tutajjest link do screena z wirkiem.
Aktualizacje na programosy.pl:
Movavi Video Editor Plus • Tablacus Explorer • TeamTalk • Opera • Spy Emergency • Tixati Portable • Tixati • Flagfox • RarmaRadio
-
- Ogłoszenie:
uporczywy wirus
7 posty(ów) • Strona 1 z 1
Uporczywy wirus
przez mopserdak 20 Sty 2008, 16:49
tutajjest link do screena z wirkiem.
Asus G73JH CPU Corei7 740QM(do 2.8ghz), RAM 8GB, Chipset Intel HM55, GPU Radeon HD 5870 Mobility 200/200@800/1100 1GB HDD 640Gb +500Gb Karta dźwiękowa EAX Advanced HD 4.0,Zasilacz oryginalny 150W
Intel i5 4690k @ 4,5ghz, RAM 8GB, Chipset Z97, Gpu Radeon R9 290 947/1250@1150/1400 4GB SSD Intel 530 128GB, Hdd 1 TB PSU Thermaltake 630+
Intel i5 4690k @ 4,5ghz, RAM 8GB, Chipset Z97, Gpu Radeon R9 290 947/1250@1150/1400 4GB SSD Intel 530 128GB, Hdd 1 TB PSU Thermaltake 630+
-
mopserdak - ~user
- Posty: 236
- Dołączenie: 03 Sty 2005, 15:48
- Miejscowość: Polska
- Pochwały: 1
- Dzi@dek
- ^zasłużony
- Posty: 3854
- Dołączenie: 11 Gru 2006, 20:18
- Miejscowość: Warszawa
- Pochwały: 210
przez mopserdak 20 Sty 2008, 19:06
Skan z combo fix
Skan z HijackThis
- Kod: Zaznacz wszystko
ComboFix 08-01-20.1 - mops 2008-01-20 18:00:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.553 [GMT 1:00]
Running from: C:\Documents and Settings\mops\Pulpit\security\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
----- Unknown downloads made by BITS: ----
http://go.microsoft.com
.
((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.
2008-01-20 18:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 15:28 . 2008-01-20 15:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-20 15:28 . 2008-01-20 15:28 <DIR> d-------- C:\Program Files\DIFX
2008-01-20 15:28 . 2006-07-01 23:32 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-01-20 15:26 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-01-20 15:26 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-01-15 22:17 . 2008-01-15 22:17 10 --a------ C:\WINDOWS\WININIT.INI
2008-01-14 23:51 . 2008-01-14 09:03 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-01-14 23:03 . 2008-01-14 23:04 20,480 --a------ C:\WINDOWS\system32\H@tKeysH@@k.DLL
2008-01-11 22:10 . 2008-01-13 16:52 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-01-07 00:08 . 2007-07-09 17:10 683,984 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2008-01-07 00:08 . 2007-07-09 17:10 281,552 --a------ C:\WINDOWS\system32\cfosspeed.dll
2008-01-04 22:40 . 2008-01-04 22:40 <DIR> d-------- C:\Program Files\Free Download Manager
2008-01-04 22:40 . 2008-01-13 17:58 <DIR> d-------- C:\Documents and Settings\mops\Dane aplikacji\Free Download Manager
2008-01-04 22:40 . 2008-01-04 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FreeDownloadManager.ORG
2008-01-04 21:53 . 2008-01-04 21:53 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0
2008-01-04 21:53 . 2008-01-04 21:53 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-01-04 21:53 . 2003-06-13 16:55 1,427 --a------ C:\WINDOWS\system32\LXBRSET.INI
2008-01-04 19:13 . 2003-08-29 14:54 307,200 --a------ C:\WINDOWS\system32\LEXBCES.EXE
2008-01-04 19:13 . 2003-08-29 14:49 201,216 --a------ C:\WINDOWS\system32\LEXP2P32.DLL
2008-01-04 19:13 . 2003-08-29 15:20 200,192 --a------ C:\WINDOWS\system32\LEXLMPM.DLL
2008-01-04 19:13 . 2003-08-29 14:57 197,120 --a------ C:\WINDOWS\system32\LEX2KUSB.DLL
2008-01-04 19:13 . 2003-08-29 14:50 174,592 --a------ C:\WINDOWS\system32\LEXPPS.EXE
2008-01-04 19:13 . 2003-08-29 14:51 147,456 --a------ C:\WINDOWS\system32\LEXBCE.DLL
2008-01-04 19:13 . 2003-09-04 02:30 73,728 --a------ C:\WINDOWS\system32\lxbrpwr.dll
2008-01-04 19:13 . 2002-11-13 15:40 40,960 --a------ C:\WINDOWS\system32\lxbrvs.dll
2008-01-04 19:13 . 2008-01-18 23:42 334 --a------ C:\WINDOWS\lexstat.ini
2008-01-04 19:12 . 2008-01-04 19:13 <DIR> d-------- C:\Program Files\Lexmark 3100 Series
2008-01-04 19:12 . 2006-09-13 18:18 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-04 19:12 . 2003-09-04 04:56 69,632 --a------ C:\WINDOWS\system32\lxbrscin.dll
2008-01-04 19:12 . 2003-09-04 04:56 57,344 --a------ C:\WINDOWS\system32\lxbrcinf.dll
2008-01-04 19:12 . 2003-09-04 04:56 49,152 --a------ C:\WINDOWS\system32\lxbrcoin.dll
2008-01-04 19:12 . 2006-09-13 18:19 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-04 19:12 . 2003-02-12 15:12 181 --a------ C:\WINDOWS\system32\lxbrcoin.ini
2008-01-04 19:11 . 2006-09-13 18:18 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-04 19:09 . 2008-01-04 19:09 <DIR> d-------- C:\Documents and Settings\mops\WINDOWS
2008-01-04 02:41 . 2008-01-12 21:24 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-01 21:54 . 2008-01-01 21:55 <DIR> d-------- C:\WINDOWS\ShellNew
