dzis odpalam komputer i antywirus nod 32 zaczal wariowac zrobilem skan panda on line i wykrylo mi
- Kod: Zaznacz wszystko
00282813 W32/Perlovga.A.worm Virus/Worm No 0 Yes No C:\COPY.EXE
00282813 W32/Perlovga.A.worm Virus/Worm No 0 Yes No F:\copy.exe
00282813 W32/Perlovga.A.worm Virus/Worm No 0 Yes No D:\COPY.EXE
00291864 Trj/Dropper.UN Virus/Trojan No 1 Yes No C:\HOST.EXE
00291864 Trj/Dropper.UN Virus/Trojan No 1 Yes No F:\host.exe
00291864 Trj/Dropper.UN Virus/Trojan No 1 Yes No D:\HOST.EXE
a tych plikow COPY.EXE I INNYCH EXE nie widze nie mam
o to logi!!
- Kod: Zaznacz wszystko
ComboFix 08-09-19.10 - doemk 2008-09-20 17:02:17.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1562 [GMT 2:00]
Uruchomiony z: F:\Documents and Settings\doemk\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\copy.exe
D:\copy.exe
F:\copy.exe
F:\Documents and Settings\doemk\Ustawienia lokalne\Temporary Internet Files\firmware.inf
F:\Documents and Settings\doemk\Ustawienia lokalne\Temporary Internet Files\ip3picfile.temp
F:\Documents and Settings\doemk\Ustawienia lokalne\Temporary Internet Files\ip3Wmapic.temp
F:\WINDOWS\autorun.inf
F:\WINDOWS\system32\temp1.exe
F:\WINDOWS\system32\temp2.exe
F:\WINDOWS\xcopy.exe
G:\copy.exe
H:\copy.exe
I:\copy.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-20 do 2008-09-20 )))))))))))))))))))))))))))))))
.
2008-09-20 14:08 . 2008-09-20 14:08 <DIR> d-------- F:\Program Files\Panda Security
2008-09-20 14:08 . 2008-06-19 17:24 28,544 --a------ F:\WINDOWS\system32\drivers\pavboot.sys
2008-09-19 15:04 . 2008-09-19 15:04 <DIR> d-------- F:\Program Files\Analog Devices
2008-09-19 15:04 . 2001-09-11 14:20 1,285,632 --------- F:\WINDOWS\system32\SMMedia.dll
2008-09-19 15:04 . 2005-05-04 08:20 53,248 --------- F:\WINDOWS\system32\wdmioctl.dll
2008-09-19 15:04 . 2006-07-10 14:42 49,152 --------- F:\WINDOWS\system32\DSndUp.exe
2008-09-19 15:04 . 2002-04-17 14:05 45,056 --------- F:\WINDOWS\system32\CleanUp.exe
2008-09-19 15:02 . 2007-01-16 09:09 293,888 --a------ F:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-09-19 15:02 . 2006-12-08 17:06 139,776 --a------ F:\WINDOWS\system32\drivers\adidts.sys
2008-09-19 15:02 . 2006-08-07 06:57 93,952 --a------ F:\WINDOWS\system32\drivers\aeaudio.sys
2008-09-11 23:22 . 2008-09-11 23:24 <DIR> d-------- F:\WINDOWS\NV7203452.TMP
2008-09-10 22:26 . 2007-11-27 04:30 782,336 -ra------ F:\WINDOWS\system32\tmpAEE.tmp
2008-09-10 21:25 . 2008-09-10 21:25 <DIR> d-a------ F:\MediaCenterAudio
2008-09-10 21:25 . 2008-01-14 16:46 1,867,840 --a------ F:\WINDOWS\system32\drivers\cmudaxp.sys
2008-09-10 21:25 . 2004-04-14 11:28 315,392 --a------ F:\WINDOWS\system\CmiFltr.dll
2008-09-10 21:25 . 2007-04-19 15:12 32,768 --a------ F:\WINDOWS\system32\cmudaxp.dll
2008-09-10 21:25 . 2007-12-19 18:51 582 --a------ F:\WINDOWS\cmudaxp.ini
2008-09-10 21:21 . 2008-04-28 15:53 805,400 -ra------ F:\WINDOWS\system32\tmp8B8.tmp
2008-09-10 21:21 . 2007-11-27 04:30 782,336 -ra------ F:\WINDOWS\system32\tmp8B9.tmp
2008-09-10 21:20 . 2007-11-27 04:30 782,336 -ra------ F:\WINDOWS\system32\tmp8B7.tmp
2008-09-10 21:20 . 2007-11-27 04:30 782,336 -ra------ F:\WINDOWS\system32\tmp8B6.tmp
2008-09-10 21:20 . 2007-11-27 04:30 782,336 -ra------ F:\WINDOWS\system32\tmp8B5.tmp
2008-09-09 21:52 . 2008-09-09 21:52 <DIR> dr-h----- F:\Documents and Settings\doemk\Dane aplikacji\SecuROM
2008-09-07 23:14 . 2007-11-27 04:30 782,336 -ra------ F:\WINDOWS\system32\tmp4B0.tmp
2008-09-07 22:51 . 2008-09-07 22:53 1,355 --a------ F:\WINDOWS\imsins.BAK
2008-09-07 15:22 . 2007-11-27 04:30 782,336 -ra------ F:\WINDOWS\system32\tmp10C6.tmp
2008-09-07 15:22 . 2007-11-27 04:30 782,336 -ra------ F:\WINDOWS\system32\tmp10C5.tmp
2008-09-02 13:29 . 2008-09-02 13:29 <DIR> d-------- F:\Documents and Settings\doemk\Dane aplikacji\ASUS
2008-09-02 13:29 . 2007-11-27 04:30 782,336 -ra------ F:\WINDOWS\system32\tmp7.tmp
2008-09-02 13:29 . 2007-11-27 04:30 782,336 -ra------ F:\WINDOWS\system32\tmp6.tmp
2008-09-02 13:29 . 2001-11-23 06:08 712,704 -ra------ F:\WINDOWS\system32\OLD2D.tmp
2008-09-02 13:29 . 2007-12-20 11:25 192,512 --a------ F:\WINDOWS\system\CmGxSrv2.dll
2008-09-02 13:29 . 2007-12-20 11:25 192,512 --a------ F:\WINDOWS\system\CMGxSrv.dll
2008-09-02 13:29 . 2001-10-26 17:29 98,304 --a--c--- F:\WINDOWS\system32\dllcache\a3d.dll
2008-09-02 13:29 . 2001-10-26 17:29 98,304 --a------ F:\WINDOWS\system32\a3d.dll
2008-09-02 13:29 . 2007-04-12 18:35 40,358 --a------ F:\WINDOWS\Xonar DX Audio.ico
2008-09-02 13:29 . 2007-12-19 04:41 20,480 -ra------ F:\WINDOWS\system\CMGxMon.exe
2008-09-02 13:28 . 2008-09-10 21:26 <DIR> d-------- F:\Program Files\ASUS Xonar DX Audio
2008-08-31 21:13 . 2008-09-03 23:33 <DIR> d-------- F:\Program Files\sXe Injected
2008-08-30 19:24 . 2008-08-30 19:26 <DIR> d-------- F:\WINDOWS\NV11241844.TMP
2008-08-30 19:24 . 2008-05-19 18:16 186,407 --a------ F:\WINDOWS\system32\nvapps.nvb
2008-08-29 18:33 . 2008-08-29 18:33 <DIR> d-------- F:\Program Files\MGrenda
2008-08-28 23:00 . 2008-08-28 23:00 <DIR> d-------- F:\Program Files\Real Alternative
2008-08-28 19:21 . 2008-08-28 19:21 <DIR> d-------- F:\Program Files\AC3Filter
2008-08-28 19:21 . 2004-05-25 17:06 417,792 --a------ F:\WINDOWS\system32\ac3filter.cpl
2008-08-24 11:53 . 2008-08-24 11:53 <DIR> d-------- F:\Documents and Settings\doemk\Save
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 15:02 --------- d-----w F:\Program Files\Gadu-Gadu
2008-09-20 12:05 --------- d-----w F:\Program Files\FlashGet
2008-09-19 14:52 --------- d-----w F:\Documents and Settings\doemk\Dane aplikacji\MyPhoneExplorer
2008-09-16 13:27 --------- d-----w F:\Program Files\NAPI-PROJEKT
2008-09-16 13:27 --------- d-----w F:\Documents and Settings\doemk\Dane aplikacji\uTorrent
2008-09-14 14:07 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-09-14 13:24 107,832 ----a-w F:\WINDOWS\system32\PnkBstrB.exe
2008-09-11 17:55 --------- d---a-w F:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-09-10 20:26 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-09-10 19:24 --------- d-----w F:\Program Files\ASUS
2008-09-09 19:44 --------- d-----w F:\Program Files\Common Files\Wise Installation Wizard
2008-09-09 19:43 --------- d-----w F:\Program Files\AGEIA Technologies
2008-09-07 14:52 --------- d-----w F:\Documents and Settings\doemk\Dane aplikacji\skypePM
2008-09-02 11:29 --------- d-----w F:\Program Files\OpenAL
2008-08-29 15:16 --------- d-----w F:\Program Files\Common Files\BinarySense
2008-08-17 18:38 --------- d-----w F:\Program Files\Winamp
2008-08-17 17:57 --------- d-----w F:\Program Files\RegCleaner
2008-08-17 17:47 --------- d-----w F:\Program Files\DivX
2008-08-15 12:38 --------- d-----w F:\Program Files\iriver
2008-08-12 15:31 21,840 ----atw F:\WINDOWS\system32\SIntfNT.dll
2008-08-12 15:31 17,212 ----atw F:\WINDOWS\system32\SIntf32.dll
2008-08-12 15:31 12,067 ----atw F:\WINDOWS\system32\SIntf16.dll
2008-08-12 15:24 2,829 ----a-w F:\WINDOWS\DIIUnin.pif
2008-08-12 15:24 106,496 ----a-w F:\WINDOWS\DIIUnin.exe
2008-08-12 11:59 --------- d-----w F:\Program Files\Canon
2008-08-11 14:09 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\Codemasters
2008-08-10 10:15 --------- d-----w F:\Program Files\Common Files\Logitech
2008-08-10 10:15 --------- d-----w F:\Program Files\Common Files\Logishrd
2008-08-06 17:57 --------- d-----w F:\Program Files\Ahead
2008-08-06 17:54 --------- d-----w F:\Program Files\Common Files\Ahead
2008-08-06 17:46 --------- d-----w F:\Program Files\Common Files\Nero
2008-08-06 17:46 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-08-06 17:41 --------- d-----w F:\Program Files\Elaborate Bytes
2008-08-06 17:40 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\Elaborate Bytes
2008-08-06 14:11 --------- d-----w F:\Program Files\Alcohol Soft
2008-07-30 13:59 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-07-24 15:36 --------- d-----w F:\Program Files\The All-Seeing Eye
2008-07-24 15:25 --------- d-----w F:\Program Files\SkanerOnline
2008-07-22 13:53 --------- d-----w F:\Program Files\Common Files\Adobe
2008-07-22 13:53 --------- d-----w F:\Program Files\Bonjour
2008-07-22 13:48 --------- d-----w F:\Program Files\Common Files\Macrovision Shared
2008-07-22 10:49 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-07-20 13:17 --------- d-----w F:\Documents and Settings\doemk\Dane aplikacji\Publish Providers
2008-07-20 13:16 --------- d-----w F:\Documents and Settings\doemk\Dane aplikacji\Sony
2008-07-20 13:15 --------- d-----w F:\Program Files\Microsoft SQL Server
2008-07-20 13:15 --------- d-----w F:\Documents and Settings\All Users\Dane aplikacji\Sony
2008-07-20 13:14 --------- d-----w F:\Program Files\Vstplugins
2008-07-20 13:14 --------- d-----w F:\Program Files\Sony
2008-07-20 13:09 --------- d-----w F:\Program Files\Sony Setup
2008-07-20 13:09 --------- d-----w F:\Documents and Settings\doemk\Dane aplikacji\Sony Setup
2008-07-19 16:14 107,888 ----a-w F:\WINDOWS\system32\CmdLineExt.dll
2008-07-05 22:28 737,280 ----a-w F:\WINDOWS\iun6002.exe
2008-06-27 14:07 127,034 ------r F:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-05-05 15:57 22,328 ----a-w F:\Documents and Settings\doemk\Dane aplikacji\PnkBstrK.sys
.
------- Sigcheck -------
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c F:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e F:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"egui"="F:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-02-20 1443072]
"GrooveMonitor"="F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"LVCOMSX"="F:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 221184]
"LogitechVideoRepair"="F:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechVideoTray"="F:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 217088]
"NeroFilterCheck"="F:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Cmaudio8788GX"="F:\WINDOWS\system\CMGxMon.exe" [2007-12-19 20480]
"NvMediaCenter"="F:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"SoundMAXPnP"="F:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"nwiz"="nwiz.exe" [2008-05-16 F:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 F:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 F:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="F:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Logitech Desktop Messenger.lnk - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-27 67128]
Logitech SetPoint.lnk - F:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-10 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 f:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=F:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=F:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech SetPoint.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk
backup=F:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programy^Autostart^LUMIX Simple Viewer.lnk]
path=F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\LUMIX Simple Viewer.lnk
backup=F:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup
[HKLM\~\startupfolder\F:^Documents and Settings^doemk^Menu Start^Programy^Autostart^HDDlife.lnk]
path=F:\Documents and Settings\doemk\Menu Start\Programy\Autostart\HDDlife.lnk
backup=F:\WINDOWS\pss\HDDlife.lnkStartup
[HKLM\~\startupfolder\F:^Documents and Settings^doemk^Menu Start^Programy^Autostart^YouTube Uploader.lnk]
path=F:\Documents and Settings\doemk\Menu Start\Programy\Autostart\YouTube Uploader.lnk
backup=F:\WINDOWS\pss\YouTube Uploader.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-06-10 12:25 51184 F:\Documents and Settings\doemk\Ustawienia lokalne\Dane aplikacji\Google\Update\1.1.25.0\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 F:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 18:17 159744 F:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-02 20:16 1271032 g:\steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-02-12 17:22 397312 F:\Program Files\WinFast\WFDTV\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-02-12 19:16 69632 F:\Program Files\WinFast\WFDTV\DTVSchdl.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\FlashGet\\flashget.exe"=
"F:\\Program Files\\uTorrent\\uTorrent.exe"=
"G:\\PES2008\\PES2008.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 mv61xx;mv61xx;F:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-06-15 143256]
R0 nvgts;nvgts;F:\WINDOWS\system32\DRIVERS\nvgts.sys [2007-08-09 102400]
R0 pavboot;pavboot;F:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);F:\WINDOWS\system32\Drivers\e4ldr.sys [ ]
S2 NOD32FiXTemDono;Eset Nod32 Boot;F:\WINDOWS\system32\regedt32.exe [2001-10-26 3584]
S3 cmudaxp;ASUS Xonar DX Audio Interface;F:\WINDOWS\system32\drivers\cmudaxp.sys [2008-01-14 1867840]
S3 e4usbaw;USB ADSL2 WAN Adapter;F:\WINDOWS\system32\DRIVERS\e4usbaw.sys [ ]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;F:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt [2007-12-14 22640]
S3 WFIOCTL;WFIOCTL;F:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
*Newly Created Service* - PAVBOOT
.
Zawartość folderu 'Zaplanowane zadania'
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NodLogin - F:\Program Files\ESET\ESET Smart Security\nodlogin.exe
HKLM-Run-Cmaudio8788 - cmicnfgp.cpl
MSConfigStartUp-NBKeyScan - F:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-NodLogin - F:\Program Files\ESET\ESET Smart Security\nodlogin.exe
MSConfigStartUp-WinampAgent - F:\Program Files\Winamp\winampa.exe
.
------- Skan uzupełniający -------
.
FireFox -: Profile - F:\Documents and Settings\doemk\Dane aplikacji\Mozilla\Firefox\Profiles\vbugcpy3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.interia.pl/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 17:04:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\F:\Program Files\Lavalys\EVEREST Corporate + Ultimate Edition\kerneld.wnt"
.
Czas ukończenia: 2008-09-20 17:05:18
ComboFix-quarantined-files.txt 2008-09-20 15:04:56
Przed: 2˙624˙319˙488 bajt˘w wolnych
Po: 3,642,408,960 bajt˘w wolnych
248
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 17:08:10, on 2008-09-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\ESET\ESET Smart Security\ekrn.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\notepad.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Documents and Settings\doemk\Pulpit\Nowy folder\instalacja\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cmaudio8788GX] F:\WINDOWS\system\CMGxMon.exe Envoke
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] F:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przez IDM - F:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - F:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206390783171
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: LBTWlgn - f:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - F:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
prosze o pomoc
