- Kod: Zaznacz wszystko
svchost.exe -Błąd aplikacji "W aplikacji wystąpił wyjątek nieznany wyjątek programowy ($) pod adresem $. ...
podjąłem dużo czynności "reanimacyjnych" ale nic nie skutkowało ;>
Logi wydają się czyste ale dam... niech ktoś też spojrzy.
HTJ:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:22, on 2009-03-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ratlerek.lnk = C:\WINDOWS\RTHDCPL.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 1778 bytes
Combos:
- Kod: Zaznacz wszystko
ComboFix 07-09-10.6 - "Admin" 1997-03-28 19:03:26.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.502 [GMT 1:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
d:\autorun.inf
D:\Autorun.inf
((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.
2007-09-28 18:09 55,840 --a------ C:\WINDOWS\system32\MLTHLP32.DLL
2007-09-28 18:09 32,768 --a------ C:\WINDOWS\system32\IDUNINST.DLL
2007-09-28 18:09 179,712 --a------ C:\WINDOWS\system32\DPUNINST.DLL
2007-09-28 18:09 149,504 --a------ C:\WINDOWS\system32\MFCANS32.DLL
2007-09-25 23:51 <DIR> d-------- C:\Tata
2007-09-22 09:48 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-09-21 18:04 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-09-21 18:04 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-09-21 18:04 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-09-21 15:42 <DIR> d-------- C:\Program Files\Valve Hammer Editor
2007-09-15 10:44 <DIR> d-------- C:\DOCUME~1\Admin\DANEAP~1\Opera
2007-09-12 17:59 <DIR> d-------- C:\DOCUME~1\Admin\WapSter
2007-09-12 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\FLEXnet
2007-09-11 17:33 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-10 19:03 <DIR> d-------- C:\!KillBox
2007-09-10 17:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 16:17 <DIR> d-------- C:\DOCUME~1\Admin\DANEAP~1\Tlen.pl
2007-09-07 14:59 <DIR> d-------- C:\Program Files\SkanerOnline
2007-09-07 14:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-07 14:13 5,200 --a------ C:\WINDOWS\system32\drivers\drwebnet.sys
2007-09-07 14:13 <DIR> d-------- C:\Program Files\DrWeb
2007-09-06 19:55 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Pulpit
2007-08-14 19:17 <DIR> d-------- C:\Program Files\sXe Injected
2007-08-14 11:54 <DIR> d-------- C:\Program Files\Microsoft Games
2007-08-11 22:56 4 --a------ C:\Program Files\2007-08-11 22_55.gps.bin
2007-08-11 22:54 <DIR> d-------- C:\Program Files\AutoMapa EU
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 19:20 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\GanymedeNet
2009-03-28 17:56 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\BitTorrent
2009-03-28 17:28 38400 --a------ C:\WINDOWS\system32\drivers\quadraserv.sys
2009-03-23 21:16 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\SoundGen
2009-03-21 20:55 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\mIRC
2009-03-16 20:37 --------- d-------- C:\Program Files\Common Files\Adobe AIR
2009-03-16 19:56 39936 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2009-03-02 13:06 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\temp
2009-03-01 20:47 --------- d-------- C:\Program Files\Spyware Terminator
2009-03-01 20:47 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\Spyware Terminator
2009-02-17 23:14 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Karen's Power Tools
2009-02-17 23:13 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\KeePass
2009-02-14 22:50 --------- d-------- C:\Program Files\Prolink
2009-02-13 18:28 --------- d--h----- C:\Program Files\InstallShield Installation Information
2009-02-13 18:27 --------- d-------- C:\Program Files\PixelView Station
2009-02-13 18:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\PC Drivers HeadQuarters
2009-02-09 21:52 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\teamspeak2
2009-02-07 18:43 --------- d-------- C:\Program Files\GIMP-2.0
2009-01-31 18:07 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\ipla
2009-01-31 18:05 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\ipla
2009-01-29 00:24 --------- d-------- C:\Program Files\Lexmark 1200 Series
2009-01-24 17:09 --------- d-------- C:\Program Files\FlashGet
2009-01-18 16:40 70144 --a------ C:\kernel_.sys
2009-01-16 21:12 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\pdf995
2009-01-13 00:54 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\Hamachi
2009-01-10 23:30 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-10 23:27 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\Ventrilo
