Wykryto wyłączony javascript
Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.
[wirus]widze tylko tapetę

Rozpoczęty przez Kamashi , 01 03 2008 15:55
Temat jest zamknięty
4 odpowiedzi w tym temacie
#1 Kamashi

Początkujący
15 postów
Napisano 01 03 2008 - 15:55
Witam, wczoraj cos musialo sie stac, bo dzisiaj wlaczam komputer a tu nie ma zadnych ikonek... NIC pusto tylko tapeta. W internet wszedlem poprzez menedzera zadan i mam dostep do wszystkich plikow przez tego menadzera zadan teraz nie wiem co zrobic zeby przywrocic te wszystkie foldery .. prosze o jak najszybsza pomoc!
log z hijackthisa

CYTAT
Logfile of HijackThis v1.99.1
Scan saved at 12:22:07, on 2008-03-01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Don\Pulpit\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://google.pl/"]http://google.pl/[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\idm\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: Peer2Mail Toolbar Helper - {4FB971C4-99FB-480d-BA3F-55B8263010FB} - C:\Program Files\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Peer2Mail Toolbar - {43F2A7F9-06F6-48a5-B0DC-8530BF29CE66} - C:\Program Files\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [IDMan] C:\idm\IDMan.exe /onboot
O4 - Startup: ctfmon.exe
O8 - Extra context menu item: Download All Links with IDM - C:\idm\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\idm\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\idm\IEExt.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{91E88758-D61D-4611-B466-5D0B93FEA469}: NameServer = 192.168.1.1,194.204.159.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

A tu log z combofix:
CYTAT
ComboFix 08-03-01.3 - Don 2008-03-01 14:07:31.2 - NTFSx86

Running from: C:\Documents and Settings\Don\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED excl.gif
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.#BR_R
PLACE#---- Previous Run -------
.
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

.
(((((((((((((((((((((((((((((
((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.#BR_RE
LACE#-------\LEGACY_NPF
-------\NPF




((((((((((((
(((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-03-01 12:53 . 2008-03-01 12:53 <DIR> d-------- C:\Program Files\Vista Drive Icon
2008-03-01 12:02 . 2008-03-01 12:02 <DIR> d-------- C:\Program Files\Registry Repair 2006
2008-03-01 00:43 . 2008-03-01 00:43 <DIR> d-------- C:\VTPFiles
2008-03-01 00:42 . 2005-05-18 11:43 81,920 --a------ C:\WINDOWS\system32\CloseApp.exe
2008-03-01 00:10 . 2008-03-01 00:10 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-03-01 00:10 . 2004-04-26 13:47 163,456 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-03-01 00:06 . 2008-03-01 00:06 0 --a------ C:\WINDOWS\WB.ini
2008-02-29 23:57 . 2008-03-01 00:10 <DIR> d-------- C:\Program Files\Stardock
2008-02-29 23:57 . 2003-02-26 20:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-02-29 23:57 . 2005-01-22 18:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2008-02-27 20:09 . 2008-02-27 20:10 <DIR> d-------- C:\Program Files\18 Wheels of Steel Haulin
2008-02-25 23:53 . 2008-02-27 16:47 <DIR> d-------- C:\idm
2008-02-25 18:31 . 2008-02-25 18:31 <DIR> d-------- C:\Program Files\D-Tools
2008-02-25 18:31 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-02-25 18:31 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-02-25 17:35 . 2008-02-25 17:35 <DIR> d-------- C:\GAMES
2008-02-24 23:36 . 2008-02-24 23:36 <DIR> d-------- C:\Program Files\Budzik
2008-02-24 20:09 . 2008-02-24 20:09 416,530 ---h----- C:\treeinfo.wc
2008-02-24 19:39 . 2008-02-27 18:07 313 --a------ C:\WINDOWS\wcx_ftp.ini
2008-02-24 19:35 . 2008-02-24 19:35 <DIR> d-------- C:\totalcmd
2008-02-24 19:35 . 2008-02-27 18:07 1,379 --a------ C:\WINDOWS\wincmd.ini
2008-02-24 19:35 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-02-24 19:35 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-02-24 19:35 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-02-24 19:35 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-02-24 19:35 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-02-24 19:35 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-02-24 19:35 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-02-24 12:56 . 2008-02-27 19:38 <DIR> d-------- C:\Program Files\Dachshund Software
2008-02-24 12:56 . 2008-02-27 12:17 257 --ah----- C:\WINDOWS\wininf.dat
2008-02-24 10:14 . 2008-02-24 10:44 <DIR> dr-hs---- C:\Recycled
2008-02-24 10:14 . 2008-02-24 10:14 123 -r-hs---- C:\autorun.inf
2008-02-23 23:26 . 2008-02-29 16:41 38 --a------ C:\WINDOWS\avisplitter.INI
2008-02-23 15:23 . 2008-02-23 15:23 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-23 00:42 . 2008-02-23 00:42 <DIR> d-------- C:\WINDOWS\speech
2008-02-22 20:01 . 2008-02-22 20:31 <DIR> d-------- C:\Tibia Auto
2008-02-22 19:57 . 2008-02-22 19:58 <DIR> d-------- C:\tibia 8.1
2008-02-22 01:12 . 2008-02-22 01:12 <DIR> d-------- C:\Documents and Settings\Don\Dane aplikacji\DivX
2008-02-21 23:45 . 2008-02-24 16:22 <DIR> d-------- C:\www
2008-02-21 23:00 . 2008-02-21 23:00 <DIR> d-------- C:\Program Files\Microsoft Exp<b></b>ression
2008-02-21 19:17 . 2008-02-21 19:26 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-21 19:16 . 2008-02-21 19:16 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-21 19:15 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-19 22:41 . 2008-02-19 22:41 <DIR> d-------- C:\Documents and Settings\Don\Dane aplikacji\Sony
2008-02-19 22:03 . 2008-02-19 22:03 <DIR> d-------- C:\Documents and Settings\Don\Dane aplikacji\Publish Providers
2008-02-19 22:03 . 2008-02-19 22:03 <DIR> d-------- C:\Documents and Settings\Don\Dane aplikacji\NetMedia Providers
2008-02-19 22:00 . 2008-02-27 19:45 <DIR> d-------- C:\Program Files\Sony
2008-02-19 21:59 . 2008-02-19 21:59 <DIR> d-------- C:\Program Files\Sony Setup
2008-02-19 19:58 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-19 19:58 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-19 19:58 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-19 19:58 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-19 19:57 . 2008-02-21 15:09 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-19 19:57 . 2008-02-19 19:57 <DIR> d-------- C:\Documents and Settings\Don\Dane aplikacji\PC Tools
2008-02-19 18:40 . 2008-02-19 22:25 <DIR> d-------- C:\Program Files\Unlocker
2008-02-18 00:27 . 2008-02-18 00:27 <DIR> d-------- C:\Program Files\Tasker
2008-02-17 20:00 . 2008-02-17 20:00 <DIR> d-------- C:\WINDOWS\Cache
2008-02-17 19:18 . 2008-02-17 19:19 <DIR> d-------- C:\Documents and Settings\Don\Dane aplikacji\Ulead Systems
2008-02-17 19:02 . 2008-02-17 19:02 <DIR> d-------- C:\Program Files\Windows Media Components
2008-02-17 19:02 . 2008-02-17 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-02-17 19:02 . 2008-02-17 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-02-17 19:01 . 2008-02-17 19:01 <DIR> d-------- C:\Program Files\Ulead Systems
2008-02-17 19:01 . 2008-02-18 16:50 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
2008-02-17 16:59 . 2008-02-17 16:59 <DIR> d-------- C:\Program Files\Neoretix
2008-02-17 16:45 . 2008-02-17 16:45 <DIR> d-------- C:\WINDOWS\system32\XPToolsLicenseComponent
2008-02-17 16:45 . 2001-08-24 08:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-02-17 13:12 . 2008-02-27 19:38 <DIR> d-------- C:\Program Files\ivo
2008-02-16 12:26 . 2008-02-16 12:26 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-02-16 12:26 . 2008-02-29 22:21 <DIR> d-------- C:\Documents and Settings\Don\Dane aplikacji\MegauploadToolbar
2008-02-13 14:17 . 2008-02-13 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2008-02-13 14:13 . 2004-08-04 00:44 91,136 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-02-13 14:13 . 2004-08-04 00:44 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-02-13 14:13 . 2004-08-04 00:44 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-02-13 14:13 . 2004-08-04 00:44 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-02-13 14:13 . 2004-08-04 00:44 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-02-11 21:35 . 2008-02-11 21:35 <DIR> d-------- C:\Program Files\Xilisoft
2008-02-11 21:35 . 2008-02-27 19:42 <DIR> d-------- C:\Program Files\QuickTime
2008-02-11 19:18 . 2008-02-12 12:31 <DIR> d-------- C:\Program Files\Mistrz Klawiatury 1.0 Demo
