wolna praca komputera

**Posty:** 24 · przez **JaYo^** 19 Kwi 2008, 11:33

Witam, zamieszczam log z HijackThis ponieważ moj komputer bardzo wolno pracuje, NOD32 wykrywa co chwile wirusy lecz nie moze ich usunac, tak samo robi AdAware 2007 wykrywa usuwa a po ponownym skanowaniu dalej one sa. Pomożcie mi prosze

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:32:45, on 2008-04-19 Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\Explorer.EXE C:\Program Files\Ad-Aware 2007\aawservice.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\DU Meter\DUMeter.exe D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\NOD32\nod32kui.exe D:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe D:\WINDOWS\kavir.exe D:\Documents and Settings\JaYo^\Dane aplikacji\??pPatch\s?oolsv.exe D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\MoorHunt\MoorHunt.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE D:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NOD32\nod32krn.exe D:\WINDOWS\system32\HPZipm12.exe D:\WINDOWS\system32\rserver30\RServer3.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\rserver30\FamItrfc.Exe D:\WINDOWS\system32\svchost.exe C:\Program Files\Opera\Opera.exe D:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe D:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\ntos.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {C18939F6-D545-8AE1-12E6-A38F74032CC0} - D:\WINDOWS\system32\rbordw.dll O2 - BHO: Min stor proj. - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - comd32.dll (file missing) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\NOD32\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [kavir] D:\WINDOWS\kavir.exe O4 - HKCU\..\Run: [userinit] D:\WINDOWS\system32\ntos.exe O4 - HKCU\..\Run: [Htnltlg] "D:\Documents and Settings\JaYo^\Dane aplikacji\??pPatch\s?oolsv.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: MoorHunt.lnk = C:\Program Files\MoorHunt\MoorHunt.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WLCtrl32 - D:\WINDOWS\SYSTEM32\WLCtrl32.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\NOD32\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe O23 - Service: Pml Driver HPZ12 PmlClipSrv (PmlClipSrv) - Unknown owner - D:\WINDOWS\system32\accessy.exe (file missing) O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - D:\WINDOWS\system32\rserver30\RServer3.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Karta wydajności WMI WmiApSrvMessenger (WmiApSrvMessenger) - Unknown owner - D:\WINDOWS\system32\acluio.exe -- End of file - 6426 bytes

**Posty:** 18165 · przez **wojtas** 19 Kwi 2008, 15:53

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 24 · przez **JaYo^** 20 Kwi 2008, 14:48

RAPORT.TXT:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.173 [/b] Run by JaYo on 2008-04-20 at 14:21 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFIX\SDFix [b]Checking Services [/b]: [b]Name [/b]: TBH06 [b]Path [/b]: System32\Drivers\Tbh06.sys TBH06 - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File

HIJACKTHIS:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:46:39, on 2008-04-20 Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Ad-Aware 2007\aawservice.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\DU Meter\DUMeter.exe D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\NOD32\nod32kui.exe D:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\MoorHunt\MoorHunt.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE D:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NOD32\nod32krn.exe D:\WINDOWS\system32\HPZipm12.exe D:\WINDOWS\system32\rserver30\RServer3.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\rserver30\FamItrfc.Exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\explorer.exe D:\WINDOWS\system32\notepad.exe C:\Program Files\Opera\Opera.exe D:\WINDOWS\system32\control.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\NOD32\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SDFix] C:\SDFIX\SDFix\RunThis.bat /second O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Htnltlg] "D:\Documents and Settings\JaYo^\Dane aplikacji\??pPatch\s?oolsv.exe" O4 - HKCU\..\Run: [AdobeUpdater] D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: MoorHunt.lnk = C:\Program Files\MoorHunt\MoorHunt.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\NOD32\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe O23 - Service: Pml Driver HPZ12 PmlClipSrv (PmlClipSrv) - Unknown owner - D:\WINDOWS\system32\accessy.exe (file missing) O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - D:\WINDOWS\system32\rserver30\RServer3.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Karta wydajności WMI WmiApSrvMessenger (WmiApSrvMessenger) - Unknown owner - D:\WINDOWS\system32\acluio.exe (file missing) -- End of file - 6241 bytes

COMBOFIX:

