przez wertyk 07 Lis 2007, 19:27
Czym to moze byc spowodowane? wiem ze services.exe to normalny proces ale wczesniej nie bylo takich problemow. sprawdzilem i plik ten jest chyba na swoim miejscu bo w katalogu windows\system32 no i drugi taki w windows\system32\dllcache. Innych nie znalazlem, ktore moglyby byc wirusami. przez Precel 07 Lis 2007, 19:30
przez wertyk 07 Lis 2007, 20:25
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:23:15, on 2007-11-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Gry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
D:\Instalki\Everest 2006\EVEREST.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Instalki\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sport.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [EVEREST AutoStart] D:\Instalki\Everest 2006\EVEREST.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B02FE79C-A27C-4D54-A4B1-A5DE7C43AC6D}: NameServer = 192.168.1.1,194.204.159.1
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Gry\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
--
End of file - 5014 bytes
przez wojtas 07 Lis 2007, 21:24
przez wertyk 07 Lis 2007, 22:19
SDFix: Version 1.114
Run by maciek on 2007-11-07 at 20:52
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 20:58:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:31,9f,f2,b1,a2,f6,1f,9f,ec,a4,34,98,46,15,99,ab,3f,b6,bf,5a,44,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:dc,4d,6c,ef,cd,a5,4b,d0,08,40,b2,69,ee,5c,0a,c7,af,4f,5e,d1,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e3,eb,0d,03,28,55,2c,ec,1f,61,a8,1d,15,77,4e,ae,45,..
"khjeh"=hex:01,1a,47,48,77,8f,b3,02,5e,fe,d4,71,e2,6b,79,d5,de,ed,29,4a,83,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:da,f2,52,51,a2,94,cf,39,77,4b,7d,3f,0f,b0,d2,e0,32,e4,d0,4f,8b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:31,9f,f2,b1,a2,f6,1f,9f,ec,a4,34,98,46,15,99,ab,3f,b6,bf,5a,44,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:dc,4d,6c,ef,cd,a5,4b,d0,08,40,b2,69,ee,5c,0a,c7,af,4f,5e,d1,43,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e3,eb,0d,03,28,55,2c,ec,1f,61,a8,1d,15,77,4e,ae,45,..
"khjeh"=hex:01,1a,47,48,77,8f,b3,02,5e,fe,d4,71,e2,6b,79,d5,de,ed,29,4a,83,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:da,f2,52,51,a2,94,cf,39,77,4b,7d,3f,0f,b0,d2,e0,32,e4,d0,4f,8b,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Gry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="D:\\Gry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Finished!
ComboFix 07-11-06.4 - maciek 2007-11-07 21:13:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.234 [GMT 1:00]
Running from: C:\Documents and Settings\maciek\Pulpit\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
.
2007-11-07 20:52 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-07 20:48 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-11-06 23:21 <DIR> dr-h----- C:\Documents and Settings\maciek\Dane aplikacji\SecuROM
2007-11-06 23:21 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-06 22:40 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-06 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-11-06 22:00 <DIR> d-------- C:\Program Files\RegCleaner
2007-11-06 21:51 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-11-06 21:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 21:11 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-06 21:11 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-11-06 21:11 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-06 21:11 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-11-04 19:17 307,200 --a------ C:\WINDOWS\system32\LEXBCES.EXE
2007-11-04 19:17 201,216 --a------ C:\WINDOWS\system32\LEXP2P32.DLL
2007-11-04 19:17 200,192 --a------ C:\WINDOWS\system32\LEXLMPM.DLL
2007-11-04 19:17 197,120 --a------ C:\WINDOWS\system32\LEX2KUSB.DLL
2007-11-04 19:17 174,592 --a------ C:\WINDOWS\system32\LEXPPS.EXE
2007-11-04 19:17 147,456 --a------ C:\WINDOWS\system32\LEXBCE.DLL
2007-11-04 19:16 <DIR> d-------- C:\Lxk700
2007-11-04 19:16 <DIR> d-------- C:\Documents and Settings\maciek\WINDOWS
2007-11-04 13:15 <DIR> d-------- C:\Program Files\ZodiacEdit
2007-11-03 22:25 <DIR> d-------- C:\Documents and Settings\maciek\Dane aplikacji\ArcaBit
2007-11-03 19:20 <DIR> d-------- C:\WINDOWS\pss
2007-10-30 10:34 <DIR> d--h----- C:\Documents and Settings\jan\Ustawienia lokalne
2007-10-30 10:34 <DIR> dr------- C:\Documents and Settings\jan\Ulubione
2007-10-30 10:34 <DIR> d--h----- C:\Documents and Settings\jan\Szablony
2007-10-30 10:34 <DIR> d-------- C:\Documents and Settings\jan\Pulpit
2007-10-30 10:34 <DIR> dr------- C:\Documents and Settings\jan\Moje dokumenty
2007-10-30 10:34 <DIR> dr------- C:\Documents and Settings\jan\Menu Start
2007-10-30 10:34 <DIR> dr-h----- C:\Documents and Settings\jan\Dane aplikacji
2007-10-25 20:21 <DIR> d-------- C:\Program Files\Firebird
2007-10-24 19:27 <DIR> d-------- C:\Program Files\NAPI-PROJEKT
2007-10-20 16:02 <DIR> d-------- C:\Documents and Settings\maciek\Dane aplikacji\Sports Interactive
2007-10-20 15:59 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-10-20 15:58 <DIR> d--h----- C:\Documents and Settings\maciek\InstallAnywhere
2007-10-15 12:15 <DIR> d-------- C:\Program Files\Flv Audio Extractor
2007-10-15 11:35 <DIR> d-------- C:\Program Files\Sothink Web Video Downloader
2007-10-15 11:35 <DIR> d-------- C:\Program Files\Sothink FLV Player
2007-10-15 11:26 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-13 10:39 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll
2007-10-12 18:32 <DIR> d-------- C:\WINDOWS\Sun
2007-10-12 11:13 16 --a------ C:\WINDOWS\popcinfo.dat
2007-10-11 13:10 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-11 13:10 487,424 --a------ C:\WINDOWS\system32\Msvcp70.dll
2007-10-11 13:10 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-10-11 13:10 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2007-10-11 13:10 265,785 --a------ C:\WINDOWS\system32\pixomatic.dll
2007-10-11 13:10 188,416 --a------ C:\WINDOWS\system32\eax.dll
2007-10-11 13:10 161,280 --a------ C:\WINDOWS\system32\fmod.dll
2007-10-11 13:10 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2007-10-11 13:10 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2007-10-09 11:49 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-10-09 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems
2007-10-09 11:48 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-09 10:15 <DIR> d-------- C:\Program Files\Real Alternative
2007-10-08 13:25 <DIR> d-------- C:\Documents and Settings\maciek\Dane aplikacji\Lavasoft
2007-10-08 12:47 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-07 16:58 <DIR> d-------- C:\Program Files\WM Recorder 10.2
2007-10-07 16:58 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-10-07 16:50 <DIR> d-------- C:\Program Files\WMR11
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 20:12 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-11-06 15:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-04 14:37 --------- d-----w C:\Program Files\ArcaMicroScan
2007-11-03 20:52 --------- d-----w C:\Program Files\a2 free
2007-11-03 20:49 --------- d-----w C:\Program Files\Ad-Aware SE Personal
2007-10-16 12:19 --------- d-----w C:\Program Files\Winamp
2007-10-06 13:13 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
2007-10-03 13:10 --------- d-----w C:\Program Files\Java
2007-10-03 13:07 --------- d-----w C:\Program Files\Common Files\Java
2007-10-03 09:05 --------- d-----w C:\Program Files\Alcohol Soft
2007-10-03 09:03 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-01 12:28 --------- d-----w C:\Program Files\3DMark2001 SE
2007-10-01 12:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-01 12:13 --------- d-----w C:\Program Files\3DMark03
2007-09-28 09:54 --------- d-----w C:\Program Files\RivaTuner v2.04
2007-09-26 13:02 --------- d-----w C:\Program Files\DAP
2007-09-26 12:53 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-09-21 19:31 --------- d-----w C:\Documents and Settings\maciek\Dane aplikacji\Media Player Classic
2007-09-21 19:30 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-09-21 08:42 --------- d-----w C:\Program Files\MaxCrypt2
2007-09-17 18:25 --------- d-----w C:\Documents and Settings\maciek\Dane aplikacji\Ahead
2007-09-17 16:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2007-09-17 16:52 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-17 16:51 --------- d-----w C:\Program Files\Nero
2007-09-17 16:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2007-09-17 16:35 --------- d-----w C:\Program Files\Microsoft.NET
2007-09-17 16:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA
2007-09-17 16:23 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-09-17 16:16 --------- d-----w C:\Documents and Settings\maciek\Dane aplikacji\Gadu-Gadu
2007-09-17 16:15 --------- d-----w C:\Program Files\DAEMON Tools
2007-09-17 15:52 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-09-17 15:52 274,432 ----a-w C:\WINDOWS\system32\imon.dll
2007-09-17 15:43 --------- d-----w C:\Program Files\Gadu-Gadu
2007-09-17 15:38 --------- d-----w C:\Program Files\EVEREST Ultimate Edition
2007-09-17 15:19 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-09-17 15:19 --------- d-----w C:\Program Files\Realtek AC97
2007-09-17 15:19 --------- d-----w C:\Program Files\AvRack
2007-09-17 15:06 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-17 15:05 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 C:\WINDOWS\SOUNDMAN.EXE]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-11-15 10:48]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-09-26 13:53]
"nwiz"="nwiz.exe" [2006-10-22 05:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 05:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 05:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39]
"EVEREST AutoStart"="D:\Instalki\Everest 2006\EVEREST.exe" [2006-10-28 22:11]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GN Ukrywacz]
"C:\Documents and Settings\maciek\Pulpit\GN Ukrywacz\GN Ukrywacz" /auto
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
R3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\D:\Instalki\Everest 2006\kerneld.wnt
*Newly Created Service* - EVERESTDRIVER
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 21:16:10
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-07 21:17:53
C:\ComboFix2.txt ... 2007-11-06 21:28
.
--- E O F ---
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 7 gości
