błąd z aplikacją iexplore.exe - prosze o sprawdzenie

[beznazwowy]

dobry dzien wszystkim aktualnie jak i nie aktualnie przesiadującym na forum. dzis od okolo chyba 18 po odpaleniu przeglądarki wyskakuje mi ze wystąpił błąd z aplikacją iexplore.exe i zostanie ona zamknięta po czym przeglądarka sie zamyka, gdy chce otworzyc to to samo z tym błędem. przeskanowałem a-squared free i odpalilem tez program od rejestru i nic powaznego nie bylo, nizej podaje log z hijacka:

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 19:50:11, on 2008-05-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\WINDOWS\system32\svchost.exe
D:\Takie tam\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Takie tam\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Takie tam\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176114378140
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe

baaardzo prosze o sprawdzenie czy cos siedzi czy też nie, z gory dziękuje za poświęcenie chwilki na ten temat

[huber2t]

Log czysty

Pokaż log z Combofix

[beznazwowy]

i log z ComboFix wykonany, co dziwne odrazu po odpaleniu programu, wyskoczył mi nod z wirusem który znajduje sie w temp\Av-test.txt wirus - Eicar zbiót testowy. ale czy to napewno wirus???. nizej podaje wynik:

Kod: Zaznacz wszystko

ComboFix 08-05-15.2 - Lukasz 2008-05-16  8:46:00.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.251 [GMT 2:00]
Running from: C:\Documents and Settings\Lukasz\Pulpit\ComboFix.exe
 * Created a new restore point
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-16 to 2008-05-16  )))))))))))))))))))))))))))))))
.

2008-05-08 20:34 . 2008-05-08 20:34   502,208   --a------   C:\WINDOWS\system32\drivers\amon.sys
2008-05-08 20:34 . 2008-05-08 20:34   270,336   --a------   C:\WINDOWS\system32\imon.dll
2008-04-21 15:55 . 2008-04-23 12:44   <DIR>   d--------   C:\Program Files\AoA Audio Extractor
2008-04-21 15:33 . 2008-04-21 15:33   <DIR>   d--------   C:\Program Files\Smallvideosoft
2008-04-21 15:33 . 2007-03-01 04:18   4,762,112   --a------   C:\WINDOWS\system32\NCMedia.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 06:46   ---------   d-----w   C:\Program Files\ESET
2008-05-15 12:11   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-12 20:44   ---------   d-----w   C:\Program Files\a-squared Free
2008-04-27 14:21   ---------   d-----w   C:\Program Files\Winamp
2008-04-22 05:19   ---------   d-----w   C:\Program Files\Audacity
2008-04-13 15:24   ---------   d-----w   C:\Program Files\Ligos
2008-04-13 06:54   0   ----a-r   C:\logwmemory.bin
2008-04-12 17:21   ---------   d-----w   C:\Program Files\Diskeeper Corporation
2008-04-12 17:21   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
2008-04-09 20:36   ---------   d-----w   C:\Program Files\SkanerOnline
2008-03-29 08:36   ---------   d-----w   C:\Program Files\Project IGI
2008-03-29 08:32   ---------   d-----w   C:\Program Files\PowerISO
2008-03-25 08:05   ---------   d-----w   C:\Program Files\EsetOnlineScanner
2007-11-18 16:01   32   ----a-w   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-02-09 18:32   94,080   ----a-w   C:\Documents and Settings\Lukasz\Dane aplikacji\ezplay.sys
2007-02-09 18:32   87,608   ----a-w   C:\Documents and Settings\Lukasz\Dane aplikacji\ezpinst.exe
2007-02-09 18:32   47,360   ----a-w   C:\Documents and Settings\Lukasz\Dane aplikacji\pcouffin.sys
2006-12-31 07:32   88   --sh--r   C:\WINDOWS\system32\4751A5B21F.sys
2006-12-31 07:32   3,350   --sha-w   C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   snapshot@2007-12-22_ 7.51.11.31   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-16 06:32:06   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 06:00:00   73,728   ----a-w   C:\WINDOWS\fdsv.exe
+ 2000-08-31 06:00:00   80,412   ----a-w   C:\WINDOWS\grep.exe
+ 2008-03-31 18:28:06   65,536   ----a-r   C:\WINDOWS\Installer\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}\ARPPRODUCTICON.exe
+ 2008-03-31 18:28:08   65,536   ----a-r   C:\WINDOWS\Installer\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}\NewShortcut1_E3A4979EE8C048379F3D271B50BA9E7C.exe
+ 2008-03-31 18:28:08   65,536   ----a-r   C:\WINDOWS\Installer\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}\NewShortcut2_E3A4979EE8C048379F3D271B50BA9E7C.exe
+ 2008-03-31 18:28:08   65,536   ----a-r   C:\WINDOWS\Installer\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}\NewShortcut4_E3A4979EE8C048379F3D271B50BA9E7C.exe
+ 2008-04-12 17:21:16   22,486   ----a-r   C:\WINDOWS\Installer\{8D94D4CF-A310-4C3D-AEC2-A871A184FFFA}\ARPPRODUCTICON.exe
+ 2008-04-12 17:21:16   65,536   ----a-r   C:\WINDOWS\Installer\{8D94D4CF-A310-4C3D-AEC2-A871A184FFFA}\DiskeeperShortcut.exe
+ 1998-10-29 17:45:06   306,688   ----a-w   C:\WINDOWS\IsUninst.exe
+ 2007-03-24 18:03:34   2,938   ----a-w   C:\WINDOWS\mozver.dat
+ 2000-08-31 06:00:00   28,160   ----a-w   C:\WINDOWS\Nircmd.exe
+ 2006-07-18 08:57:36   2,426   ----a-w   C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2000-08-31 06:00:00   98,816   ----a-w   C:\WINDOWS\sed.exe
+ 2000-08-31 06:00:00   161,792   ----a-w   C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00   136,704   ----a-w   C:\WINDOWS\swsc.exe
+ 2000-08-31 06:00:00   212,480   ----a-w   C:\WINDOWS\swxcacls.exe
+ 2001-08-17 19:36:34   2,000   ----a-w   C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-10-26 13:45:18   73,616   ----a-w   C:\WINDOWS\system\MCIAVI.DRV
