Prosze o sprawdzenie loga - coś czuje ze mam syf!

kristoff08 · 23 Wrzesień 2007 16:21

proszę o sprawdzenie loga!

Logfile of HijackThis v1.99.1 Scan saved at 18:17:08, on 2007-09-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE D:\Eset\ESET NOD32 Antivirus\ekrn.exe D:\HDDlife 3\hldasvc.exe D:\HDDlife 3\hldasvc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE D:\Eset\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\inetsrv\host32.exe C:\Program Files\uTorrent\uTorrent.exe D:\Speed-X\SpeedX.exe D:\CursorXP\CursorXP.exe D:\HACE\Mmm\Mmm.exe D:\Nero\Nero 8\Nero BackItUp\NBService.exe D:\Kalendarz XP\Kalendarz.exe C:\Program Files\PLANET\Common\RaUI.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\oodag.exe d:\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe D:\Mozilla Firefox\firefox.exe D:\Gadu-Gadu\gg.exe D:\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - d:\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - d:\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - d:\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [Vistadrv] D:\Vista\systool\Vistadrive\vsdrv.exe O4 - HKLM…\Run: [bootSkin Startup Jobs] “D:\Stardock\WinCustomize\BootSkin\BootSkin.exe” /StartupJobs O4 - HKLM…\Run: [Hostname Manager] C:\WINDOWS\system32\inetsrv\host32.exe O4 - HKLM…\Run: [egui] “D:\Eset\ESET NOD32 Antivirus\egui.exe” /hide /waitservice O4 - HKLM…\RunServices: [Hostname Manager] C:\WINDOWS\system32\inetsrv\host32.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [AlcoholAutomount] “D:\Alcohol Soft\Alcohol 52\axcmd.exe” /automount O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe” O4 - HKCU…\Run: [speedX] D:\Speed-X\SpeedX.exe O4 - HKCU…\Run: [CursorXP] d:\CursorXP\CursorXP.exe O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [Mmm] “d:/HACE\Mmm\Mmm.exe” O4 - HKCU…\Run: [Hostname Manager] C:\WINDOWS\system32\inetsrv\host32.exe O4 - Global Startup: Kalendarz XP.lnk = D:\Kalendarz XP\Kalendarz.exe O4 - Global Startup: PLANET WL-8315 Utility.lnk = C:\Program Files\PLANET\Common\RaUI.exe O8 - Extra context menu item: &Clean Traces - d:\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - d:\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 0057035468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 0058430562 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - “D:\HDDlife 3\hlAPP.dll” (file missing) O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Eset HTTP server (EhttpSrv) - Unknown owner - D:\Eset\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - Eset - D:\Eset\ESET NOD32 Antivirus\ekrn.exe O23 - Service: HDDlife HDD Access service - BinarySense, Ltd. - D:\HDDlife 3\hldasvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero\Nero 8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Gutek · 23 Wrzesień 2007 19:44

Daj log z ComboFix

kristoff08 · 24 Wrzesień 2007 05:55

oto i on!

