Zmiana wygladu windows, usuniecie sterownika glosu- spr. log

**Posty:** 125 · przez **szczoti** 29 Lis 2008, 20:43

Witam
Od kilku dni nurtują mnie dwie rzeczy, gdy uruchamiam komputer, po czym wchodze do gry jakiejkolwiek to nie ma w niej głosu, wychodzę i patrze w panel sterowania a tu sterowniki do głosu usnięte samoistnie, gdyż na początku gdy uruchamiam windows głos jest i wszystko ok. Po wyjściu z jakiejkolwiek gry zauważyłem ze zmienia się wygląd mojego windowsa, pasek menu na dole zmienia styl na windws98.

Prosze o sprawdzenie log

HijackThis:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:37:23, on 2008-11-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\WinFast\WFDTV\DTVSchdl.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\WinFast\WFDTV\WFWIZ.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Prime95\prime95.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Documents and Settings\Mój komputer\Pulpit\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/online/cccwelcome/drivers.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: D - {F51766C3-4635-3137-A458-E929397DE96B} - C:\WINDOWS\system32\xwr26220.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent O4 - HKCU\..\Run: [IDMan] d:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Startup: Need for Speed™ Undercover Registration.lnk = D:\Program Files\EA GAMES\Need for Speed Undercover\Support\EAregister.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 O8 - Extra context menu item: Ściągnij przez IDM - D:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222236355343 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9702 bytes

ComboFix:

Kod: Zaznacz wszystko: ComboFix 08-11-28.03 - Mój komputer 2008-11-29 19:38:38.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2719 [GMT 1:00] Uruchomiony z: c:\documents and settings\Mój komputer\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania [COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Mój komputer\Dane aplikacji\FunWebProducts c:\documents and settings\Mój komputer\Dane aplikacji\FunWebProducts\Data\Mój komputer\wffavs.dat c:\documents and settings\Mój komputer\Menu Start\Cheap Pharmacy Online.url c:\documents and settings\Mój komputer\Menu Start\Search Online.url c:\documents and settings\Mój komputer\Ulubione\Cheap Pharmacy Online.url c:\documents and settings\Mój komputer\Ulubione\Search Online.url c:\program files\FunWebProducts c:\program files\FunWebProducts\ScreenSaver\Images\[u]0[/u]13B91A5.urr c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn-new.htmlx c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html c:\program files\Gene6 FTP Server c:\program files\Gene6 FTP Server\Accounts\Ble\settings.ini c:\program files\Gene6 FTP Server\Accounts\Ble\users\Anonymous.ini c:\program files\Gene6 FTP Server\Accounts\settings.ini c:\program files\Gene6 FTP Server\Backup\Administrator.reg c:\program files\Gene6 FTP Server\Backup\RemoteAdmin\Remote.ini c:\program files\Gene6 FTP Server\languages.sib c:\program files\Gene6 FTP Server\Log\Ble-2008-09.log c:\program files\Gene6 FTP Server\RemoteAdmin\Log\Admin-08-09-24.log c:\program files\Gene6 FTP Server\RemoteAdmin\Remote.ini c:\program files\Gene6 FTP Server\RemoteAdmin\RemoteAdmin.crt c:\program files\Gene6 FTP Server\RemoteAdmin\RemoteAdmin.key c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0012EBC c:\program files\MyWebSearch\bar\Cache\[u]0[/u]05DF018 c:\program files\MyWebSearch\bar\Cache\[u]0[/u]0ECA348.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]139A4A9 c:\program files\MyWebSearch\bar\Cache\[u]0[/u]139A65F.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]139A9F9.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]139B68C.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]139B7B4.bin c:\program files\MyWebSearch\bar\Cache\[u]0[/u]139B8ED.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL c:\windows\system32\Dvbpws.dll c:\windows\system32\f3PSSavr.scr c:\windows\system32\NCTAudioInformation2.dll c:\windows\system32\s.ico . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Service_MyWebSearchService ((((((((((((((((((((((((( Pliki utworzone od 2008-10-28 do 2008-11-29 ))))))))))))))))))))))))))))))) . 2008-11-29 16:43 . 2007-11-14 08:18 553 -r------- c:\windows\USetup.iss 2008-11-28 20:36 . 2008-11-28 20:36 5,444,880 --a------ c:\windows\system32\xa4863343.exe 2008-11-28 20:36 . 2008-11-28 20:36 5,444,880 --a------ c:\windows\system32\xa4862984.exe 2008-11-28 20:31 . 2008-11-28 20:31 5,444,880 --a------ c:\windows\system32\xa4566984.exe 2008-11-28 20:31 . 2008-11-28 20:31 5,444,880 --a------ c:\windows\system32\xa4566593.exe 2008-11-28 20:29 . 2008-11-28 20:29 5,444,880 --a------ c:\windows\system32\xa4425437.exe 2008-11-28 20:29 . 2008-11-28 20:29 5,444,880 --a------ c:\windows\system32\xa4425015.exe 2008-11-28 20:24 . 2008-11-28 20:24 5,444,880 --a------ c:\windows\system32\xa4125500.exe 2008-11-28 20:24 . 2008-11-28 20:24 5,444,880 --a------ c:\windows\system32\xa4125140.exe 2008-11-28 20:22 . 2008-11-28 20:22 5,444,880 --a------ c:\windows\system32\xa4036000.exe 2008-11-28 20:22 . 2008-11-28 20:22 5,444,880 --a------ c:\windows\system32\xa4035468.exe 2008-11-28 20:21 . 2008-11-28 20:21 <DIR> d-------- c:\windows\system32\zone 2008-11-28 20:20 . 2008-10-09 21:47 348,928 --a------ c:\windows\system32\code_post_gfx.ff 2008-11-28 20:19 . 2008-11-28 20:19 5,444,880 --a------ c:\windows\system32\xa3831375.exe 2008-11-28 20:19 . 2008-11-28 20:19 5,444,880 --a------ c:\windows\system32\xa3831015.exe 2008-11-28 20:17 . 2008-11-28 20:17 5,444,880 --a------ c:\windows\system32\xa3739296.exe 2008-11-28 20:17 . 2008-11-28 20:17 5,444,880 --a------ c:\windows\system32\xa3738875.exe 2008-11-28 20:17 . 2008-11-28 20:17 176,128 --a------ c:\windows\system32\xwr26220.dll 2008-11-28 20:17 . 2008-11-28 20:17 176,128 --a------ c:\windows\system32\wr26220.dll 2008-11-28 18:48 . 2008-11-28 18:48 319,488 --a------ c:\windows\HideWin.exe 2008-11-24 21:59 . 2008-11-24 21:59 <DIR> d-------- c:\program files\Common Files\COWON 2008-11-24 21:59 . 2008-11-24 21:59 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\COWON 2008-11-24 21:59 . 2008-11-24 21:59 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\COWON 2008-11-24 21:59 . 2008-11-24 21:59 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\COWON 2008-11-24 20:16 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys 2008-11-24 20:16 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys 2008-11-24 20:16 . 2008-11-10 15:35 34,816 --a------ c:\windows\system32\RtkCoInstXP.dll 2008-11-24 19:55 . 2008-11-24 19:55 <DIR> d-------- c:\program files\4U Computing 2008-11-24 19:55 . 2002-12-03 03:02 491,520 --a------ c:\windows\system32\NCTAudioFile.dll 2008-11-24 19:55 . 2002-01-05 07:37 344,064 --a------ c:\windows\system32\msvcr70.dll 2008-11-24 19:55 . 2003-03-25 15:08 286,720 --a------ c:\windows\system32\NCTWMAFile2.dll 2008-11-24 19:55 . 2002-12-03 03:07 168,448 --a------ c:\windows\system32\NCTAudioPlayer.dll 2008-11-24 19:55 . 2002-12-03 03:11 143,872 --a------ c:\windows\system32\NCTWMAFile.dll 2008-11-24 19:55 . 2002-03-19 07:18 120,832 --a------ c:\windows\system32\lame_enc.dll 2008-11-24 12:43 . 2008-11-24 12:43 <DIR> d-------- c:\program files\Common Files\Totem Shared 2008-11-24 12:43 . 2008-11-24 12:43 4 --a------ c:\windows\num41.jbd 2008-11-24 12:43 . 2008-11-24 12:43 4 --a------ c:\windows\info147.sys 2008-11-24 12:43 . 2008-11-24 12:43 4 --a------ c:\windows\data4711.bak 2008-11-23 13:31 . 2008-11-23 13:32 <DIR> d-------- c:\program files\Hamachi 2008-11-23 12:21 . 2008-11-23 12:21 <DIR> d-------- c:\program files\VID_0E8F&PID_0003 2008-11-15 10:45 . 2008-11-15 10:45 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\Sports Interactive 2008-11-15 10:45 . 2008-11-15 10:45 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\Sports Interactive 2008-11-15 10:45 . 2008-11-15 10:45 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\Sports Interactive 2008-11-15 10:45 . 2008-11-15 10:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Sports Interactive 2008-11-12 18:53 . 2008-11-12 18:53 <DIR> d-------- c:\program files\Activision 2008-11-12 18:47 . 2008-11-12 18:47 <DIR> d--hs---- c:\windows\ftpcache 2008-11-11 11:01 . 2008-11-11 11:01 <DIR> d-------- c:\program files\HyperSnap-DX 5 2008-11-09 17:23 . 2008-11-09 17:23 <DIR> d-------- c:\program files\Common Files\DirectX 2008-11-09 17:21 . 2008-11-09 17:21 32 --a------ c:\windows\ZSAM.INI 2008-10-29 19:20 . 2008-10-29 19:38 <DIR> d-------- c:\program files\Prime95 2008-10-29 18:50 . 2008-10-29 18:50 <DIR> d-------- c:\program files\Tibia . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 18:41 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Hamachi 2008-11-29 18:41 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Hamachi 2008-11-29 18:41 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Hamachi 2008-11-29 18:41 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\DMCache 2008-11-29 18:41 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\DMCache 2008-11-29 18:41 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\DMCache 2008-11-29 18:30 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-11-28 19:17 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-23 12:31 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2008-11-22 18:52 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\mIRC 2008-11-22 18:52 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\mIRC 2008-11-22 18:52 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\mIRC 2008-11-22 15:58 --------- d-----w c:\program files\mIRC 2008-11-22 10:49 4,000 ----a-w C:\ao.dat 2008-11-18 14:12 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ahead 2008-11-18 14:12 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ahead 2008-11-18 14:12 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ahead 2008-11-13 18:48 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2008-11-12 18:04 22,328 ----a-w c:\documents and settings\Mój komputer\Dane aplikacji\PnkBstrK.sys 2008-11-12 18:04 22,328 ----a-w c:\documents and settings\Mój komputer\Dane aplikacji\PnkBstrK.sys 2008-11-12 18:04 22,328 ----a-w c:\documents and settings\Mój komputer\Dane aplikacji\PnkBstrK.sys 2008-10-29 18:29 --------- d-----w c:\program files\ASUS 2008-10-29 18:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Skype 2008-10-29 18:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Skype 2008-10-29 18:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Skype 2008-10-29 17:36 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\skypePM 2008-10-29 17:36 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\skypePM 2008-10-29 17:36 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\skypePM 2008-10-27 18:12 --------- d-----w c:\program files\FIFApatcher 2008-10-24 05:15 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Tibia 2008-10-24 05:15 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Tibia 2008-10-24 05:15 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Tibia 2008-10-23 17:35 --------- d-----w c:\program files\NAPI-PROJEKT 2008-10-21 17:04 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ventrilo 2008-10-21 17:04 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ventrilo 2008-10-21 17:04 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ventrilo 2008-10-21 16:59 --------- d-----w c:\program files\Ventrilo 2008-10-21 16:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-21 13:09 --------- d-----w c:\program files\Asprate 2008-10-20 17:43 --------- d-----w c:\program files\Akademicki 2008-10-20 12:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\TibiaTestserver 2008-10-20 12:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\TibiaTestserver 2008-10-20 12:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\TibiaTestserver 2008-10-20 12:08 --------- d-----w c:\program files\Eloth 2008-10-18 15:08 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\KONAMI 2008-10-18 13:15 --------- d-----w c:\program files\WypasOT Client 8.31 2008-10-17 13:10 --------- d-----w c:\program files\Tibia Auto 2008-10-15 15:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft 2008-10-15 15:08 --------- d-----w c:\program files\Lavasoft 2008-10-15 14:47 --------- d-----w c:\program files\Trend Micro 2008-10-14 10:09 --------- d-----w c:\program files\Nero 2008-10-14 10:09 --------- d-----w c:\program files\Common Files\Ahead 2008-10-14 10:09 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2008-10-14 09:10 --------- d-----w c:\program files\Winamp 2008-10-14 09:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Winamp 2008-10-14 09:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Winamp 2008-10-14 09:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Winamp 2008-10-12 18:06 --------- d-----w c:\program files\BearShare 2008-10-11 14:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Samsung 2008-10-11 14:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Samsung 2008-10-11 14:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Samsung 2008-10-11 13:25 --------- d-----w c:\program files\Samsung 2008-10-10 17:51 --------- d--h--r c:\documents and settings\Mój komputer\Dane aplikacji\SecuROM 2008-10-10 17:51 --------- d--h--r c:\documents and settings\Mój komputer\Dane aplikacji\SecuROM 2008-10-10 17:51 --------- d--h--r c:\documents and settings\Mój komputer\Dane aplikacji\SecuROM 2008-10-10 17:42 --------- d-----w c:\program files\AGEIA Technologies 2008-10-09 18:35 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\OpenOffice.ux.pl2 2008-10-09 18:35 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\OpenOffice.ux.pl2 2008-10-09 18:35 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\OpenOffice.ux.pl2 2008-10-05 08:48 --------- d-----w c:\program files\KONAMI 2008-10-03 14:27 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Leadertech 2008-10-03 14:27 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Leadertech 2008-10-03 14:27 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Leadertech 2008-10-03 14:15 --------- d-----w c:\program files\EA SPORTS 2008-10-01 19:10 --------- d-----w c:\program files\Skype 2008-10-01 19:10 --------- d-----w c:\program files\Common Files\Skype 2008-10-01 19:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype 2008-09-30 15:42 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\IDM 2008-09-30 15:42 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\IDM 2008-09-30 15:42 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\IDM 2008-09-28 18:18 --------- d-----w c:\program files\Teamspeak2_RC2 2008-09-28 18:18 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\teamspeak2 2008-09-28 18:18 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\teamspeak2 2008-09-28 18:18 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\teamspeak2 2008-09-28 14:02 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ArcSoft 2008-09-27 15:17 7,060 ----a-w c:\documents and settings\Mój komputer\FMCodec.dat 2008-09-27 15:17 7,060 ----a-w c:\documents and settings\Mój komputer\FMCodec.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F51766C3-4635-3137-A458-E929397DE96B}] 2008-11-28 20:17 176128 --a------ c:\windows\system32\xwr26220.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992] "IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2008-09-12 2606512] "WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-06-25 5625344] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-07-11 90112] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] "Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-26 1423360] "QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432] "Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\M˘j komputer\Menu Start\Programy\Autostart\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-11-23 625952] Need for Speedt Undercover Registration.lnk - d:\program files\EA GAMES\Need for Speed Undercover\Support\EAregister.exe [2008-10-22 4369408] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^hamachi.lnk] path=c:\documents and settings\Mój komputer\Menu Start\Programy\Autostart\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.3.1.lnk] path=c:\documents and settings\Mój komputer\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.3.1.lnk backup=c:\windows\pss\OpenOffice.ux.pl 2.3.1.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 17:53 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-09-29 16:57 21755688 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "d:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Mój komputer\\Pulpit\\vty-0213\\pes2009.exe"= "d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Documents and Settings\\Mój komputer\\Pulpit\\rld-pro9\\pes2009.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-24 78416] R2 ACDaemon;ArcSoft Connect Daemon;c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-09-27 109056] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-24 20560] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-23 93696] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-09-23 36864] S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [] . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL . ------- Skan uzupełniający ------- . FireFox -: Profile - c:\documents and settings\Mój komputer\Dane aplikacji\Mozilla\Firefox\Profiles\g7uiga9p.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pl . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-29 19:41:03 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(804) c:\windows\system32\Ati2evxx.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\dumprep.exe c:\program files\Prime95\Prime95.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Czas ukończenia: 2008-11-29 19:42:35 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2008-11-29 18:42:33 Przed: 6 934 142 976 bajtów wolnych Po: 7,213,387,776 bajtów wolnych 394