2008-02-11 16:32 . 2008-02-11 16:32 <DIR> d-------- C:\WINDOWS\Desktop
2008-02-11 16:31 . 2008-02-11 16:31 <DIR> d-------- C:\Program Files\FreshDevices
2008-02-10 14:05 . 2008-02-10 14:05 <DIR> d-------- C:\Program Files\ToniArts
2008-02-09 14:05 . 2008-02-09 14:05 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-02-09 14:05 . 2008-02-09 14:05 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-02-09 13:48 . 2008-02-09 13:48 <DIR> d-------- C:\Program Files\AML Products
2008-02-09 13:48 . 2006-03-11 04:56 438,272 --a------ C:\WINDOWS\system32\Mpeg2DecFilter.ax
2008-02-09 13:48 . 2005-11-25 21:46 421,888 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-02-09 13:48 . 2004-01-11 15:47 327,680 --a------ C:\WINDOWS\system32\MatroskaSplitter.ax
2008-02-09 13:48 . 2005-06-21 17:48 1 --a------ C:\WINDOWS\gamidnof.lnl
2008-02-09 11:13 . 2008-02-09 11:14 <DIR> d-------- C:\Program Files\4Musics WMA to MP3 Converter
2008-02-09 11:13 . 2007-11-01 17:53 42,880 --a------ C:\WINDOWS\system32\drivers\vacs2xkd.sys
2008-02-09 11:13 . 2001-03-17 21:34 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-02-09 11:13 . 2002-07-17 08:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-02-09 02:22 . 2008-02-09 02:22 <DIR> d-------- C:\Program Files\Damian Pasternak
2008-02-08 23:14 . 1995-07-14 00:00 146,321 --a------ C:\WINDOWS\system32\plus!.hlp
2008-02-08 23:14 . 1995-06-01 12:00 1,300 --a------ C:\WINDOWS\system32\cool.dll
2008-02-08 23:06 . 2008-02-11 23:52 <DIR> d-------- C:\Program Files\Tapeter
2008-02-08 19:58 . 2008-02-08 19:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-08 19:58 . 2008-02-08 19:58 <DIR> d-------- C:\Documents and Settings\Don\Dane aplikacji\Media Player Classic
2008-02-08 19:48 . 2008-02-08 19:48 <DIR> d-------- C:\Program Files\MarBit
2008-02-07 17:57 . 2008-02-07 17:57 <DIR> d-------- C:\Program Files\TibiaBot NG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
200
-03-01 11:01 --------- d-----w C:\Documents and Settings\Don\Dane aplikacji\DMCache
2008-02-29 14:20 --------- d-----w C:\Documents and Settings\Don\Dane aplikacji\iMesh
2008-02-27 18:46 --------- d-----w C:\Program Files\WebServ
2008-02-27 18:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-22 23:02 --------- d-----w C:\Program Files\Tibia
2008-02-22 18:10 --------- d-----w C:\Documents and Settings\Don\Dane aplikacji\IDM
2008-02-19 21:24 --------- d-----w C:\Program Files\C-Media Audio
2008-02-17 18:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-07 17:14 --------- d-----w C:\Documents and Settings\Don\Dane aplikacji\Tibia
2008-02-07 16:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-02-06 19:12 --------- d-----w C:\Documents and Settings\Don\Dane aplikacji\Hamachi
2008-02-06 12:59 --------- d-----w C:\Documents and Settings\Don\Dane aplikacji\TibiaTestserver
2008-02-04 11:18 --------- d-----w C:\Program Files\Google
2008-02-03 01:26 --------- d-----w C:\Program Files\eMule
2008-02-02 10:11 --------- d-----w C:\Program Files\Winamp
2008-01-31 16:36 --------- d-----w C:\Program Files\YafRay
2008-01-31 14:32 --------- d-----w C:\Program Files\Blender Foundation
2008-01-29 23:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2008-01-29 21:01 --------- d-----w C:\Program Files\Yahoo!
2008-01-29 21:01 --------- d-----w C:\Program Files\FLV Player
2008-01-28 18:07 --------- d-----w C:\Program Files\uTorrent
2008-01-28 15:28 --------- d-----w C:\Program Files\[url="http://www.download.net.pl/219/IrfanView/"]IrfanView[/url]
2008-01-27 21:58 --------- d-----w C:\Program Files\UltraISO
2008-01-27 15:12 --------- d-----w C:\Program Files\AirSnare
2008-01-27 15:04 --------- d-----w C:\Program Files\WinPcap
2008-01-26 12:30 --------- d-----w C:\Program Files\Java
2008-01-26 12:27 --------- d-----w C:\Program Files\Common Files\Java
2008-01-25 22:26 --------- d-----w C:\Documents and Settings\Don\Dane aplikacji\Winamp
2008-01-25 22:18 --------- d-----w C:\Program Files\Winamp Remote
2008-01-25 22:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-01-25 17:49 --------- d-----w C:\Program Files\MP3Dancer
2008-01-25 13:49 --------- d-----w C:\Program Files\RonOTS Client
2008-01-25 12:07 2,238,016 ----a-w C:\WINDOWS\inf\isprnt.exe
2008-01-24 21:00 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-24 14:51 --------- d-----w C:\Documents and Settings\Don\Dane aplikacji\Dev-Cpp
2008-01-24 11:40 --------- d-----w C:\Program Files\Arjaloc
2008-01-24 10:57 --------- d-----w C:\Program Files\MyPortal
2008-01-23 20:06 --------- d-----w C:\Program Files\MP3Gain
2008-01-23 12:03 --------- d-----w C:\Program Files\Common Files\Totem Shared
2008-01-23 11:43 --------- d-----w C:\Program Files\Alcohol Soft
2008-01-23 11:40 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-23 11:37 --------- d-----w C:\Program Files\Astonsoft
2008-01-23 11:35 --------- d-----w C:\Documents and Settings\Don\Dane aplikacji\DeepBurner
2008-01-23 10:48 --------- d-----w C:\Documents and Settings\Don\Dane aplikacji\Teleca
2008-01-22 20:34 --------- d-----w C:\Documents and Settings\Don\Dane aplikacji\Gadu-Gadu
2008-01-22 20:25 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-22 18:55 --------- d-----w C:\Program Files\Asprate
2008-01-22 18:29 231,302 ----a-w C:\WINDOWS\Peer2Mail_Toolbar_Uninstaller_9859.exe
2008-01-22 18:29 --------- d-----w C:\Program Files\Peer2Mail Toolbar
2008-01-22 18:29 --------- d-----w C:\Program Files\Peer2Mail
2008-01-22 15:21 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-22 15:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-01-22 15:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-01-22 15:20 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-22 14:44 --------- d-----w C:\Program Files\iMesh Applications
2008-01-18 22:47 --------- d-----w C:\Program Files\C-Media 3D Audio
2008-01-18 22:46 --------- d-----w C:\Program Files\Intel
2008-01-18 22:36 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-18 22:35 558,142 ----a-w C:\WINDOWS\java\Packages\1bdrb1f7.zip
2008-01-18 22:35 155,995 ----a-w C:\WINDOWS\java\Packages\3d35bjnt.zip
2008-01-18 22:34 --------- d-----w C:\Program Files\Usługi online
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