Kod: Zaznacz wszystko: ComboFix 08-04-18.3 - JaYo^ 2008-04-20 14:36:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.568 [GMT 2:00] Running from: C:\Program Files\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Documents and Settings\JaYo^\Dane aplikacji\install.dat D:\Documents and Settings\JaYo^\Dane aplikacji\PPATCH~1 D:\Documents and Settings\JaYo^\Dane aplikacji\PPATCH~1\s?oolsv.exe D:\Documents and Settings\JaYo^\tmp.dat D:\Documents and Settings\JaYo^\Ustawienia lokalne\Temporary Internet Files\ajuma.com D:\Documents and Settings\JaYo^\Ustawienia lokalne\Temporary Internet Files\aqinagac.com D:\Documents and Settings\JaYo^\Ustawienia lokalne\Temporary Internet Files\atafob.pif D:\Documents and Settings\JaYo^\Ustawienia lokalne\Temporary Internet Files\diteqam.inf D:\Documents and Settings\JaYo^\Ustawienia lokalne\Temporary Internet Files\ebos.exe D:\Documents and Settings\JaYo^\Ustawienia lokalne\Temporary Internet Files\oqow.ban D:\Documents and Settings\JaYo^\Ustawienia lokalne\Temporary Internet Files\owoqu.dll D:\Documents and Settings\JaYo^\Ustawienia lokalne\Temporary Internet Files\pelylijez._dl D:\Documents and Settings\JaYo^\Ustawienia lokalne\Temporary Internet Files\utok.dll D:\Documents and Settings\JaYo^\Ustawienia lokalne\Temporary Internet Files\xubivudop._dl D:\Program Files\Common Files\appatc~1 D:\Program Files\Common Files\appatc~1\A?pPatch\ D:\Program Files\nvcoi D:\Program Files\outerinfo D:\Program Files\outerinfo\FF\chrome.manifest D:\Program Files\outerinfo\FF\components\FF.dll D:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt D:\Program Files\outerinfo\FF\install.rdf D:\Program Files\outerinfo\Terms.rtf D:\Program Files\Temporary D:\WINDOWS\system32\_004765_.tmp.dll D:\WINDOWS\system32\_004766_.tmp.dll D:\WINDOWS\system32\_004767_.tmp.dll D:\WINDOWS\system32\_004768_.tmp.dll D:\WINDOWS\system32\_004775_.tmp.dll D:\WINDOWS\system32\_004776_.tmp.dll D:\WINDOWS\system32\_004777_.tmp.dll D:\WINDOWS\system32\_004778_.tmp.dll D:\WINDOWS\system32\_004780_.tmp.dll D:\WINDOWS\system32\_004781_.tmp.dll D:\WINDOWS\system32\_004784_.tmp.dll D:\WINDOWS\system32\_004785_.tmp.dll D:\WINDOWS\system32\_004787_.tmp.dll D:\WINDOWS\system32\_004788_.tmp.dll D:\WINDOWS\system32\_004789_.tmp.dll D:\WINDOWS\system32\_004791_.tmp.dll D:\WINDOWS\system32\_004794_.tmp.dll D:\WINDOWS\system32\_004798_.tmp.dll D:\WINDOWS\system32\_004799_.tmp.dll D:\WINDOWS\system32\_004801_.tmp.dll D:\WINDOWS\system32\_004803_.tmp.dll D:\WINDOWS\system32\_004805_.tmp.dll D:\WINDOWS\system32\_004806_.tmp.dll D:\WINDOWS\system32\_004807_.tmp.dll D:\WINDOWS\system32\_004808_.tmp.dll D:\WINDOWS\system32\_004809_.tmp.dll D:\WINDOWS\system32\_004812_.tmp.dll D:\WINDOWS\system32\_004813_.tmp.dll D:\WINDOWS\system32\_004814_.tmp.dll D:\WINDOWS\system32\_004815_.tmp.dll D:\WINDOWS\system32\_004816_.tmp.dll D:\WINDOWS\system32\_004821_.tmp.dll D:\WINDOWS\system32\_004823_.tmp.dll D:\WINDOWS\system32\_004824_.tmp.dll D:\WINDOWS\system32\ntos.exe D:\WINDOWS\system32\rbordw.dll D:\WINDOWS\system32\wsnpoem D:\WINDOWS\system32\wsnpoem\audio.dll D:\WINDOWS\system32\wsnpoem\video.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GRANDE48 ((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))) . 2008-04-20 14:18 . 2008-04-20 14:18 <DIR> d-------- D:\WINDOWS\ERUNT 2008-04-19 13:46 . 2008-04-19 13:46 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Thinstall 2008-04-17 18:32 . 2008-04-17 18:31 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys 2008-04-17 18:32 . 2008-04-17 18:31 298,104 --a------ D:\WINDOWS\system32\imon.dll 2008-04-17 18:32 . 2008-04-17 18:31 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys 2008-04-17 18:04 . 2008-04-19 16:40 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Hamachi 2008-04-17 18:03 . 2008-04-17 18:03 25,280 --a------ D:\WINDOWS\system32\drivers\hamachi.sys 2008-04-16 22:52 . 2008-04-18 19:34 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\AdobeUM 2008-04-16 22:51 . 2008-04-16 22:51 <DIR> d-------- D:\WINDOWS\Cache 2008-04-15 22:54 . 2008-04-15 22:54 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Nokia Multimedia Player 2008-04-14 16:06 . 2008-04-14 16:06 2,394 --a------ D:\WINDOWS\system32\tmp.reg 2008-04-14 16:01 . 2008-04-14 16:02 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy 2008-04-14 16:00 . 2008-04-14 16:12 <DIR> d-------- D:\Documents and Settings\JaYo^\SmitfraudFix 2008-04-14 16:00 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe 2008-04-14 16:00 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe 2008-04-14 16:00 . 2008-04-13 23:31 86,528 --a------ D:\WINDOWS\system32\VACFix.exe 2008-04-14 16:00 . 2008-04-12 13:49 82,432 --a------ D:\WINDOWS\system32\IEDFix.exe 2008-04-14 16:00 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe 2008-04-14 16:00 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe 2008-04-14 16:00 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe 2008-04-14 15:16 . 2008-04-14 15:16 29 --a------ D:\WINDOWS\system32\fqediaou.tmp 2008-04-14 15:15 . 2008-04-19 11:32 120 --a-s---- D:\WINDOWS\system32\2935986722.dat 2008-04-14 15:14 . 2008-04-14 15:52 25,472 --a------ D:\WINDOWS\system32\drivers\Tbh06.sys 2008-04-13 13:50 . 2008-04-13 13:50 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Image Zone Express 2008-04-13 13:48 . 2008-04-13 13:48 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\HP 2008-04-12 20:18 . 2007-10-30 18:47 25,728 --a------ D:\WINDOWS\system32\drivers\usbser.sys 2008-04-12 20:18 . 2007-10-30 18:47 25,728 --a--c--- D:\WINDOWS\system32\dllcache\usbser.sys 2008-04-12 20:17 . 2008-04-12 20:17 0 --ah----- D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-04-12 20:17 . 2008-04-12 20:17 0 --ah----- D:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-04-12 20:15 . 2008-04-12 20:15 <DIR> d-------- D:\Program Files\MSXML 6.0 2008-04-12 20:15 . 2007-11-29 10:33 1,419,232 --a------ D:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-04-12 20:15 . 2008-02-01 15:17 138,112 --a------ D:\WINDOWS\system32\drivers\nmwcdnsu.sys 2008-04-12 20:15 . 2007-11-29 10:39 95,744 --a------ D:\WINDOWS\system32\nmwcdcocls.dll 2008-04-12 20:15 . 2007-11-29 10:39 19,328 --a------ D:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-04-12 20:15 . 2007-11-29 10:39 16,896 --a------ D:\WINDOWS\system32\drivers\ccdcmb.sys 2008-04-12 20:15 . 2008-02-01 15:17 8,320 --a------ D:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2008-04-12 20:15 . 2007-11-29 10:39 8,064 --a------ D:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-04-12 20:15 . 2007-11-29 10:39 8,064 --a------ D:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-04-08 16:21 . 2008-04-08 16:21 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Ahead 2008-04-04 19:35 . 2008-04-13 13:51 <DIR> d-------- D:\Documents and Settings\All Users\Documents 2008-04-04 14:35 . 2008-04-04 14:35 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2008-04-04 11:29 . 2008-04-18 22:16 189 --a------ D:\WINDOWS\usdthank.ini 2008-04-04 11:29 . 2008-04-04 11:29 31 --a------ D:\WINDOWS\idc.ini 2008-04-04 11:09 . 2007-02-27 20:39 1,040,384 --a------ D:\WINDOWS\system32\libeay32.dll 2008-04-04 11:09 . 2007-02-27 20:40 196,608 --a------ D:\WINDOWS\system32\ssleay32.dll 2008-04-04 11:09 . 2008-04-04 11:09 196,608 --a------ D:\WINDOWS\system32\libssl32.dll 2008-04-04 10:46 . 2008-04-12 19:45 <DIR> d-------- D:\Documents and Settings\JaYo^\Phone Browser 2008-04-04 10:31 . 2008-04-04 10:31 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Nokia 2008-04-04 10:20 . 2008-04-12 20:15 <DIR> d-------- D:\Program Files\Nokia 2008-04-03 19:32 . 2008-04-03 19:41 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Azureus 2008-04-03 13:25 . 2008-04-03 13:25 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Locktime 2008-04-03 13:24 . 2008-04-03 13:24 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Locktime 2008-04-02 11:12 . 2008-04-02 11:12 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Radmin 2008-04-02 10:22 . 2007-10-31 00:32 90,624 --a--c--- D:\WINDOWS\system32\dllcache\muisetup.exe 2008-04-02 10:10 . 2007-10-31 00:30 101,376 -----c--- D:\WINDOWS\system32\dllcache\dpcdll.dll 2008-04-02 10:04 . 2008-04-02 10:04 34,816 --a------ D:\WINDOWS\system32\drivers\beep.sys.vir 2008-04-02 10:03 . 2008-04-02 10:10 <DIR> d-------- D:\WINDOWS\ServicePackFiles 2008-04-02 09:59 . 2008-04-02 09:59 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Simply Super Software 2008-04-02 09:58 . 2006-12-29 00:31 19,569 --a------ D:\WINDOWS\[u]0[/u]03170_.tmp 2008-04-02 09:53 . 2008-04-02 09:53 <DIR> d-------- D:\WINDOWS\system32\Lang 2008-04-02 09:53 . 2008-04-02 09:53 940,794 --a------ D:\WINDOWS\system32\LoopyMusic.wav 2008-04-02 09:53 . 2008-04-02 09:53 146,650 --a------ D:\WINDOWS\system32\BuzzingBee.wav 2008-04-02 09:43 . 2008-04-02 09:43 16,896 --a------ D:\WINDOWS\braviax.exe.vir 2008-04-02 09:24 . 2008-04-02 09:24 19,551 --a------ D:\WINDOWS\system32\alyko._dl 2008-04-02 09:24 . 2008-04-02 09:24 18,980 --a------ D:\Program Files\Common Files\odevumut.pif 2008-04-02 09:24 . 2008-04-02 09:24 18,968 --a------ D:\Program Files\Common Files\ilatetek.reg 2008-04-02 09:24 . 2008-04-02 09:24 18,591 --a------ D:\WINDOWS\system32\abygahek.inf 2008-04-02 09:24 . 2008-04-02 09:24 16,767 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\vynepa.bin 2008-04-02 09:24 . 2008-04-02 09:24 14,556 --a------ D:\WINDOWS\qodeceko.lib 2008-04-02 09:24 . 2008-04-02 09:24 14,258 --a------ D:\WINDOWS\qogab.pif 2008-04-02 09:24 . 2008-04-02 09:24 13,910 --a------ D:\WINDOWS\system32\izehu.db 2008-04-02 09:24 . 2008-04-02 09:24 13,077 --a------ D:\WINDOWS\maloneg.exe 2008-04-02 09:24 . 2008-04-02 09:24 11,889 --a------ D:\WINDOWS\imyzugaku.com 2008-04-02 09:24 . 2008-04-02 09:24 11,025 --a------ D:\Documents and Settings\All Users\Dane aplikacji\efucyt.dll 2008-04-02 08:03 . 2008-04-02 08:03 18,879 --a------ D:\WINDOWS\ejyf.com 2008-04-02 08:03 . 2008-04-02 08:03 18,032 --a------ D:\WINDOWS\system32\poryb.com 2008-04-02 08:03 . 2008-04-02 08:03 16,160 --a------ D:\WINDOWS\system32\hunikilec.pif 2008-04-02 08:03 . 2008-04-02 08:03 15,417 --a------ D:\Program Files\Common Files\catol.reg 2008-04-02 08:03 . 2008-04-02 08:03 15,306 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\ucyja.vbs 2008-04-02 08:03 . 2008-04-02 08:03 15,080 --a------ D:\WINDOWS\system32\ezuwuq.sys 2008-04-02 08:03 . 2008-04-02 08:03 13,257 --a------ D:\Program Files\Common Files\imuz.scr 2008-04-02 08:03 . 2008-04-02 08:03 13,180 --a------ D:\WINDOWS\ehygavuwo.pif 2008-04-02 08:03 . 2008-04-02 08:03 12,733 --a------ D:\Documents and Settings\All Users\Dane aplikacji\amusazy.bat 2008-04-02 08:03 . 2008-04-02 08:03 12,708 --a------ D:\WINDOWS\system32\ahexys._dl 2008-04-02 08:03 . 2008-04-02 08:03 12,515 --a------ D:\WINDOWS\oqako._dl 2008-04-02 08:03 . 2008-04-02 08:03 11,368 --a------ D:\WINDOWS\uvyculyfem._sy 2008-04-02 08:00 . 2008-04-02 08:00 16,896 --a------ D:\WINDOWS\system32\braviax.exe.vir 2008-04-01 22:22 . 2008-04-01 22:22 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\teamspeak2 2008-04-01 19:10 . 2008-04-01 19:11 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-04-01 19:07 . 2008-04-01 19:07 <DIR> d-------- D:\Program Files\DIFX 2008-04-01 19:07 . 2008-04-01 19:07 <DIR> d-------- D:\Program Files\Common Files\PCSuite 2008-04-01 19:07 . 2008-04-12 20:13 <DIR> d-------- D:\Program Files\Common Files\Nokia 2008-04-01 19:07 . 2008-04-12 19:37 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\PC Suite 2008-04-01 19:07 . 2008-04-12 19:19 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Nokia 2008-04-01 19:06 . 2008-04-12 20:15 <DIR> d----c--- D:\WINDOWS\system32\DRVSTORE 2008-04-01 19:06 . 2008-04-01 19:06 <DIR> d-------- D:\Program Files\PC Connectivity Solution 2008-04-01 19:06 . 2008-02-01 15:17 90,624 --a------ D:\WINDOWS\system32\nmwcdcls.dll 2008-04-01 19:05 . 2008-04-12 20:13 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-04-01 15:52 . 2008-04-01 15:52 81,701 --a------ D:\WINDOWS\system32\drivers\klif.cab 2008-04-01 15:47 . 2008-04-01 15:51 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-04-01 15:34 . 2008-04-01 15:34 144 --a------ D:\WINDOWS\system32\ikhcore.cfg 2008-04-01 15:27 . 2008-04-01 15:51 <DIR> d-a------ D:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-04-01 13:02 . 2008-04-03 15:22 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\dvdcss 2008-04-01 08:31 . 2008-04-01 08:31 <DIR> d-------- D:\Program Files\MSXML 4.0 2008-03-31 21:41 . 2008-03-31 21:41 19,714 --a------ D:\Program Files\Common Files\umedihipew.com 2008-03-31 21:41 . 2008-03-31 21:41 18,179 --a------ D:\WINDOWS\xecoqutup.vbs 2008-03-31 21:41 . 2008-03-31 21:41 17,994 --a------ D:\WINDOWS\zepib.dat 2008-03-31 21:41 . 2008-03-31 21:41 17,987 --a------ D:\WINDOWS\jusyreryge.scr 2008-03-31 21:41 . 2008-03-31 21:41 17,952 --a------ D:\Documents and Settings\All Users\Dane aplikacji\takelemowi.bin 2008-03-31 21:41 . 2008-03-31 21:41 15,965 --a------ D:\Documents and Settings\All Users\Dane aplikacji\calycin.sys 2008-03-31 21:41 . 2008-03-31 21:41 15,346 --a------ D:\Documents and Settings\All Users\Dane aplikacji\egovadyvid.com 2008-03-31 21:41 . 2008-03-31 21:41 13,259 --a------ D:\WINDOWS\system32\opypycyl.vbs 2008-03-31 21:41 . 2008-03-31 21:41 11,686 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\bopog.reg 2008-03-31 21:41 . 2008-03-31 21:41 11,292 --a------ D:\WINDOWS\system32\usisoheq.pif 2008-03-31 21:41 . 2008-03-31 21:41 10,099 --a------ D:\Documents and Settings\All Users\Dane aplikacji\aliki.pif 2008-03-31 14:43 . 2008-04-01 08:38 <DIR> d--h----- D:\WINDOWS\$hf_mig$ 2008-03-31 13:35 . 2008-04-17 23:09 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-03-31 08:27 . 2008-03-31 08:27 19,219 --a------ D:\Program Files\Common Files\rehe.com 2008-03-31 08:27 . 2008-03-31 08:27 17,694 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\ugodidaq.scr 2008-03-31 08:27 . 2008-03-31 08:27 16,661 --a------ D:\Program Files\Common Files\rebik.vbs 2008-03-31 08:27 . 2008-03-31 08:27 16,237 --a------ D:\Program Files\Common Files\ezux.com 2008-03-31 08:27 . 2008-03-31 08:27 15,737 --a------ D:\WINDOWS\system32\edykiq.dll 2008-03-31 08:27 . 2008-03-31 08:27 14,147 --a------ D:\WINDOWS\ohisota.lib 2008-03-31 08:27 . 2008-03-31 08:27 13,714 --a------ D:\Documents and Settings\All Users\Dane aplikacji\cufikomic.com 2008-03-31 08:27 . 2008-03-31 08:27 13,686 --a------ D:\WINDOWS\ezyvo.dl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-19 11:14 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-04-15 17:25 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-04-02 06:03 18,588 ----a-w D:\Program Files\Common Files\cewy.lib 2008-03-31 06:27 16,553 ----a-w D:\Program Files\Common Files\teka._sy 2008-03-31 06:27 12,694 ----a-w D:\Program Files\Common Files\lapyruqo._dl 2008-03-30 10:42 34,816 ----a-w D:\WINDOWS\system32\drivers\beep.sys 2008-03-30 08:57 --------- d-----w D:\Program Files\Windows Media Connect 2 2008-03-30 08:49 --------- d-----w D:\Program Files\Skype 2008-03-30 08:49 --------- d-----w D:\Program Files\Common Files\Skype 2008-03-30 08:49 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-03-30 08:46 --------- d-----w D:\Program Files\Common Files\Ahead 2008-03-30 08:42 --------- d-----w D:\Program Files\Java 2008-03-30 08:42 --------- d-----w D:\Program Files\Common Files\Java 2008-03-30 08:40 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies 2008-03-30 08:35 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard 2008-03-30 08:33 --------- d-----w D:\Program Files\SAGEM 2008-03-30 08:30 81,920 ------r D:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2008-03-30 08:29 --------- d-----w D:\Program Files\Common Files\Logitech 2008-03-30 08:29 --------- d-----w D:\Program Files\Common Files\InstallShield 2008-03-30 08:26 --------- d-----w D:\Program Files\Common Files\HP 2008-03-30 08:26 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\HP 2008-03-30 08:25 --------- d-----w D:\Program Files\Hewlett-Packard 2008-03-30 08:24 --------- d-----w D:\Program Files\Common Files\Hewlett-Packard 2008-03-30 08:21 --------- d-----w D:\Program Files\HP 2008-03-30 08:19 --------- d-----w D:\Program Files\Marvell 2008-03-30 08:14 --------- d-----w D:\Program Files\ATI Technologies 2008-03-30 08:13 --------- d-----w D:\Program Files\Realtek Sound Manager 2008-03-30 08:13 --------- d-----w D:\Program Files\AvRack 2008-03-30 08:04 --------- d-----w D:\Program Files\microsoft frontpage 2008-03-30 08:03 --------- d-----w D:\Program Files\Usługi online . ------- Sigcheck ------- 2007-12-07 02:48 668672 5c0b1281e1245d2f4af571b21b0ab21f D:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll 2004-08-04 00:44 658944 d37dafb534ac8343d59a1b501abe852c D:\WINDOWS\$NtUninstallKB944533$\wininet.dll 2007-10-31 00:32 666112 fcd4c436984c50f5d4f99c69f8206009 D:\WINDOWS\ServicePackFiles\i386\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2gdr\wininet.dll 2007-12-07 02:48 668672 5c0b1281e1245d2f4af571b21b0ab21f D:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2qfe\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\system32\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\system32\dllcache\wininet.dll 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c D:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 19:33 361088 9d87f804f66c26eea4b6d7405bcb996c D:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys 2007-10-30 19:33 361088 9d87f804f66c26eea4b6d7405bcb996c D:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2007-10-31 00:32 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104] "Htnltlg"="D:\Documents and Settings\JaYo^\Dane aplikacji\??pPatch\s?oolsv.exe" [ ] "AdobeUpdater"="D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-01-12 01:31 73728 D:\WINDOWS\SOUNDMAN.EXE] "ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07 61440] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 D:\WINDOWS\KHALMNPR.Exe] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "nod32kui"="C:\Program Files\NOD32\nod32kui.exe" [2008-04-17 18:31 949376] "SDFix"="C:\SDFIX\SDFix\RunThis.bat /second" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2007-10-31 00:32 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ ATI CATALYST - pasek zadaä.lnk - D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 01:07:30 61440] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-03-30 10:29:46 573440] MoorHunt.lnk - C:\Program Files\MoorHunt\MoorHunt.exe [2008-03-30 10:45:21 3567616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbh06.sys] @="Driver" [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSystem] D:\WINDOWS\system32\maxpaynowti1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-03-30 10:30 16384 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromoReg] D:\WINDOWS\system32\alt.exe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] D:\WINDOWS\mrofinu27.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sacr] D:\PROGRA~1\COMMON~1\APPATC~1\winlogon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1] D:\WINDOWS\system32\vedxg6ame4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-30 13:51 1271032 E:\Gry\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDrive] D:\WINDOWS\system32\maxpaynow1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDownloader] --a------ 2008-01-26 11:39 528384 F:\Download\Programy\Drobne\USD\USDownloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] C:\Windows\xpupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinReanimator] D:\Program Files\WinReanimator\WinReanimator.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"= "D:\\WINDOWS\\system32\\rserver30\\rserver3.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "D:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\WinAVI Video Converter\\WinAVI.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:6112 "6112:UDP"= 6112:UDP:6112 R0 Tbh06;Tbh06;D:\WINDOWS\system32\Drivers\Tbh06.sys [2008-04-14 15:52] R1 raddrvv3;raddrvv3;D:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-10-31 15:30] R2 RServer3;Radmin Server V3;"D:\WINDOWS\system32\rserver30\RServer3.exe" /service [] R3 mirrorv3;mirrorv3;D:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01] S2 PmlClipSrv;Pml Driver HPZ12 PmlClipSrv;D:\WINDOWS\system32\accessy.exe [] S2 WmiApSrvMessenger;Karta wydajności WMI WmiApSrvMessenger;D:\WINDOWS\system32\acluio.exe [] S3 FastLynx;FastLynx;C:\Program Files\FastLynx\FastLynx.sys [] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17] S3 nmwcdnsuc;Nokia USB Flashing Generic;D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17] S3 upperdev;upperdev;D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39] S3 UsbserFilt;UsbserFilt;D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39] S3 zebrbus;Sony Ericsson Composite Device driver;D:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 08:50] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\autoplay.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 14:40:59 Windows 5.1.2600 Service Pack 3, v.3244 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . D:\WINDOWS\system32\ati2evxx.exe D:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Ad-Aware 2007\aawservice.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.exe D:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NOD32\nod32krn.exe D:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\rserver30\FamItrfc.Exe D:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-04-20 14:44:31 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-20 12:44:11 Pre-Run: 14,989,025,280 bytes free Post-Run: 14,907,023,360 bytes free 388 --- E O F --- 2008-04-20 12:13:42

**Posty:** 8001 · przez **Okocza** 20 Kwi 2008, 14:55

daj jeszcze sillent runners i sdfixa

**Posty:** 18165 · przez **wojtas** 20 Kwi 2008, 18:17

Otworz notatnik i wklej w nim to:

File::
D:\WINDOWS\system32\fqediaou.tmp
D:\WINDOWS\system32\2935986722.dat
D:\WINDOWS\system32\drivers\Tbh06.sys
D:\WINDOWS\system32\drivers\beep.sys.vir
D:\WINDOWS\003170_.tmp
D:\WINDOWS\braviax.exe.vir
D:\WINDOWS\system32\alyko._dl
D:\WINDOWS\system32\abygahek.inf
D:\Documents and Settings\JaYo^\Dane aplikacji\vynepa.bin
D:\WINDOWS\qodeceko.lib
D:\WINDOWS\qogab.pif
D:\WINDOWS\system32\izehu.db
D:\WINDOWS\maloneg.exe
D:\WINDOWS\imyzugaku.com
D:\Documents and Settings\All Users\Dane aplikacji\efucyt.dll
D:\WINDOWS\ejyf.com
D:\WINDOWS\system32\poryb.com
D:\WINDOWS\system32\hunikilec.pif
D:\Program Files\Common Files\catol.reg
D:\Documents and Settings\JaYo^\Dane aplikacji\ucyja.vbs
D:\WINDOWS\system32\ezuwuq.sys
D:\Program Files\Common Files\imuz.scr
D:\WINDOWS\ehygavuwo.pif
D:\Documents and Settings\All Users\Dane aplikacji\amusazy.bat
D:\WINDOWS\system32\ahexys._dl
D:\WINDOWS\oqako._dl
D:\WINDOWS\uvyculyfem._sy
D:\WINDOWS\system32\braviax.exe.vir
D:\WINDOWS\xecoqutup.vbs
D:\WINDOWS\zepib.dat
D:\WINDOWS\system32\ikhcore.cfg
D:\WINDOWS\jusyreryge.scr
D:\Documents and Settings\All Users\Dane aplikacji\takelemowi.bin
D:\Documents and Settings\All Users\Dane aplikacji\calycin.sys
D:\Documents and Settings\All Users\Dane aplikacji\egovadyvid.com
D:\WINDOWS\system32\opypycyl.vbs
D:\Documents and Settings\JaYo^\Dane aplikacji\bopog.reg
D:\WINDOWS\system32\usisoheq.pif
D:\Documents and Settings\All Users\Dane aplikacji\aliki.pif
D:\Program Files\Common Files\rehe.com
D:\Documents and Settings\JaYo^\Dane aplikacji\ugodidaq.scr
D:\Program Files\Common Files\rebik.vbs
D:\Program Files\Common Files\ezux.com
D:\WINDOWS\system32\edykiq.dll
D:\WINDOWS\ohisota.lib
D:\Documents and Settings\All Users\Dane aplikacji\cufikomic.com
D:\WINDOWS\ezyvo.dl
D:\Program Files\Common Files\cewy.lib
D:\Program Files\Common Files\teka._sy
D:\Program Files\Common Files\lapyruqo._dl
D:\WINDOWS\system32\drivers\beep.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Htnltlg"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbh06.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSystem]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromoReg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sacr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDrive]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinReanimator]