PROSZE O SZYBKA POMOC!

**Posty:** 8001 · przez **Okocza** 29 Lis 2008, 20:46

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 125 · przez **szczoti** 29 Lis 2008, 21:17

Zrobione wg zaleceń o to logi:

SDfix:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by M˘j komputer on 2008-11-29 at 19:57 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\Documents and Settings\M˘j komputer\Moje dokumenty\Downloads\Programs\Cheap Pharmacy Online.url - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-29 20:08:46 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:fb,6b,ba,bf,b4,8d,59,3d,6c,8e,93,43,1e,5b,e0,40,d7,12,eb,68,9e,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,5b,e0,a6,81,d1,a6,c3,d8,1f,2c,63,37,3d,18,bd,af,4d,.. "khjeh"=hex:45,dc,a5,ab,89,64,77,1b,14,dc,4d,5e,c7,97,25,1e,65,c7,39,82,a7,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:6a,1f,d6,7a,1f,dd,b1,1d,52,13,bf,d2,ad,06,c0,70,03,9e,e2,76,d1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:fb,6b,ba,bf,b4,8d,59,3d,6c,8e,93,43,1e,5b,e0,40,d7,12,eb,68,9e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,5b,e0,a6,81,d1,a6,c3,d8,1f,2c,63,37,3d,18,bd,af,4d,.. "khjeh"=hex:45,dc,a5,ab,89,64,77,1b,14,dc,4d,5e,c7,97,25,1e,65,c7,39,82,a7,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:6a,1f,d6,7a,1f,dd,b1,1d,52,13,bf,d2,ad,06,c0,70,03,9e,e2,76,d1,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2" "D:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"="D:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008" "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Disabled:EA Download Manager" "D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"="D:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "D:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"="D:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe:*:Enabled:biahh" "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Documents and Settings\\M˘j komputer\\Pulpit\\vty-0213\\pes2009.exe"="C:\\Documents and Settings\\M˘j komputer\\Pulpit\\vty-0213\\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009" "D:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"="D:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe:*:Enabled:Far Cry 2" "D:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"="D:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater" "D:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"="D:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe:*:Enabled:Editor" "C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)" "C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)" "C:\\Documents and Settings\\M˘j komputer\\Pulpit\\rld-pro9\\pes2009.exe"="C:\\Documents and Settings\\M˘j komputer\\Pulpit\\rld-pro9\\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Tue 24 Jun 2008 385,024 ...H. --- "C:\ASUS.SYS\SplashtopDll.dll" Thu 23 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 23 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sat 29 Nov 2008 4,579 ...HR --- "C:\Documents and Settings\M˘j komputer\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak" [b]Finished![/b]

hijack

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:12:17, on 2008-11-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Prime95\prime95.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\WinFast\WFDTV\DTVSchdl.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\WinFast\WFDTV\WFWIZ.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Documents and Settings\Mój komputer\Pulpit\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/online/cccwelcome/drivers.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: D - {F51766C3-4635-3137-A458-E929397DE96B} - C:\WINDOWS\system32\xwr26220.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent O4 - HKCU\..\Run: [IDMan] d:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Startup: Need for Speed™ Undercover Registration.lnk = D:\Program Files\EA GAMES\Need for Speed Undercover\Support\EAregister.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 O8 - Extra context menu item: Ściągnij przez IDM - D:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222236355343 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8713 bytes

ComboFix;

Kod: Zaznacz wszystko: ComboFix 08-11-28.03 - Mój komputer 2008-11-29 20:13:12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2713 [GMT 1:00] Uruchomiony z: c:\documents and settings\Mój komputer\Pulpit\ComboFix.exe [COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR] . ((((((((((((((((((((((((( Pliki utworzone od 2008-10-28 do 2008-11-29 ))))))))))))))))))))))))))))))) . 2008-11-29 19:55 . 2008-11-29 19:55 <DIR> d-------- c:\windows\ERUNT 2008-11-29 16:43 . 2007-11-14 08:18 553 -r------- c:\windows\USetup.iss 2008-11-28 20:36 . 2008-11-28 20:36 5,444,880 --a------ c:\windows\system32\xa4863343.exe 2008-11-28 20:36 . 2008-11-28 20:36 5,444,880 --a------ c:\windows\system32\xa4862984.exe 2008-11-28 20:31 . 2008-11-28 20:31 5,444,880 --a------ c:\windows\system32\xa4566984.exe 2008-11-28 20:31 . 2008-11-28 20:31 5,444,880 --a------ c:\windows\system32\xa4566593.exe 2008-11-28 20:29 . 2008-11-28 20:29 5,444,880 --a------ c:\windows\system32\xa4425437.exe 2008-11-28 20:29 . 2008-11-28 20:29 5,444,880 --a------ c:\windows\system32\xa4425015.exe 2008-11-28 20:24 . 2008-11-28 20:24 5,444,880 --a------ c:\windows\system32\xa4125500.exe 2008-11-28 20:24 . 2008-11-28 20:24 5,444,880 --a------ c:\windows\system32\xa4125140.exe 2008-11-28 20:22 . 2008-11-28 20:22 5,444,880 --a------ c:\windows\system32\xa4036000.exe 2008-11-28 20:22 . 2008-11-28 20:22 5,444,880 --a------ c:\windows\system32\xa4035468.exe 2008-11-28 20:21 . 2008-11-28 20:21 <DIR> d-------- c:\windows\system32\zone 2008-11-28 20:20 . 2008-10-09 21:47 348,928 --a------ c:\windows\system32\code_post_gfx.ff 2008-11-28 20:19 . 2008-11-28 20:19 5,444,880 --a------ c:\windows\system32\xa3831375.exe 2008-11-28 20:19 . 2008-11-28 20:19 5,444,880 --a------ c:\windows\system32\xa3831015.exe 2008-11-28 20:17 . 2008-11-28 20:17 5,444,880 --a------ c:\windows\system32\xa3739296.exe 2008-11-28 20:17 . 2008-11-28 20:17 5,444,880 --a------ c:\windows\system32\xa3738875.exe 2008-11-28 20:17 . 2008-11-28 20:17 176,128 --a------ c:\windows\system32\xwr26220.dll 2008-11-28 20:17 . 2008-11-28 20:17 176,128 --a------ c:\windows\system32\wr26220.dll 2008-11-28 18:48 . 2008-11-28 18:48 319,488 --a------ c:\windows\HideWin.exe 2008-11-24 21:59 . 2008-11-24 21:59 <DIR> d-------- c:\program files\Common Files\COWON 2008-11-24 21:59 . 2008-11-24 21:59 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\COWON 2008-11-24 21:59 . 2008-11-24 21:59 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\COWON 2008-11-24 21:59 . 2008-11-24 21:59 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\COWON 2008-11-24 20:16 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys 2008-11-24 20:16 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys 2008-11-24 20:16 . 2008-11-10 15:35 34,816 --a------ c:\windows\system32\RtkCoInstXP.dll 2008-11-24 19:55 . 2008-11-24 19:55 <DIR> d-------- c:\program files\4U Computing 2008-11-24 19:55 . 2002-12-03 03:02 491,520 --a------ c:\windows\system32\NCTAudioFile.dll 2008-11-24 19:55 . 2002-01-05 07:37 344,064 --a------ c:\windows\system32\msvcr70.dll 2008-11-24 19:55 . 2003-03-25 15:08 286,720 --a------ c:\windows\system32\NCTWMAFile2.dll 2008-11-24 19:55 . 2002-12-03 03:07 168,448 --a------ c:\windows\system32\NCTAudioPlayer.dll 2008-11-24 19:55 . 2002-12-03 03:11 143,872 --a------ c:\windows\system32\NCTWMAFile.dll 2008-11-24 19:55 . 2002-03-19 07:18 120,832 --a------ c:\windows\system32\lame_enc.dll 2008-11-24 12:43 . 2008-11-24 12:43 <DIR> d-------- c:\program files\Common Files\Totem Shared 2008-11-24 12:43 . 2008-11-24 12:43 4 --a------ c:\windows\num41.jbd 2008-11-24 12:43 . 2008-11-24 12:43 4 --a------ c:\windows\info147.sys 2008-11-24 12:43 . 2008-11-24 12:43 4 --a------ c:\windows\data4711.bak 2008-11-23 13:31 . 2008-11-23 13:32 <DIR> d-------- c:\program files\Hamachi 2008-11-23 12:21 . 2008-11-23 12:21 <DIR> d-------- c:\program files\VID_0E8F&PID_0003 2008-11-15 10:45 . 2008-11-15 10:45 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\Sports Interactive 2008-11-15 10:45 . 2008-11-15 10:45 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\Sports Interactive 2008-11-15 10:45 . 2008-11-15 10:45 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\Sports Interactive 2008-11-15 10:45 . 2008-11-15 10:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Sports Interactive 2008-11-12 18:53 . 2008-11-12 18:53 <DIR> d-------- c:\program files\Activision 2008-11-12 18:47 . 2008-11-12 18:47 <DIR> d--hs---- c:\windows\ftpcache 2008-11-11 11:01 . 2008-11-11 11:01 <DIR> d-------- c:\program files\HyperSnap-DX 5 2008-11-09 17:23 . 2008-11-09 17:23 <DIR> d-------- c:\program files\Common Files\DirectX 2008-11-09 17:21 . 2008-11-09 17:21 32 --a------ c:\windows\ZSAM.INI 2008-10-29 19:20 . 2008-10-29 19:38 <DIR> d-------- c:\program files\Prime95 2008-10-29 18:50 . 2008-10-29 18:50 <DIR> d-------- c:\program files\Tibia . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 19:16 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Hamachi 2008-11-29 19:16 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Hamachi 2008-11-29 19:16 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Hamachi 2008-11-29 19:15 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\DMCache 2008-11-29 19:15 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\DMCache 2008-11-29 19:15 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\DMCache 2008-11-29 18:30 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-11-28 19:17 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-23 12:31 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2008-11-22 18:52 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\mIRC 2008-11-22 18:52 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\mIRC 2008-11-22 18:52 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\mIRC 2008-11-22 15:58 --------- d-----w c:\program files\mIRC 2008-11-22 10:49 4,000 ----a-w C:\ao.dat 2008-11-18 14:12 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ahead 2008-11-18 14:12 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ahead 2008-11-18 14:12 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ahead 2008-11-13 18:48 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2008-11-12 18:04 22,328 ----a-w c:\documents and settings\Mój komputer\Dane aplikacji\PnkBstrK.sys 2008-11-12 18:04 22,328 ----a-w c:\documents and settings\Mój komputer\Dane aplikacji\PnkBstrK.sys 2008-11-12 18:04 22,328 ----a-w c:\documents and settings\Mój komputer\Dane aplikacji\PnkBstrK.sys 2008-10-29 18:29 --------- d-----w c:\program files\ASUS 2008-10-29 18:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Skype 2008-10-29 18:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Skype 2008-10-29 18:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Skype 2008-10-29 17:36 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\skypePM 2008-10-29 17:36 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\skypePM 2008-10-29 17:36 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\skypePM 2008-10-27 18:12 --------- d-----w c:\program files\FIFApatcher 2008-10-24 05:15 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Tibia 2008-10-24 05:15 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Tibia 2008-10-24 05:15 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Tibia 2008-10-23 17:35 --------- d-----w c:\program files\NAPI-PROJEKT 2008-10-21 17:04 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ventrilo 2008-10-21 17:04 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ventrilo 2008-10-21 17:04 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ventrilo 2008-10-21 16:59 --------- d-----w c:\program files\Ventrilo 2008-10-21 16:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-21 13:09 --------- d-----w c:\program files\Asprate 2008-10-20 17:43 --------- d-----w c:\program files\Akademicki 2008-10-20 12:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\TibiaTestserver 2008-10-20 12:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\TibiaTestserver 2008-10-20 12:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\TibiaTestserver 2008-10-20 12:08 --------- d-----w c:\program files\Eloth 2008-10-18 15:08 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\KONAMI 2008-10-18 13:15 --------- d-----w c:\program files\WypasOT Client 8.31 2008-10-17 13:10 --------- d-----w c:\program files\Tibia Auto 2008-10-15 15:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft 2008-10-15 15:08 --------- d-----w c:\program files\Lavasoft 2008-10-15 14:47 --------- d-----w c:\program files\Trend Micro 2008-10-14 10:09 --------- d-----w c:\program files\Nero 2008-10-14 10:09 --------- d-----w c:\program files\Common Files\Ahead 2008-10-14 10:09 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2008-10-14 09:10 --------- d-----w c:\program files\Winamp 2008-10-14 09:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Winamp 2008-10-14 09:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Winamp 2008-10-14 09:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Winamp 2008-10-12 18:06 --------- d-----w c:\program files\BearShare 2008-10-11 14:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Samsung 2008-10-11 14:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Samsung 2008-10-11 14:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Samsung 2008-10-11 13:25 --------- d-----w c:\program files\Samsung 2008-10-10 17:51 --------- d--h--r c:\documents and settings\Mój komputer\Dane aplikacji\SecuROM 2008-10-10 17:51 --------- d--h--r c:\documents and settings\Mój komputer\Dane aplikacji\SecuROM 2008-10-10 17:51 --------- d--h--r c:\documents and settings\Mój komputer\Dane aplikacji\SecuROM 2008-10-10 17:42 --------- d-----w c:\program files\AGEIA Technologies 2008-10-09 18:35 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\OpenOffice.ux.pl2 2008-10-09 18:35 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\OpenOffice.ux.pl2 2008-10-09 18:35 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\OpenOffice.ux.pl2 2008-10-05 08:48 --------- d-----w c:\program files\KONAMI 2008-10-03 14:27 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Leadertech 2008-10-03 14:27 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Leadertech 2008-10-03 14:27 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Leadertech 2008-10-03 14:15 --------- d-----w c:\program files\EA SPORTS 2008-10-01 19:10 --------- d-----w c:\program files\Skype 2008-10-01 19:10 --------- d-----w c:\program files\Common Files\Skype 2008-10-01 19:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype 2008-09-30 15:42 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\IDM 2008-09-30 15:42 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\IDM 2008-09-30 15:42 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\IDM 2008-09-28 18:18 --------- d-----w c:\program files\Teamspeak2_RC2 2008-09-28 18:18 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\teamspeak2 2008-09-28 18:18 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\teamspeak2 2008-09-28 18:18 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\teamspeak2 2008-09-28 14:02 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ArcSoft 2008-09-27 15:17 7,060 ----a-w c:\documents and settings\Mój komputer\FMCodec.dat 2008-09-27 15:17 7,060 ----a-w c:\documents and settings\Mój komputer\FMCodec.dat 2006-06-24 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-29_19.42.23.43 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2008-11-29 18:55:34 4,325,376 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-11-29 18:55:35 172,032 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-11-29 18:55:24 4,325,376 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-11-29 18:55:25 172,032 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat - 2008-11-29 18:33:52 71,250 ----a-w c:\windows\system32\perfc009.dat + 2008-11-29 19:10:40 71,250 ----a-w c:\windows\system32\perfc009.dat - 2008-11-29 18:33:52 89,144 ----a-w c:\windows\system32\perfc015.dat + 2008-11-29 19:10:40 89,144 ----a-w c:\windows\system32\perfc015.dat - 2008-11-29 18:33:52 441,184 ----a-w c:\windows\system32\perfh009.dat + 2008-11-29 19:10:40 441,184 ----a-w c:\windows\system32\perfh009.dat - 2008-11-29 18:33:52 500,034 ----a-w c:\windows\system32\perfh015.dat + 2008-11-29 19:10:40 500,034 ----a-w c:\windows\system32\perfh015.dat + 2008-11-29 19:15:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_700.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F51766C3-4635-3137-A458-E929397DE96B}] 2008-11-28 20:17 176128 --a------ c:\windows\system32\xwr26220.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992] "IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2008-09-12 2606512] "WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-06-25 5625344] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-07-11 90112] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] "Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-26 1423360] "QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432] "Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\M˘j komputer\Menu Start\Programy\Autostart\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-11-23 625952] Need for Speedt Undercover Registration.lnk - d:\program files\EA GAMES\Need for Speed Undercover\Support\EAregister.exe [2008-10-22 4369408] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^hamachi.lnk] path=c:\documents and settings\Mój komputer\Menu Start\Programy\Autostart\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.3.1.lnk] path=c:\documents and settings\Mój komputer\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.3.1.lnk backup=c:\windows\pss\OpenOffice.ux.pl 2.3.1.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 17:53 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-09-29 16:57 21755688 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "d:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Mój komputer\\Pulpit\\vty-0213\\pes2009.exe"= "d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Documents and Settings\\Mój komputer\\Pulpit\\rld-pro9\\pes2009.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-24 78416] R2 ACDaemon;ArcSoft Connect Daemon;c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-09-27 109056] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-24 20560] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-23 93696] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-09-23 36864] S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [] . . ------- Skan uzupełniający ------- . FireFox -: Profile - c:\documents and settings\Mój komputer\Dane aplikacji\Mozilla\Firefox\Profiles\g7uiga9p.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pl . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-29 20:15:29 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(800) c:\windows\system32\Ati2evxx.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\system32\PnkBstrA.exe c:\program files\Prime95\Prime95.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2008-11-29 20:16:39 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2008-11-29 19:16:37 ComboFix2.txt 2008-11-29 18:42:36 Przed: 7 190 142 976 bajtów wolnych Po: 7,178,461,184 bajtów wolnych 299

