przy starcie nod32 wykrywa rootkit.h w C:\Documents and Settings\admin\msdirect.sys
Logfile of HijackThis v1.99.1
Scan saved at 09:42:15, on 2005-12-28
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Admin\USTAWI~1\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi … ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi … .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi … .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM…\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM…\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM…\Run: [Windows Automation] mslaugh.exe
O4 - HKLM…\Run: [NOD32POP3] “C:\Program Files\Eset\pop3scan.exe”
O4 - HKLM…\Run: [www.hidro.4t.com] enbiei.exe
O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [windows] hkey.exe
O4 - HKLM…\Run: [Amon] “C:\Program Files\Eset\amon.exe”
O4 - HKLM…\Run: [Nod32CC] “C:\WINDOWS\System32\nod32cc.exe” -DONTSHOW
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM…\Run: [webHancer Survey Companion] “C:\Program Files\webHancer\Programs\whSurvey.exe”
O4 - HKLM…\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM…\Run: [Windows Locator] locate.exe
O4 - HKLM…\RunServices: [windows] hkey.exe
O4 - HKLM…\RunServices: [Windows Locator] locate.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [Windows Locator] locate.exe
O4 - HKCU…\RunServices: [Windows Locator] locate.exe
O4 - Startup: Amon.lnk = C:\Program Files\Eset\amon.exe
O4 - Startup: devfwd.bat
O4 - Startup: devfwd_s.bat
O4 - Startup: ngsrv.bat
O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {14DF37B4-B1AD-4BD4-A855-56930AF822FF} (SIGIIFAX Control) - https://www.giif.mofnet.gov.pl/giif/SIGIIFAX.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180so … ge-c18.cab
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 8684047265
O23 - Service: CryptoCard Service (CCPkiWNT) - CryptoTech Sp. z o.o. - C:\WINDOWS\System32\CCPkiWNT.exe
O23 - Service: NOD32 Control Center Service (NOD32ControlCenter) - Unknown owner - C:\WINDOWS\System32\nod32cc.exe" -service (file missing)
O23 - Service: NOD32 Service (NOD32Service) - Unknown owner - C:\WINDOWS\System32\nod32m2.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe