HijackThis:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:35, on 2008-05-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Instafinder\instafinder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Lesiu\Pulpit\Przydatne\uosu-140\UOSU.exe
C:\Documents and Settings\Lesiu\Pulpit\Przydatne\PowerMenu_1_5_1\PowerMenu.exe
C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Documents and Settings\Lesiu\Pulpit\Przydatne\Bux.to_Autoclicker\Bux.to Autoclicker\Bux.to Autoclicker.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Instafinder] C:\Program Files\Instafinder\instafinder.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Uosu] C:\Documents and Settings\Lesiu\Pulpit\Przydatne\uosu-140\UOSU.exe
O4 - HKCU\..\Run: [PowerMenu] C:\Documents and Settings\Lesiu\Pulpit\Przydatne\PowerMenu_1_5_1\PowerMenu.exe
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Bux.to Autoclicker.lnk = ?
O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
--
End of file - 5572 bytes
ComboFix:
- Kod: Zaznacz wszystko
ComboFix 08-05-12.1 - Lesiu 2008-05-18 12:25:56.3 - NTFSx86
Running from: C:\Documents and Settings\Lesiu\Moje dokumenty\Downloads\Programs\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-18 12:19 . 2008-05-18 12:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-18 12:17 . 2008-05-18 12:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-18 12:17 . 2008-05-18 12:17 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-18 12:17 . 2008-05-18 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-17 07:22 . 2008-05-17 07:22 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2008-05-16 20:38 . 2008-05-16 20:38 <DIR> d-------- C:\Program Files\SpeedFan
2008-05-16 20:38 . 2008-05-16 20:38 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-05-16 19:30 . 2008-05-16 19:30 <DIR> d-------- C:\Program Files\Need2Find
2008-05-16 19:30 . 2008-05-16 19:30 <DIR> d-------- C:\Program Files\Instafinder
2008-05-16 19:22 . 2008-05-16 19:30 <DIR> d-------- C:\Program Files\Altnet
2008-05-16 19:18 . 2008-05-16 19:48 <DIR> d-------- C:\Program Files\Kazaa
2008-05-16 16:11 . 2008-05-17 12:01 <DIR> d-------- C:\Program Files\Prime95
2008-05-16 15:39 . 2008-05-16 15:39 <DIR> d-------- C:\Program Files\Tibia Narwina
2008-05-16 15:39 . 2008-05-16 20:17 <DIR> d-------- C:\Documents and Settings\Lesiu\Dane aplikacji\Tibia
2008-05-15 23:49 . 2008-05-16 00:17 <DIR> d-------- C:\Program Files\WinHex
2008-05-15 20:08 . 2008-05-15 20:08 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-15 19:35 . 2008-05-15 19:35 <DIR> d-------- C:\Program Files\Total Video Converter
2008-05-15 19:35 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-05-15 18:43 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-15 16:48 . 2008-05-15 16:48 <DIR> d-------- C:\Program Files\blaxxun Contact
2008-05-15 16:48 . 2008-05-15 16:48 <DIR> d-------- C:\Documents and Settings\Lesiu\WINDOWS
2008-05-15 15:48 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-15 15:45 . 2008-05-15 15:45 <DIR> d-------- C:\Program Files\FreshDevices
2008-05-15 15:44 . 2008-03-01 15:02 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-15 15:44 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-15 15:44 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-15 15:44 . 2008-03-01 15:02 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-15 15:44 . 2008-03-01 15:02 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-15 15:44 . 2008-03-01 15:02 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-15 15:44 . 2008-03-01 15:02 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-15 15:44 . 2008-03-01 15:02 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-15 15:44 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-15 00:56 . 2008-05-15 00:56 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-15 00:47 . 2008-05-17 07:27 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-15 00:40 . 2006-02-22 02:05 148,498 --a------ C:\WINDOWS\system32\atmplkxx.hlp
2008-05-15 00:40 . 2006-02-22 02:05 44,430 --a------ C:\WINDOWS\system32\attplkxx.hlp
2008-05-15 00:40 . 2006-02-22 02:05 26,138 --a------ C:\WINDOWS\system32\atfplkxx.hlp
2008-05-15 00:39 . 2004-09-15 21:10 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-05-15 00:37 . 2008-05-17 07:22 <DIR> d-------- C:\Program Files\MultiRes
2008-05-15 00:36 . 2008-05-17 07:22 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe
2008-05-15 00:19 . 2008-05-15 00:19 <DIR> d-------- C:\Documents and Settings\Lesiu\Dane aplikacji\atitray
2008-05-15 00:04 . 2008-05-15 00:04 <DIR> d-------- C:\Program Files\Ray Adams
2008-05-14 23:49 . 2008-05-14 23:52 <DIR> d-------- C:\Program Files\ATITool
2008-05-14 23:32 . 2008-05-14 23:32 <DIR> d-------- C:\Program Files\Lavalys
2008-05-14 17:53 . 2004-08-03 23:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-14 17:50 . 2008-05-14 17:50 <DIR> d-------- C:\Program Files\Asprate
2008-05-14 14:47 . 2008-05-14 14:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-14 14:12 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-14 14:12 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-14 14:12 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-14 14:12 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-14 09:47 . 2008-05-15 16:01 <DIR> d-------- C:\WINDOWS\system32\pl-PL
2008-05-14 09:45 . 2008-05-14 09:45 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-14 09:45 . 2008-05-14 09:45 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-14 09:45 . 2008-05-14 09:45 <DIR> d-------- C:\Program Files\MSBuild
2008-05-14 09:45 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-14 09:42 . 2008-05-14 09:42 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-14 09:00 . 2008-05-14 09:00 <DIR> d---s---- C:\Documents and Settings\Lesiu\UserData
2008-05-14 08:57 . 2008-05-14 08:58 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-05-14 07:15 . 2008-05-15 16:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-14 07:15 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-14 07:04 . 2008-05-14 07:04 <DIR> d-------- C:\Program Files\AMD
2008-05-14 07:04 . 2005-03-09 14:53 43,008 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-05-13 22:03 . 2008-05-13 22:03 1,169 --a------ C:\WINDOWS\mozver.dat
2008-05-13 20:36 . 2008-05-13 20:36 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-05-13 20:36 . 2008-05-13 20:37 <DIR> d-------- C:\Documents and Settings\Lesiu\Gadu-Gadu
2008-05-13 20:36 . 2008-05-13 20:36 <DIR> d-------- C:\Documents and Settings\Lesiu\Dane aplikacji\Gadu-Gadu
2008-05-13 20:33 . 2008-05-13 20:33 <DIR> d-------- C:\Documents and Settings\Lesiu\Dane aplikacji\Konrad Papala
2008-05-13 20:32 . 2008-05-13 20:33 <DIR> d-------- C:\Program Files\Ac Browser Plus
2008-05-13 20:13 . 2008-05-13 20:13 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-05-13 20:13 . 2008-05-13 20:13 <DIR> d-------- C:\Program Files\AvRack
2008-05-13 20:12 . 2008-05-16 19:48 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 20:12 . 2005-05-18 09:17 18,726,912 -ra------ C:\WINDOWS\system32\ALSNDMGR.CPL
2008-05-13 20:12 . 2005-05-18 09:15 9,389,568 -ra------ C:\WINDOWS\system32\RTLCPL.EXE
2008-05-13 20:12 . 2005-02-03 09:13 294,912 -r------- C:\WINDOWS\alcupd.exe
2008-05-13 20:12 . 2005-03-02 14:21 200,704 -r------- C:\WINDOWS\alcrmv.exe
2008-05-13 20:12 . 2002-02-05 07:54 141,016 -ra------ C:\WINDOWS\system32\ALSNDMGR.WAV
2008-05-13 20:12 . 2005-06-09 13:49 1,360 -r------- C:\WINDOWS\system32\drivers\alcxinit.dat
2008-05-13 20:11 . 2008-05-13 21:29 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-05-13 20:09 . 2008-05-13 20:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-13 20:04 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-05-13 20:02 . 2008-05-13 20:02 <DIR> d-------- C:\Program Files\ESET
2008-05-13 20:02 . 2008-05-13 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-05-13 20:00 . 2008-05-13 20:00 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-05-13 20:00 . 2008-05-16 20:38 <DIR> d-------- C:\Documents and Settings\Lesiu\Dane aplikacji\IDM
2008-05-13 20:00 . 2008-05-18 11:58 <DIR> d-------- C:\Documents and Settings\Lesiu\Dane aplikacji\DMCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 11:07 --------- d-----w C:\Program Files\Metin2_PL
2008-05-13 19:57 --------- d-----w C:\Documents and Settings\Lesiu\Dane aplikacji\Winamp
2008-05-13 19:44 --------- d-----w C:\Program Files\Sun
2008-05-13 19:43 --------- d-----w C:\Program Files\Java
2008-05-13 19:37 --------- d-----w C:\Program Files\Common Files\Java
2008-05-13 19:08 --------- d-----w C:\Program Files\Ahead
2008-05-13 19:06 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-13 19:03 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 19:03 --------- d-----w C:\Documents and Settings\Lesiu\Dane aplikacji\InterTrust
2008-05-13 18:00 --------- d-----w C:\Program Files\Winamp
2008-05-13 17:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-13 17:42 --------- d-----w C:\Program Files\Usługi online
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-22 16:42 106,757 --sh--r C:\oufddh.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((( snapshot_2008-05-18_ 1.08.05,31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 11:09:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-18 09:55:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-13 17:43:37 8,738 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
+ 2008-05-18 00:36:53 8,972 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
- 2008-05-13 17:43:35 86,327 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
+ 2008-05-18 00:37:34 86,327 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
- 2008-05-13 17:43:37 2,112 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-05-18 00:37:34 2,426 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"Uosu"="C:\Documents and Settings\Lesiu\Pulpit\Przydatne\uosu-140\UOSU.exe" [2008-05-09 13:25 484352]
"PowerMenu"="C:\Documents and Settings\Lesiu\Pulpit\Przydatne\PowerMenu_1_5_1\PowerMenu.exe" [2008-04-01 21:37 57344]
"EVEREST AutoStart"="C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe" [2008-03-17 00:00 2083424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 12:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"Instafinder"="C:\Program Files\Instafinder\instafinder.exe" [2007-07-12 22:32 311296]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]
C:\Documents and Settings\Lesiu\Menu Start\Programy\Autostart\
Bux.to Autoclicker.lnk - C:\Documents and Settings\Lesiu\Pulpit\Przydatne\Bux.to_Autoclicker\Bux.to Autoclicker\Bux.to Autoclicker.exe [2008-05-14 14:16:24 876544]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Metin2_PL\\metin2.bin"=
R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 11:04]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-17 00:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feb133be-229d-11dd-b738-00138f20484e}]
\Shell\AutoRun\command - G:\oufddh.exe
\Shell\explore\Command - G:\oufddh.exe
\Shell\open\Command - G:\oufddh.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 12:30:56
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Instafinder\instafinder.dll
.
Completion time: 2008-05-18 12:32:13
ComboFix-quarantined-files.txt 2008-05-18 10:32:06
ComboFix2.txt 2008-05-14 16:10:59
Pre-Run: 40,312,451,072 bajtów wolnych
Post-Run: 40,397,025,280 bajtów wolnych
187 --- E O F --- 2008-05-15 14:01:27
Dziękuję z góry