2009-01-02 23:41 --------- d-------- C:\Program Files\Common Files\Borland
2008-12-29 15:21 --------- d-------- C:\Program Files\Games-Masters.com
2008-12-27 12:47 --------- d-------- C:\Program Files\SWiSH v2.0
2008-12-25 22:24 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\MCS Electronics
2008-12-14 01:07 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\Blender Foundation
2008-12-12 12:02 --------- d-------- C:\Program Files\Common Files\InstallShield
2008-12-06 17:20 --------- d-------- C:\Program Files\Sierra On-Line
2008-11-29 12:20 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\Toribash
2008-11-27 01:11 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\Free Download Manager
2008-11-26 13:47 --------- d-------- C:\Program Files\GameShadow
2008-11-23 19:02 --------- d-------- C:\Program Files\ArcaMicroScan
2008-11-16 14:41 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\DNA
2008-11-16 12:41 --------- d-------- C:\Program Files\DNA
2008-11-10 23:20 --------- d-------- C:\Program Files\Euro Truck Simulator
2008-11-09 23:29 --------- d-------- C:\Program Files\eMule
2008-11-09 23:10 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\eMule
2008-11-09 22:03 --------- d-------- C:\Program Files\HD Tune
2008-11-08 22:32 --------- d-------- C:\Program Files\AskBarDis
2008-11-08 20:50 --------- d-------- C:\Program Files\Techland
2008-11-08 16:59 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\pdf995
2008-11-08 16:44 --------- d-------- C:\Program Files\pdf995
2008-10-31 20:16 --------- d-------- C:\Program Files\Indy 10 for Delphi 7
2008-10-31 18:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spyware Terminator
2008-10-26 16:06 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\FileZilla
2008-10-19 17:56 --------- d-------- C:\Program Files\Common Files\INCA Shared
2008-10-17 22:58 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Hagel Technologies
2008-10-17 17:30 --------- d-------- C:\Program Files\CursorXP
2008-10-14 00:36 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\Kana Solution
2008-10-13 23:07 --------- d-------- C:\Program Files\Common Files\Logitech
2008-10-13 23:06 --------- d-------- C:\Program Files\Logitech
2008-10-12 12:26 --------- d-------- C:\Program Files\Game_Maker7
2008-10-12 11:45 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-28 19:51 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\ICQ
2008-09-28 19:48 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\ICQLite
2008-09-28 19:43 --------- d-------- C:\Program Files\ICQLite
2008-09-26 22:02 --------- d-------- C:\Program Files\PSPad editor
2008-09-26 21:36 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\phpDesigner 2008
2008-09-20 17:56 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\Tibia
2008-09-18 15:39 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\StarMaker
2008-09-13 19:31 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Bibliotekarz.NET
2008-09-05 23:26 --------- d-------- C:\Program Files\Hamachi
2008-09-05 19:06 25280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-08 18:10 --------- d-------- C:\Program Files\City Interactive
2008-08-06 10:45 --------- d-------- C:\Program Files\Ubisoft
2008-08-02 18:22 --------- d-------- C:\Program Files\Rockstar Games
2008-08-01 03:54 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\Skype
2008-07-30 00:37 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\AccurateRip
2008-07-24 16:10 --------- d-------- C:\Program Files\Realtek
2008-07-15 18:16 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\CadSoft
2008-06-27 11:24 4742656 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-06-26 12:27 --------- d-------- C:\Program Files\NCH Swift Sound
2008-06-26 12:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\NCH Swift Sound
2008-06-26 12:27 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\NCH Swift Sound
2008-06-24 12:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\TrackMania
2008-06-22 19:06 --------- d-------- C:\Program Files\CyberLink
2008-06-22 19:05 --------- d-------- C:\Program Files\SmartSound Software
2008-06-22 19:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\SmartSound Software Inc
2008-06-22 19:03 --------- d-------- C:\Program Files\QuickTime
2008-06-22 19:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer
2008-06-21 16:17 --------- d-------- C:\Program Files\SWiSH v2.01
2008-06-21 15:29 --------- d-------- C:\Program Files\kswiat
2008-06-16 22:29 --------- d-------- C:\Program Files\FIFA
2008-06-16 01:41 --------- dr-h----- C:\DOCUME~1\Admin\DANEAP~1\SecuROM