**Posty:** 8001 · przez **Okocza** 29 Lis 2008, 21:47

Kod: Zaznacz wszystko: File:: c:\windows\system32\xa4863343.exe c:\windows\system32\xa4862984.exe c:\windows\system32\xa4566984.exe c:\windows\system32\xa4566593.exe c:\windows\system32\xa4425437.exe c:\windows\system32\xa4425015.exe c:\windows\system32\xa4125500.exe c:\windows\system32\xa4125140.exe c:\windows\system32\xa4036000.exe c:\windows\system32\xa4035468.exe c:\windows\system32\xa3831375.exe c:\windows\system32\xa3831015.exe c:\windows\system32\xa3739296.exe c:\windows\system32\xa3738875.exe c:\windows\system32\xwr26220.dll c:\windows\system32\wr26220.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F51766C3-4635-3137-A458-E929397DE96B}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"=-

Te pliki przeskanuj na www.virustotal.com

Kod: Zaznacz wszystko: c:\windows\num41.jbd c:\windows\info147.sys c:\windows\data4711.bak C:\ao.dat

to fixujesz w hj

Kod: Zaznacz wszystko: O2 - BHO: D - {F51766C3-4635-3137-A458-E929397DE96B} - C:\WINDOWS\system32\xwr26220.dll O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe

**Posty:** 125 · przez **szczoti** 29 Lis 2008, 21:57

dalem do fix w hj przeskanowalem i nie wykrylo wirusa,a to pierwsze co podales to co z tym zrobic?

**Posty:** 8001 · przez **Okocza** 29 Lis 2008, 21:59

sry, zapomniałem dopisać instrukcji...

otwórz notanik i wklej:

Kod: Zaznacz wszystko: File:: c:\windows\system32\xa4863343.exe c:\windows\system32\xa4862984.exe c:\windows\system32\xa4566984.exe c:\windows\system32\xa4566593.exe c:\windows\system32\xa4425437.exe c:\windows\system32\xa4425015.exe c:\windows\system32\xa4125500.exe c:\windows\system32\xa4125140.exe c:\windows\system32\xa4036000.exe c:\windows\system32\xa4035468.exe c:\windows\system32\xa3831375.exe c:\windows\system32\xa3831015.exe c:\windows\system32\xa3739296.exe c:\windows\system32\xa3738875.exe c:\windows\system32\xwr26220.dll c:\windows\system32\wr26220.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F51766C3-4635-3137-A458-E929397DE96B}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"=-

