
Log z Hijackthis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:11, on 2008-10-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Pogoda\pogoda.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [tray] C:\Program Files\Pogoda\pogoda.exe /tray
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: rqrjarri - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VundoFix Service (vundofixsvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
--
End of file - 5776 bytes
Log Combofix
- Kod: Zaznacz wszystko
ComboFix 08-10-04.07 - Yvald 2008-10-05 17:09:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.276 [GMT 2:00]
Uruchomiony z: D:\Downloads\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Yvald\Dane aplikacji\Adobe\crc.dat
C:\Documents and Settings\Yvald\Dane aplikacji\Adobe\Player.exe
C:\WINDOWS\system32\bIkllnmp.ini
C:\WINDOWS\system32\bIkllnmp.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pmnllkIb.dll
C:\WINDOWS\system32\rqRJArRi.dll
C:\WINDOWS\system32\winvwm32.dll
----- BITS: Możliwe zainfekowane strony -----
hxxp://78.157.143.198
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_restore
-------\Service_restore
((((((((((((((((((((((((( Pliki utworzone od 2008-09-05 do 2008-10-05 )))))))))))))))))))))))))))))))
.
2008-10-05 15:47 . 2008-10-05 15:47 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-10-05 14:24 . 2008-10-05 15:47 <DIR> d-------- C:\VundoFix Backups
2008-10-05 12:14 . 2007-09-22 12:53 <DIR> dr-h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-10-05 12:14 . 2007-09-22 12:53 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-10-05 12:14 . 2007-09-22 11:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-10-05 12:14 . 2007-09-22 12:53 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-10-05 12:14 . 2007-09-22 12:53 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-10-05 12:14 . 2007-09-22 12:53 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-10-05 12:14 . 2007-09-22 12:53 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-10-05 12:14 . 2008-10-05 12:14 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-05 00:49 . 2008-10-05 00:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-05 00:31 . 2008-10-05 00:31 32,256 --a------ C:\WINDOWS\system32\drivers\ati5psxx.sys
2008-10-05 00:28 . 2008-10-05 17:20 96,726 --a------ C:\WINDOWS\system32\drivers\474a7081.sys
2008-10-05 00:28 . 2008-10-05 00:28 32,256 --a------ C:\WINDOWS\system32\drivers\ati8xaxx.sys
2008-10-05 00:28 . 2008-10-05 00:31 5,760 --a------ C:\WINDOWS\system32\drivers\restore.sys
2008-10-05 00:28 . 2008-10-05 00:28 2 --a------ C:\1957356757
2008-10-04 16:47 . 2008-10-05 00:38 <DIR> d-------- C:\Program Files\ElcomSoft
2008-10-04 16:43 . 2008-10-04 16:43 <DIR> d-------- C:\Program Files\Datahjaelp
2008-10-04 10:49 . 2006-11-30 14:58 97,088 -ra------ C:\WINDOWS\system32\drivers\se44mdm.sys
2008-10-04 10:49 . 2006-11-30 14:58 90,800 -ra------ C:\WINDOWS\system32\drivers\se44unic.sys
2008-10-04 10:49 . 2006-11-30 14:58 88,624 -ra------ C:\WINDOWS\system32\drivers\se44mgmt.sys
2008-10-04 10:49 . 2006-11-30 14:58 86,432 -ra------ C:\WINDOWS\system32\drivers\se44obex.sys
2008-10-04 10:49 . 2006-11-30 14:58 18,704 -ra------ C:\WINDOWS\system32\drivers\se44nd5.sys
2008-10-04 10:49 . 2006-11-30 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\se44mdfl.sys
2008-10-04 10:49 . 2006-11-30 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cmnt.sys
2008-10-04 10:49 . 2006-11-30 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cm.sys
2008-10-04 10:49 . 2006-11-30 14:58 4,128 -ra------ C:\WINDOWS\system32\drivers\se44cr.sys
2008-10-04 10:47 . 2006-11-30 14:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se44bus.sys
2008-10-04 10:47 . 2006-11-30 14:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se44whnt.sys
2008-10-04 10:47 . 2006-11-30 14:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se44wh.sys
2008-10-04 10:45 . 2008-10-04 10:50 <DIR> d-------- C:\Documents and Settings\Yvald\Dane aplikacji\Teleca
2008-10-04 10:43 . 2008-10-04 10:43 <DIR> d-------- C:\Documents and Settings\Yvald\Dane aplikacji\Sony Ericsson
2008-10-04 10:37 . 2008-10-04 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2008-10-04 10:36 . 2008-10-04 10:36 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-10-04 10:36 . 2008-10-04 10:37 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-10-04 10:36 . 2008-10-04 10:37 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-10-04 10:36 . 2008-10-04 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Teleca
2008-09-27 11:49 . 2005-07-20 12:48 59,904 --a------ C:\WINDOWS\system32\zlib.dll
2008-09-25 20:53 . 2008-09-27 09:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\NOS
2008-09-22 00:59 . 2008-09-27 12:33 197,674 --a------ C:\Zrzut ekranu-1.jpg
2008-09-18 20:25 . 2008-09-18 20:25 266,087 --a------ C:\VT Tomek.pdf
2008-09-18 02:41 . 2008-09-18 02:41 42,320 --a--c--- C:\WINDOWS\system32\xfcodec.dll
2008-09-12 15:45 . 2008-09-12 15:45 <DIR> d-------- C:\Documents and Settings\Yvald\Dane aplikacji\Soldat
2008-09-07 00:42 . 2008-09-07 03:05 <DIR> d-------- C:\Documents and Settings\Yvald\Dane aplikacji\Teeworlds
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 11:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-05 10:25 --------- d-----w C:\Program Files\PeerGuardian2
2008-10-04 22:11 --------- d-----w C:\Program Files\Xfire
2008-10-04 13:49 --------- d-----w C:\Documents and Settings\Yvald\Dane aplikacji\Xfire
2008-10-04 13:06 --------- d-----w C:\Program Files\FlashGet
2008-10-04 12:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 09:14 --------- d-----w C:\Documents and Settings\Yvald\Dane aplikacji\XnView
2008-10-03 22:22 --------- d-----w C:\Program Files\eMule
2008-10-02 15:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-30 22:36 --------- d-----w C:\Documents and Settings\Yvald\Dane aplikacji\uTorrent
2008-09-27 11:42 --------- d-----w C:\Program Files\Ahead
2008-09-27 11:33 --------- d-----w C:\Documents and Settings\Yvald\Dane aplikacji\Samsung
2008-09-27 09:56 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-09-27 09:56 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-09-27 09:56 --------- d-----w C:\Program Files\DAMN NFO Viewer
2008-09-27 09:56 --------- d-----w C:\Program Files\7-Zip
2008-09-27 09:56 --------- d-----w C:\Documents and Settings\Yvald\Dane aplikacji\Azureus
2008-09-21 19:27 --------- d-----w C:\Documents and Settings\Yvald\Dane aplikacji\TransRender
2008-09-04 22:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-08-20 22:54 --------- d-----w C:\Documents and Settings\Yvald\Dane aplikacji\FRISK Software
2008-08-20 19:42 --------- d-----w C:\Documents and Settings\Yvald\Dane aplikacji\Nowe Gadu-Gadu
2008-08-20 19:37 --------- d-----w C:\Program Files\Nowe Gadu-Gadu
2008-08-20 19:07 --------- d-----w C:\Program Files\FRISK Software
2008-08-20 19:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FRISK Software
2008-08-19 15:15 --------- d-----w C:\Program Files\MultiRes
2008-08-19 15:14 472,576 ----a-w C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-08-19 15:14 --------- d-----w C:\Program Files\Radeon Omega Drivers
2008-08-06 15:20 --------- d-----w C:\Program Files\ScannerU
2008-08-03 11:05 103,736 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-06 15:51 37,240 -c--a-w C:\Documents and Settings\Yvald\Dane aplikacji\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2007-09-22 14:59 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-09-22 14:59 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Nowe Gadu-Gadu"="C:\Program Files\Nowe Gadu-Gadu\gg.exe" [2008-08-14 9929312]
"tray"="C:\Program Files\Pogoda\pogoda.exe" [2006-07-22 2364416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-04 1655552]
"F-PROT Antivirus Tray application"="C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe" [2008-04-21 1597832]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\WINDOWS\KHALMNPR.Exe]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Action Manager 32.lnk - C:\Program Files\ScannerU\AM32.exe [2007-11-17 57344]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-10 692224]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3mpxx.sys]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5psxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati8xaxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 FPAV_RTP;FPAV_RTP;C:\WINDOWS\system32\DRIVERS\FStopW.sys [2008-03-28 592224]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-26 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-26 24208]
R2 FPAVServer;F-PROT Antivirus for Windows system;C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2008-04-21 45960]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2004-11-03 267136]
S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys [ ]
S3 ati5psxx;ati5psxx;C:\WINDOWS\System32\drivers\ati5psxx.sys [2008-10-05 32256]
S3 ati8xaxx;ati8xaxx;C:\WINDOWS\System32\drivers\ati8xaxx.sys [2008-10-05 32256]
S3 AvanPad;Avenger driver;C:\WINDOWS\system32\drivers\hidavan.sys [2002-03-21 9344]
S3 dump_wmimmc;dump_wmimmc;D:\Mabinogi\GameGuard\dump_wmimmc.sys [ ]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [ ]
S3 GameportPad;Gameport driver;C:\WINDOWS\system32\drivers\hidmega.sys [2002-03-18 9344]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 40832]
S3 ptiusbf;PTI USB Filter;C:\WINDOWS\system32\DRIVERS\PTIUSBF.SYS [2001-04-14 22474]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys [ ]
S3 XDva168;XDva168;C:\WINDOWS\system32\XDva168.sys [ ]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
BHO-{1cf662bf-4afd-4778-8306-1f0eb8284ebb} - C:\WINDOWS\system32\rqRJArRi.dll
BHO-{82ef0300-cc9e-4fc8-b5f6-fa7126fe8a56} - C:\WINDOWS\system32\pmnllkIb.dll
ShellExecuteHooks-{1CF662BF-4AFD-4778-8306-1F0EB8284EBB} - C:\WINDOWS\system32\rqRJArRi.dll
Notify-rqrjarri - (no file)
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Yvald\Dane aplikacji\Mozilla\Firefox\Profiles\58pzp6ja.default\
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 17:17:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\474a7081]
"ImagePath"="\SystemRoot\System32\drivers\474a7081.sys"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-05 17:26:21 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-10-05 15:25:36
Przed: 888 041 472 bajtów wolnych
Po: 844,644,352 bajtów wolnych
241
Wcześniej Vundofix znalazł 3 pliki jednak przy próbie ich usunięcia, system wywiesił bluescreen'a z krytycznym błędem.
Będę wdzięczny za analizę tych logów i informację czy system został już ostatecznie oczyszczony.