+ 2001-10-26 13:45:18   25,296   ----a-w   C:\WINDOWS\system\MCISEQ.DRV
+ 2001-10-26 13:45:18   28,160   ----a-w   C:\WINDOWS\system\MCIWAVE.DRV
+ 2001-08-17 19:36:40   2,032   ----a-w   C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-17 19:36:36   1,744   ----a-w   C:\WINDOWS\system\SOUND.DRV
+ 2001-08-17 19:36:30   3,360   ----a-w   C:\WINDOWS\system\SYSTEM.DRV
+ 2001-10-26 14:51:12   4,096   ----a-w   C:\WINDOWS\system\TIMER.DRV
+ 2001-08-17 19:36:40   2,176   ----a-w   C:\WINDOWS\system\VGA.DRV
+ 2001-08-17 19:36:54   13,600   ----a-w   C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-03 22:44:32   146,432   ----a-w   C:\WINDOWS\system\WINSPOOL.DRV
+ 2001-08-17 19:36:36   10,544   ----a-w   C:\WINDOWS\system32\comm.drv
+ 2004-08-03 22:56:48   1,788   ----a-w   C:\WINDOWS\system32\Dcache.bin
+ 2001-08-17 19:36:34   2,000   -c--a-w   C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2001-10-26 15:27:00   2,560   -c--a-w   C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-10-26 13:45:18   73,616   -c--a-w   C:\WINDOWS\system32\dllcache\mciavi.drv
+ 2001-10-26 13:45:18   25,296   -c--a-w   C:\WINDOWS\system32\dllcache\mciseq.drv
+ 2001-10-26 13:45:18   28,160   -c--a-w   C:\WINDOWS\system32\dllcache\mciwave.drv
+ 2001-08-17 19:36:40   2,032   -c--a-w   C:\WINDOWS\system32\dllcache\mouse.drv
+ 2001-08-17 19:47:40   2,944   -c--a-w   C:\WINDOWS\system32\dllcache\null.sys
+ 2001-08-17 19:36:36   1,744   -c--a-w   C:\WINDOWS\system32\dllcache\sound.drv
+ 2001-08-17 19:36:30   3,360   -c--a-w   C:\WINDOWS\system32\dllcache\system.drv
+ 2001-10-26 14:51:12   4,096   -c--a-w   C:\WINDOWS\system32\dllcache\timer.drv
+ 2004-08-03 21:58:46   15,104   -c--a-w   C:\WINDOWS\system32\dllcache\usbscan.sys
+ 2001-08-17 19:36:40   2,176   -c--a-w   C:\WINDOWS\system32\dllcache\vga.drv
+ 2001-08-17 19:36:54   13,600   -c--a-w   C:\WINDOWS\system32\dllcache\wfwnet.drv
+ 2001-08-17 19:36:46   2,864   -c--a-w   C:\WINDOWS\system32\dllcache\winsock.dll
+ 2004-08-03 22:44:32   146,432   -c--a-w   C:\WINDOWS\system32\dllcache\winspool.drv
+ 2001-08-17 19:36:40   2,112   -c--a-w   C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-08-17 19:36:52   2,736   -c--a-w   C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2004-08-03 23:07:58   2,944   ----a-w   C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2001-08-17 22:00:04   2,944   ----a-w   C:\WINDOWS\system32\drivers\msmpu401.sys
+ 2001-08-17 19:47:40   2,944   ----a-w   C:\WINDOWS\system32\drivers\null.sys
+ 2004-04-01 15:30:46   10,368   ----a-w   C:\WINDOWS\system32\drivers\pfc.sys
+ 2008-03-14 06:04:29   46,652   ----a-w   C:\WINDOWS\system32\drivers\scdemu.sys
+ 2004-08-03 21:58:46   15,104   ----a-w   C:\WINDOWS\system32\drivers\usbscan.sys
+ 2000-06-23 12:05:44   136,704   ----a-w   C:\WINDOWS\system32\iacenc.dll
- 2001-10-26 15:29:32   199,168   ----a-w   C:\WINDOWS\system32\ir32_32.dll
+ 2000-06-26 09:57:16   202,240   ----a-w   C:\WINDOWS\system32\ir32_32.dll
- 2004-08-03 22:44:02   755,200   ----a-w   C:\WINDOWS\system32\ir50_32.dll
+ 2000-06-23 08:36:48   745,984   ----a-w   C:\WINDOWS\system32\ir50_32.dll
+ 2000-06-22 11:09:24   56,320   ------w   C:\WINDOWS\system32\iyvu9_32.dll
+ 2001-08-17 19:36:34   2,000   ----a-w   C:\WINDOWS\system32\keyboard.drv
+ 2001-10-26 13:45:18   223,680   ----a-w   C:\WINDOWS\system32\lanman.drv
+ 2007-07-27 13:49:02   196,683   ----a-w   C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 13:49:02   225,355   ----a-w   C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-05 18:25:22   139,264   ----a-w   C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 11:37:10   106,496   ----a-w   C:\WINDOWS\system32\lnod32upd.dll
+ 2001-10-26 15:27:00   2,560   ----a-w   C:\WINDOWS\system32\lz32.dll