Driver::
Tbh06

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

**Posty:** 24 · przez **JaYo^** 20 Kwi 2008, 19:25

Kod: Zaznacz wszystko: ComboFix 08-04-20.1 - JaYo^ 2008-04-20 19:19:50.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.498 [GMT 2:00] Running from: D:\Documents and Settings\JaYo^\Moje dokumenty\Opera\ComboFix.exe Command switches used :: D:\Documents and Settings\JaYo^^\Moje dokumenty\Opera\CFScript.txt * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))) . 2008-04-20 18:53 . 2008-04-20 18:53 54,156 --ah----- D:\WINDOWS\QTFont.qfn 2008-04-20 18:53 . 2008-04-20 18:53 1,409 --a------ D:\WINDOWS\QTFont.for 2008-04-20 18:52 . 2008-04-20 18:52 <DIR> d-------- D:\Program Files\iPod 2008-04-20 18:52 . 2008-04-20 18:52 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Apple Computer 2008-04-20 18:51 . 2008-04-20 18:51 <DIR> d-------- D:\WINDOWS\LastGood 2008-04-20 18:51 . 2008-04-20 18:51 <DIR> d-------- D:\Program Files\QuickTime 2008-04-20 18:51 . 2008-04-20 18:51 <DIR> d-------- D:\Program Files\Apple Software Update 2008-04-20 18:51 . 2008-04-20 18:52 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-04-20 18:50 . 2008-04-20 18:50 <DIR> d-------- D:\Program Files\Common Files\Apple 2008-04-20 18:50 . 2008-04-20 18:50 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-04-20 14:18 . 2008-04-20 14:18 <DIR> d-------- D:\WINDOWS\ERUNT 2008-04-19 13:46 . 2008-04-19 13:46 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Thinstall 2008-04-17 18:32 . 2008-04-17 18:31 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys 2008-04-17 18:32 . 2008-04-17 18:31 298,104 --a------ D:\WINDOWS\system32\imon.dll 2008-04-17 18:32 . 2008-04-17 18:31 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys 2008-04-17 18:04 . 2008-04-19 16:40 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Hamachi 2008-04-17 18:03 . 2008-04-17 18:03 25,280 --a------ D:\WINDOWS\system32\drivers\hamachi.sys 2008-04-16 22:52 . 2008-04-18 19:34 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\AdobeUM 2008-04-16 22:51 . 2008-04-16 22:51 <DIR> d-------- D:\WINDOWS\Cache 2008-04-15 22:54 . 2008-04-15 22:54 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Nokia Multimedia Player 2008-04-14 16:06 . 2008-04-14 16:06 2,394 --a------ D:\WINDOWS\system32\tmp.reg 2008-04-14 16:01 . 2008-04-14 16:02 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy 2008-04-14 16:00 . 2008-04-14 16:12 <DIR> d-------- D:\Documents and Settings\JaYo^\SmitfraudFix 2008-04-14 16:00 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe 2008-04-14 16:00 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe 2008-04-14 16:00 . 2008-04-13 23:31 86,528 --a------ D:\WINDOWS\system32\VACFix.exe 2008-04-14 16:00 . 2008-04-12 13:49 82,432 --a------ D:\WINDOWS\system32\IEDFix.exe 2008-04-14 16:00 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe 2008-04-14 16:00 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe 2008-04-14 16:00 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe 2008-04-14 15:16 . 2008-04-14 15:16 29 --a------ D:\WINDOWS\system32\fqediaou.tmp 2008-04-14 15:15 . 2008-04-19 11:32 120 --a-s---- D:\WINDOWS\system32\2935986722.dat 2008-04-14 15:14 . 2008-04-14 15:52 25,472 --a------ D:\WINDOWS\system32\drivers\Tbh06.sys 2008-04-13 13:50 . 2008-04-13 13:50 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Image Zone Express 2008-04-13 13:48 . 2008-04-13 13:48 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\HP 2008-04-12 20:18 . 2007-10-30 18:47 25,728 --a------ D:\WINDOWS\system32\drivers\usbser.sys 2008-04-12 20:18 . 2007-10-30 18:47 25,728 --a--c--- D:\WINDOWS\system32\dllcache\usbser.sys 2008-04-12 20:17 . 2008-04-12 20:17 0 --ah----- D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-04-12 20:17 . 2008-04-12 20:17 0 --ah----- D:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-04-12 20:15 . 2008-04-12 20:15 <DIR> d-------- D:\Program Files\MSXML 6.0 2008-04-12 20:15 . 2007-11-29 10:33 1,419,232 --a------ D:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-04-12 20:15 . 2008-02-01 15:17 138,112 --a------ D:\WINDOWS\system32\drivers\nmwcdnsu.sys 2008-04-12 20:15 . 2007-11-29 10:39 95,744 --a------ D:\WINDOWS\system32\nmwcdcocls.dll 2008-04-12 20:15 . 2007-11-29 10:39 19,328 --a------ D:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-04-12 20:15 . 2007-11-29 10:39 16,896 --a------ D:\WINDOWS\system32\drivers\ccdcmb.sys 2008-04-12 20:15 . 2008-02-01 15:17 8,320 --a------ D:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2008-04-12 20:15 . 2007-11-29 10:39 8,064 --a------ D:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-04-12 20:15 . 2007-11-29 10:39 8,064 --a------ D:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-04-08 16:21 . 2008-04-08 16:21 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Ahead 2008-04-04 19:35 . 2008-04-13 13:51 <DIR> d-------- D:\Documents and Settings\All Users\Documents 2008-04-04 14:35 . 2008-04-04 14:35 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2008-04-04 11:29 . 2008-04-18 22:16 189 --a------ D:\WINDOWS\usdthank.ini 2008-04-04 11:29 . 2008-04-04 11:29 31 --a------ D:\WINDOWS\idc.ini 2008-04-04 11:09 . 2007-02-27 20:39 1,040,384 --a------ D:\WINDOWS\system32\libeay32.dll 2008-04-04 11:09 . 2007-02-27 20:40 196,608 --a------ D:\WINDOWS\system32\ssleay32.dll 2008-04-04 11:09 . 2008-04-04 11:09 196,608 --a------ D:\WINDOWS\system32\libssl32.dll 2008-04-04 10:46 . 2008-04-12 19:45 <DIR> d-------- D:\Documents and Settings\JaYo^\Phone Browser 2008-04-04 10:31 . 2008-04-04 10:31 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Nokia 2008-04-04 10:20 . 2008-04-12 20:15 <DIR> d-------- D:\Program Files\Nokia 2008-04-03 19:32 . 2008-04-03 19:41 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Azureus 2008-04-03 13:25 . 2008-04-03 13:25 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Locktime 2008-04-03 13:24 . 2008-04-03 13:24 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Locktime 2008-04-02 11:12 . 2008-04-02 11:12 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Radmin 2008-04-02 10:22 . 2007-10-31 00:32 90,624 --a--c--- D:\WINDOWS\system32\dllcache\muisetup.exe 2008-04-02 10:10 . 2007-10-31 00:30 101,376 -----c--- D:\WINDOWS\system32\dllcache\dpcdll.dll 2008-04-02 10:04 . 2008-04-02 10:04 34,816 --a------ D:\WINDOWS\system32\drivers\beep.sys.vir 2008-04-02 10:03 . 2008-04-02 10:10 <DIR> d-------- D:\WINDOWS\ServicePackFiles 2008-04-02 09:59 . 2008-04-02 09:59 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Simply Super Software 2008-04-02 09:58 . 2006-12-29 00:31 19,569 --a------ D:\WINDOWS\[u]0[/u]03170_.tmp 2008-04-02 09:53 . 2008-04-02 09:53 <DIR> d-------- D:\WINDOWS\system32\Lang 2008-04-02 09:53 . 2008-04-02 09:53 940,794 --a------ D:\WINDOWS\system32\LoopyMusic.wav 2008-04-02 09:53 . 2008-04-02 09:53 146,650 --a------ D:\WINDOWS\system32\BuzzingBee.wav 2008-04-02 09:43 . 2008-04-02 09:43 16,896 --a------ D:\WINDOWS\braviax.exe.vir 2008-04-02 09:24 . 2008-04-02 09:24 19,551 --a------ D:\WINDOWS\system32\alyko._dl 2008-04-02 09:24 . 2008-04-02 09:24 18,980 --a------ D:\Program Files\Common Files\odevumut.pif 2008-04-02 09:24 . 2008-04-02 09:24 18,968 --a------ D:\Program Files\Common Files\ilatetek.reg 2008-04-02 09:24 . 2008-04-02 09:24 18,591 --a------ D:\WINDOWS\system32\abygahek.inf 2008-04-02 09:24 . 2008-04-02 09:24 16,767 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\vynepa.bin 2008-04-02 09:24 . 2008-04-02 09:24 14,556 --a------ D:\WINDOWS\qodeceko.lib 2008-04-02 09:24 . 2008-04-02 09:24 14,258 --a------ D:\WINDOWS\qogab.pif 2008-04-02 09:24 . 2008-04-02 09:24 13,910 --a------ D:\WINDOWS\system32\izehu.db 2008-04-02 09:24 . 2008-04-02 09:24 13,077 --a------ D:\WINDOWS\maloneg.exe 2008-04-02 09:24 . 2008-04-02 09:24 11,889 --a------ D:\WINDOWS\imyzugaku.com 2008-04-02 09:24 . 2008-04-02 09:24 11,025 --a------ D:\Documents and Settings\All Users\Dane aplikacji\efucyt.dll 2008-04-02 08:03 . 2008-04-02 08:03 18,879 --a------ D:\WINDOWS\ejyf.com 2008-04-02 08:03 . 2008-04-02 08:03 18,032 --a------ D:\WINDOWS\system32\poryb.com 2008-04-02 08:03 . 2008-04-02 08:03 16,160 --a------ D:\WINDOWS\system32\hunikilec.pif 2008-04-02 08:03 . 2008-04-02 08:03 15,417 --a------ D:\Program Files\Common Files\catol.reg 2008-04-02 08:03 . 2008-04-02 08:03 15,306 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\ucyja.vbs 2008-04-02 08:03 . 2008-04-02 08:03 15,080 --a------ D:\WINDOWS\system32\ezuwuq.sys 2008-04-02 08:03 . 2008-04-02 08:03 13,257 --a------ D:\Program Files\Common Files\imuz.scr 2008-04-02 08:03 . 2008-04-02 08:03 13,180 --a------ D:\WINDOWS\ehygavuwo.pif 2008-04-02 08:03 . 2008-04-02 08:03 12,733 --a------ D:\Documents and Settings\All Users\Dane aplikacji\amusazy.bat 2008-04-02 08:03 . 2008-04-02 08:03 12,708 --a------ D:\WINDOWS\system32\ahexys._dl 2008-04-02 08:03 . 2008-04-02 08:03 12,515 --a------ D:\WINDOWS\oqako._dl 2008-04-02 08:03 . 2008-04-02 08:03 11,368 --a------ D:\WINDOWS\uvyculyfem._sy 2008-04-02 08:00 . 2008-04-02 08:00 16,896 --a------ D:\WINDOWS\system32\braviax.exe.vir 2008-04-01 22:22 . 2008-04-01 22:22 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\teamspeak2 2008-04-01 19:10 . 2008-04-01 19:11 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-04-01 19:07 . 2008-04-01 19:07 <DIR> d-------- D:\Program Files\DIFX 2008-04-01 19:07 . 2008-04-01 19:07 <DIR> d-------- D:\Program Files\Common Files\PCSuite 2008-04-01 19:07 . 2008-04-12 20:13 <DIR> d-------- D:\Program Files\Common Files\Nokia 2008-04-01 19:07 . 2008-04-12 19:37 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\PC Suite 2008-04-01 19:07 . 2008-04-12 19:19 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Nokia 2008-04-01 19:06 . 2008-04-20 18:51 <DIR> d----c--- D:\WINDOWS\system32\DRVSTORE 2008-04-01 19:06 . 2008-04-01 19:06 <DIR> d-------- D:\Program Files\PC Connectivity Solution 2008-04-01 19:06 . 2008-02-01 15:17 90,624 --a------ D:\WINDOWS\system32\nmwcdcls.dll 2008-04-01 19:05 . 2008-04-12 20:13 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-04-01 15:52 . 2008-04-01 15:52 81,701 --a------ D:\WINDOWS\system32\drivers\klif.cab 2008-04-01 15:47 . 2008-04-01 15:51 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-04-01 15:34 . 2008-04-01 15:34 144 --a------ D:\WINDOWS\system32\ikhcore.cfg 2008-04-01 15:27 . 2008-04-01 15:51 <DIR> d-a------ D:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-04-01 13:02 . 2008-04-03 15:22 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\dvdcss 2008-04-01 08:31 . 2008-04-01 08:31 <DIR> d-------- D:\Program Files\MSXML 4.0 2008-03-31 21:41 . 2008-03-31 21:41 19,714 --a------ D:\Program Files\Common Files\umedihipew.com 2008-03-31 21:41 . 2008-03-31 21:41 18,179 --a------ D:\WINDOWS\xecoqutup.vbs 2008-03-31 21:41 . 2008-03-31 21:41 17,994 --a------ D:\WINDOWS\zepib.dat 2008-03-31 21:41 . 2008-03-31 21:41 17,987 --a------ D:\WINDOWS\jusyreryge.scr 2008-03-31 21:41 . 2008-03-31 21:41 17,952 --a------ D:\Documents and Settings\All Users\Dane aplikacji\takelemowi.bin 2008-03-31 21:41 . 2008-03-31 21:41 15,965 --a------ D:\Documents and Settings\All Users\Dane aplikacji\calycin.sys 2008-03-31 21:41 . 2008-03-31 21:41 15,346 --a------ D:\Documents and Settings\All Users\Dane aplikacji\egovadyvid.com 2008-03-31 21:41 . 2008-03-31 21:41 13,259 --a------ D:\WINDOWS\system32\opypycyl.vbs 2008-03-31 21:41 . 2008-03-31 21:41 11,686 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\bopog.reg 2008-03-31 21:41 . 2008-03-31 21:41 11,292 --a------ D:\WINDOWS\system32\usisoheq.pif 2008-03-31 21:41 . 2008-03-31 21:41 10,099 --a------ D:\Documents and Settings\All Users\Dane aplikacji\aliki.pif . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-19 11:14 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-04-15 17:25 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-04-15 17:21 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe 2008-04-02 06:03 18,588 ----a-w D:\Program Files\Common Files\cewy.lib 2008-03-31 06:27 16,553 ----a-w D:\Program Files\Common Files\teka._sy 2008-03-31 06:27 12,694 ----a-w D:\Program Files\Common Files\lapyruqo._dl 2008-03-30 10:42 34,816 ----a-w D:\WINDOWS\system32\drivers\beep.sys 2008-03-30 08:57 --------- d-----w D:\Program Files\Windows Media Connect 2 2008-03-30 08:49 --------- d-----w D:\Program Files\Skype 2008-03-30 08:49 --------- d-----w D:\Program Files\Common Files\Skype 2008-03-30 08:49 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-03-30 08:46 --------- d-----w D:\Program Files\Common Files\Ahead 2008-03-30 08:42 --------- d-----w D:\Program Files\Java 2008-03-30 08:42 --------- d-----w D:\Program Files\Common Files\Java 2008-03-30 08:40 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies 2008-03-30 08:35 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard 2008-03-30 08:33 --------- d-----w D:\Program Files\SAGEM 2008-03-30 08:30 81,920 ------r D:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2008-03-30 08:29 --------- d-----w D:\Program Files\Common Files\Logitech 2008-03-30 08:29 --------- d-----w D:\Program Files\Common Files\InstallShield 2008-03-30 08:26 --------- d-----w D:\Program Files\Common Files\HP 2008-03-30 08:26 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\HP 2008-03-30 08:25 --------- d-----w D:\Program Files\Hewlett-Packard 2008-03-30 08:24 --------- d-----w D:\Program Files\Common Files\Hewlett-Packard 2008-03-30 08:21 --------- d-----w D:\Program Files\HP 2008-03-30 08:19 --------- d-----w D:\Program Files\Marvell 2008-03-30 08:14 --------- d-----w D:\Program Files\ATI Technologies 2008-03-30 08:13 --------- d-----w D:\Program Files\Realtek Sound Manager 2008-03-30 08:13 --------- d-----w D:\Program Files\AvRack 2008-03-30 08:04 --------- d-----w D:\Program Files\microsoft frontpage 2008-03-30 08:03 --------- d-----w D:\Program Files\Usługi online 2008-01-29 10:02 107,368 ----a-w D:\WINDOWS\system32\GEARAspi.dll . ------- Sigcheck ------- 2007-12-07 02:48 668672 5c0b1281e1245d2f4af571b21b0ab21f D:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll 2004-08-04 00:44 658944 d37dafb534ac8343d59a1b501abe852c D:\WINDOWS\$NtUninstallKB944533$\wininet.dll 2007-10-31 00:32 666112 fcd4c436984c50f5d4f99c69f8206009 D:\WINDOWS\ServicePackFiles\i386\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2gdr\wininet.dll 2007-12-07 02:48 668672 5c0b1281e1245d2f4af571b21b0ab21f D:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2qfe\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\system32\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\system32\dllcache\wininet.dll 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c D:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 19:33 361088 9d87f804f66c26eea4b6d7405bcb996c D:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys 2007-10-30 19:33 361088 9d87f804f66c26eea4b6d7405bcb996c D:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-04-20_14.43.59.88 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-20 12:40:36 2,048 --s-a-w D:\WINDOWS\bootstat.dat + 2008-04-20 15:56:06 2,048 --s-a-w D:\WINDOWS\bootstat.dat + 2008-04-20 16:52:17 86,016 ----a-r D:\WINDOWS\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe + 2008-04-20 16:52:51 102,400 ----a-r D:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe + 2008-04-20 16:51:14 27,136 ----a-r D:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe + 2008-04-20 14:53:15 2,436 ----a-w D:\WINDOWS\SoftwareDistribution\EventCache\{6EFFA9E6-5B07-4F14-981D-ABB59523BDA9}.bin - 2006-02-28 10:41:34 61,440 ----a-w D:\WINDOWS\system32\dns-sd.exe + 2007-07-24 13:17:08 81,920 ----a-w D:\WINDOWS\system32\dns-sd.exe - 2006-02-28 10:41:22 53,248 ----a-w D:\WINDOWS\system32\dnssd.dll + 2007-07-24 13:17:08 61,440 ----a-w D:\WINDOWS\system32\dnssd.dll + 2008-01-29 10:01:28 16,168 ----a-w D:\WINDOWS\system32\drivers\GEARAspiWDM.sys + 2008-02-18 09:16:24 30,464 -c--a-w D:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2007-10-31 00:32 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104] "Htnltlg"="D:\Documents and Settings\JaYo^\Dane aplikacji\??pPatch\s?oolsv.exe" [ ] "AdobeUpdater"="D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-01-12 01:31 73728 D:\WINDOWS\SOUNDMAN.EXE] "ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07 61440] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 D:\WINDOWS\KHALMNPR.Exe] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "nod32kui"="C:\Program Files\NOD32\nod32kui.exe" [2008-04-17 18:31 949376] "SDFix"="C:\SDFIX\SDFix\RunThis.bat /second" [ ] "QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2007-10-31 00:32 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ ATI CATALYST - pasek zadaä.lnk - D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 01:07:30 61440] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-03-30 10:29:46 573440] MoorHunt.lnk - C:\Program Files\MoorHunt\MoorHunt.exe [2008-03-30 10:45:21 3567616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbh06.sys] @="Driver" [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSystem] D:\WINDOWS\system32\maxpaynowti1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-03-30 10:30 16384 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromoReg] D:\WINDOWS\system32\alt.exe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] D:\WINDOWS\mrofinu27.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sacr] D:\PROGRA~1\COMMON~1\APPATC~1\winlogon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1] D:\WINDOWS\system32\vedxg6ame4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-30 13:51 1271032 E:\Gry\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDrive] D:\WINDOWS\system32\maxpaynow1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDownloader] --a------ 2008-01-26 11:39 528384 F:\Download\Programy\Drobne\USD\USDownloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] C:\Windows\xpupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinReanimator] D:\Program Files\WinReanimator\WinReanimator.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"= "D:\\WINDOWS\\system32\\rserver30\\rserver3.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\WinAVI Video Converter\\WinAVI.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= "D:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:6112 "6112:UDP"= 6112:UDP:6112 "6348:TCP"= 6348:TCP:6348 "6348:UDP"= 6348:UDP:6348 R0 Tbh06;Tbh06;D:\WINDOWS\system32\Drivers\Tbh06.sys [2008-04-14 15:52] R1 raddrvv3;raddrvv3;D:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-10-31 15:30] R2 RServer3;Radmin Server V3;"D:\WINDOWS\system32\rserver30\RServer3.exe" /service [] R3 mirrorv3;mirrorv3;D:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01] S2 PmlClipSrv;Pml Driver HPZ12 PmlClipSrv;D:\WINDOWS\system32\accessy.exe [] S2 WmiApSrvMessenger;Karta wydajności WMI WmiApSrvMessenger;D:\WINDOWS\system32\acluio.exe [] S3 FastLynx;FastLynx;C:\Program Files\FastLynx\FastLynx.sys [] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17] S3 nmwcdnsuc;Nokia USB Flashing Generic;D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17] S3 upperdev;upperdev;D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39] S3 UsbserFilt;UsbserFilt;D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39] S3 zebrbus;Sony Ericsson Composite Device driver;D:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 08:50] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\autoplay.exe *Newly Created Service* - APPLE_MOBILE_DEVICE *Newly Created Service* - CATCHME *Newly Created Service* - IPOD_SERVICE . Contents of the 'Scheduled Tasks' folder "2008-04-20 16:51:14 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 19:22:06 Windows 5.1.2600 Service Pack 3, v.3244 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: D:\WINDOWS\explorer.exe -> C:\Program Files\Logitech\SetPoint\lgscroll.dll . Completion time: 2008-04-20 19:23:00 ComboFix-quarantined-files.txt 2008-04-20 17:22:40 ComboFix2.txt 2008-04-20 12:44:32 Pre-Run: 14,365,700,096 bytes free Post-Run: 14,454,972,416 bytes free 337 --- E O F --- 2008-04-20 14:53:03

