proszę o sprawdzenie co może nie grać....ComboFix
- Kod: Zaznacz wszystko
ComboFix 09-03-19.02 - Bartek 2009-03-21 18:01:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1529 [GMT 1:00]
Uruchomiony z: d:\rapid\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
((((((((((((((((((((((((( Pliki utworzone od 2009-02-21 do 2009-03-21 )))))))))))))))))))))))))))))))
.
2009-03-21 13:48 . 2009-03-21 13:48 1,653,680 --a------ C:\maciek.wmv
2009-03-20 22:31 . 2009-03-20 22:31 <DIR> d-------- c:\program files\PE Explorer
2009-03-20 22:31 . 2009-03-20 22:31 <DIR> d-------- c:\documents and settings\Bartek\Dane aplikacji\PE Explorer
2009-03-18 19:25 . 2009-03-18 19:25 33,824 --a------ c:\windows\system32\drivers\oreans32.sys
2009-03-18 19:21 . 2009-03-21 12:35 <DIR> d-------- c:\program files\sXe Injected
2009-03-17 20:13 . 2009-03-17 20:13 <DIR> d-------- c:\program files\Apple Software Update
2009-03-14 19:11 . 2009-03-17 19:48 <DIR> d-------- C:\Downloads
2009-03-09 22:31 . 2009-03-09 22:31 <DIR> d-------- c:\program files\Free Download Manager
2009-03-09 22:31 . 2009-03-21 18:02 <DIR> d-------- c:\documents and settings\Bartek\Dane aplikacji\Free Download Manager
2009-03-09 22:31 . 2009-03-09 22:31 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\FreeDownloadManager.ORG
2009-03-07 17:26 . 2009-03-07 17:26 <DIR> d-------- c:\windows\speech
2009-03-07 17:26 . 2009-03-07 17:26 <DIR> d-------- c:\program files\ivo
2009-02-27 19:49 . 2009-02-27 19:51 <DIR> d-------- c:\program files\SopCast
2009-02-22 01:34 . 2009-02-22 01:34 <DIR> d--h----- c:\windows\PIF
2009-02-21 16:17 . 2009-02-21 16:17 <DIR> d-------- c:\program files\Robster Productions
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 16:07 --------- d-----w c:\documents and settings\Bartek\Dane aplikacji\Skype
2009-03-21 16:04 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-21 15:06 --------- d-----w c:\documents and settings\Bartek\Dane aplikacji\skypePM
2009-03-21 12:41 --------- d-----w c:\documents and settings\Bartek\Dane aplikacji\Audacity
2009-03-18 16:27 --------- d-----w c:\documents and settings\Bartek\Dane aplikacji\Apple Computer
2009-03-17 19:12 --------- d-----w c:\program files\QuickTime Alternative
2009-03-17 19:12 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-03-12 20:27 --------- d-----w c:\program files\Lx_cats
2009-03-08 11:48 --------- d-----w c:\program files\AV Vcs 6.0 DIAMOND
2009-03-07 22:37 --------- d-----w c:\documents and settings\Bartek\Dane aplikacji\Tibia
2009-02-18 19:37 --------- d-----w c:\program files\eRightSoft
2009-02-18 19:37 --------- d-----w c:\program files\AviSynth 2.5
2009-02-18 19:32 --------- d-----w c:\program files\HooTech
2009-02-18 19:13 --------- d-----w c:\program files\Free FLV to AVI Converter
2009-02-16 15:55 --------- d-----w c:\program files\Bonjour
2009-02-15 14:24 --------- d-----w c:\program files\Skype
2009-02-12 21:55 --------- d-----w c:\program files\Image-Line
2009-02-12 21:54 --------- d-----w c:\program files\Common Files\Apple
2009-02-07 09:02 --------- d-----w c:\program files\Fifa Master
2009-02-04 18:08 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Apple
2009-02-02 16:19 --------- d-----w c:\documents and settings\Bartek\Dane aplikacji\Hamachi
2009-02-01 21:12 --------- d-----w c:\documents and settings\Bartek\Dane aplikacji\teamspeak2
2009-01-29 14:55 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-29 10:44 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-24 09:05 --------- d-----w c:\program files\Common Files\Adobe
2009-01-23 19:29 --------- d-----w c:\program files\123 Flash Menu
2009-01-22 13:49 --------- d-----w c:\program files\Windows Media Bonus Pack for Windows XP
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-03-25 57344]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 65536]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-08-03 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"d:\\Program Files\\Valve\\Steam\\SteamApps\\pytoo\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\Bartek\\temp\\TeamViewer3\\TeamViewer.exe"=
"d:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Program Files\\Tibia840\\Tibia.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"d:\\Counter-Strike 1.6 Patch Version 26\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2008-11-22 149376]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-11-21 36864]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-12-30 23152]
.
Zawartość folderu 'Zaplanowane zadania'
2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyOverride = *.local
IE: Pobierz plik wideo we Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Pobierz w Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Pobierz wszystkie pliki w Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Pobierz zaznaczone w Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
FF - ProfilePath - c:\documents and settings\Bartek\Dane aplikacji\Mozilla\Firefox\Profiles\m6g8n59w.default\
FF - prefs.js: browser.startup.homepage - wp.pl
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 18:04:12
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\rundll32.exe
c:\program files\Lexmark 5200 Series\lxbtbmon.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-21 18:06:52 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-03-21 17:06:50
Przed: 6 288 666 624 bajtów wolnych
Po: 8,222,863,360 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
174 --- E O F --- 2009-01-14 21:20:22
HjackThis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:09, on 2009-03-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [RemoveWGA] D:\rapid\RemoveWGA.exe -startup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5428 bytes