ComboFix 07-09-21.2 - “kristoff and coop” 2007-09-24 7:47:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.172 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-08-24 to 2007-09-24 ))))))))))))))))))))))))))))))) . 2007-09-24 07:45 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-23 08:19 2007-09-22 21:36 2007-09-21 23:38 2007-09-21 23:32 2007-09-21 23:32 2007-09-21 22:49 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-09-21 22:42 2007-09-21 22:38 2007-09-21 22:34 2007-09-21 22:33 2007-09-21 22:32 2007-09-21 22:16 2007-09-21 22:12 2007-09-21 22:11 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2007-09-21 22:11 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-09-21 22:11 671,744 --a------ C:\WINDOWS\system32\DolbyHph.dll 2007-09-21 22:11 60,416 --a------ C:\WINDOWS\system32\DSETUP.dll 2007-09-21 22:11 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-09-21 22:11 4,608 --a------ C:\WINDOWS\system32\drivers\nvport.sys 2007-09-21 22:11 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-09-21 22:10 2007-09-21 22:09 65,536 --a------ C:\WINDOWS\system32\DragnDropCopyHook.dll 2007-09-21 22:09 241,664 --a------ C:\WINDOWS\system32\SerialPortLib.dll 2007-09-21 16:52 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-09-21 15:22 2007-09-21 14:52 2007-09-21 14:43 2007-09-21 14:41 2007-09-21 14:40 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-09-21 14:33 2007-09-21 14:32 2007-09-21 13:31 2007-09-21 13:26 33,792 --a–c— C:\WINDOWS\system32\dllcache\custsat.dll 2007-09-21 13:10 23,040 -----c— C:\WINDOWS\system32\dllcache\fltmc.exe 2007-09-21 13:10 16,896 -----c— C:\WINDOWS\system32\dllcache\fltlib.dll 2007-09-21 13:10 128,896 -----c— C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-09-21 12:08 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-09-21 12:06 2007-09-21 12:06 2007-09-21 12:04 2007-09-21 11:55 2007-09-21 11:48 4,569 --------- C:\WINDOWS\system32\secupd.dat 2007-09-21 11:48 11,776 --------- C:\WINDOWS\system32\spnpinst.exe 2007-09-21 10:42 614,912 --a------ C:\WINDOWS\system32\h323msp.dll 2007-09-21 10:42 4,457,472 --a–c— C:\WINDOWS\system32\dllcache\xpsp2res.dll 2007-09-21 10:42 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll 2007-09-21 09:29 1,092,608 --a------ C:\WINDOWS\system32\esent.dll 2007-09-21 09:01 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-09-21 08:21 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-09-20 16:11 2007-09-20 16:05 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2007-09-20 08:13 2007-09-18 21:56 2007-09-18 21:19 49,152 --a------ C:\WINDOWS\rebuild.exe 2007-09-18 21:12 1,611 --a------ C:\WINDOWS\system32\uninstall_pack.bat 2007-09-18 21:12 2007-09-18 21:03 2007-09-18 20:45 2007-09-18 20:36 2007-09-18 20:33 311,296 --------- C:\WINDOWS\system32\fppmon3.dll 2007-09-18 20:33 126,976 --------- C:\WINDOWS\system32\fppr332.dll 2007-09-18 20:25 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll 2007-09-18 20:21 2007-09-18 20:19 2007-09-18 20:09 2007-09-18 20:08 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-09-18 20:01 2007-09-18 19:59 2007-09-18 19:59 2007-09-18 19:58 2007-09-18 19:51 2007-09-18 19:40 2007-09-18 19:03 73,728 --a------ C:\WINDOWS\system32\FLKill.exe 2007-09-18 19:03 53,248 --a------ C:\WINDOWS\system32\suppdll.dll 2007-09-18 19:03 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys 2007-09-18 18:34 40,960 --a------ C:\WINDOWS\system32\ssubtmr6.dll 2007-09-18 18:34 159,744 --a------ C:\WINDOWS\system32\wt_menu.dll 2007-09-18 18:27 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2007-09-18 18:25 94,080 --a------ C:\WINDOWS\system32\drivers\ezplay.sys 2007-09-18 18:25 94,080 --a------ C:\DOCUME~1\KRISTO~1\DANEAP~1\ezplay.sys 2007-09-18 18:25 81,920 --a------ C:\DOCUME~1\KRISTO~1\DANEAP~1\ezpinst.exe 2007-09-18 18:25 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-09-18 18:25 47,360 --a------ C:\DOCUME~1\KRISTO~1\DANEAP~1\pcouffin.sys 2007-09-18 18:25 2007-09-18 18:22 39,424 --a------ C:\WINDOWS\zipinst.exe 2007-09-18 17:32 2007-09-18 14:31 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys 2007-09-18 14:31 2007-09-18 14:22 2007-09-18 14:17 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2007-09-18 14:17 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2007-09-18 14:17 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2007-09-18 14:17 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-09-18 14:17 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-09-18 14:17 2007-09-18 08:27 2007-09-17 21:37 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-09-17 21:37 2007-09-17 21:36 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-18 14:34 90112 --a------ C:\WINDOWS\system32\agsaami.dll 2007-09-18 14:34 610304 --a------ C:\WINDOWS\system32\agsaamg.dll 2007-09-18 14:34 372736 --a------ C:\WINDOWS\system32\agsaamc.dll 2007-09-18 14:34 2535424 --a------ C:\WINDOWS\system32\agsaamj.dll 2007-09-17 16:06 --------- d-------- C:\Program Files\microsoft frontpage 2007-08-23 12:10 28168 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys 2007-08-23 12:08 33288 --a------ C:\WINDOWS\system32\drivers\eamon.sys 2007-08-23 12:08 25096 --a------ C:\WINDOWS\system32\drivers\easdrv.sys 2007-08-08 09:33 132904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys 2007-08-08 09:33 11304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-08-04 10:40 972072 --a------ C:\WINDOWS\UNRecode.exe 2007-08-04 10:10 95600 --a------ C:\WINDOWS\system32\NeroCo.dll 2007-08-03 12:52 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 80216 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-20 00:57 267112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2007-07-20 00:54 66408 --a------ C:\WINDOWS\system32\dxdllreg.exe 2007-07-20 00:54 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-07-19 18:14 444776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-07-19 18:14 3727720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-07-19 18:14 1358192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll 2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe 2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll 2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll 2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll 2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll 2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll 2007-06-29 00:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll 2007-06-29 00:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll 2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll 2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll 2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll 2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvrshe.dll 2007-06-29 00:43 327680 --a------ C:\WINDOWS\system32\nvrsar.dll 2007-06-29 00:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll 2007-06-29 00:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll 2007-06-29 00:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll 2007-06-29 00:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll 2007-06-29 00:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll 2007-06-29 00:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll 2007-06-29 00:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll 2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll 2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll 2007-06-29 00:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll 2007-06-29 00:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll 2007-06-29 00:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll 2007-06-29 00:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll 2007-06-29 00:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll 2007-06-29 00:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll 2007-06-29 00:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll 2007-06-29 00:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2007-06-29 00:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll 2007-06-29 00:43 282624 --a------ C:\WINDOWS\system32\nvrsfr.dll 2007-06-29 00:43 282624 --a------ C:\WINDOWS\system32\nvrses.dll 2007-06-29 00:43 282624 --a------ C:\WINDOWS\system32\nvrsel.dll 2007-06-29 00:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll 2007-06-29 00:43 278528 --a------ C:\WINDOWS\system32\nvrsit.dll 2007-06-29 00:43 278528 --a------ C:\WINDOWS\system32\nvrsde.dll 2007-06-29 00:43 274432 --a------ C:\WINDOWS\system32\nvrspt.dll 2007-06-29 00:43 274432 --a------ C:\WINDOWS\system32\nvrsnl.dll 2007-06-29 00:43 274432 --a------ C:\WINDOWS\system32\nvrsesm.dll 2007-06-29 00:43 270336 --a------ C:\WINDOWS\system32\nvrsru.dll 2007-06-29 00:43 266240 --a------ C:\WINDOWS\system32\nvrsptb.dll 2007-06-29 00:43 266240 --a------ C:\WINDOWS\system32\nvrsja.dll 2007-06-29 00:43 262144 --a------ C:\WINDOWS\system32\nvrsko.dll 2007-06-29 00:43 258048 --a------ C:\WINDOWS\system32\nvrstr.dll 2007-06-29 00:43 258048 --a------ C:\WINDOWS\system32\nvrssl.dll 2007-06-29 00:43 258048 --a------ C:\WINDOWS\system32\nvrssk.dll 2007-06-29 00:43 258048 --a------ C:\WINDOWS\system32\nvrshu.dll 2007-06-29 00:43 253952 --a------ C:\WINDOWS\system32\nvrssv.dll 2007-06-29 00:43 253952 --a------ C:\WINDOWS\system32\nvrspl.dll 2007-06-29 00:43 253952 --a------ C:\WINDOWS\system32\nvrsno.dll 2007-06-29 00:43 253952 --a------ C:\WINDOWS\system32\nvrsda.dll 2007-06-29 00:43 249856 --a------ C:\WINDOWS\system32\nvrsfi.dll 2007-06-29 00:43 249856 --a------ C:\WINDOWS\system32\nvrscs.dll 2007-06-29 00:43 245760 --a------ C:\WINDOWS\system32\nvrseng.dll 2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll 2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll 2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2007-06-29 00:43 225280 --a------ C:\WINDOWS\system32\nvrszhc.dll 2007-06-29 00:43 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll 2007-06-13 13:23:49 132,096 --sh–r C:\WINDOWS\system32\inetsrv\host32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2007-06-29 00:43] “nwiz”=“nwiz.exe” [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2007-06-29 00:43] “SoundMan”=“SOUNDMAN.EXE” [2003-08-15 09:34 C:\WINDOWS\SOUNDMAN.EXE] “Vistadrv”=“D:\Vista\systool\Vistadrive\vsdrv.exe” [2006-07-30 03:37] “BootSkin Startup Jobs”=“D:\Stardock\WinCustomize\BootSkin\BootSkin.exe” [2004-04-26 16:21] “Hostname Manager”=“C:\WINDOWS\system32\inetsrv\host32.exe” [2007-06-13 15:23] “egui”=“D:\Eset\ESET NOD32 Antivirus\egui.exe” [2007-08-23 12:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 09:44] “AlcoholAutomount”=“D:\Alcohol Soft\Alcohol 52\axcmd.exe” [2007-07-02 12:22] “uTorrent”=“C:\Program Files\uTorrent\uTorrent.exe” [2007-09-17 17:57] “SpeedX”=“D:\Speed-X\SpeedX.exe” [2006-06-27 14:11] “CursorXP”=“d:\CursorXP\CursorXP.exe” [2005-01-19 17:44] “STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2006-05-24 20:31] “Mmm”=“d:/HACE\Mmm\Mmm.exe” [2007-09-18 21:55] “Hostname Manager”=“C:\WINDOWS\system32\inetsrv\host32.exe” [2007-06-13 15:23] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Hostname Manager”=C:\WINDOWS\system32\inetsrv\host32.