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

**Posty:** 125 · przez **szczoti** 29 Lis 2008, 22:10

Nowy log

Kod: Zaznacz wszystko: ComboFix 08-11-28.03 - Mój komputer 2008-11-29 21:02:32.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2372 [GMT 1:00] Uruchomiony z: c:\documents and settings\Mój komputer\Pulpit\Zabezpieczenia\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Mój komputer\Pulpit\Zabezpieczenia\CFScript.txt * Utworzono nowy punkt przywracania * Resident AV is active [COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR] FILE :: c:\windows\system32\wr26220.dll c:\windows\system32\xa3738875.exe c:\windows\system32\xa3739296.exe c:\windows\system32\xa3831015.exe c:\windows\system32\xa3831375.exe c:\windows\system32\xa4035468.exe c:\windows\system32\xa4036000.exe c:\windows\system32\xa4125140.exe c:\windows\system32\xa4125500.exe c:\windows\system32\xa4425015.exe c:\windows\system32\xa4425437.exe c:\windows\system32\xa4566593.exe c:\windows\system32\xa4566984.exe c:\windows\system32\xa4862984.exe c:\windows\system32\xa4863343.exe c:\windows\system32\xwr26220.dll . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\wr26220.dll c:\windows\system32\xa3738875.exe c:\windows\system32\xa3739296.exe c:\windows\system32\xa3831015.exe c:\windows\system32\xa3831375.exe c:\windows\system32\xa4035468.exe c:\windows\system32\xa4036000.exe c:\windows\system32\xa4125140.exe c:\windows\system32\xa4125500.exe c:\windows\system32\xa4425015.exe c:\windows\system32\xa4425437.exe c:\windows\system32\xa4566593.exe c:\windows\system32\xa4566984.exe c:\windows\system32\xa4862984.exe c:\windows\system32\xa4863343.exe . ((((((((((((((((((((((((( Pliki utworzone od 2008-10-28 do 2008-11-29 ))))))))))))))))))))))))))))))) . 2008-11-29 21:01 . 2008-11-29 21:01 0 --a------ C:\rollback.ini 2008-11-29 20:23 . 2008-11-29 20:23 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\MailFrontier 2008-11-29 20:23 . 2008-11-29 20:23 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\MailFrontier 2008-11-29 20:23 . 2008-11-29 20:23 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\MailFrontier 2008-11-29 20:22 . 2008-11-29 21:07 1,007,136 --ahs---- c:\windows\system32\drivers\fidbox.dat 2008-11-29 20:22 . 2008-11-29 21:05 17,624 --ahs---- c:\windows\system32\drivers\fidbox.idx 2008-11-29 20:20 . 2008-11-29 20:20 <DIR> d-------- c:\program files\ZoneAlarmSB 2008-11-29 20:19 . 2008-11-29 20:35 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\MailFrontier 2008-11-29 20:19 . 2008-11-29 20:28 4,212 ---h----- c:\windows\system32\zllictbl.dat 2008-11-29 20:17 . 2008-11-29 20:48 <DIR> d-------- c:\windows\Internet Logs 2008-11-29 19:55 . 2008-11-29 19:55 <DIR> d-------- c:\windows\ERUNT 2008-11-29 16:43 . 2007-11-14 08:18 553 -r------- c:\windows\USetup.iss 2008-11-28 20:21 . 2008-11-28 20:21 <DIR> d-------- c:\windows\system32\zone 2008-11-28 20:20 . 2008-10-09 21:47 348,928 --a------ c:\windows\system32\code_post_gfx.ff 2008-11-28 18:48 . 2008-11-28 18:48 319,488 --a------ c:\windows\HideWin.exe 2008-11-24 21:59 . 2008-11-24 21:59 <DIR> d-------- c:\program files\Common Files\COWON 2008-11-24 21:59 . 2008-11-24 21:59 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\COWON 2008-11-24 21:59 . 2008-11-24 21:59 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\COWON 2008-11-24 21:59 . 2008-11-24 21:59 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\COWON 2008-11-24 20:16 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys 2008-11-24 20:16 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys 2008-11-24 20:16 . 2008-11-10 15:35 34,816 --a------ c:\windows\system32\RtkCoInstXP.dll 2008-11-24 19:55 . 2008-11-24 19:55 <DIR> d-------- c:\program files\4U Computing 2008-11-24 19:55 . 2002-12-03 03:02 491,520 --a------ c:\windows\system32\NCTAudioFile.dll 2008-11-24 19:55 . 2002-01-05 07:37 344,064 --a------ c:\windows\system32\msvcr70.dll 2008-11-24 19:55 . 2003-03-25 15:08 286,720 --a------ c:\windows\system32\NCTWMAFile2.dll 2008-11-24 19:55 . 2002-12-03 03:07 168,448 --a------ c:\windows\system32\NCTAudioPlayer.dll 2008-11-24 19:55 . 2002-12-03 03:11 143,872 --a------ c:\windows\system32\NCTWMAFile.dll 2008-11-24 19:55 . 2002-03-19 07:18 120,832 --a------ c:\windows\system32\lame_enc.dll 2008-11-24 12:43 . 2008-11-24 12:43 <DIR> d-------- c:\program files\Common Files\Totem Shared 2008-11-24 12:43 . 2008-11-24 12:43 4 --a------ c:\windows\num41.jbd 2008-11-24 12:43 . 2008-11-24 12:43 4 --a------ c:\windows\info147.sys 2008-11-24 12:43 . 2008-11-24 12:43 4 --a------ c:\windows\data4711.bak 2008-11-23 13:31 . 2008-11-23 13:32 <DIR> d-------- c:\program files\Hamachi 2008-11-23 12:21 . 2008-11-23 12:21 <DIR> d-------- c:\program files\VID_0E8F&PID_0003 2008-11-15 10:45 . 2008-11-15 10:45 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\Sports Interactive 2008-11-15 10:45 . 2008-11-15 10:45 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\Sports Interactive 2008-11-15 10:45 . 2008-11-15 10:45 <DIR> d-------- c:\documents and settings\Mój komputer\Dane aplikacji\Sports Interactive 2008-11-15 10:45 . 2008-11-15 10:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Sports Interactive 2008-11-12 18:53 . 2008-11-12 18:53 <DIR> d-------- c:\program files\Activision 2008-11-12 18:47 . 2008-11-12 18:47 <DIR> d--hs---- c:\windows\ftpcache 2008-11-11 11:01 . 2008-11-11 11:01 <DIR> d-------- c:\program files\HyperSnap-DX 5 2008-11-09 17:23 . 2008-11-09 17:23 <DIR> d-------- c:\program files\Common Files\DirectX 2008-11-09 17:21 . 2008-11-09 17:21 32 --a------ c:\windows\ZSAM.INI 2008-10-29 19:20 . 2008-10-29 19:38 <DIR> d-------- c:\program files\Prime95 2008-10-29 18:50 . 2008-10-29 18:50 <DIR> d-------- c:\program files\Tibia . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 20:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Hamachi 2008-11-29 20:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Hamachi 2008-11-29 20:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Hamachi 2008-11-29 20:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\DMCache 2008-11-29 20:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\DMCache 2008-11-29 20:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\DMCache 2008-11-29 18:30 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-11-28 19:17 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-23 12:31 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2008-11-22 18:52 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\mIRC 2008-11-22 18:52 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\mIRC 2008-11-22 18:52 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\mIRC 2008-11-22 15:58 --------- d-----w c:\program files\mIRC 2008-11-22 10:49 4,000 ----a-w C:\ao.dat 2008-11-18 14:12 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ahead 2008-11-18 14:12 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ahead 2008-11-18 14:12 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ahead 2008-11-13 18:48 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2008-11-12 18:04 22,328 ----a-w c:\documents and settings\Mój komputer\Dane aplikacji\PnkBstrK.sys 2008-11-12 18:04 22,328 ----a-w c:\documents and settings\Mój komputer\Dane aplikacji\PnkBstrK.sys 2008-11-12 18:04 22,328 ----a-w c:\documents and settings\Mój komputer\Dane aplikacji\PnkBstrK.sys 2008-10-29 18:29 --------- d-----w c:\program files\ASUS 2008-10-29 18:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Skype 2008-10-29 18:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Skype 2008-10-29 18:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Skype 2008-10-29 17:36 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\skypePM 2008-10-29 17:36 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\skypePM 2008-10-29 17:36 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\skypePM 2008-10-27 18:12 --------- d-----w c:\program files\FIFApatcher 2008-10-24 05:15 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Tibia 2008-10-24 05:15 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Tibia 2008-10-24 05:15 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Tibia 2008-10-23 17:35 --------- d-----w c:\program files\NAPI-PROJEKT 2008-10-21 17:04 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ventrilo 2008-10-21 17:04 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ventrilo 2008-10-21 17:04 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Ventrilo 2008-10-21 16:59 --------- d-----w c:\program files\Ventrilo 2008-10-21 16:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-21 13:09 --------- d-----w c:\program files\Asprate 2008-10-20 17:43 --------- d-----w c:\program files\Akademicki 2008-10-20 12:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\TibiaTestserver 2008-10-20 12:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\TibiaTestserver 2008-10-20 12:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\TibiaTestserver 2008-10-20 12:08 --------- d-----w c:\program files\Eloth 2008-10-18 15:08 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\KONAMI 2008-10-18 13:15 --------- d-----w c:\program files\WypasOT Client 8.31 2008-10-17 13:10 --------- d-----w c:\program files\Tibia Auto 2008-10-15 15:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft 2008-10-15 15:08 --------- d-----w c:\program files\Lavasoft 2008-10-15 14:47 --------- d-----w c:\program files\Trend Micro 2008-10-14 10:09 --------- d-----w c:\program files\Nero 2008-10-14 10:09 --------- d-----w c:\program files\Common Files\Ahead 2008-10-14 10:09 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2008-10-14 09:10 --------- d-----w c:\program files\Winamp 2008-10-14 09:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Winamp 2008-10-14 09:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Winamp 2008-10-14 09:10 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Winamp 2008-10-12 18:06 --------- d-----w c:\program files\BearShare 2008-10-11 14:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Samsung 2008-10-11 14:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Samsung 2008-10-11 14:07 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Samsung 2008-10-11 13:25 --------- d-----w c:\program files\Samsung 2008-10-10 17:51 --------- d--h--r c:\documents and settings\Mój komputer\Dane aplikacji\SecuROM 2008-10-10 17:51 --------- d--h--r c:\documents and settings\Mój komputer\Dane aplikacji\SecuROM 2008-10-10 17:51 --------- d--h--r c:\documents and settings\Mój komputer\Dane aplikacji\SecuROM 2008-10-10 17:42 --------- d-----w c:\program files\AGEIA Technologies 2008-10-09 18:35 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\OpenOffice.ux.pl2 2008-10-09 18:35 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\OpenOffice.ux.pl2 2008-10-09 18:35 