+ 2001-10-26 13:45:18   73,616   ----a-w   C:\WINDOWS\system32\mciavi.drv
+ 2001-10-26 13:45:18   25,296   ----a-w   C:\WINDOWS\system32\mciseq.drv
+ 2001-10-26 13:45:18   28,160   ----a-w   C:\WINDOWS\system32\mciwave.drv
+ 2001-08-17 19:36:40   2,032   ----a-w   C:\WINDOWS\system32\mouse.drv
+ 2001-10-26 15:30:08   20,992   ----a-w   C:\WINDOWS\system32\msacm32.drv
+ 2004-08-03 22:44:32   188,416   ----a-w   C:\WINDOWS\system32\msh261.drv
+ 2004-08-03 22:44:32   294,912   ----a-w   C:\WINDOWS\system32\msh263.drv
+ 2001-08-17 19:13:24   2,656   ----a-w   C:\WINDOWS\system32\netware.drv
+ 2008-02-11 08:39:26   253,952   ----a-w   C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2008-02-11 08:39:18   237,568   ----a-w   C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2008-02-08 12:53:46   110,592   ----a-w   C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2008-02-05 07:48:04   77,824   ----a-w   C:\WINDOWS\system32\OnlineScannerUninstaller.exe
- 2007-10-28 05:45:49   59,440   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-03-30 07:08:54   59,440   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2007-10-28 05:45:49   75,486   ----a-w   C:\WINDOWS\system32\perfc015.dat
+ 2008-03-30 07:08:54   75,486   ----a-w   C:\WINDOWS\system32\perfc015.dat
- 2007-10-28 05:45:49   395,200   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-03-30 07:08:54   395,200   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2007-10-28 05:45:49   451,220   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-03-30 07:08:54   451,220   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2001-10-26 16:29:42   5,632   ----a-w   C:\WINDOWS\system32\ptpusb.dll
+ 2004-08-03 23:44:10   159,232   ----a-w   C:\WINDOWS\system32\ptpusd.dll
+ 2001-08-17 19:36:36   1,744   ----a-w   C:\WINDOWS\system32\sound.drv
+ 2007-02-10 11:17:42   1,985   ----a-w   C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp3 Blade Codec.dat
+ 2007-02-10 10:20:07   2,074   ----a-w   C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP mp3PRO Input Codec.dat
+ 2007-04-20 09:37:29   1,578   ----a-w   C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
+ 2007-02-10 10:43:53   2,141   ----a-w   C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
+ 2007-02-10 10:46:04   2,181   ----a-w   C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat
+ 2007-02-10 10:23:42   2,467   ----a-w   C:\WINDOWS\system32\SpoonUninstall-dMC mp3PRO (CLI) Encoder.dat
+ 2007-01-30 11:41:36   2,368   ----a-w   C:\WINDOWS\system32\STEC3.sys
+ 2001-08-17 19:36:30   3,360   ----a-w   C:\WINDOWS\system32\system.drv
+ 2001-10-26 14:51:12   4,096   ----a-w   C:\WINDOWS\system32\timer.drv
+ 2001-08-17 19:36:40   2,176   ----a-w   C:\WINDOWS\system32\vga.drv
+ 2003-12-22 07:20:26   2,272   ----a-w   C:\WINDOWS\system32\W95INF16.DLL
+ 2004-08-03 22:54:52   23,552   ----a-w   C:\WINDOWS\system32\wdmaud(2).drv
+ 2004-08-03 22:54:52   23,552   ----a-w   C:\WINDOWS\system32\wdmaud.drv
+ 2001-08-17 19:36:54   13,600   ----a-w   C:\WINDOWS\system32\wfwnet.drv
+ 2001-08-17 19:36:46   2,864   ----a-w   C:\WINDOWS\system32\winsock.dll
+ 2004-08-03 22:44:32   146,432   ----a-w   C:\WINDOWS\system32\winspool.drv
+ 2001-08-17 19:36:40   2,112   ----a-w   C:\WINDOWS\system32\winspool.exe
+ 2001-08-17 19:36:52   2,736   ----a-w   C:\WINDOWS\system32\wowdeb.exe
+ 2008-05-16 06:32:25   16,384   ----atw   C:\WINDOWS\TEMP\Perflib_Perfdata_264.dat
+ 2000-08-31 06:00:00   49,152   ----a-w   C:\WINDOWS\VFind.exe
+ 2000-08-31 06:00:00   68,096   ----a-w   C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((((((((((   AWF   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w           155,648 2001-07-09 09:50:42  C:\WINDOWS\system32\bak\NeroCheck.exe
----a-w           155,648 2001-07-09 10:50:42  C:\WINDOWS\system32\NeroCheck.exe

----a-w            65,664 2003-01-15 12:48:10  D:\Gry\Colin McRae Rally 3\Data\Boot\English\Bak\Copy001.dds
----a-w            65,664 2003-06-13 20:57:02  D:\Gry\Colin McRae Rally 3\Data\Boot\English\Copy001.dds

----a-w            65,664 2003-01-15 12:48:10  D:\Gry\Colin McRae Rally 3\Data\Boot\English\Bak\Copy002.dds
----a-w            65,664 2003-06-13 20:57:06  D:\Gry\Colin McRae Rally 3\Data\Boot\English\Copy002.dds

----a-w            65,664 2003-01-15 12:48:10  D:\Gry\Colin McRae Rally 3\Data\Boot\English\Bak\Copy003.dds
----a-w            65,664 2003-06-13 20:57:12  D:\Gry\Colin McRae Rally 3\Data\Boot\English\Copy003.dds

----a-w                80 2003-01-15 12:48:12  D:\Gry\Colin McRae Rally 3\Data\Boot\English\Bak\vssver.scc
----a-w                96 2003-01-15 12:48:10  D:\Gry\Colin McRae Rally 3\Data\Boot\English\vssver.scc

.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 14:11 46718]
"Gadu-Gadu"="D:\Takie tam\Gadu-Gadu\gg.exe" [2005-03-31 11:18 790528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-08 20:34 917504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{2861E568-0686-1045-0729-040505030030}"= "C:\Program Files\Spybot - Search & Destroy\Update.exe" mc-110-12-0000272

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan\Service]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\IVT BlueSoleil\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bdbh]
--a------ 2004-08-04 00:44 515072 C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup]
C:\DOCUME~1\Lukasz\USTAWI~1\Temp\winlogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2005-03-31 11:18 790528 D:\Takie tam\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:55 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
--a------ 2004-06-03 20:51 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDfrgSch]
--a------ 2006-06-11 13:57 569344 C:\Program Files\Advanced Registry Doctor\RegDfrgSch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-05-03 02:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TClock.exe]
C:\Program Files\TClock\tclock_install.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 19:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-12-24 17:11 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"D:\\Takie tam\\Gadu-Gadu\\gg.exe"=
"D:\\Gry\\NovaLogic\\Delta Force Xtreme\\dfx.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

S0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8eac64-2adb-11dc-840b-00006cbd6e65}]
\Shell\AutoRun\command - G:\EXPLORER.EXE
\Shell\explore\Command - G:\EXPLORER.EXE
\Shell\open\Command - G:\EXPLORER.EXE

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 08:48:23
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-05-16  8:51:00
ComboFix-quarantined-files.txt  2008-05-16 06:50:32

Pre-Run: 1,115,639,808 bajtów wolnych
Post-Run: 1,105,321,984 bajtów wolnych

254


[huber2t]

Do wyleczenia pendrive z wirusów użyj
Perlovga Removal Tool
Flash Disinfector
lub format

otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Z menu Notatnika Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

To nie jest wirus, tylko fragment kodu wirusa który ma symulować wirusa

[beznazwowy]

jak zawsze można na tym forum na kogoś liczyć... baaardzo dziękuje za pomoc. i jeszcze małe pytanie - od czego tak sie zrobilo i jak w przyszlości ominąc ten problem?

[huber2t]

To była infekcja z pendrive, wyczyść pendrive z wirusów narzędziami które podałem

[beznazwowy]

a myslalem ze jeszcze cos jest nie tak dobrze wiec zrobie jak pisales. jeszcze raz dziękuje