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “System Hosts Virtual Process Memory”=C:\WINDOWS\System32\inetsrv\srhost.exe C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\ Kalendarz XP.lnk - D:\Kalendarz XP\Kalendarz.exe [2007-09-18 20:56:32] PLANET WL-8315 Utility.lnk - C:\Program Files\PLANET\Common\RaUI.exe [2007-09-17 17:39:32] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “DisallowRun”=1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “DisallowRun”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun] “Protected system files1”=avgupsvc.exe “Protected system files2”=avgamsvr.exe “Protected system files3”=avgcc.exe “Protected system files6”=ccSetMgr.exe “Protected system files7”=ccEvtMgr.exe “Protected system files8”=DefWatch.exe “Protected system files9”=SavRoam.exe “Protected system files10”=Rtvscan.exe “Protected system files11”=VPTray.exe “Protected system files12”=ccApp.exe “Protected system files13”=AluSchedulerSvc.exe “Protected system files16”=UpdaterUI.exe “Protected system files17”=tbmon.exe “Protected system files18”=Mcshield.exe “Protected system files19”=SHSTAT.exe “Protected system files20”=ashMaiSv.exe “Protected system files21”=ashServ.exe “Protected system files22”=ashWebSv.exe “Protected system files23”=aswUpdSv.exe “Protected system files24”=AVGUARD.exe “Protected system files25”=AVWUPSRV.exe “Protected system files26”=avscan.exe “Protected system files27”=guardgui.exe “Protected system files28”=VxMon.exe “Protected system files29”=AVGNT.exe “Protected system files30”=avgemc.exe “Protected system files31”=avp.exe “Protected system files32”=avp.com “Protected system files4”=nod32kui.exe “Protected system files5”=nod32krn.exe “Protected system files14”=nod32.exe “Protected system files15”=nod32ra.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun] “Protected system files1”=avgupsvc.exe “Protected system files2”=avgamsvr.exe “Protected system files3”=avgcc.exe “Protected system files4”=nod32kui.exe “Protected system files5”=nod32krn.exe “Protected system files6”=ccSetMgr.exe “Protected system files7”=ccEvtMgr.exe “Protected system files8”=DefWatch.exe “Protected system files9”=SavRoam.exe “Protected system files10”=Rtvscan.exe “Protected system files11”=VPTray.exe “Protected system files12”=ccApp.exe “Protected system files13”=AluSchedulerSvc.exe “Protected system files14”=nod32.exe “Protected system files15”=nod32ra.exe “Protected system files16”=UpdaterUI.exe “Protected system files17”=tbmon.exe “Protected system files18”=Mcshield.exe “Protected system files19”=SHSTAT.exe “Protected system files20”=ashMaiSv.exe “Protected system files21”=ashServ.exe “Protected system files22”=ashWebSv.exe “Protected system files23”=aswUpdSv.exe “Protected system files24”=AVGUARD.exe “Protected system files25”=AVWUPSRV.exe “Protected system files26”=avscan.exe “Protected system files27”=guardgui.exe “Protected system files28”=VxMon.exe “Protected system files29”=AVGNT.exe “Protected system files30”=avgemc.exe “Protected system files31”=avp.exe “Protected system files32”=avp.com [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Action Manager 32.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Action Manager 32.lnk backup=C:\WINDOWS\pss\Action Manager 32.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] “d:\Alcohol Soft\Alcohol 52\axcmd.exe” /automount [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Hosts Virtual Process Memory] C:\WINDOWS\System32\inetsrv\srhost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] d:\Winamp\winampa.exe R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys R1 nvport;NVIDIA PORT IO Control Driver;??\C:\WINDOWS\system32\Drivers\nvport.sys R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys R2 ekrn;Eset Service;“D:\Eset\ESET NOD32 Antivirus\ekrn.exe” R2 HDDlife HDD Access service;HDDlife HDD Access service;“D:\HDDlife 3\hldasvc.exe” R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;D:\Nero\Nero 8\Nero BackItUp\NBService.exe R2 windrvNT;windrvNT;??\C:\WINDOWS\System32\windrvNT.sys S3 EhttpSrv;Eset HTTP server;“D:\Eset\ESET NOD32 Antivirus\EHttpSrv.exe” S3 SetupNTGLM7X;SetupNTGLM7X;??\F:\NTGLM7X.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-24 07:51:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-24 7:54:01 . — E O F —

Gutek · 24 Wrzesień 2007 19:58

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym

przeskanuj http://www.virustotal.com/ najprawdopodobniej do usunięcia