2008-01-01 21:41 . 2008-01-01 21:41 <DIR> d-------- C:\Program Files\Nero
2008-01-01 21:41 . 2008-01-01 21:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-01 21:41 . 2008-01-01 21:41 <DIR> d-------- C:\Documents and Settings\mops\Dane aplikacji\Ahead
2008-01-01 21:41 . 2005-10-17 16:15 2,605,056 --a------ C:\WINDOWS\system32\BCGCBPRO800u.dll
2008-01-01 21:41 . 2005-10-17 16:07 2,600,960 --a------ C:\WINDOWS\system32\BCGCBPRO800.dll
2008-01-01 21:41 . 2004-07-26 16:16 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll
2008-01-01 21:41 . 2003-03-19 06:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-01-01 21:41 . 2003-03-18 20:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-01-01 21:41 . 2004-07-26 16:16 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-01-01 21:41 . 2004-07-26 16:16 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-01-01 21:41 . 2004-07-09 08:43 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-01-01 21:41 . 2004-07-26 16:16 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-01-01 21:41 . 2005-12-23 16:50 32,768 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll
2007-12-29 15:44 . 2007-12-29 15:44 <DIR> dr-h----- C:\Documents and Settings\mops\Dane aplikacji\SecuROM
2007-12-29 15:31 . 2007-12-29 15:31 <DIR> d-------- C:\Program Files\Skype
2007-12-29 15:31 . 2007-12-30 13:09 <DIR> d-------- C:\Documents and Settings\mops\Dane aplikacji\Skype
2007-12-29 14:19 . 2007-12-29 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Agnitum
2007-12-29 12:41 . 2003-07-19 16:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2007-12-29 12:41 . 2005-01-03 07:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-12-28 21:42 . 2007-12-28 21:42 <DIR> d-------- C:\Program Files\VID_0E8F&PID_0003
2007-12-27 22:45 . 2007-12-27 22:45 <DIR> d-------- C:\Program Files\Real Alternative
2007-12-27 22:45 . 2007-12-27 22:45 <DIR> d-------- C:\Program Files\Media Player Classic
2007-12-27 22:43 . 2007-09-28 18:05 739,840 --a------ C:\WINDOWS\system32\divx.dll
2007-12-27 22:42 . 2007-07-29 17:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-27 22:42 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2007-12-27 22:40 . 2007-12-27 22:42 <DIR> d-------- C:\Program Files\DivX
2007-12-26 23:12 . 2007-12-26 23:12 <DIR> d-------- C:\Documents and Settings\mops\Dane aplikacji\Media Player Classic
2007-12-26 23:11 . 2007-12-27 22:43 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-26 23:11 . 2007-07-25 15:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-26 23:11 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2007-12-26 23:11 . 2007-03-10 13:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-26 23:11 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-12-26 23:11 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2007-12-26 23:11 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2007-12-26 23:11 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-12-26 12:14 . 2007-12-26 12:14 103 --a------ C:\WINDOWS\pro.INI
2007-12-23 01:23 . 2008-01-06 19:50 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-22 20:34 . 2007-12-22 20:34 <DIR> d-------- C:\Program Files\Ad Muncher
2007-12-20 16:20 . 2007-12-20 16:20 <DIR> d-------- C:\Program Files\Multimedia Keyboard
2007-12-20 13:50 . 2007-12-20 13:50 <DIR> d-------- C:\Program Files\DesktopMessage
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 17:01 --------- d-----w C:\Program Files\PeerGuardian2
2008-01-20 17:00 --------- d-----w C:\Program Files\Copy Handler
2008-01-20 17:00 --------- d-----w C:\Program Files\cFosSpeed
2008-01-19 18:53 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-19 18:18 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-19 18:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-15 18:43 --------- d-----w C:\Documents and Settings\mops\Dane aplikacji\uTorrent
2008-01-14 22:04 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-14 22:04 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-14 20:37 --------- d-----w C:\Documents and Settings\mops\Dane aplikacji\gtk-2.0
2008-01-06 19:00 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-26 11:14 --------- d-----w C:\Program Files\Teleport Pro
2007-12-26 11:13 --------- d-----w C:\Program Files\Sony Ericsson
2007-12-20 10:56 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-20 10:53 --------- d-----w C:\Program Files\Opera
2007-12-17 18:02 --------- d-----w C:\Documents and Settings\mops\Dane aplikacji\Hamachi
2007-12-15 18:27 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-12-13 13:27 --------- d-----w C:\Documents and Settings\mops\Dane aplikacji\Sony Ericsson
2007-12-13 12:59 --------- d-----w C:\Program Files\Intuwave Ltd
2007-12-13 12:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 18:38 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-04 18:38 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-04 18:36 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-04 18:36 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-04 18:36 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-04 18:36 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-12-04 18:36 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-04 18:36 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-12-04 18:36 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-04 18:35 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-04 14:25 --------- d-----w C:\Documents and Settings\mops\Dane aplikacji\Winamp
2007-12-04 14:19 --------- d-----w C:\Program Files\Winamp
2007-11-30 10:53 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-11-27 00:41 --------- d-----w C:\Documents and Settings\mops\Dane aplikacji\Command & Conquer 3 Tiberium Wars
2007-11-24 18:35 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2007-11-24 18:35 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2007-11-24 18:35 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2007-11-24 18:34 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2007-11-24 18:34 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2007-11-24 18:34 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2007-11-24 18:34 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2007-11-24 18:33 --------- d-----w C:\Program Files\MarBit
2007-11-23 23:02 --------- d-----w C:\Program Files\uTorrent
2007-11-23 13:28 --------- d-----w C:\Program Files\Thomson
2007-11-22 09:52 --------- d-----w C:\Program Files\GIMP-2.0
2007-11-21 20:13 --------- d-----w C:\Program Files\PowerMenu_1_5_1
2007-11-21 19:51 --------- d-----w C:\Program Files\Ashampoo
2007-11-21 19:47 --------- d-----w C:\Documents and Settings\mops\Dane aplikacji\Ashampoo
2007-11-21 18:23 --------- d-----w C:\Documents and Settings\mops\Dane aplikacji\Lavasoft
2007-11-21 18:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
2007-11-21 18:04 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\ArcaBit
2007-11-21 18:04 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\ArcaBit
2007-11-21 18:02 --------- d-----w C:\Program Files\ArcaBit
2007-11-21 18:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 10:16 --------- d-----w C:\Program Files\Lavalys
2007-11-21 10:05 --------- d-----w C:\Program Files\Reference Assemblies
2007-11-21 10:05 --------- d-----w C:\Program Files\MSBuild
2007-11-21 10:03 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-21 01:46 --------- d-----w C:\Program Files\Audacity
2007-11-21 01:01 --------- d-----w C:\Program Files\SubEdit-Player
2007-11-21 00:26 --------- d-----w C:\Program Files\Java
2007-11-21 00:26 --------- d-----w C:\Program Files\Common Files\Java
2007-11-21 00:24 --------- d-----w C:\Program Files\AC Tool
2007-11-21 00:13 --------- d-----w C:\Program Files\Konnekt
2007-11-21 00:10 --------- d-----w C:\Documents and Settings\mops\Dane aplikacji\ESET
2007-11-21 00:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2007-11-20 23:57 --------- d-----w C:\Program Files\A4Tech
2007-11-20 23:47 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-20 23:45 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-20 23:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-20 23:30 --------- d-----w C:\Documents and Settings\mops\Dane aplikacji\Gadu-Gadu
2007-11-20 22:44 --------- d-----w C:\Program Files\UltraISO
2007-11-20 22:44 --------- d-----w C:\Program Files\Common Files\EZB Systems
2007-11-20 22:41 6,080 ----a-w C:\WINDOWS\system32\drivers\UNIDRV.SYS
2007-11-20 22:23 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\stamina
2007-11-20 21:37 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-20 21:29 --------- d-----w C:\Program Files\WinSnap
2007-11-20 21:29 --------- d-----w C:\Program Files\ToniArts
2007-11-20 21:28 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-11-20 21:28 --------- d-----w C:\Program Files\FastStone Image Viewer
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 25088]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-06-11 04:15 83968]
"Copy Handler"="C:\Program Files\Copy Handler\ch.exe" [2005-01-31 16:18 146432]
"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 22:07 241664]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]
"AvMenu"="C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe" [2007-12-05 10:24 477704]
"ABRegmon"="C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe" [2007-07-12 10:40 303104]
"ArcaCheck"="C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe" [2007-07-27 13:57 836912]
"WireLessKeyboard "="C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe" [2005-05-14 21:28 253952]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2007-12-22 20:34 779776]
"Ashampoo FireWall"="C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" [2006-09-13 13:22 3229184]
"Lexmark 3100 Series"="C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 04:07 106496]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-07-09 17:10 838608]
C:\Documents and Settings\mops\Menu Start\Programy\Autostart\
PowerMenu.lnk - C:\Program Files\PowerMenu_1_5_1\PowerMenu.exe [2007-11-21 21:11:51 57344]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Monitor podĄczenia telefonu.lnk - C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe [2007-12-13 13:59:26 754176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoNetConnectDisconnect"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TS_LogonListener]
TS_LogonListener.dll 2007-01-12 16:41 101376 C:\WINDOWS\system32\TS_LogonListener.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^mops^Menu Start^Programy^Autostart^hamachi.lnk]
path=C:\Documents and Settings\mops\Menu Start\Programy\Autostart\hamachi.lnk
backup=C:\WINDOWS\pss\hamachi.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 11:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
--a------ 2005-05-24 22:41 503808 C:\Program Files\Konnekt\konnekt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-07-27 10:01 68096 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-01-26 11:38 866816 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 14:46]
R1 ABTDI;ABTDI;C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [2007-05-08 14:45]
R2 ABFileMon;ArcaBit FileMonitor;"C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe" [2007-10-09 11:10]
R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;"C:\Program Files\ArcaBit\Common\TaskScheduler.exe" [2007-01-12 16:42]
R2 AVUpdate;ArcaBit Update Service;C:\Program Files\ArcaBit\ArcaUpdate\update.exe [2007-02-26 16:04]
R2 Dev_UNIDRV;Dev_UNIDRV;C:\WINDOWS\system32\Drivers\UNIDRV.SYS [2007-11-20 23:41]
R3 ABFLT;ArcaBit File Monitor Driver;C:\PROGRA~1\ArcaBit\ArcaVir\ABFLT.sys [2007-09-12 14:37]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2007-02-10 02:04]
R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;"C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe" [2007-01-11 16:01]
R3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;"C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe" [2007-01-11 16:03]
R3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys [2003-02-24 09:36]
S3 NTProcDrv;Process creation detector for NT.;D:\Silkroad\Bot\NtProcDrv.sys [2005-02-23 15:08]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2006-09-13 18:19]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
*Newly Created Service* - PGFILTER
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 18:02:05
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Ashampoo\Ashampoo FireWall\spi.dll
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2649]
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\Ad Muncher\AM28140.dll
.
Completion time: 2008-01-20 18:02:23
ComboFix-quarantined-files.txt 2008-01-20 17:02:22
Skan z HijackThis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:21, on 20-01-2008
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
C:\Program Files\ArcaBit\ArcaUpdate\update.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe
C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
C:\Program Files\ArcaBit\Common\TaskScheduler.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Copy Handler\ch.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe
C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\PowerMenu_1_5_1\PowerMenu.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe
C:\Program Files\Konnekt\konnekt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\mops\Pulpit\security\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Copy Handler] C:\Program Files\Copy Handler\ch.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
O4 - HKLM\..\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe
O4 - HKLM\..\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startup
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Startup: PowerMenu.lnk = C:\Program Files\PowerMenu_1_5_1\PowerMenu.exe
O4 - Global Startup: Monitor podłączenia telefonu.lnk = ?