------- Sigcheck -------

b3c95bfeef6781a82a1c429f466a3a11 C:\WINDOWS\system32\svchost.exe
----a-w 12,800 2001-10-26 17:30:02 C:\WINDOWS\system32\svchost.exe

3a4892a57cfe05d61e4bbc3ec3e24a63 C:\WINDOWS\system32\user32.dll
------w 561,664 2002-09-20 17:04:58 C:\WINDOWS\ServicePackFiles\i386\user32.dll
----a-w 561,664 2002-09-20 17:04:58 C:\WINDOWS\system32\user32.dll

9b7d1c56cc12d806314b853bf52ecb4c C:\WINDOWS\system32\ws2_32.dll
----a-w 75,264 2001-10-26 17:29:46 C:\WINDOWS\system32\ws2_32.dll

4965c02574610e9b2d1e18d63d11a772 C:\WINDOWS\system32\wininet.dll
-c----w 658,944 2004-08-03 23:44:16 C:\WINDOWS\ie7\wininet.dll
------w 601,600 2002-09-20 17:05:00 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
----a-w 601,600 2002-09-20 17:05:00 C:\WINDOWS\system32\wininet.dll

244a2f9816bc9b593957281ef577d976 C:\WINDOWS\system32\drivers\tcpip.sys
------w 332,928 2002-08-29 00:58:12 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
----a-w 332,928 2002-08-29 00:58:12 C:\WINDOWS\system32\drivers\tcpip.sys

8b6e6bb5d451f8bbc0621203b687d993 C:\WINDOWS\system32\winlogon.exe
------w 519,168 2002-09-20 17:05:50 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
----a-w 519,168 2002-09-20 17:05:50 C:\WINDOWS\system32\winlogon.exe

3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\system32\drivers\ndis.sys
------w 167,552 2002-08-29 01:09:26 C:\WINDOWS\ServicePackFiles\i386\ndis.sys
----a-w 167,552 2002-08-29 01:09:26 C:\WINDOWS\system32\drivers\ndis.sys

79d262478c985e736deb38ce2224fc75 C:\WINDOWS\system32\ntkrnlpa.exe
------w 1,949,184 2002-09-20 16:12:16 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
----a-w 1,949,184 2002-09-20 17:18:00 C:\WINDOWS\system32\ntkrnlpa.exe

ae94ae0da6ed874ce08912fc63f8c6c2 C:\WINDOWS\system32\ntoskrnl.exe
------w 2,043,520 2002-09-20 16:12:28 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
----a-w 2,043,520 2002-09-20 16:12:28 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.#BR_
EPLACE#*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\idm\IDMan.exe" [2007-07-28 15:38 1360304]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WindowBlinds"="C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbconfig.exe" [2007-02-21 15:06 1023152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-09-20 18:05 146944]
"DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [2007-07-04 20:59 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiscSpaceChecks"= 000000000000f03f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-02-07 17:31 226992 C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Don^Menu Start^Programy^Autostart^Budzik.lnk]
path=C:\Documents and Settings\Don\Menu Start\Programy\Autostart\Budzik.lnk
backup=C:\WINDOWS\pss\Budzik.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Don^Menu Start^Programy^Autostart^ctfmon.exe]
path=C:\Documents and Settings\Don\Menu Start\Programy\Autostart\ctfmon.exe
backup=C:\WINDOWS\pss\ctfmon.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Don^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\Don\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Don^Menu Start^Programy^Autostart^MP3 Dancer.lnk]
path=C:\Documents and Settings\Don\Menu Start\Programy\Autostart\MP3 Dancer.lnk
backup=C:\WINDOWS\pss\MP3 Dancer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2002-09-20 18:05 13312 C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 11:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-07-28 15:38 1360304 C:\idm\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 2005-09-20 03:32 77824 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
-ra------ 2005-09-20 03:36 114688 C:\WINDOWS\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
-ra------ 2005-09-20 03:35 94208 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"uploadmgr"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=3 (0x3)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"rpcapd"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"NetDDEdsdm"=3 (0x3)
"NetDDE"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"Irmon"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"HTTPFilter"=3 (0x3)
"helpsvc"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"ClipSrv"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=3 (0x3)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"Alerter"=3 (0x3)


.
**************************
***********************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-03-01 14:08:49
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************
*****************
.
Completion time: 2008-03-01 14:09:22
ComboFix-quarantined-files.txt 2008-03-01 13:09:13
Acha, i w ogóle nie mam "explorer.exe" w procesach...
Użytkownik pawel315 edytował ten post 05 01 2013 - 17:59
0
Do góry
#2 rademenes14

Stały użytkownik
255 postów
Napisano 01 03 2008 - 19:12
w poleceniu uruchom wpisz : explorer.exe i kliknij ENTER , to najprościej na pewno explorer sie standardowo nie włącza dlatego sama tapeta, a tak w ogóle to dokładniej w jakich okolicznościach ,bo na pewno jak na końcu napisałeś nie włącza sie explorer, czyli masz jakies pojecie ,
na pewno przeskanuj dobrym anty wirem , a później w linii poleceń wpisz chkdsk polecenie sprawdzi poprawność danych na dysku i w miarę możliwości naprawi .
0
Do góry
#3 przemekp1990

Początkujący
31 postów
Napisano 01 03 2008 - 20:12
Miałem kiedyś podobną sytuację... Zaloguj się jako Administrator w Trybie Awaryjnym potem uruchom ponownie komputer - mi to zawsze pomagało...
0
Do góry
#4 wncvirus

Leń !
851 postów
Napisano 02 03 2008 - 16:17
Odpal htj.Wybierz opcje do a system scan only zrobi Ci się log i zaznacz kwadraty obok poniższego0 wpisu i daj fix

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
0
Do góry
#5 Deniel

Początkujący
22 postów
Napisano 02 03 2008 - 16:58
Miałem to samo. Nie znam się na logach i tego typu sprawach, ale na 99,99% jest to wirus który tworzy nowy proces EXPLORER.EXE w przeciwieństwie do poprawnego procesu ten jest napisany z dużych liter i również jest odpalany przy starcie systemu i również jest w menadzarze. Działają dwa procesy o tej samej nazwie. Ten wirus robi Ci niezły bałagan, podejrzewam, że również w samym procesie explorer.exe ponieważ jak go miałem i wyrzuciłem antywirusem to system już mi nie wstał. Dlatego prośba do tych którzy czytają logi aby coś poradzili.
0
Do góry
Wróć do Bezpieczeństwo (wirusy i trojany)
Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych