-----w C:\Program Files\Samsung2007-05-09 18:32:02 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\Help2007-05-09 17:17:22 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\uTorrent2007-05-09 17:17:18 -------- d-----w C:\Program Files\uTorrent2007-05-09 15:44:20 -------- d-----w C:\Program Files\WIDCOMM2007-05-06 13:27:08 -------- d-----w C:\Program Files\American Conquest - Divided Nation2007-05-06 13:24:54 -------- d-----w C:\Program Files\VVSN2007-05-03 07:52:08 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\SopCast2007-05-03 07:52:06 -------- d-----w C:\Program Files\SopCast2007-05-02 17:01:40 -------- d-----w C:\Program Files\SpyRemover2007-05-02 16:39:32 -------- d-----w C:\Program Files\SkanerOnline2007-05-01 12:01:54 -------- d-----w C:\Program Files\Opera2007-04-29 10:18:52 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\AdobeUM2007-04-28 16:48:22 -------- d-----w C:\Program Files\mIRC2007-04-28 13:36:40 -------- d-----w C:\Program Files\IrfanView2007-04-28 12:54:36 593,920 ----a-w C:\WINDOWS\system32\xvidcore.dll2007-04-28 11:19:10 -------- d-----w C:\Program Files\WarRock2007-04-28 11:18:10 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\InstallShield2007-04-23 00:15:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll2007-04-23 00:02:36 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll2007-04-21 19:53:12 229,487 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_3718.exe2007-04-20 19:16:18 8,341 ----a-w C:\WINDOWS\mozver.dat2007-04-20 13:39:50 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat2007-04-20 13:35:32 44 ----a-w C:\WINDOWS\system32\msssc.dll2007-04-20 13:26:16 335 ----a-w C:\WINDOWS\nsreg.dat2007-04-20 13:15:22 0 --sha-r C:\MSDOS.SYS2007-04-20 13:15:22 0 --sha-r C:\IO.SYS2007-04-20 13:15:22 0 ----a-w C:\CONFIG.SYS2007-04-20 13:15:22 0 ----a-w C:\AUTOEXEC.BAT2007-04-20 13:14:58 1,536 ----a-w C:\WINDOWS\system32\TrueSoft.dat2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-06-11 11:55]{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-05-16 07:05][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="D:\GG1\gg.exe" [2004-02-27 12:03]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnkbackup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Bluetooth.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Bluetooth.lnkbackup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]C:\PROGRA~1\WapSter\AQQ\AQQ.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]"C:\Program Files\BearShare\BearShare.exe" /pause[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]nwiz.exe /install[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))No new files created in this timespan(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-06-18 12:45:48 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2007-06-10 20:02:34 50,968 ----a-w C:\WINDOWS\system32\perfc015.dat2007-06-10 20:02:34 359,046 ----a-w C:\WINDOWS\system32\perfh015.dat2007-06-10 19:41:10 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat2007-06-10 19:37:12 456 ----a-w C:\WINDOWS\system32\pthsp.dat2007-06-03 12:31:28 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll2007-05-31 06:44:56 740,442 ----a-w C:\WINDOWS\system32\divx.dll2007-05-23 15:04:08 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\TVU Networks2007-05-23 14:57:40 -------- d-----w C:\Program Files\TVUPlayer2007-05-17 04:55:44 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\Samsung2007-05-10 16:49:34 -------- d-----w C:\Program Files\Softick2007-05-10 15:25:00 17,264 ----a-w C:\WINDOWS\desctemp.dat2007-05-10 14:46:00 -------- d-----w C:\Program Files\Cell Phone Manager2007-05-10 14:23:54 -------- d-----w C:\Program Files\Samsung2007-05-09 18:32:02 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\Help2007-05-09 17:17:22 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\uTorrent2007-05-09 17:17:18 -------- d-----w C:\Program Files\uTorrent2007-05-09 15:44:20 -------- d-----w C:\Program Files\WIDCOMM2007-05-06 13:27:08 -------- d-----w C:\Program Files\American Conquest - Divided Nation2007-05-06 13:24:54 -------- d-----w C:\Program Files\VVSN2007-05-03 07:52:08 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\SopCast2007-05-03 07:52:06 -------- d-----w C:\Program Files\SopCast2007-05-02 17:01:40 -------- d-----w C:\Program Files\SpyRemover2007-05-02 16:39:32 -------- d-----w C:\Program Files\SkanerOnline2007-05-01 12:01:54 -------- d-----w C:\Program Files\Opera2007-04-29 10:18:52 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\AdobeUM2007-04-28 16:48:22 -------- d-----w C:\Program Files\mIRC2007-04-28 13:36:40 -------- d-----w C:\Program Files\IrfanView2007-04-28 12:54:36 593,920 ----a-w C:\WINDOWS\system32\xvidcore.dll2007-04-28 11:19:10 -------- d-----w C:\Program Files\WarRock2007-04-28 11:18:10 -------- d-----w C:\DOCUME~1\kaxxl\DANEAP~1\InstallShield2007-04-23 00:15:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll2007-04-23 00:02:36 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll2007-04-21 19:53:12 229,487 ----a-w C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_3718.exe2007-04-20 19:16:18 8,341 ----a-w C:\WINDOWS\mozver.dat2007-04-20 13:39:50 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat2007-04-20 13:35:32 44 ----a-w C:\WINDOWS\system32\msssc.dll2007-04-20 13:26:16 335 ----a-w C:\WINDOWS\nsreg.dat2007-04-20 13:15:22 0 --sha-r C:\MSDOS.SYS2007-04-20 13:15:22 0 --sha-r C:\IO.SYS2007-04-20 13:15:22 0 ----a-w C:\CONFIG.SYS2007-04-20 13:15:22 0 ----a-w C:\AUTOEXEC.BAT2007-04-20 13:14:58 1,536 ----a-w C:\WINDOWS\system32\TrueSoft.dat2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-06-11 11:55]{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-05-16 07:05][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="D:\GG1\gg.exe" [2004-02-27 12:03]"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnkbackup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Bluetooth.lnk]path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Bluetooth.lnkbackup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]C:\PROGRA~1\WapSter\AQQ\AQQ.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]"C:\Program Files\BearShare\BearShare.exe" /pause[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]nwiz.exe /install[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
CatchMe Opublikowano 27 Czerwca 2007 Zgłoś Opublikowano 27 Czerwca 2007 Usuń te pliki: C:\FOUND.012 C:\FOUND.011 C:\FOUND.010 C:\FOUND.009 C:\FOUND.008 C:\FOUND.007 Logi poza tym są czyste. Wklej logi z Gmer`a (z 2 opcji). Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach Więcej opcji udostępniania...