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\OpenOffice.ux.pl2 2008-10-05 08:48 --------- d-----w c:\program files\KONAMI 2008-10-03 14:27 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Leadertech 2008-10-03 14:27 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Leadertech 2008-10-03 14:27 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\Leadertech 2008-10-03 14:15 --------- d-----w c:\program files\EA SPORTS 2008-10-01 19:10 --------- d-----w c:\program files\Skype 2008-10-01 19:10 --------- d-----w c:\program files\Common Files\Skype 2008-10-01 19:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype 2008-09-30 15:42 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\IDM 2008-09-30 15:42 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\IDM 2008-09-30 15:42 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\IDM 2008-09-28 18:18 --------- d-----w c:\program files\Teamspeak2_RC2 2008-09-28 18:18 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\teamspeak2 2008-09-28 18:18 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\teamspeak2 2008-09-28 18:18 --------- d-----w c:\documents and settings\Mój komputer\Dane aplikacji\teamspeak2 2008-09-28 14:02 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ArcSoft 2008-09-27 15:17 7,060 ----a-w c:\documents and settings\Mój komputer\FMCodec.dat 2008-09-27 15:17 7,060 ----a-w c:\documents and settings\Mój komputer\FMCodec.dat . ((((((((((((((((((((((((((((( snapshot@2008-11-29_19.42.23.43 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2008-11-29 18:55:34 4,325,376 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-11-29 18:55:35 172,032 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-11-29 18:55:24 4,325,376 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-11-29 18:55:25 172,032 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2007-07-19 14:10:28 127,768 ----a-w c:\windows\system32\drivers\klif.sys + 2008-07-09 08:05:08 796,048 ----a-w c:\windows\system32\libeay32_0.9.6l.dll - 2008-11-29 18:33:52 71,250 ----a-w c:\windows\system32\perfc009.dat + 2008-11-29 19:42:52 71,250 ----a-w c:\windows\system32\perfc009.dat - 2008-11-29 18:33:52 89,144 ----a-w c:\windows\system32\perfc015.dat + 2008-11-29 19:42:52 89,144 ----a-w c:\windows\system32\perfc015.dat - 2008-11-29 18:33:52 441,184 ----a-w c:\windows\system32\perfh009.dat + 2008-11-29 19:42:52 441,184 ----a-w c:\windows\system32\perfh009.dat - 2008-11-29 18:33:52 500,034 ----a-w c:\windows\system32\perfh015.dat + 2008-11-29 19:42:52 500,034 ----a-w c:\windows\system32\perfh015.dat + 2004-04-27 03:40:52 11,264 ----a-w c:\windows\system32\SpOrder.dll + 2008-07-09 08:05:10 83,432 ----a-w c:\windows\system32\vsdata.dll + 2008-07-09 08:05:22 394,952 ----a-w c:\windows\system32\vsdatant.sys + 2008-07-09 08:05:10 157,160 ----a-w c:\windows\system32\vsinit.dll + 2008-07-09 08:05:10 103,912 ----a-w c:\windows\system32\vsmonapi.dll + 2008-07-09 08:05:10 275,944 ----a-w c:\windows\system32\vspubapi.dll + 2008-07-09 08:05:10 71,144 ----a-w c:\windows\system32\vsregexp.dll + 2008-07-09 08:05:12 472,552 ----a-w c:\windows\system32\vsutil.dll + 2008-07-09 08:05:12 46,568 ----a-w c:\windows\system32\vswmi.dll + 2008-07-09 08:05:12 99,816 ----a-w c:\windows\system32\vsxml.dll + 2008-07-09 08:05:12 83,432 ----a-w c:\windows\system32\zlcomm.dll + 2008-07-09 08:05:12 71,144 ----a-w c:\windows\system32\zlcommdb.dll + 2008-07-09 08:05:06 370,208 ----a-w c:\windows\system32\ZoneLabs\av.dll + 2007-05-30 23:03:30 65,248 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\aphish.dat + 2006-06-30 13:47:36 21,568 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\avcmhk4.dll + 2007-05-30 23:03:30 1,628 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\pdmkl.dat + 2008-11-29 20:07:05 70,124 ----a-w c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat + 2007-05-30 23:03:16 77,824 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHComm.dll + 2007-05-30 23:03:16 110,592 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHrule.dll + 2007-05-30 23:03:16 331,776 ----a-w c:\windows\system32\ZoneLabs\avsys\CKAHUM.dll + 2007-05-30 23:03:16 38,400 ----a-w c:\windows\system32\ZoneLabs\avsys\FSSync.dll + 2006-09-19 22:12:14 208,960 ----a-w c:\windows\system32\ZoneLabs\avsys\inv.dll + 2007-12-03 13:53:58 282,624 ----a-w c:\windows\system32\ZoneLabs\avsys\kave.dll + 2006-12-19 17:13:52 1,093,632 ----a-w c:\windows\system32\ZoneLabs\avsys\libeay32.dll + 2007-05-30 23:03:20 548,864 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcp80.dll + 2007-05-30 23:03:20 626,688 ----a-w c:\windows\system32\ZoneLabs\avsys\msvcr80.dll + 2007-05-30 23:03:18 184,320 ----a-w c:\windows\system32\ZoneLabs\avsys\prloader.dll + 2007-05-30 23:03:22 90,112 ----a-w c:\windows\system32\ZoneLabs\avsys\prremote.dll + 2007-12-03 13:53:58 139,264 ----a-w c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe + 2006-12-19 17:13:52 200,704 ----a-w c:\windows\system32\ZoneLabs\avsys\ssleay32.dll + 2008-07-09 08:05:06 99,816 ----a-w c:\windows\system32\ZoneLabs\camupd.dll + 2004-01-30 11:35:08 813,568 ----a-w c:\windows\system32\ZoneLabs\dbghelp.dll + 2008-07-09 08:05:08 128,480 ----a-w c:\windows\system32\ZoneLabs\fbl.dll + 2008-07-09 08:05:08 38,376 ----a-w c:\windows\system32\ZoneLabs\featuremap.dll + 2008-07-09 08:05:08 321,016 ----a-w c:\windows\system32\ZoneLabs\imsecure.dll + 2008-07-09 08:05:24 288,144 ----a-w c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll + 2008-07-09 08:05:24 152,976 ----a-w c:\windows\system32\ZoneLabs\lib\licenseui.zip.dll + 2008-07-09 08:05:24 26,000 ----a-w c:\windows\system32\ZoneLabs\lib\zlsvc.zip.dll + 2008-07-09 08:05:24 1,361,296 ----a-w c:\windows\system32\ZoneLabs\lib\zpy.zip.dll + 2008-07-09 08:05:24 71,056 ----a-w c:\windows\system32\ZoneLabs\lib\zui.zip.dll + 2008-07-09 08:06:26 30,184 ----a-w c:\windows\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll + 2008-07-09 08:06:26 30,216 ----a-w c:\windows\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll + 2008-02-27 02:10:26 714,208 ----a-w c:\windows\system32\ZoneLabs\qrbase.dll + 2008-02-27 02:10:28 792,032 ----a-w c:\windows\system32\ZoneLabs\qrsrecl.dll + 2008-07-09 08:05:08 173,544 ----a-w c:\windows\system32\ZoneLabs\scheduler.dll + 2008-01-21 07:34:36 7,603,688 ----a-w c:\windows\system32\ZoneLabs\spyware.dat + 2008-02-27 02:10:32 1,504,736 ----a-w c:\windows\system32\ZoneLabs\srescan.dll + 2008-02-27 02:10:44 51,176 ----a-w c:\windows\system32\ZoneLabs\srescan.sys + 2008-07-09 08:05:10 456,168 ----a-w c:\windows\system32\ZoneLabs\ssleay32.dll + 2008-07-09 08:06:26 214,528 ----a-w c:\windows\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll + 2008-07-09 08:06:30 3,266,040 ----a-w c:\windows\system32\ZoneLabs\streamapi\imslsp\imslsp.dll + 2006-09-04 19:59:14 503,875 ----a-w c:\windows\system32\ZoneLabs\upd_core.dll + 2007-10-11 15:50:32 832,984 ----a-w c:\windows\system32\ZoneLabs\updating.dll + 2008-07-09 08:05:18 144,936 ----a-w c:\windows\system32\ZoneLabs\updclient.exe + 2007-01-11 16:31:06 286,787 ----a-w c:\windows\system32\ZoneLabs\updtrsdk.dll + 2008-07-09 08:05:10 108,008 ----a-w c:\windows\system32\ZoneLabs\vsavpro.dll + 2008-07-09 08:05:10 83,432 ----a-w c:\windows\system32\ZoneLabs\vsdb.dll + 2008-07-09 08:05:18 75,304 ----a-w c:\windows\system32\ZoneLabs\vsmon.exe + 2008-07-09 08:05:10 2,029,032 ----a-w c:\windows\system32\ZoneLabs\vsmondll.dll + 2008-07-09 08:05:12 1,361,384 ----a-w c:\windows\system32\ZoneLabs\vsruledb.dll + 2008-07-09 08:05:12 239,080 ----a-w c:\windows\system32\ZoneLabs\vsvault.dll + 2008-01-21 07:34:36 7,603,688 ----a-w c:\windows\system32\ZoneLabs\zlasdbup.dat + 2008-07-09 08:05:12 177,640 ----a-w c:\windows\system32\ZoneLabs\zlparser.dll + 2008-11-29 20:03:19 34,816 ----a-w c:\windows\system32\ZoneLabs\zlqrtdb.dat + 2008-07-09 08:05:12 79,344 ----a-w c:\windows\system32\ZoneLabs\zlquarantine.dll + 2008-07-09 08:05:14 382,440 ----a-w c:\windows\system32\ZoneLabs\zlsre.dll + 2008-07-09 08:05:14 120,296 ----a-w c:\windows\system32\ZoneLabs\zlupdate.dll + 2008-07-09 08:05:16 1,086,952 ----a-w c:\windows\system32\zpeng24.dll + 2008-11-29 20:06:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3b4.dat + 2008-07-09 08:05:20 75,248 ----a-w c:\windows\zllsputility.exe . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992] "IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2008-09-12 2606512] "WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-06-25 5625344] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-07-11 90112] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] "Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-26 1423360] "QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432] "Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152] "ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\M˘j komputer\Menu Start\Programy\Autostart\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-11-23 625952] Need for Speedt Undercover Registration.lnk - d:\program files\EA GAMES\Need for Speed Undercover\Support\EAregister.exe [2008-10-22 4369408] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^hamachi.lnk] path=c:\documents and settings\Mój komputer\Menu Start\Programy\Autostart\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Mój komputer^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.3.1.lnk] path=c:\documents and settings\Mój komputer\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.3.1.lnk backup=c:\windows\pss\OpenOffice.ux.pl 2.3.1.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-09 17:53 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-09-29 16:57 21755688 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "d:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Mój komputer\\Pulpit\\vty-0213\\pes2009.exe"= "d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Documents and Settings\\Mój komputer\\Pulpit\\rld-pro9\\pes2009.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-24 78416] R2 ACDaemon;ArcSoft Connect Daemon;c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-09-27 109056] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-09-24 20560] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-23 93696] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-09-23 36864] S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-29 21:06:56 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(828) c:\windows\system32\Ati2evxx.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe d:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe . ************************************************************************** . Czas ukończenia: 2008-11-29 21:09:06 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2008-11-29 20:09:03 ComboFix2.txt 2008-11-29 19:16:41 ComboFix3.txt 2008-11-29 18:42:36 Przed: 7 045 361 664 bajtów wolnych Po: 6,951,612,416 bajtów wolnych 401