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=9785316B&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=9785316B&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=9785316B&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=9785316B&id=menu_ie_exclude
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=9785316B&id=menu_ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{26D8354A-C86A-4881-B34A-731FE9D19510}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{26D8354A-C86A-4881-B34A-731FE9D19510}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: TS_LogonListener - C:\WINDOWS\SYSTEM32\TS_LogonListener.dll
O23 - Service: ArcaBit FileMonitor (ABFileMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
O23 - Service: ArcaBit.Core.Configurator - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe
O23 - Service: ArcaBit.TaskScheduler - ArcaBit sp. z o.o. - C:\Program Files\ArcaBit\Common\TaskScheduler.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\Program Files\ArcaBit\ArcaUpdate\update.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 8097 bytes
Asus G73JH CPU Corei7 740QM(do 2.8ghz), RAM 8GB, Chipset Intel HM55, GPU Radeon HD 5870 Mobility 200/200@800/1100 1GB HDD 640Gb +500Gb Karta dźwiękowa EAX Advanced HD 4.0,Zasilacz oryginalny 150W
Intel i5 4690k @ 4,5ghz, RAM 8GB, Chipset Z97, Gpu Radeon R9 290 947/1250@1150/1400 4GB SSD Intel 530 128GB, Hdd 1 TB PSU Thermaltake 630+
Intel i5 4690k @ 4,5ghz, RAM 8GB, Chipset Z97, Gpu Radeon R9 290 947/1250@1150/1400 4GB SSD Intel 530 128GB, Hdd 1 TB PSU Thermaltake 630+
-
mopserdak - ~user
- Posty: 236
- Dołączenie: 03 Sty 2005, 15:48
- Miejscowość: Polska
- Pochwały: 1
-
przez mopserdak 20 Sty 2008, 19:21
No to nie wiem o co może chodzić na wszystkich przęglądarkach o mam .
Asus G73JH CPU Corei7 740QM(do 2.8ghz), RAM 8GB, Chipset Intel HM55, GPU Radeon HD 5870 Mobility 200/200@800/1100 1GB HDD 640Gb +500Gb Karta dźwiękowa EAX Advanced HD 4.0,Zasilacz oryginalny 150W
Intel i5 4690k @ 4,5ghz, RAM 8GB, Chipset Z97, Gpu Radeon R9 290 947/1250@1150/1400 4GB SSD Intel 530 128GB, Hdd 1 TB PSU Thermaltake 630+
Intel i5 4690k @ 4,5ghz, RAM 8GB, Chipset Z97, Gpu Radeon R9 290 947/1250@1150/1400 4GB SSD Intel 530 128GB, Hdd 1 TB PSU Thermaltake 630+
-
mopserdak - ~user
- Posty: 236
- Dołączenie: 03 Sty 2005, 15:48
- Miejscowość: Polska
- Pochwały: 1
-
przez wojtas 20 Sty 2008, 19:23
opróznij folder cache4 ktory jest na screenie podanym przez Ciebie. wykasuj ciasteczka
-
wojtas - *mod
- Posty: 18165
- Dołączenie: 13 Sty 2006, 16:00
- Miejscowość: Krzeszyce
- Pochwały: 1656
-
przez mopserdak 20 Sty 2008, 19:48
Dalej to samo spróbuje sie przeskanować innym antywirkiem
Asus G73JH CPU Corei7 740QM(do 2.8ghz), RAM 8GB, Chipset Intel HM55, GPU Radeon HD 5870 Mobility 200/200@800/1100 1GB HDD 640Gb +500Gb Karta dźwiękowa EAX Advanced HD 4.0,Zasilacz oryginalny 150W
Intel i5 4690k @ 4,5ghz, RAM 8GB, Chipset Z97, Gpu Radeon R9 290 947/1250@1150/1400 4GB SSD Intel 530 128GB, Hdd 1 TB PSU Thermaltake 630+
Intel i5 4690k @ 4,5ghz, RAM 8GB, Chipset Z97, Gpu Radeon R9 290 947/1250@1150/1400 4GB SSD Intel 530 128GB, Hdd 1 TB PSU Thermaltake 630+
-
mopserdak - ~user
- Posty: 236
- Dołączenie: 03 Sty 2005, 15:48
- Miejscowość: Polska
- Pochwały: 1
-
7 posty(ów) • Strona 1 z 1
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 23 gości