2008-05-27 16:16 --------- d-------- C:\Program Files\mIRC
2008-05-15 17:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\IconTweaker
2008-05-15 17:11 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\IconTweaker
2008-05-14 23:08 --------- d-------- C:\Program Files\Google
2008-05-10 16:41 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\Nvu
2008-05-02 11:45 --------- d-------- C:\Program Files\Vstep
2008-05-02 11:08 --------- d-------- C:\Program Files\NVIDIA Corporation
2008-04-19 12:04 --------- d-------- C:\DOCUME~1\Admin\DANEAP~1\ArcSoft
2008-04-19 07:53 --------- d-------- C:\Program Files\Windows Media Components
2008-04-11 21:15 --------- d-------- C:\Program Files\SWiSHmax
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 11:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
C:\DOCUME~1\Admin\MENUST~1\Programy\A\AUTOST~1\
Ratlerek.lnk - C:\WINDOWS\RTHDCPL.exe [2006-11-08 23:51:22]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"ForceStartMenuLogoff"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programy^Autostart^Registration .LNK]
path=C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Registration .LNK
backup=C:\WINDOWS\pss\Registration .LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Admin^Menu Start^Programy^Autostart^Skrót do CubeDesktop.lnk]
path=C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Skrót do CubeDesktop.lnk
backup=C:\WINDOWS\pss\Skrót do CubeDesktop.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Remote Controller.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Remote Controller.lnk
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^TV Scheduler.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TV Scheduler.lnk
backup=C:\WINDOWS\pss\TV Scheduler.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^TVRMVCR.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TVRMVCR.lnk
backup=C:\WINDOWS\pss\TVRMVCR.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^uninstall-ubuntu.exe]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\uninstall-ubuntu.exe
backup=C:\WINDOWS\pss\uninstall-ubuntu.exeCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CubeDesktop]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorXP]
"C:\Program Files\CursorXP\CursorXP.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hide-The-IP]
"C:\Documents and Settings\Admin\Pulpit\LOGI ITP\Hack\com\Hide The IP 2.1.1\Hide The IP\HideTheIP.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
"C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
C:\WINDOWS\PowerS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Watcher]
"E:\Program Files\TV Watcher\TV Watcher.exe" /a
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"C-DillaSrv"=2 (0x2)
"Crypkey License"=2 (0x2)
"MDM"=2 (0x2)
"NOD32krn"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"aspnet_state"=3 (0x3)
"NMSAccessU"=2 (0x2)
"sp_rssrv"=2 (0x2)
"LightScribeService"=2 (0x2)
"CesarFTP"=2 (0x2)
"LexBceS"=2 (0x2)
"RichVideo"=2 (0x2)
"IDriverT"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys
R1 drwebnet;SpIDer Guard boot hook driver for Windows NT;C:\WINDOWS\system32\drivers\drwebnet.sys
R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS
R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS
R2 IOPort;IOPort;\??\C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
R2 TVicPort;TVicPort;C:\WINDOWS\system32\drivers\TVicPort.sys
R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\system32\drivers\CDANT.SYS
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S3 RivaTuner32;RivaTuner32;\??\e:\Program Files\RivaTuner v2.01\RivaTuner32.sys
S4 CesarFTP;CesarFTP FTP Server;E:\_webserv\ftp\WebServ(ftp).exe -S
S4 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
S4 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe
S4 spidernt;SpIDer Guard for Windows NT;C:\Program Files\DrWeb\SpiderNT.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dcf671a-b63a-11dc-a0b1-0016e6640554}]
AutoRun\command- H:\SETUP.EXE
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 19:09:29
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
disk error: C:\WINDOWS\
please note that you need administrator rights to perform deep scan
**************************************************************************
.
Completion time: 2007-09-10 19:10:52
C:\ComboFix-quarantined-files.txt ... 2007-09-10 19:10
C:\ComboFix2.txt ... 2007-11-19 20:21
C:\ComboFix3.txt ... 2007-11-02 10:18
.
--- E O F ---
Czekam na wasze nowe pomysły jak temu zaradzić :>