**Posty:** 8001 · przez **Okocza** 29 Lis 2008, 22:13

Kod: Zaznacz wszystko: c:\windows\system32\zllictbl.dat c:\windows\USetup.iss c:\windows\ZSAM.INI c:\windows\num41.jbd c:\windows\info147.sys c:\windows\data4711.bak C:\ao.dat

przeskanować na www.virustotal.com i dać wyniki skanu

**Posty:** 684 · przez **djarta** 29 Lis 2008, 22:23

Okocza napisał(a):Te pliki przeskanuj na http://www.virustotal.com

Kod: Zaznacz wszystko
c:\windows\num41.jbd c:\windows\info147.sys c:\windows\data4711.bak C:\ao.dat

Te 3 pierwsze pliki są w porządku, patrz:

2008-11-24 12:43 . 2008-11-24 12:43 <DIR> d-------- c:\program files\Common Files\Totem Shared
2008-11-24 12:43 . 2008-11-24 12:43 4 --a------ c:\windows\num41.jbd
2008-11-24 12:43 . 2008-11-24 12:43 4 --a------ c:\windows\info147.sys
2008-11-24 12:43 . 2008-11-24 12:43 4 --a------ c:\windows\data4711.bak

Ale za to ostatni plik jest plikiem infekcji, więc powinnien być dopisany pod sekcję File::.

=====================
K.

**Posty:** 125 · przez **szczoti** 29 Lis 2008, 22:31

Pierwszy plik

Kod: Zaznacz wszystko: Plik zllictbl.dat otrzymany 2008.11.29 21:16:10 (CET) Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - F-Secure 8.0.14332.0 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Prevx1 V2 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 4212 bytes MD5...: 7c81bd6eb6dc8149418aed6638fb2cd9 SHA1..: 03b9c4a69665cc023df17ac006085d09efc18fe4 SHA256: c2863f9783cb076ca5f8806471b0d4b159cd7b19e26ea98857119d1dc70353ba SHA512: a655f7e2e1c1d4c9abc6212ae49fa635198fa6a17b560cfe30ab54784418c493 eeb1ba07de5c7007ba0f7826df906f7db88754a1a3c49da8fefcd1d97b01b91a ssdeep: 96:dEpmWg6wW4NCm47lTEXhe4L+67Wm8Ji8yERnJcXiv210Q:upcc4NC9EXvteny eg0Q PEiD..: - TrID..: File type identification XBase DataBase (generic) (96.4%) Sybase iAnywhere database files (1.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.6%) Targa bitmap (Original TGA Format) (0.6%) MS Flight Simulator Aircraft Performance Info (0.3%) PEInfo: - Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - F-Secure 8.0.14332.0 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Prevx1 V2 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 4212 bytes MD5...: 7c81bd6eb6dc8149418aed6638fb2cd9 SHA1..: 03b9c4a69665cc023df17ac006085d09efc18fe4 SHA256: c2863f9783cb076ca5f8806471b0d4b159cd7b19e26ea98857119d1dc70353ba SHA512: a655f7e2e1c1d4c9abc6212ae49fa635198fa6a17b560cfe30ab54784418c493 eeb1ba07de5c7007ba0f7826df906f7db88754a1a3c49da8fefcd1d97b01b91a ssdeep: 96:dEpmWg6wW4NCm47lTEXhe4L+67Wm8Ji8yERnJcXiv210Q:upcc4NC9EXvteny eg0Q PEiD..: - TrID..: File type identification XBase DataBase (generic) (96.4%) Sybase iAnywhere database files (1.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.6%) Targa bitmap (Original TGA Format) (0.6%) MS Flight Simulator Aircraft Performance Info (0.3%) PEInfo: -

Drugi plik:

Kod: Zaznacz wszystko: Plik USetup.iss otrzymany 2008.11.29 21:19:10 (CET) Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - F-Secure 8.0.14332.0 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Prevx1 V2 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 553 bytes MD5...: 6a714e92c31cc703f292299c6e5bf1eb SHA1..: ee2f34f81ab1db1e48429cb408596483d34daf1e SHA256: 902253fd195bf8de0f2d479b0863342f506ceb488694090ea3b08e8aba78ac9e SHA512: ef3e0f9c36c8e3e6bc0bd7d3ff10ec292c82f239e7f1257fcb14e075bdcc1254 eaa2b48578e1a4c61b0f67f2057e37612301c5148da39a59d68c0e06ebf3f802 ssdeep: 12:HMJnga9BuwhU4XprU4XpvT+i+U4Xp4U4XpvT8coR1d/ZxmEU4Xp0W:Hwg6Buw hUsprUspvKi+Usp4UspvoN1dV PEiD..: - TrID..: File type identification InstallShield Response File (97.4%) Generic INI configuration (2.5%) PEInfo: - Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - F-Secure 8.0.14332.0 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Prevx1 V2 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 553 bytes MD5...: 6a714e92c31cc703f292299c6e5bf1eb SHA1..: ee2f34f81ab1db1e48429cb408596483d34daf1e SHA256: 902253fd195bf8de0f2d479b0863342f506ceb488694090ea3b08e8aba78ac9e SHA512: ef3e0f9c36c8e3e6bc0bd7d3ff10ec292c82f239e7f1257fcb14e075bdcc1254 eaa2b48578e1a4c61b0f67f2057e37612301c5148da39a59d68c0e06ebf3f802 ssdeep: 12:HMJnga9BuwhU4XprU4XpvT+i+U4Xp4U4XpvT8coR1d/ZxmEU4Xp0W:Hwg6Buw hUsprUspvKi+Usp4UspvoN1dV PEiD..: - TrID..: File type identification InstallShield Response File (97.4%) Generic INI configuration (2.5%) PEInfo: -

Trzeci plik:

Kod: Zaznacz wszystko: Plik ZSAM.INI otrzymany 2008.11.29 21:20:52 (CET) Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - F-Secure 8.0.14332.0 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Prevx1 V2 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 32 bytes MD5...: f6997c743a751eb580cd401bdff70679 SHA1..: a5ab1e7ad7d449ab300d2404f119991af855b0cc SHA256: 9ee205000e025946d662ea259ba531b1d67f318a59c9d38e3b9d6839b4a15c68 SHA512: f1a8c8aed60569edad17790e3a383b9c77209ce733f1417fd81377b84e91e5be 86fc026944a735696546738fcfd64adfc725864c3969de744a1f0fa56ef4bfba ssdeep: 3:S24oyohdd0y:FgohB PEiD..: - TrID..: File type identification Generic INI configuration (100.0%) PEInfo: -

Czwarty plik:

Kod: Zaznacz wszystko: Plik num41.jbd otrzymany 2008.11.29 21:22:07 (CET) Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - F-Secure 8.0.14332.0 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Prevx1 V2 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 4 bytes MD5...: efba2820acab624eb7d5ab0c1a86f1bd SHA1..: 7d3c1c35da7d929493dd992f1f031ae868204dd6 SHA256: 7e88bc95b587d75088d6c29edb7a54d98e3fa0420ce856d2fe469025587793d3 SHA512: 8055e5bd28d786a7ac75d32123ab3349a9ff0d9520a8315dc2fece0ccb820813 2b39d24ff19c2607c8d747a0b1e377ecd4ff53f1b5f4dc5674c5c5fda0b54b6f ssdeep: 3:0Rn:0Rn PEiD..: - TrID..: File type identification file seems to be plain text/ASCII (0.0%) PEInfo: - Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - F-Secure 8.0.14332.0 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Prevx1 V2 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 4 bytes MD5...: efba2820acab624eb7d5ab0c1a86f1bd SHA1..: 7d3c1c35da7d929493dd992f1f031ae868204dd6 SHA256: 7e88bc95b587d75088d6c29edb7a54d98e3fa0420ce856d2fe469025587793d3 SHA512: 8055e5bd28d786a7ac75d32123ab3349a9ff0d9520a8315dc2fece0ccb820813 2b39d24ff19c2607c8d747a0b1e377ecd4ff53f1b5f4dc5674c5c5fda0b54b6f ssdeep: 3:0Rn:0Rn PEiD..: - TrID..: File type identification file seems to be plain text/ASCII (0.0%) PEInfo: -

Piąty plik:

Kod: Zaznacz wszystko: Plik info147.sys otrzymany 2008.11.29 21:23:33 (CET) Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 4 bytes MD5...: efba2820acab624eb7d5ab0c1a86f1bd SHA1..: 7d3c1c35da7d929493dd992f1f031ae868204dd6 SHA256: 7e88bc95b587d75088d6c29edb7a54d98e3fa0420ce856d2fe469025587793d3 SHA512: 8055e5bd28d786a7ac75d32123ab3349a9ff0d9520a8315dc2fece0ccb820813 2b39d24ff19c2607c8d747a0b1e377ecd4ff53f1b5f4dc5674c5c5fda0b54b6f ssdeep: 3:0Rn:0Rn PEiD..: - TrID..: File type identification Unknown! PEInfo: - Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 4 bytes MD5...: efba2820acab624eb7d5ab0c1a86f1bd SHA1..: 7d3c1c35da7d929493dd992f1f031ae868204dd6 SHA256: 7e88bc95b587d75088d6c29edb7a54d98e3fa0420ce856d2fe469025587793d3 SHA512: 8055e5bd28d786a7ac75d32123ab3349a9ff0d9520a8315dc2fece0ccb820813 2b39d24ff19c2607c8d747a0b1e377ecd4ff53f1b5f4dc5674c5c5fda0b54b6f ssdeep: 3:0Rn:0Rn PEiD..: - TrID..: File type identification Unknown! PEInfo: -

Plik szósty

Kod: Zaznacz wszystko: Plik data4711.bak otrzymany 2008.11.29 21:28:33 (CET) Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - F-Secure 8.0.14332.0 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Prevx1 V2 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 4 bytes MD5...: efba2820acab624eb7d5ab0c1a86f1bd SHA1..: 7d3c1c35da7d929493dd992f1f031ae868204dd6 SHA256: 7e88bc95b587d75088d6c29edb7a54d98e3fa0420ce856d2fe469025587793d3 SHA512: 8055e5bd28d786a7ac75d32123ab3349a9ff0d9520a8315dc2fece0ccb820813 2b39d24ff19c2607c8d747a0b1e377ecd4ff53f1b5f4dc5674c5c5fda0b54b6f ssdeep: 3:0Rn:0Rn PEiD..: - TrID..: File type identification file seems to be plain text/ASCII (0.0%) PEInfo: - Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - F-Secure 8.0.14332.0 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Prevx1 V2 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 4 bytes MD5...: efba2820acab624eb7d5ab0c1a86f1bd SHA1..: 7d3c1c35da7d929493dd992f1f031ae868204dd6 SHA256: 7e88bc95b587d75088d6c29edb7a54d98e3fa0420ce856d2fe469025587793d3 SHA512: 8055e5bd28d786a7ac75d32123ab3349a9ff0d9520a8315dc2fece0ccb820813 2b39d24ff19c2607c8d747a0b1e377ecd4ff53f1b5f4dc5674c5c5fda0b54b6f ssdeep: 3:0Rn:0Rn PEiD..: - TrID..: File type identification file seems to be plain text/ASCII (0.0%) PEInfo: -

Siódmy plik

Kod: Zaznacz wszystko: Plik ao.dat otrzymany 2008.11.29 21:30:10 (CET) Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - F-Secure 8.0.14332.0 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Prevx1 V2 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 4000 bytes MD5...: 754999f3dce19c9c265060306554d2e4 SHA1..: 312a3bc0a3a89bcd559656627c342e32a04a2828 SHA256: 8f544483caa3fdee5902f33d7e4a48232fedeba4a26ebe50d8e2203159b2e42c SHA512: 7cda9260e4b2a1a733fa3b7d47423ae5120555ab07ecc49492d23a44923ef7e1 aa9637a02cf392e08e8f288acd74ec7396aee58ff66e60c1fe46dda27fe40536 ssdeep: 48:Ek81LeDtHH81GeUXNeeancMsd5HkeESptQMWJgtEDPx3iIs99eGRlhS0ELg+Z BhP:6exEvqcsrLsMb6D9sfTSfiC PEiD..: - TrID..: File type identification Lumena CEL bitmap (58.3%) Corel Photo Paint (37.9%) MS Flight Simulator Aircraft Performance Info (3.7%) PEInfo: - Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 2008.11.28.2 2008.11.29 - AntiVir 7.9.0.36 2008.11.29 - Authentium 5.1.0.4 2008.11.29 - Avast 4.8.1281.0 2008.11.29 - AVG 8.0.0.199 2008.11.29 - BitDefender 7.2 2008.11.29 - CAT-QuickHeal 10.00 2008.11.29 - ClamAV 0.94.1 2008.11.29 - DrWeb 4.44.0.09170 2008.11.29 - eSafe 7.0.17.0 2008.11.27 - eTrust-Vet 31.6.6234 2008.11.28 - Ewido 4.0 2008.11.29 - F-Prot 4.4.4.56 2008.11.29 - F-Secure 8.0.14332.0 2008.11.29 - Fortinet 3.117.0.0 2008.11.29 - GData 19 2008.11.29 - Ikarus T3.1.1.45.0 2008.11.29 - K7AntiVirus 7.10.538 2008.11.29 - Kaspersky 7.0.0.125 2008.11.29 - McAfee 5449 2008.11.29 - McAfee+Artemis 5448 2008.11.28 - Microsoft 1.4104 2008.11.29 - NOD32 3650 2008.11.28 - Norman 5.80.02 2008.11.28 - Panda 9.0.0.4 2008.11.29 - PCTools 4.4.2.0 2008.11.29 - Prevx1 V2 2008.11.29 - Rising 21.05.52.00 2008.11.29 - SecureWeb-Gateway 6.7.6 2008.11.29 - Sophos 4.36.0 2008.11.29 - Sunbelt 3.1.1832.2 2008.11.27 - Symantec 10 2008.11.29 - TheHacker 6.3.1.1.166 2008.11.28 - TrendMicro 8.700.0.1004 2008.11.28 - VBA32 3.12.8.9 2008.11.29 - ViRobot 2008.11.29.1492 2008.11.29 - VirusBuster 4.5.11.0 2008.11.29 - Dodatkowe informacje File size: 4000 bytes MD5...: 754999f3dce19c9c265060306554d2e4 SHA1..: 312a3bc0a3a89bcd559656627c342e32a04a2828 SHA256: 8f544483caa3fdee5902f33d7e4a48232fedeba4a26ebe50d8e2203159b2e42c SHA512: 7cda9260e4b2a1a733fa3b7d47423ae5120555ab07ecc49492d23a44923ef7e1 aa9637a02cf392e08e8f288acd74ec7396aee58ff66e60c1fe46dda27fe40536 ssdeep: 48:Ek81LeDtHH81GeUXNeeancMsd5HkeESptQMWJgtEDPx3iIs99eGRlhS0ELg+Z BhP:6exEvqcsrLsMb6D9sfTSfiC PEiD..: - TrID..: File type identification Lumena CEL bitmap (58.3%) Corel Photo Paint (37.9%) MS Flight Simulator Aircraft Performance Info (3.7%) PEInfo: -

**Posty:** 8001 · przez **Okocza** 29 Lis 2008, 22:34

Wykonaj to co jest podane w tym temacie

1. tym programem przejdź komputer
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.

**Posty:** 684 · przez **djarta** 29 Lis 2008, 22:50

Coś nie wierze żeby "ao.bat" był czysty...

================
K.

**Posty:** 8001 · przez **Okocza** 29 Lis 2008, 22:53

djarta, patrząc na googlach to nikt nie każe usuwać, poza tym te raporty więc...

**Posty:** 684 · przez **djarta** 29 Lis 2008, 23:13

Okocza napisał(a):djarta, patrząc na googlach to nikt nie każe usuwać, poza tym te raporty więc...

W połowie się z Tobą zgodzę. Często skanery źle 'podpowiadają'.! Hmm, ja zawsze daje ten plik do usuwania ale jeśli go nikt nie usuwa to więc...

=====================
K.

**Posty:** 125 · przez **szczoti** 30 Lis 2008, 09:42

Hmm no to mam coś robic z tym plikiem ao.dat??, w sumie sam się troche zdziwiłem, że on nie jest to usnięcia bo nie raz juz mi na forum wskazywali go do usunięcia. To jakąś czynnośc wykonac czy On jest bezpieczny?

log z fixiede:

Kod: Zaznacz wszystko: ******************************************************************************** * * * FixIEDef Log * * Version 1.7.20.6825 * * * ******************************************************************************** Created at 08:46:15 on Sunday, November 30, 2008 Time Zone : Logged On User : Mój komputer Operating System : Microsoft Windows XP Professional Dodatek Service Pack 2 OS Version : 5.1.2600 System Langauge : Polish Keyboard Layout : Polish Processor : X86 Procesor Intel Pentium III Xeon System Drive : C:\ Windows Directory : C:\WINDOWS System Directory : C:\WINDOWS\system32 System Drive Type : Fixed System Drive Status : READY System Drive Label : System Drive Size : 100 GB System Drive Free : 14.38 GB Total Physical Memory: 3327 MB Free Physical Memory : 2328 MB Total Page File : 3327 MB Free Page File : 4470 MB Total Virtual Memory : 2048 MB Free Virtual Memory : 1973 MB Boot State : Normal boot -------------------------------------------------------------------------------- !!! userinit.exe is Clean !!! -------------------------------------------------------------------------------- !!! Files that have been deleted !!! C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\tmp.txt C:\WINDOWS\system32\Uninstall.ico -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done :) ShadowPuterDude Safe Surfing!!!

**Posty:** 684 · przez **djarta** 30 Lis 2008, 12:31

szczoti napisał(a):Hmm no to mam coś robic z tym plikiem ao.dat??, w sumie sam się troche zdziwiłem, że on nie jest to usnięcia bo nie raz juz mi na forum wskazywali go do usunięcia. To jakąś czynnośc wykonac czy On jest bezpieczny?

To tylko wyłącznie Twoja decyzja.

=================
K.

**Posty:** 8001 · przez **Okocza** 30 Lis 2008, 12:49

szczoti, najlepiej będzie jak zrobisz tak:

usuń teraz folder C:\QooBox

otwórz notatnik i wklej:

Kod: Zaznacz wszystko: File:: C:\ao.dat

zapisujesz jako CFScript.txt i przeciągasz na Combofix.exe

po czym nie usuwasz już katalogu C:\QooBox - żeby w razie czego można było przywrócić ten plik.