Silent Runners:

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 56, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "Htnltlg" = ""D:\Documents and Settings\JaYo^\Dane aplikacji\??pPatch\s?oolsv.exe"" [file not found] "AdobeUpdater" = "D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "ATICCC" = ""D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data] "Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] "DU Meter" = "C:\Program Files\DU Meter\DUMeter.exe" ["Hagel Technologies"] "SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."] "nod32kui" = ""C:\Program Files\NOD32\nod32kui.exe" /WAITSERVICE" ["Eset "] "SDFix" = "C:\SDFIX\SDFix\RunThis.bat /second" [null data] "QuickTime Task" = ""D:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

**Posty:** 8001 · przez **Okocza** 20 Kwi 2008, 19:32

sillent jest urwany

poczekaj aż się cały wygeneruje

**Posty:** 24 · przez **JaYo^** 20 Kwi 2008, 19:42

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 56, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "D:\WINDOWS\system32\ctfmon.exe" [MS] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "Htnltlg" = ""D:\Documents and Settings\JaYo^\Dane aplikacji\??pPatch\s?oolsv.exe"" [file not found] "AdobeUpdater" = "D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "ATICCC" = ""D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data] "Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."] "DU Meter" = "C:\Program Files\DU Meter\DUMeter.exe" ["Hagel Technologies"] "SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."] "nod32kui" = ""C:\Program Files\NOD32\nod32kui.exe" /WAITSERVICE" ["Eset "] "SDFix" = "C:\SDFIX\SDFix\RunThis.bat /second" [null data] "QuickTime Task" = ""D:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "D:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{13311DA7-1D24-40e5-AE07-7E3750F5DE3C}" = "Right Click Image Converter Extension" -> {HKLM...CLSID} = "Right Click Image Converter Extension" \InProcServer32\(Default) = "C:\Program Files\Right Click Image Converter\extRCIC.dll" [null data] "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" = "AIMP2: Shell Extention" -> {HKLM...CLSID} = "AIMP2: Shell Extention" \InProcServer32\(Default) = "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\NOD32\nodshex.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\ <<!>> ("credssp.dll" [MS]) "SecurityProviders" = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll" HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] <<!>> dimsntfy\DLLName = "D:\WINDOWS\System32\dimsntfy.dll" [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" -> {HKLM...CLSID} = "AIMP2: Shell Extention" \InProcServer32\(Default) = "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\NOD32\nodshex.dll" [null data] Right Click Image Converter\(Default) = "{13311DA7-1D24-40e5-AE07-7E3750F5DE3C}" -> {HKLM...CLSID} = "Right Click Image Converter Extension" \InProcServer32\(Default) = "C:\Program Files\Right Click Image Converter\extRCIC.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" -> {HKLM...CLSID} = "AIMP2: Shell Extention" \InProcServer32\(Default) = "C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL" ["AIMP DevTeam"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\NOD32\nodshex.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "D:\Documents and Settings\JaYo^\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "JaYo^" & "All Users" startup folders: ------------------------------------------------------- D:\Documents and Settings\All Users\Menu Start\Programy\Autostart "ATI CATALYST – pasek zadań" -> shortcut to: "D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data] "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."] "MoorHunt" -> shortcut to: "C:\Program Files\MoorHunt\MoorHunt.exe" [null data] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "D:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "D:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: D:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 26 %SystemRoot%\system32\mswsock.dll [MS], 06 - 09, 12 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 10 - 11 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"] Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Bonjour Service, Bonjour Service, ""D:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."] NOD32 Kernel Service, NOD32krn, ""C:\Program Files\NOD32\nod32krn.exe"" ["Eset "] Pml Driver HPZ12, Pml Driver HPZ12, "D:\WINDOWS\system32\HPZipm12.exe" ["HP"] Radmin Server V3, RServer3, ""D:\WINDOWS\system32\rserver30\RServer3.exe" /service" ["Famatech International Corp."] StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Urządzenie mobilne Apple, Apple Mobile Device, ""D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."] Usługa iPod, iPod Service, ""D:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"D:\WINDOWS\System32\WUDFSvc.dll" [MS]} Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"] hpzlnt12\Driver = "hpzlnt12.dll" ["HP"] ---------- (launch time: 2008-04-20 19:40:42) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 30 seconds, including 2 seconds for message boxes)

**Posty:** 18165 · przez **wojtas** 20 Kwi 2008, 19:52

Otworz notatnik i wklej w nim to:

File::
D:\WINDOWS\system32\fqediaou.tmp
D:\WINDOWS\system32\2935986722.dat
D:\WINDOWS\system32\drivers\Tbh06.sys
D:\WINDOWS\system32\drivers\beep.sys.vir
D:\WINDOWS\003170_.tmp
D:\WINDOWS\braviax.exe.vir
D:\WINDOWS\system32\alyko._dl
D:\WINDOWS\system32\abygahek.inf
D:\Documents and Settings\JaYo^\Dane aplikacji\vynepa.bin
D:\WINDOWS\qodeceko.lib
D:\WINDOWS\qogab.pif
D:\WINDOWS\system32\izehu.db
D:\WINDOWS\maloneg.exe
D:\WINDOWS\imyzugaku.com
D:\Documents and Settings\All Users\Dane aplikacji\efucyt.dll
D:\WINDOWS\ejyf.com
D:\WINDOWS\system32\poryb.com
D:\WINDOWS\system32\hunikilec.pif
D:\Program Files\Common Files\catol.reg
D:\Documents and Settings\JaYo^\Dane aplikacji\ucyja.vbs
D:\WINDOWS\system32\ezuwuq.sys
D:\Program Files\Common Files\imuz.scr
D:\WINDOWS\ehygavuwo.pif
D:\Documents and Settings\All Users\Dane aplikacji\amusazy.bat
D:\WINDOWS\system32\ahexys._dl
D:\WINDOWS\oqako._dl
D:\WINDOWS\uvyculyfem._sy
D:\WINDOWS\system32\braviax.exe.vir
D:\WINDOWS\xecoqutup.vbs
D:\WINDOWS\zepib.dat
D:\WINDOWS\system32\ikhcore.cfg
D:\WINDOWS\jusyreryge.scr
D:\Documents and Settings\All Users\Dane aplikacji\takelemowi.bin
D:\Documents and Settings\All Users\Dane aplikacji\calycin.sys
D:\Documents and Settings\All Users\Dane aplikacji\egovadyvid.com
D:\WINDOWS\system32\opypycyl.vbs
D:\Documents and Settings\JaYo^\Dane aplikacji\bopog.reg
D:\WINDOWS\system32\usisoheq.pif
D:\Documents and Settings\All Users\Dane aplikacji\aliki.pif
D:\Program Files\Common Files\rehe.com
D:\Documents and Settings\JaYo^\Dane aplikacji\ugodidaq.scr
D:\Program Files\Common Files\rebik.vbs
D:\Program Files\Common Files\ezux.com
D:\WINDOWS\system32\edykiq.dll
D:\WINDOWS\ohisota.lib
D:\Documents and Settings\All Users\Dane aplikacji\cufikomic.com
D:\WINDOWS\ezyvo.dl
D:\Program Files\Common Files\cewy.lib
D:\Program Files\Common Files\teka._sy
D:\Program Files\Common Files\lapyruqo._dl

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Htnltlg"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbh06.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSystem]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromoReg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sacr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDrive]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinReanimator]

Driver::
Tbh06

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

**Posty:** 24 · przez **JaYo^** 20 Kwi 2008, 23:24

No spoko spoko ale powiecie mniej wiecej co tak wlasciwie ja robie ? ;P Cos nie tak dalej ? i z czym ?

oto kod:

Kod: Zaznacz wszystko: ComboFix 08-04-20.1 - JaYo^ 2008-04-20 23:19:22.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.538 [GMT 2:00] Running from: D:\Documents and Settings\JaYo^\Moje dokumenty\Opera\ComboFix.exe Command switches used :: D:\Documents and Settings\JaYo^^\Moje dokumenty\Opera\CFScript.txt * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 ))))))))))))))))))))))))))))))) . 2008-04-20 18:53 . 2008-04-20 23:06 54,156 --ah----- D:\WINDOWS\QTFont.qfn 2008-04-20 18:53 . 2008-04-20 18:53 1,409 --a------ D:\WINDOWS\QTFont.for 2008-04-20 18:52 . 2008-04-20 18:52 <DIR> d-------- D:\Program Files\iPod 2008-04-20 18:52 . 2008-04-20 18:52 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Apple Computer 2008-04-20 18:51 . 2008-04-20 18:51 <DIR> d-------- D:\Program Files\QuickTime 2008-04-20 18:51 . 2008-04-20 18:51 <DIR> d-------- D:\Program Files\Apple Software Update 2008-04-20 18:51 . 2008-04-20 18:52 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-04-20 18:50 . 2008-04-20 18:50 <DIR> d-------- D:\Program Files\Common Files\Apple 2008-04-20 18:50 . 2008-04-20 18:50 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-04-20 14:18 . 2008-04-20 14:18 <DIR> d-------- D:\WINDOWS\ERUNT 2008-04-19 13:46 . 2008-04-19 13:46 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Thinstall 2008-04-17 18:32 . 2008-04-17 18:31 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys 2008-04-17 18:32 . 2008-04-17 18:31 298,104 --a------ D:\WINDOWS\system32\imon.dll 2008-04-17 18:32 . 2008-04-17 18:31 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys 2008-04-17 18:04 . 2008-04-19 16:40 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Hamachi 2008-04-17 18:03 . 2008-04-17 18:03 25,280 --a------ D:\WINDOWS\system32\drivers\hamachi.sys 2008-04-16 22:52 . 2008-04-18 19:34 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\AdobeUM 2008-04-16 22:51 . 2008-04-16 22:51 <DIR> d-------- D:\WINDOWS\Cache 2008-04-15 22:54 . 2008-04-15 22:54 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Nokia Multimedia Player 2008-04-14 16:06 . 2008-04-14 16:06 2,394 --a------ D:\WINDOWS\system32\tmp.reg 2008-04-14 16:01 . 2008-04-14 16:02 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy 2008-04-14 16:00 . 2008-04-14 16:12 <DIR> d-------- D:\Documents and Settings\JaYo^\SmitfraudFix 2008-04-14 16:00 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe 2008-04-14 16:00 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe 2008-04-14 16:00 . 2008-04-13 23:31 86,528 --a------ D:\WINDOWS\system32\VACFix.exe 2008-04-14 16:00 . 2008-04-12 13:49 82,432 --a------ D:\WINDOWS\system32\IEDFix.exe 2008-04-14 16:00 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe 2008-04-14 16:00 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe 2008-04-14 16:00 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe 2008-04-14 15:16 . 2008-04-14 15:16 29 --a------ D:\WINDOWS\system32\fqediaou.tmp 2008-04-14 15:15 . 2008-04-19 11:32 120 --a-s---- D:\WINDOWS\system32\2935986722.dat 2008-04-14 15:14 . 2008-04-14 15:52 25,472 --a------ D:\WINDOWS\system32\drivers\Tbh06.sys 2008-04-13 13:50 . 2008-04-13 13:50 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Image Zone Express 2008-04-13 13:48 . 2008-04-13 13:48 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\HP 2008-04-12 20:18 . 2007-10-30 18:47 25,728 --a------ D:\WINDOWS\system32\drivers\usbser.sys 2008-04-12 20:18 . 2007-10-30 18:47 25,728 --a--c--- D:\WINDOWS\system32\dllcache\usbser.sys 2008-04-12 20:17 . 2008-04-12 20:17 0 --ah----- D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-04-12 20:17 . 2008-04-12 20:17 0 --ah----- D:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-04-12 20:15 . 2008-04-12 20:15 <DIR> d-------- D:\Program Files\MSXML 6.0 2008-04-12 20:15 . 2007-11-29 10:33 1,419,232 --a------ D:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-04-12 20:15 . 2008-02-01 15:17 138,112 --a------ D:\WINDOWS\system32\drivers\nmwcdnsu.sys 2008-04-12 20:15 . 2007-11-29 10:39 95,744 --a------ D:\WINDOWS\system32\nmwcdcocls.dll 2008-04-12 20:15 . 2007-11-29 10:39 19,328 --a------ D:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-04-12 20:15 . 2007-11-29 10:39 16,896 --a------ D:\WINDOWS\system32\drivers\ccdcmb.sys 2008-04-12 20:15 . 2008-02-01 15:17 8,320 --a------ D:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2008-04-12 20:15 . 2007-11-29 10:39 8,064 --a------ D:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-04-12 20:15 . 2007-11-29 10:39 8,064 --a------ D:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-04-08 16:21 . 2008-04-08 16:21 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Ahead 2008-04-04 19:35 . 2008-04-13 13:51 <DIR> d-------- D:\Documents and Settings\All Users\Documents 2008-04-04 14:35 . 2008-04-04 14:35 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2008-04-04 11:29 . 2008-04-18 22:16 189 --a------ D:\WINDOWS\usdthank.ini 2008-04-04 11:29 . 2008-04-04 11:29 31 --a------ D:\WINDOWS\idc.ini 2008-04-04 11:09 . 2007-02-27 20:39 1,040,384 --a------ D:\WINDOWS\system32\libeay32.dll 2008-04-04 11:09 . 2007-02-27 20:40 196,608 --a------ D:\WINDOWS\system32\ssleay32.dll 2008-04-04 11:09 . 2008-04-04 11:09 196,608 --a------ D:\WINDOWS\system32\libssl32.dll 2008-04-04 10:46 . 2008-04-12 19:45 <DIR> d-------- D:\Documents and Settings\JaYo^\Phone Browser 2008-04-04 10:31 . 2008-04-04 10:31 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Nokia 2008-04-04 10:20 . 2008-04-12 20:15 <DIR> d-------- D:\Program Files\Nokia 2008-04-03 19:32 . 2008-04-03 19:41 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Azureus 2008-04-03 13:25 . 2008-04-03 13:25 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Locktime 2008-04-03 13:24 . 2008-04-03 13:24 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Locktime 2008-04-02 11:12 . 2008-04-02 11:12 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Radmin 2008-04-02 10:22 . 2007-10-31 00:32 90,624 --a--c--- D:\WINDOWS\system32\dllcache\muisetup.exe 2008-04-02 10:10 . 2007-10-31 00:30 101,376 -----c--- D:\WINDOWS\system32\dllcache\dpcdll.dll 2008-04-02 10:04 . 2008-04-02 10:04 34,816 --a------ D:\WINDOWS\system32\drivers\beep.sys.vir 2008-04-02 10:03 . 2008-04-02 10:10 <DIR> d-------- D:\WINDOWS\ServicePackFiles 2008-04-02 09:59 . 2008-04-02 09:59 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Simply Super Software 2008-04-02 09:58 . 2006-12-29 00:31 19,569 --a------ D:\WINDOWS\[u]0[/u]03170_.tmp 2008-04-02 09:53 . 2008-04-02 09:53 <DIR> d-------- D:\WINDOWS\system32\Lang 2008-04-02 09:53 . 2008-04-02 09:53 940,794 --a------ D:\WINDOWS\system32\LoopyMusic.wav 2008-04-02 09:53 . 2008-04-02 09:53 146,650 --a------ D:\WINDOWS\system32\BuzzingBee.wav 2008-04-02 09:43 . 2008-04-02 09:43 16,896 --a------ D:\WINDOWS\braviax.exe.vir 2008-04-02 09:24 . 2008-04-02 09:24 19,551 --a------ D:\WINDOWS\system32\alyko._dl 2008-04-02 09:24 . 2008-04-02 09:24 18,980 --a------ D:\Program Files\Common Files\odevumut.pif 2008-04-02 09:24 . 2008-04-02 09:24 18,968 --a------ D:\Program Files\Common Files\ilatetek.reg 2008-04-02 09:24 . 2008-04-02 09:24 18,591 --a------ D:\WINDOWS\system32\abygahek.inf 2008-04-02 09:24 . 2008-04-02 09:24 16,767 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\vynepa.bin 2008-04-02 09:24 . 2008-04-02 09:24 14,556 --a------ D:\WINDOWS\qodeceko.lib 2008-04-02 09:24 . 2008-04-02 09:24 14,258 --a------ D:\WINDOWS\qogab.pif 2008-04-02 09:24 . 2008-04-02 09:24 13,910 --a------ D:\WINDOWS\system32\izehu.db 2008-04-02 09:24 . 2008-04-02 09:24 13,077 --a------ D:\WINDOWS\maloneg.exe 2008-04-02 09:24 . 2008-04-02 09:24 11,889 --a------ D:\WINDOWS\imyzugaku.com 2008-04-02 09:24 . 2008-04-02 09:24 11,025 --a------ D:\Documents and Settings\All Users\Dane aplikacji\efucyt.dll 2008-04-02 08:03 . 2008-04-02 08:03 18,879 --a------ D:\WINDOWS\ejyf.com 2008-04-02 08:03 . 2008-04-02 08:03 18,032 --a------ D:\WINDOWS\system32\poryb.com 2008-04-02 08:03 . 2008-04-02 08:03 16,160 --a------ D:\WINDOWS\system32\hunikilec.pif 2008-04-02 08:03 . 2008-04-02 08:03 15,417 --a------ D:\Program Files\Common Files\catol.reg 2008-04-02 08:03 . 2008-04-02 08:03 15,306 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\ucyja.vbs 2008-04-02 08:03 . 2008-04-02 08:03 15,080 --a------ D:\WINDOWS\system32\ezuwuq.sys 2008-04-02 08:03 . 2008-04-02 08:03 13,257 --a------ D:\Program Files\Common Files\imuz.scr 2008-04-02 08:03 . 2008-04-02 08:03 13,180 --a------ D:\WINDOWS\ehygavuwo.pif 2008-04-02 08:03 . 2008-04-02 08:03 12,733 --a------ D:\Documents and Settings\All Users\Dane aplikacji\amusazy.bat 2008-04-02 08:03 . 2008-04-02 08:03 12,708 --a------ D:\WINDOWS\system32\ahexys._dl 2008-04-02 08:03 . 2008-04-02 08:03 12,515 --a------ D:\WINDOWS\oqako._dl 2008-04-02 08:03 . 2008-04-02 08:03 11,368 --a------ D:\WINDOWS\uvyculyfem._sy 2008-04-02 08:00 . 2008-04-02 08:00 16,896 --a------ D:\WINDOWS\system32\braviax.exe.vir 2008-04-01 22:22 . 2008-04-01 22:22 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\teamspeak2 2008-04-01 19:10 . 2008-04-01 19:11 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-04-01 19:07 . 2008-04-01 19:07 <DIR> d-------- D:\Program Files\DIFX 2008-04-01 19:07 . 2008-04-01 19:07 <DIR> d-------- D:\Program Files\Common Files\PCSuite 2008-04-01 19:07 . 2008-04-12 20:13 <DIR> d-------- D:\Program Files\Common Files\Nokia 2008-04-01 19:07 . 2008-04-12 19:37 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\PC Suite 2008-04-01 19:07 . 2008-04-12 19:19 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Nokia 2008-04-01 19:06 . 2008-04-20 18:51 <DIR> d----c--- D:\WINDOWS\system32\DRVSTORE 2008-04-01 19:06 . 2008-04-01 19:06 <DIR> d-------- D:\Program Files\PC Connectivity Solution 2008-04-01 19:06 . 2008-02-01 15:17 90,624 --a------ D:\WINDOWS\system32\nmwcdcls.dll 2008-04-01 19:05 . 2008-04-12 20:13 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-04-01 15:52 . 2008-04-01 15:52 81,701 --a------ D:\WINDOWS\system32\drivers\klif.cab 2008-04-01 15:47 . 2008-04-01 15:51 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-04-01 15:34 . 2008-04-01 15:34 144 --a------ D:\WINDOWS\system32\ikhcore.cfg 2008-04-01 15:27 . 2008-04-01 15:51 <DIR> d-a------ D:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-04-01 13:02 . 2008-04-03 15:22 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\dvdcss 2008-04-01 08:31 . 2008-04-01 08:31 <DIR> d-------- D:\Program Files\MSXML 4.0 2008-03-31 21:41 . 2008-03-31 21:41 19,714 --a------ D:\Program Files\Common Files\umedihipew.com 2008-03-31 21:41 . 2008-03-31 21:41 18,179 --a------ D:\WINDOWS\xecoqutup.vbs 2008-03-31 21:41 . 2008-03-31 21:41 17,994 --a------ D:\WINDOWS\zepib.dat 2008-03-31 21:41 . 2008-03-31 21:41 17,987 --a------ D:\WINDOWS\jusyreryge.scr 2008-03-31 21:41 . 2008-03-31 21:41 17,952 --a------ D:\Documents and Settings\All Users\Dane aplikacji\takelemowi.bin 2008-03-31 21:41 . 2008-03-31 21:41 15,965 --a------ D:\Documents and Settings\All Users\Dane aplikacji\calycin.sys 2008-03-31 21:41 . 2008-03-31 21:41 15,346 --a------ D:\Documents and Settings\All Users\Dane aplikacji\egovadyvid.com 2008-03-31 21:41 . 2008-03-31 21:41 13,259 --a------ D:\WINDOWS\system32\opypycyl.vbs 2008-03-31 21:41 . 2008-03-31 21:41 11,686 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\bopog.reg 2008-03-31 21:41 . 2008-03-31 21:41 11,292 --a------ D:\WINDOWS\system32\usisoheq.pif 2008-03-31 21:41 . 2008-03-31 21:41 10,099 --a------ D:\Documents and Settings\All Users\Dane aplikacji\aliki.pif 2008-03-31 14:43 . 2008-04-01 08:38 <DIR> d--h----- D:\WINDOWS\$hf_mig$ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-19 11:14 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-04-15 17:25 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-04-15 17:21 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe 2008-04-02 06:03 18,588 ----a-w D:\Program Files\Common Files\cewy.lib 2008-03-31 06:27 16,553 ----a-w D:\Program Files\Common Files\teka._sy 2008-03-31 06:27 12,694 ----a-w D:\Program Files\Common Files\lapyruqo._dl 2008-03-30 10:42 34,816 ----a-w D:\WINDOWS\system32\drivers\beep.sys 2008-03-30 08:57 --------- d-----w D:\Program Files\Windows Media Connect 2 2008-03-30 08:49 --------- d-----w D:\Program Files\Skype 2008-03-30 08:49 --------- d-----w D:\Program Files\Common Files\Skype 2008-03-30 08:49 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-03-30 08:46 --------- d-----w D:\Program Files\Common Files\Ahead 2008-03-30 08:42 --------- d-----w D:\Program Files\Java 2008-03-30 08:42 --------- d-----w D:\Program Files\Common Files\Java 2008-03-30 08:40 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies 2008-03-30 08:35 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard 2008-03-30 08:33 --------- d-----w D:\Program Files\SAGEM 2008-03-30 08:30 81,920 ------r D:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2008-03-30 08:29 --------- d-----w D:\Program Files\Common Files\Logitech 2008-03-30 08:29 --------- d-----w D:\Program Files\Common Files\InstallShield 2008-03-30 08:26 --------- d-----w D:\Program Files\Common Files\HP 2008-03-30 08:26 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\HP 2008-03-30 08:25 --------- d-----w D:\Program Files\Hewlett-Packard 2008-03-30 08:24 --------- d-----w D:\Program Files\Common Files\Hewlett-Packard 2008-03-30 08:21 --------- d-----w D:\Program Files\HP 2008-03-30 08:19 --------- d-----w D:\Program Files\Marvell 2008-03-30 08:14 --------- d-----w D:\Program Files\ATI Technologies 2008-03-30 08:13 --------- d-----w D:\Program Files\Realtek Sound Manager 2008-03-30 08:13 --------- d-----w D:\Program Files\AvRack 2008-03-30 08:04 --------- d-----w D:\Program Files\microsoft frontpage 2008-03-30 08:03 --------- d-----w D:\Program Files\Usługi online 2008-01-29 10:02 107,368 ----a-w D:\WINDOWS\system32\GEARAspi.dll . ------- Sigcheck ------- 2007-12-07 02:48 668672 5c0b1281e1245d2f4af571b21b0ab21f D:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll 2004-08-04 00:44 658944 d37dafb534ac8343d59a1b501abe852c D:\WINDOWS\$NtUninstallKB944533$\wininet.dll 2007-10-31 00:32 666112 fcd4c436984c50f5d4f99c69f8206009 D:\WINDOWS\ServicePackFiles\i386\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2gdr\wininet.dll 2007-12-07 02:48 668672 5c0b1281e1245d2f4af571b21b0ab21f D:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2qfe\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\system32\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\system32\dllcache\wininet.dll 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c D:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 19:33 361088 9d87f804f66c26eea4b6d7405bcb996c D:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys 2007-10-30 19:33 361088 9d87f804f66c26eea4b6d7405bcb996c D:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-04-20_14.43.59.88 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-20 12:40:36 2,048 --s-a-w D:\WINDOWS\bootstat.dat + 2008-04-20 21:06:26 2,048 --s-a-w D:\WINDOWS\bootstat.dat + 2008-04-20 16:52:17 86,016 ----a-r D:\WINDOWS\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe + 2008-04-20 16:52:51 102,400 ----a-r D:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe + 2008-04-20 16:51:14 27,136 ----a-r D:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe - 2006-02-28 10:41:34 61,440 ----a-w D:\WINDOWS\system32\dns-sd.exe + 2007-07-24 13:17:08 81,920 ----a-w D:\WINDOWS\system32\dns-sd.exe - 2006-02-28 10:41:22 53,248 ----a-w D:\WINDOWS\system32\dnssd.dll + 2007-07-24 13:17:08 61,440 ----a-w D:\WINDOWS\system32\dnssd.dll + 2008-01-29 10:01:28 16,168 ----a-w D:\WINDOWS\system32\drivers\GEARAspiWDM.sys + 2008-02-18 09:16:24 30,464 -c--a-w D:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2007-10-31 00:32 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104] "Htnltlg"="D:\Documents and Settings\JaYo^\Dane aplikacji\??pPatch\s?oolsv.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-01-12 01:31 73728 D:\WINDOWS\SOUNDMAN.EXE] "ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07 61440] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 D:\WINDOWS\KHALMNPR.Exe] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "nod32kui"="C:\Program Files\NOD32\nod32kui.exe" [2008-04-17 18:31 949376] "SDFix"="C:\SDFIX\SDFix\RunThis.bat /second" [ ] "QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2007-10-31 00:32 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ ATI CATALYST - pasek zadaä.lnk - D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 01:07:30 61440] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-03-30 10:29:46 573440] MoorHunt.lnk - C:\Program Files\MoorHunt\MoorHunt.exe [2008-03-30 10:45:21 3567616] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbh06.sys] @="Driver" [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSystem] D:\WINDOWS\system32\maxpaynowti1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-03-30 10:30 16384 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromoReg] D:\WINDOWS\system32\alt.exe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] D:\WINDOWS\mrofinu27.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sacr] D:\PROGRA~1\COMMON~1\APPATC~1\winlogon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1] D:\WINDOWS\system32\vedxg6ame4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-30 13:51 1271032 E:\Gry\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDrive] D:\WINDOWS\system32\maxpaynow1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDownloader] --a------ 2008-01-26 11:39 528384 F:\Download\Programy\Drobne\USD\USDownloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader] C:\Windows\xpupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinReanimator] D:\Program Files\WinReanimator\WinReanimator.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"= "D:\\WINDOWS\\system32\\rserver30\\rserver3.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\WinAVI Video Converter\\WinAVI.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= "D:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:6112 "6112:UDP"= 6112:UDP:6112 "6348:TCP"= 6348:TCP:6348 "6348:UDP"= 6348:UDP:6348 R0 Tbh06;Tbh06;D:\WINDOWS\system32\Drivers\Tbh06.sys [2008-04-14 15:52] R1 raddrvv3;raddrvv3;D:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-10-31 15:30] R2 RServer3;Radmin Server V3;"D:\WINDOWS\system32\rserver30\RServer3.exe" /service [] R3 mirrorv3;mirrorv3;D:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01] S2 PmlClipSrv;Pml Driver HPZ12 PmlClipSrv;D:\WINDOWS\system32\accessy.exe [] S2 WmiApSrvMessenger;Karta wydajności WMI WmiApSrvMessenger;D:\WINDOWS\system32\acluio.exe [] S3 FastLynx;FastLynx;C:\Program Files\FastLynx\FastLynx.sys [] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17] S3 nmwcdnsuc;Nokia USB Flashing Generic;D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17] S3 upperdev;upperdev;D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39] S3 UsbserFilt;UsbserFilt;D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39] S3 zebrbus;Sony Ericsson Composite Device driver;D:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 08:50] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\autoplay.exe . Contents of the 'Scheduled Tasks' folder "2008-04-20 16:51:14 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-20 23:21:26 Windows 5.1.2600 Service Pack 3, v.3244 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-20 23:22:19 ComboFix-quarantined-files.txt 2008-04-20 21:21:57 ComboFix2.txt 2008-04-20 17:23:02 ComboFix3.txt 2008-04-20 12:44:32 Pre-Run: 14,450,819,072 bytes free Post-Run: 14,431,789,056 bytes free 329 --- E O F --- 2008-04-20 14:53:03

**Posty:** 18165 · przez **wojtas** 21 Kwi 2008, 16:12

Pobierz i uruchom narzędzie
The Avenger
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

D:\WINDOWS\system32\fqediaou.tmp
D:\WINDOWS\system32\2935986722.dat
D:\WINDOWS\system32\drivers\Tbh06.sys
D:\WINDOWS\system32\drivers\beep.sys.vir
D:\WINDOWS\003170_.tmp
D:\WINDOWS\braviax.exe.vir
D:\WINDOWS\system32\alyko._dl
D:\WINDOWS\system32\abygahek.inf
D:\Documents and Settings\JaYo^\Dane aplikacji\vynepa.bin
D:\WINDOWS\qodeceko.lib
D:\WINDOWS\qogab.pif
D:\WINDOWS\system32\izehu.db
D:\WINDOWS\maloneg.exe
D:\WINDOWS\imyzugaku.com
D:\Documents and Settings\All Users\Dane aplikacji\efucyt.dll
D:\WINDOWS\ejyf.com
D:\WINDOWS\system32\poryb.com
D:\WINDOWS\system32\hunikilec.pif
D:\Program Files\Common Files\catol.reg
D:\Documents and Settings\JaYo^\Dane aplikacji\ucyja.vbs
D:\WINDOWS\system32\ezuwuq.sys
D:\Program Files\Common Files\imuz.scr
D:\WINDOWS\ehygavuwo.pif
D:\Documents and Settings\All Users\Dane aplikacji\amusazy.bat
D:\WINDOWS\system32\ahexys._dl
D:\WINDOWS\oqako._dl
D:\WINDOWS\uvyculyfem._sy
D:\WINDOWS\system32\braviax.exe.vir
D:\WINDOWS\xecoqutup.vbs
D:\WINDOWS\zepib.dat
D:\WINDOWS\system32\ikhcore.cfg
D:\WINDOWS\jusyreryge.scr
D:\Documents and Settings\All Users\Dane aplikacji\takelemowi.bin
D:\Documents and Settings\All Users\Dane aplikacji\calycin.sys
D:\Documents and Settings\All Users\Dane aplikacji\egovadyvid.com
D:\WINDOWS\system32\opypycyl.vbs
D:\Documents and Settings\JaYo^\Dane aplikacji\bopog.reg
D:\WINDOWS\system32\usisoheq.pif
D:\Documents and Settings\All Users\Dane aplikacji\aliki.pif
D:\Program Files\Common Files\rehe.com
D:\Documents and Settings\JaYo^\Dane aplikacji\ugodidaq.scr
D:\Program Files\Common Files\rebik.vbs
D:\Program Files\Common Files\ezux.com
D:\WINDOWS\system32\edykiq.dll
D:\WINDOWS\ohisota.lib
D:\Documents and Settings\All Users\Dane aplikacji\cufikomic.com
D:\WINDOWS\ezyvo.dl
D:\Program Files\Common Files\cewy.lib
D:\Program Files\Common Files\teka._sy
D:\Program Files\Common Files\lapyruqo._dl

Drivers to unload:

Tbh06

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbh06.sys
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSystem
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromoReg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sacr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDrive
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinReanimator

Registry values to delete:

"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" | "Htnltlg"

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z combofixa

**Posty:** 24 · przez **JaYo^** 22 Kwi 2008, 18:15

Kod: Zaznacz wszystko: Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Coś chyba chyba Ci sie pomylilo bo tam nie ma czegos takiego

, a po za tym jak chce wkleic ten skrypt czy cus i daje extend czy jakos tak to wyskakuj blad itp

**Posty:** 8001 · przez **Okocza** 22 Kwi 2008, 18:18

jaki błąd

pokaż screen

**Posty:** 18165 · przez **wojtas** 22 Kwi 2008, 18:37

Ściągnij OTMoveIt W okienko po lewej Paste List of Files/Folders to be Moved wklej

D:\WINDOWS\system32\fqediaou.tmp
D:\WINDOWS\system32\2935986722.dat
D:\WINDOWS\system32\drivers\Tbh06.sys
D:\WINDOWS\system32\drivers\beep.sys.vir
D:\WINDOWS\003170_.tmp
D:\WINDOWS\braviax.exe.vir
D:\WINDOWS\system32\alyko._dl
D:\WINDOWS\system32\abygahek.inf
D:\Documents and Settings\JaYo^\Dane aplikacji\vynepa.bin
D:\WINDOWS\qodeceko.lib
D:\WINDOWS\qogab.pif
D:\WINDOWS\system32\izehu.db
D:\WINDOWS\maloneg.exe
D:\WINDOWS\imyzugaku.com
D:\Documents and Settings\All Users\Dane aplikacji\efucyt.dll
D:\WINDOWS\ejyf.com
D:\WINDOWS\system32\poryb.com
D:\WINDOWS\system32\hunikilec.pif
D:\Program Files\Common Files\catol.reg
D:\Documents and Settings\JaYo^\Dane aplikacji\ucyja.vbs
D:\WINDOWS\system32\ezuwuq.sys
D:\Program Files\Common Files\imuz.scr
D:\WINDOWS\ehygavuwo.pif
D:\Documents and Settings\All Users\Dane aplikacji\amusazy.bat
D:\WINDOWS\system32\ahexys._dl
D:\WINDOWS\oqako._dl
D:\WINDOWS\uvyculyfem._sy
D:\WINDOWS\system32\braviax.exe.vir
D:\WINDOWS\xecoqutup.vbs
D:\WINDOWS\zepib.dat
D:\WINDOWS\system32\ikhcore.cfg
D:\WINDOWS\jusyreryge.scr
D:\Documents and Settings\All Users\Dane aplikacji\takelemowi.bin
D:\Documents and Settings\All Users\Dane aplikacji\calycin.sys
D:\Documents and Settings\All Users\Dane aplikacji\egovadyvid.com
D:\WINDOWS\system32\opypycyl.vbs
D:\Documents and Settings\JaYo^\Dane aplikacji\bopog.reg
D:\WINDOWS\system32\usisoheq.pif
D:\Documents and Settings\All Users\Dane aplikacji\aliki.pif
D:\Program Files\Common Files\rehe.com
D:\Documents and Settings\JaYo^\Dane aplikacji\ugodidaq.scr
D:\Program Files\Common Files\rebik.vbs
D:\Program Files\Common Files\ezux.com
D:\WINDOWS\system32\edykiq.dll
D:\WINDOWS\ohisota.lib
D:\Documents and Settings\All Users\Dane aplikacji\cufikomic.com
D:\WINDOWS\ezyvo.dl
D:\Program Files\Common Files\cewy.lib
D:\Program Files\Common Files\teka._sy
D:\Program Files\Common Files\lapyruqo._dl

Następnie naciskamy - MoveIt!. Pliki zostały przeniesione. Wynik operacji zobaczymy w prawym oknie Results.
Po całej operacji należy zresetować komputer

potem wklej do notatnika:

wklej do notatnika

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Htnltlg"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbh06.sys]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSystem]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromoReg]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sacr]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDrive]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinReanimator]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

potem :

Start => Uruchom => cmd =>wpisz:

sc stop Tbh06

enter

sc delete Tbh06

enter

potem nowy log z combofixa i hijacka

**Posty:** 24 · przez **JaYo^** 25 Kwi 2008, 00:19

HT:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:39, on 2008-04-24 Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE C:\Program Files\Ad-Aware 2007\aawservice.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NOD32\nod32krn.exe D:\WINDOWS\system32\HPZipm12.exe D:\WINDOWS\system32\rserver30\RServer3.exea C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\rserver30\FamItrfc.Exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\DU Meter\DUMeter.exe D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\NOD32\nod32kui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\MoorHunt\MoorHunt.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE D:\Program Files\iPod\bin\iPodService.exe D:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\BearShare Pro 5.3.0.0.exe C:\Program Files\Opera\Opera.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\NOD32\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SDFix] C:\SDFIX\SDFix\RunThis.bat /second O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: MoorHunt.lnk = C:\Program Files\MoorHunt\MoorHunt.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\NOD32\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe O23 - Service: Pml Driver HPZ12 PmlClipSrv (PmlClipSrv) - Unknown owner - D:\WINDOWS\system32\accessy.exe (file missing) O23 - Service: PsExec (PSEXESVC) - Unknown owner - D:\WINDOWS\PSEXESVC.EXE (file missing) O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - D:\WINDOWS\system32\rserver30\RServer3.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Karta wydajności WMI WmiApSrvMessenger (WmiApSrvMessenger) - Unknown owner - D:\WINDOWS\system32\acluio.exe (file missing) -- End of file - 6512 bytes

COMBO:

Kod: Zaznacz wszystko: ComboFix 08-04-20.1 - JaYo^ 2008-04-25 0:13:29.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.596 [GMT 2:00] Running from: D:\Documents and Settings\JaYo^\Moje dokumenty\Opera\ComboFix.exe * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))) . 2008-04-20 18:53 . 2008-04-24 23:04 54,156 --ah----- D:\WINDOWS\QTFont.qfn 2008-04-20 18:53 . 2008-04-20 18:53 1,409 --a------ D:\WINDOWS\QTFont.for 2008-04-20 18:52 . 2008-04-20 18:52 <DIR> d-------- D:\Program Files\iPod 2008-04-20 18:52 . 2008-04-25 00:04 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Apple Computer 2008-04-20 18:51 . 2008-04-20 18:51 <DIR> d-------- D:\Program Files\QuickTime 2008-04-20 18:51 . 2008-04-20 18:51 <DIR> d-------- D:\Program Files\Apple Software Update 2008-04-20 18:51 . 2008-04-20 18:52 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-04-20 18:50 . 2008-04-20 18:50 <DIR> d-------- D:\Program Files\Common Files\Apple 2008-04-20 18:50 . 2008-04-20 18:50 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-04-20 14:18 . 2008-04-20 14:18 <DIR> d-------- D:\WINDOWS\ERUNT 2008-04-19 13:46 . 2008-04-22 22:41 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Thinstall 2008-04-17 18:32 . 2008-04-17 18:31 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys 2008-04-17 18:32 . 2008-04-17 18:31 298,104 --a------ D:\WINDOWS\system32\imon.dll 2008-04-17 18:32 . 2008-04-17 18:31 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys 2008-04-17 18:04 . 2008-04-19 16:40 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Hamachi 2008-04-17 18:03 . 2008-04-17 18:03 25,280 --a------ D:\WINDOWS\system32\drivers\hamachi.sys 2008-04-16 22:52 . 2008-04-18 19:34 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\AdobeUM 2008-04-16 22:51 . 2008-04-16 22:51 <DIR> d-------- D:\WINDOWS\Cache 2008-04-15 22:54 . 2008-04-15 22:54 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Nokia Multimedia Player 2008-04-14 16:06 . 2008-04-14 16:06 2,394 --a------ D:\WINDOWS\system32\tmp.reg 2008-04-14 16:01 . 2008-04-14 16:02 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy 2008-04-14 16:00 . 2008-04-14 16:12 <DIR> d-------- D:\Documents and Settings\JaYo^\SmitfraudFix 2008-04-14 16:00 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe 2008-04-14 16:00 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe 2008-04-14 16:00 . 2008-04-13 23:31 86,528 --a------ D:\WINDOWS\system32\VACFix.exe 2008-04-14 16:00 . 2008-04-12 13:49 82,432 --a------ D:\WINDOWS\system32\IEDFix.exe 2008-04-14 16:00 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe 2008-04-14 16:00 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe 2008-04-14 16:00 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe 2008-04-13 13:50 . 2008-04-13 13:50 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Image Zone Express 2008-04-13 13:48 . 2008-04-13 13:48 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\HP 2008-04-12 20:18 . 2007-10-30 18:47 25,728 --a------ D:\WINDOWS\system32\drivers\usbser.sys 2008-04-12 20:18 . 2007-10-30 18:47 25,728 --a--c--- D:\WINDOWS\system32\dllcache\usbser.sys 2008-04-12 20:17 . 2008-04-12 20:17 0 --ah----- D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-04-12 20:17 . 2008-04-12 20:17 0 --ah----- D:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-04-12 20:15 . 2008-04-12 20:15 <DIR> d-------- D:\Program Files\MSXML 6.0 2008-04-12 20:15 . 2007-11-29 10:33 1,419,232 --a------ D:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-04-12 20:15 . 2008-02-01 15:17 138,112 --a------ D:\WINDOWS\system32\drivers\nmwcdnsu.sys 2008-04-12 20:15 . 2007-11-29 10:39 95,744 --a------ D:\WINDOWS\system32\nmwcdcocls.dll 2008-04-12 20:15 . 2007-11-29 10:39 19,328 --a------ D:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-04-12 20:15 . 2007-11-29 10:39 16,896 --a------ D:\WINDOWS\system32\drivers\ccdcmb.sys 2008-04-12 20:15 . 2008-02-01 15:17 8,320 --a------ D:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2008-04-12 20:15 . 2007-11-29 10:39 8,064 --a------ D:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-04-12 20:15 . 2007-11-29 10:39 8,064 --a------ D:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-04-08 16:21 . 2008-04-08 16:21 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Ahead 2008-04-04 19:35 . 2008-04-13 13:51 <DIR> d-------- D:\Documents and Settings\All Users\Documents 2008-04-04 14:35 . 2008-04-04 14:35 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2008-04-04 11:29 . 2008-04-18 22:16 189 --a------ D:\WINDOWS\usdthank.ini 2008-04-04 11:29 . 2008-04-04 11:29 31 --a------ D:\WINDOWS\idc.ini 2008-04-04 11:09 . 2007-02-27 20:39 1,040,384 --a------ D:\WINDOWS\system32\libeay32.dll 2008-04-04 11:09 . 2007-02-27 20:40 196,608 --a------ D:\WINDOWS\system32\ssleay32.dll 2008-04-04 11:09 . 2008-04-04 11:09 196,608 --a------ D:\WINDOWS\system32\libssl32.dll 2008-04-04 10:46 . 2008-04-12 19:45 <DIR> d-------- D:\Documents and Settings\JaYo^\Phone Browser 2008-04-04 10:31 . 2008-04-04 10:31 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Nokia 2008-04-04 10:20 . 2008-04-12 20:15 <DIR> d-------- D:\Program Files\Nokia 2008-04-03 19:32 . 2008-04-03 19:41 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Azureus 2008-04-03 13:25 . 2008-04-03 13:25 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Locktime 2008-04-03 13:24 . 2008-04-03 13:24 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Locktime 2008-04-02 11:12 . 2008-04-02 11:12 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Radmin 2008-04-02 10:22 . 2007-10-31 00:32 90,624 --a--c--- D:\WINDOWS\system32\dllcache\muisetup.exe 2008-04-02 10:10 . 2007-10-31 00:30 101,376 -----c--- D:\WINDOWS\system32\dllcache\dpcdll.dll 2008-04-02 10:03 . 2008-04-02 10:10 <DIR> d-------- D:\WINDOWS\ServicePackFiles 2008-04-02 09:59 . 2008-04-02 09:59 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Simply Super Software 2008-04-02 09:53 . 2008-04-02 09:53 <DIR> d-------- D:\WINDOWS\system32\Lang 2008-04-02 09:53 . 2008-04-02 09:53 940,794 --a------ D:\WINDOWS\system32\LoopyMusic.wav 2008-04-02 09:53 . 2008-04-02 09:53 146,650 --a------ D:\WINDOWS\system32\BuzzingBee.wav 2008-04-02 09:24 . 2008-04-02 09:24 18,980 --a------ D:\Program Files\Common Files\odevumut.pif 2008-04-02 09:24 . 2008-04-02 09:24 18,968 --a------ D:\Program Files\Common Files\ilatetek.reg 2008-04-01 22:22 . 2008-04-01 22:22 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\teamspeak2 2008-04-01 19:10 . 2008-04-01 19:11 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-04-01 19:07 . 2008-04-01 19:07 <DIR> d-------- D:\Program Files\DIFX 2008-04-01 19:07 . 2008-04-01 19:07 <DIR> d-------- D:\Program Files\Common Files\PCSuite 2008-04-01 19:07 . 2008-04-12 20:13 <DIR> d-------- D:\Program Files\Common Files\Nokia 2008-04-01 19:07 . 2008-04-12 19:37 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\PC Suite 2008-04-01 19:07 . 2008-04-12 19:19 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Nokia 2008-04-01 19:06 . 2008-04-20 18:51 <DIR> d----c--- D:\WINDOWS\system32\DRVSTORE 2008-04-01 19:06 . 2008-04-01 19:06 <DIR> d-------- D:\Program Files\PC Connectivity Solution 2008-04-01 19:06 . 2008-02-01 15:17 90,624 --a------ D:\WINDOWS\system32\nmwcdcls.dll 2008-04-01 19:05 . 2008-04-12 20:13 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-04-01 15:52 . 2008-04-01 15:52 81,701 --a------ D:\WINDOWS\system32\drivers\klif.cab 2008-04-01 15:47 . 2008-04-01 15:51 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-04-01 15:27 . 2008-04-01 15:51 <DIR> d-a------ D:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-04-01 13:02 . 2008-04-03 15:22 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\dvdcss 2008-04-01 08:31 . 2008-04-01 08:31 <DIR> d-------- D:\Program Files\MSXML 4.0 2008-03-31 21:41 . 2008-03-31 21:41 19,714 --a------ D:\Program Files\Common Files\umedihipew.com 2008-03-31 14:43 . 2008-04-01 08:38 <DIR> d--h----- D:\WINDOWS\$hf_mig$ 2008-03-31 13:35 . 2008-04-17 23:09 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-03-31 08:27 . 2008-03-31 08:27 13,068 --a------ D:\WINDOWS\system32\unidysuq.inf 2008-03-31 08:27 . 2008-03-31 08:27 12,800 --a------ D:\WINDOWS\ocikumo.dll 2008-03-31 08:27 . 2008-03-31 08:27 12,625 --a------ D:\WINDOWS\kywobi.vbs 2008-03-31 08:27 . 2008-03-31 08:27 12,396 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\exyto.pif 2008-03-31 08:27 . 2008-03-31 08:27 10,865 --a------ D:\WINDOWS\surijun.lib 2008-03-30 17:50 . 2008-03-30 17:50 <DIR> d-------- D:\Program Files\directx 2008-03-30 14:22 . 2008-03-30 14:22 1,167 --a------ D:\WINDOWS\mozver.dat 2008-03-30 14:02 . 2008-03-30 14:15 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\vlc 2008-03-30 13:05 . 2008-04-25 00:07 69 --a------ D:\WINDOWS\NeroDigital.ini 2008-03-30 12:52 . 2008-03-30 12:52 19,327 --a------ D:\WINDOWS\ifip.bat 2008-03-30 12:52 . 2008-03-30 12:52 18,723 --a------ D:\WINDOWS\adixacanu._sy 2008-03-30 12:52 . 2008-03-30 12:52 18,722 --a------ D:\Program Files\Common Files\niku.bat 2008-03-30 12:52 . 2008-03-30 12:52 18,633 --a------ D:\WINDOWS\atyruvuje.sys 2008-03-30 12:52 . 2008-03-30 12:52 15,603 --a------ D:\WINDOWS\ocezo.ban 2008-03-30 12:52 . 2008-03-30 12:52 14,229 --a------ D:\WINDOWS\system32\ykyq.sys 2008-03-30 12:52 . 2008-03-30 12:52 14,176 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\nuqa.scr 2008-03-30 12:52 . 2008-03-30 12:52 11,808 --a------ D:\Documents and Settings\All Users\Dane aplikacji\obujymer.bat 2008-03-30 12:52 . 2008-03-30 12:52 11,495 --a------ D:\Program Files\Common Files\ydowyt.scr 2008-03-30 12:52 . 2008-03-30 12:52 11,398 --a------ D:\WINDOWS\musykeka.com 2008-03-30 12:52 . 2008-03-30 12:52 10,200 --a------ D:\WINDOWS\xenaf.bat 2008-03-30 12:48 . 2008-03-30 12:48 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\MetaProducts 2008-03-30 12:44 . 2008-03-30 12:44 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Logitech 2008-03-30 12:44 . 2008-03-30 12:44 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\ATI 2008-03-30 12:42 . 2008-03-30 12:42 34,816 --a--c--- D:\WINDOWS\system32\dllcache\figaro.sys.vir 2008-03-30 12:10 . 2008-04-25 00:09 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Skype 2008-03-30 12:05 . 2008-03-30 12:05 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Gadu-Gadu 2008-03-30 12:01 . 2008-03-30 12:01 <DIR> d-------- D:\WINDOWS\Sun 2008-03-30 11:52 . 2007-10-30 19:00 15,104 --a------ D:\WINDOWS\system32\drivers\usbscan.sys 2008-03-30 11:46 . 2008-04-23 08:57 <DIR> d-------- D:\Program Files\Bonjour 2008-03-30 11:28 . 2008-03-30 11:28 427 --a------ D:\WINDOWS\ODBC.INI 2008-03-30 11:27 . 2008-03-30 11:28 <DIR> d-------- D:\WINDOWS\ShellNew 2008-03-30 11:21 . 2008-03-30 11:21 <DIR> d-------- D:\Program Files\Common Files\Macrovision Shared 2008-03-30 11:19 . 2008-04-16 22:52 <DIR> d-------- D:\Program Files\Common Files\Adobe 2008-03-30 11:13 . 2008-03-30 11:13 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Programy 2008-03-30 11:05 . 2008-03-30 11:07 <DIR> d-------- D:\WINDOWS\system32\rserver30 2008-03-30 11:04 . 2008-03-10 18:01 73,728 --a------ D:\WINDOWS\system32\SUO.cpl 2008-03-30 11:04 . 2008-04-02 10:22 1,024 --ah----- D:\Documents and Settings\Default User\NTUser.dat.LOG 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ D:\WINDOWS\system32\QuickTimeVR.qtx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-24 18:18 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-04-15 17:25 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-04-15 17:21 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe 2008-03-30 10:42 34,816 ----a-w D:\WINDOWS\system32\drivers\beep.sys 2008-03-30 08:57 --------- d-----w D:\Program Files\Windows Media Connect 2 2008-03-30 08:49 --------- d-----w D:\Program Files\Skype 2008-03-30 08:49 --------- d-----w D:\Program Files\Common Files\Skype 2008-03-30 08:49 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-03-30 08:46 --------- d-----w D:\Program Files\Common Files\Ahead 2008-03-30 08:42 --------- d-----w D:\Program Files\Java 2008-03-30 08:42 --------- d-----w D:\Program Files\Common Files\Java 2008-03-30 08:40 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies 2008-03-30 08:35 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard 2008-03-30 08:33 --------- d-----w D:\Program Files\SAGEM 2008-03-30 08:30 81,920 ------r D:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2008-03-30 08:29 --------- d-----w D:\Program Files\Common Files\Logitech 2008-03-30 08:29 --------- d-----w D:\Program Files\Common Files\InstallShield 2008-03-30 08:26 --------- d-----w D:\Program Files\Common Files\HP 2008-03-30 08:26 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\HP 2008-03-30 08:25 --------- d-----w D:\Program Files\Hewlett-Packard 2008-03-30 08:24 --------- d-----w D:\Program Files\Common Files\Hewlett-Packard 2008-03-30 08:21 --------- d-----w D:\Program Files\HP 2008-03-30 08:19 --------- d-----w D:\Program Files\Marvell 2008-03-30 08:14 --------- d-----w D:\Program Files\ATI Technologies 2008-03-30 08:13 --------- d-----w D:\Program Files\Realtek Sound Manager 2008-03-30 08:13 --------- d-----w D:\Program Files\AvRack 2008-03-30 08:04 --------- d-----w D:\Program Files\microsoft frontpage 2008-03-30 08:03 --------- d-----w D:\Program Files\Usługi online 2008-01-29 10:02 107,368 ----a-w D:\WINDOWS\system32\GEARAspi.dll . ------- Sigcheck ------- 2007-12-07 02:48 668672 5c0b1281e1245d2f4af571b21b0ab21f D:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll 2004-08-04 00:44 658944 d37dafb534ac8343d59a1b501abe852c D:\WINDOWS\$NtUninstallKB944533$\wininet.dll 2007-10-31 00:32 666112 fcd4c436984c50f5d4f99c69f8206009 D:\WINDOWS\ServicePackFiles\i386\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2gdr\wininet.dll 2007-12-07 02:48 668672 5c0b1281e1245d2f4af571b21b0ab21f D:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2qfe\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\system32\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\system32\dllcache\wininet.dll 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c D:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 19:33 361088 9d87f804f66c26eea4b6d7405bcb996c D:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys 2007-10-30 19:33 361088 9d87f804f66c26eea4b6d7405bcb996c D:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot_2008-04-24_23.02.05,93 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-24 13:30:00 2,048 --s-a-w D:\WINDOWS\bootstat.dat + 2008-04-24 21:03:36 2,048 --s-a-w D:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-01-12 01:31 73728 D:\WINDOWS\SOUNDMAN.EXE] "ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07 61440] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 D:\WINDOWS\KHALMNPR.Exe] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "nod32kui"="C:\Program Files\NOD32\nod32kui.exe" [2008-04-17 18:31 949376] "SDFix"="C:\SDFIX\SDFix\RunThis.bat /second" [ ] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2007-10-31 00:32 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ ATI CATALYST - pasek zadaä.lnk - D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 01:07:30 61440] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-03-30 10:29:46 573440] MoorHunt.lnk - C:\Program Files\MoorHunt\MoorHunt.exe [2008-03-30 10:45:21 3567616] [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2007-10-31 00:32 15360 D:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-03-30 10:30 16384 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Palringo] --a------ 2008-03-18 13:52 348160 C:\Program Files\Palringo\palringo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 D:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-30 13:51 1271032 E:\Gry\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDownloader] --a------ 2008-01-26 11:39 528384 F:\Download\Programy\Drobne\USD\USDownloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"= "D:\\WINDOWS\\system32\\rserver30\\rserver3.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\WinAVI Video Converter\\WinAVI.exe"= "D:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "E:\\Gry\\Steam\\steamapps\\jayo1990\\counter-strike\\hl.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:6112 "6112:UDP"= 6112:UDP:6112 "6348:TCP"= 6348:TCP:6348 "6348:UDP"= 6348:UDP:6348 R1 raddrvv3;raddrvv3;D:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-10-31 15:30] R2 RServer3;Radmin Server V3;"D:\WINDOWS\system32\rserver30\RServer3.exe" /service [] R3 mirrorv3;mirrorv3;D:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01] S2 PmlClipSrv;Pml Driver HPZ12 PmlClipSrv;D:\WINDOWS\system32\accessy.exe [] S2 WmiApSrvMessenger;Karta wydajności WMI WmiApSrvMessenger;D:\WINDOWS\system32\acluio.exe [] S3 FastLynx;FastLynx;C:\Program Files\FastLynx\FastLynx.sys [] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17] S3 nmwcdnsuc;Nokia USB Flashing Generic;D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17] S3 upperdev;upperdev;D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39] S3 UsbserFilt;UsbserFilt;D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39] S3 zebrbus;Sony Ericsson Composite Device driver;D:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 08:50] . Contents of the 'Scheduled Tasks' folder "2008-04-20 16:51:14 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-25 00:15:44 Windows 5.1.2600 Service Pack 3, v.3244 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-25 0:16:24 ComboFix-quarantined-files.txt 2008-04-24 22:16:10 ComboFix2.txt 2008-04-24 21:02:32 ComboFix3.txt 2008-04-20 21:22:21 ComboFix4.txt 2008-04-20 17:23:02 ComboFix5.txt 2008-04-20 12:44:32 Pre-Run: 13,532,995,584 bytes free Post-Run: 13,597,061,120 bytes free 297 --- E O F --- 2008-04-24 06:13:08

**Posty:** 18165 · przez **wojtas** 25 Kwi 2008, 16:08

Otworz notatnik i wklej w nim to:

File::
D:\Program Files\Common Files\odevumut.pif
D:\Program Files\Common Files\ilatetek.reg
D:\Program Files\Common Files\umedihipew.com
D:\WINDOWS\system32\unidysuq.inf
D:\WINDOWS\ocikumo.dll
D:\WINDOWS\kywobi.vbs
D:\Documents and Settings\JaYo^\Dane aplikacji\exyto.pif
D:\WINDOWS\surijun.lib
D:\WINDOWS\ifip.bat
D:\WINDOWS\adixacanu._sy
D:\Program Files\Common Files\niku.bat
D:\WINDOWS\atyruvuje.sys
D:\WINDOWS\ocezo.ban
D:\WINDOWS\system32\ykyq.sys
D:\Documents and Settings\JaYo^\Dane aplikacji\nuqa.scr
D:\Documents and Settings\All Users\Dane aplikacji\obujymer.bat
D:\Program Files\Common Files\ydowyt.scr
D:\WINDOWS\musykeka.com
D:\WINDOWS\xenaf.bat
D:\WINDOWS\system32\dllcache\figaro.sys.vir

Driver::
WmiApSrvMessenger

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

**Posty:** 24 · przez **JaYo^** 27 Kwi 2008, 00:24

Kod: Zaznacz wszystko: ComboFix 08-04-20.1 - JaYo^ 2008-04-27 0:20:16.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.438 [GMT 2:00] Running from: D:\Documents and Settings\JaYo^\Moje dokumenty\Opera\ComboFix.exe Command switches used :: D:\Documents and Settings\JaYo^^\Moje dokumenty\Opera\CFScript.txt * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))) . 2008-04-26 14:10 . 2008-04-26 14:10 222 --a------ D:\WINDOWS\WINCMD.INI 2008-04-20 18:52 . 2008-04-20 18:52 <DIR> d-------- D:\Program Files\iPod 2008-04-20 18:52 . 2008-04-25 00:04 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Apple Computer 2008-04-20 18:51 . 2008-04-20 18:51 <DIR> d-------- D:\Program Files\QuickTime 2008-04-20 18:51 . 2008-04-20 18:51 <DIR> d-------- D:\Program Files\Apple Software Update 2008-04-20 18:51 . 2008-04-20 18:52 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-04-20 18:50 . 2008-04-20 18:50 <DIR> d-------- D:\Program Files\Common Files\Apple 2008-04-20 18:50 . 2008-04-20 18:50 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-04-20 14:18 . 2008-04-20 14:18 <DIR> d-------- D:\WINDOWS\ERUNT 2008-04-19 13:46 . 2008-04-22 22:41 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Thinstall 2008-04-17 18:32 . 2008-04-17 18:31 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys 2008-04-17 18:32 . 2008-04-17 18:31 298,104 --a------ D:\WINDOWS\system32\imon.dll 2008-04-17 18:32 . 2008-04-17 18:31 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys 2008-04-17 18:04 . 2008-04-19 16:40 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Hamachi 2008-04-17 18:03 . 2008-04-17 18:03 25,280 --a------ D:\WINDOWS\system32\drivers\hamachi.sys 2008-04-16 22:52 . 2008-04-18 19:34 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\AdobeUM 2008-04-16 22:51 . 2008-04-16 22:51 <DIR> d-------- D:\WINDOWS\Cache 2008-04-15 22:54 . 2008-04-15 22:54 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Nokia Multimedia Player 2008-04-14 16:06 . 2008-04-14 16:06 2,394 --a------ D:\WINDOWS\system32\tmp.reg 2008-04-14 16:01 . 2008-04-14 16:02 <DIR> d--h----- D:\WINDOWS\system32\GroupPolicy 2008-04-14 16:00 . 2008-04-14 16:12 <DIR> d-------- D:\Documents and Settings\JaYo^\SmitfraudFix 2008-04-14 16:00 . 2007-09-06 00:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe 2008-04-14 16:00 . 2006-04-27 17:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe 2008-04-14 16:00 . 2008-04-13 23:31 86,528 --a------ D:\WINDOWS\system32\VACFix.exe 2008-04-14 16:00 . 2008-04-12 13:49 82,432 --a------ D:\WINDOWS\system32\IEDFix.exe 2008-04-14 16:00 . 2003-06-05 21:13 53,248 --a------ D:\WINDOWS\system32\Process.exe 2008-04-14 16:00 . 2004-07-31 18:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe 2008-04-14 16:00 . 2007-10-04 00:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe 2008-04-13 13:50 . 2008-04-13 13:50 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Image Zone Express 2008-04-13 13:48 . 2008-04-13 13:48 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\HP 2008-04-12 20:18 . 2007-10-30 18:47 25,728 --a------ D:\WINDOWS\system32\drivers\usbser.sys 2008-04-12 20:18 . 2007-10-30 18:47 25,728 --a--c--- D:\WINDOWS\system32\dllcache\usbser.sys 2008-04-12 20:17 . 2008-04-12 20:17 0 --ah----- D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-04-12 20:17 . 2008-04-12 20:17 0 --ah----- D:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-04-12 20:15 . 2008-04-12 20:15 <DIR> d-------- D:\Program Files\MSXML 6.0 2008-04-12 20:15 . 2007-11-29 10:33 1,419,232 --a------ D:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-04-12 20:15 . 2008-02-01 15:17 138,112 --a------ D:\WINDOWS\system32\drivers\nmwcdnsu.sys 2008-04-12 20:15 . 2007-11-29 10:39 95,744 --a------ D:\WINDOWS\system32\nmwcdcocls.dll 2008-04-12 20:15 . 2007-11-29 10:39 19,328 --a------ D:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-04-12 20:15 . 2007-11-29 10:39 16,896 --a------ D:\WINDOWS\system32\drivers\ccdcmb.sys 2008-04-12 20:15 . 2008-02-01 15:17 8,320 --a------ D:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2008-04-12 20:15 . 2007-11-29 10:39 8,064 --a------ D:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-04-12 20:15 . 2007-11-29 10:39 8,064 --a------ D:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-04-08 16:21 . 2008-04-08 16:21 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Ahead 2008-04-04 19:35 . 2008-04-13 13:51 <DIR> d-------- D:\Documents and Settings\All Users\Documents 2008-04-04 14:35 . 2008-04-04 14:35 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2008-04-04 11:29 . 2008-04-18 22:16 189 --a------ D:\WINDOWS\usdthank.ini 2008-04-04 11:29 . 2008-04-04 11:29 31 --a------ D:\WINDOWS\idc.ini 2008-04-04 11:09 . 2007-02-27 20:39 1,040,384 --a------ D:\WINDOWS\system32\libeay32.dll 2008-04-04 11:09 . 2007-02-27 20:40 196,608 --a------ D:\WINDOWS\system32\ssleay32.dll 2008-04-04 11:09 . 2008-04-04 11:09 196,608 --a------ D:\WINDOWS\system32\libssl32.dll 2008-04-04 10:46 . 2008-04-12 19:45 <DIR> d-------- D:\Documents and Settings\JaYo^\Phone Browser 2008-04-04 10:31 . 2008-04-04 10:31 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Nokia 2008-04-04 10:20 . 2008-04-12 20:15 <DIR> d-------- D:\Program Files\Nokia 2008-04-03 19:32 . 2008-04-03 19:41 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Azureus 2008-04-03 13:25 . 2008-04-03 13:25 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Locktime 2008-04-03 13:24 . 2008-04-03 13:24 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Locktime 2008-04-02 11:12 . 2008-04-02 11:12 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Radmin 2008-04-02 10:22 . 2007-10-31 00:32 90,624 --a--c--- D:\WINDOWS\system32\dllcache\muisetup.exe 2008-04-02 10:10 . 2007-10-31 00:30 101,376 -----c--- D:\WINDOWS\system32\dllcache\dpcdll.dll 2008-04-02 10:03 . 2008-04-02 10:10 <DIR> d-------- D:\WINDOWS\ServicePackFiles 2008-04-02 09:59 . 2008-04-02 09:59 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Simply Super Software 2008-04-02 09:53 . 2008-04-02 09:53 <DIR> d-------- D:\WINDOWS\system32\Lang 2008-04-02 09:53 . 2008-04-02 09:53 940,794 --a------ D:\WINDOWS\system32\LoopyMusic.wav 2008-04-02 09:53 . 2008-04-02 09:53 146,650 --a------ D:\WINDOWS\system32\BuzzingBee.wav 2008-04-02 09:24 . 2008-04-02 09:24 18,980 --a------ D:\Program Files\Common Files\odevumut.pif 2008-04-02 09:24 . 2008-04-02 09:24 18,968 --a------ D:\Program Files\Common Files\ilatetek.reg 2008-04-01 22:22 . 2008-04-01 22:22 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\teamspeak2 2008-04-01 19:10 . 2008-04-01 19:11 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-04-01 19:07 . 2008-04-01 19:07 <DIR> d-------- D:\Program Files\DIFX 2008-04-01 19:07 . 2008-04-01 19:07 <DIR> d-------- D:\Program Files\Common Files\PCSuite 2008-04-01 19:07 . 2008-04-12 20:13 <DIR> d-------- D:\Program Files\Common Files\Nokia 2008-04-01 19:07 . 2008-04-12 19:37 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\PC Suite 2008-04-01 19:07 . 2008-04-12 19:19 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Nokia 2008-04-01 19:06 . 2008-04-20 18:51 <DIR> d----c--- D:\WINDOWS\system32\DRVSTORE 2008-04-01 19:06 . 2008-04-01 19:06 <DIR> d-------- D:\Program Files\PC Connectivity Solution 2008-04-01 19:06 . 2008-02-01 15:17 90,624 --a------ D:\WINDOWS\system32\nmwcdcls.dll 2008-04-01 19:05 . 2008-04-12 20:13 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-04-01 15:52 . 2008-04-01 15:52 81,701 --a------ D:\WINDOWS\system32\drivers\klif.cab 2008-04-01 15:47 . 2008-04-01 15:51 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-04-01 15:27 . 2008-04-01 15:51 <DIR> d-a------ D:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-04-01 13:02 . 2008-04-03 15:22 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\dvdcss 2008-04-01 08:31 . 2008-04-01 08:31 <DIR> d-------- D:\Program Files\MSXML 4.0 2008-03-31 21:41 . 2008-03-31 21:41 19,714 --a------ D:\Program Files\Common Files\umedihipew.com 2008-03-31 14:43 . 2008-04-01 08:38 <DIR> d--h----- D:\WINDOWS\$hf_mig$ 2008-03-31 13:35 . 2008-04-17 23:09 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-03-31 08:27 . 2008-03-31 08:27 13,068 --a------ D:\WINDOWS\system32\unidysuq.inf 2008-03-31 08:27 . 2008-03-31 08:27 12,800 --a------ D:\WINDOWS\ocikumo.dll 2008-03-31 08:27 . 2008-03-31 08:27 12,625 --a------ D:\WINDOWS\kywobi.vbs 2008-03-31 08:27 . 2008-03-31 08:27 12,396 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\exyto.pif 2008-03-31 08:27 . 2008-03-31 08:27 10,865 --a------ D:\WINDOWS\surijun.lib 2008-03-30 17:50 . 2008-03-30 17:50 <DIR> d-------- D:\Program Files\directx 2008-03-30 14:22 . 2008-03-30 14:22 1,167 --a------ D:\WINDOWS\mozver.dat 2008-03-30 14:02 . 2008-03-30 14:15 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\vlc 2008-03-30 13:05 . 2008-04-26 12:28 69 --a------ D:\WINDOWS\NeroDigital.ini 2008-03-30 12:52 . 2008-03-30 12:52 19,327 --a------ D:\WINDOWS\ifip.bat 2008-03-30 12:52 . 2008-03-30 12:52 18,723 --a------ D:\WINDOWS\adixacanu._sy 2008-03-30 12:52 . 2008-03-30 12:52 18,722 --a------ D:\Program Files\Common Files\niku.bat 2008-03-30 12:52 . 2008-03-30 12:52 18,633 --a------ D:\WINDOWS\atyruvuje.sys 2008-03-30 12:52 . 2008-03-30 12:52 15,603 --a------ D:\WINDOWS\ocezo.ban 2008-03-30 12:52 . 2008-03-30 12:52 14,229 --a------ D:\WINDOWS\system32\ykyq.sys 2008-03-30 12:52 . 2008-03-30 12:52 14,176 --a------ D:\Documents and Settings\JaYo^\Dane aplikacji\nuqa.scr 2008-03-30 12:52 . 2008-03-30 12:52 11,808 --a------ D:\Documents and Settings\All Users\Dane aplikacji\obujymer.bat 2008-03-30 12:52 . 2008-03-30 12:52 11,495 --a------ D:\Program Files\Common Files\ydowyt.scr 2008-03-30 12:52 . 2008-03-30 12:52 11,398 --a------ D:\WINDOWS\musykeka.com 2008-03-30 12:52 . 2008-03-30 12:52 10,200 --a------ D:\WINDOWS\xenaf.bat 2008-03-30 12:48 . 2008-03-30 12:48 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\MetaProducts 2008-03-30 12:44 . 2008-03-30 12:44 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Logitech 2008-03-30 12:44 . 2008-03-30 12:44 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\ATI 2008-03-30 12:42 . 2008-03-30 12:42 34,816 --a--c--- D:\WINDOWS\system32\dllcache\figaro.sys.vir 2008-03-30 12:10 . 2008-04-26 16:04 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Skype 2008-03-30 12:05 . 2008-03-30 12:05 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Gadu-Gadu 2008-03-30 12:01 . 2008-03-30 12:01 <DIR> d-------- D:\WINDOWS\Sun 2008-03-30 11:52 . 2007-10-30 19:00 15,104 --a------ D:\WINDOWS\system32\drivers\usbscan.sys 2008-03-30 11:46 . 2008-04-23 08:57 <DIR> d-------- D:\Program Files\Bonjour 2008-03-30 11:28 . 2008-03-30 11:28 427 --a------ D:\WINDOWS\ODBC.INI 2008-03-30 11:27 . 2008-03-30 11:28 <DIR> d-------- D:\WINDOWS\ShellNew 2008-03-30 11:21 . 2008-03-30 11:21 <DIR> d-------- D:\Program Files\Common Files\Macrovision Shared 2008-03-30 11:19 . 2008-04-16 22:52 <DIR> d-------- D:\Program Files\Common Files\Adobe 2008-03-30 11:13 . 2008-03-30 11:13 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Programy 2008-03-30 11:05 . 2008-03-30 11:07 <DIR> d-------- D:\WINDOWS\system32\rserver30 2008-03-30 11:04 . 2008-03-10 18:01 73,728 --a------ D:\WINDOWS\system32\SUO.cpl 2008-03-30 11:04 . 2008-04-02 10:22 1,024 --ah----- D:\Documents and Settings\Default User\NTUser.dat.LOG 2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ D:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ D:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-25 15:07 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-04-15 17:25 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-04-15 17:21 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe 2008-03-30 10:42 34,816 ----a-w D:\WINDOWS\system32\drivers\beep.sys 2008-03-30 08:57 --------- d-----w D:\Program Files\Windows Media Connect 2 2008-03-30 08:49 --------- d-----w D:\Program Files\Skype 2008-03-30 08:49 --------- d-----w D:\Program Files\Common Files\Skype 2008-03-30 08:49 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-03-30 08:46 --------- d-----w D:\Program Files\Common Files\Ahead 2008-03-30 08:42 --------- d-----w D:\Program Files\Java 2008-03-30 08:42 --------- d-----w D:\Program Files\Common Files\Java 2008-03-30 08:40 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies 2008-03-30 08:35 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard 2008-03-30 08:33 --------- d-----w D:\Program Files\SAGEM 2008-03-30 08:30 81,920 ------r D:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2008-03-30 08:29 --------- d-----w D:\Program Files\Common Files\Logitech 2008-03-30 08:29 --------- d-----w D:\Program Files\Common Files\InstallShield 2008-03-30 08:26 --------- d-----w D:\Program Files\Common Files\HP 2008-03-30 08:26 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\HP 2008-03-30 08:25 --------- d-----w D:\Program Files\Hewlett-Packard 2008-03-30 08:24 --------- d-----w D:\Program Files\Common Files\Hewlett-Packard 2008-03-30 08:21 --------- d-----w D:\Program Files\HP 2008-03-30 08:19 --------- d-----w D:\Program Files\Marvell 2008-03-30 08:14 --------- d-----w D:\Program Files\ATI Technologies 2008-03-30 08:13 --------- d-----w D:\Program Files\Realtek Sound Manager 2008-03-30 08:13 --------- d-----w D:\Program Files\AvRack 2008-03-30 08:04 --------- d-----w D:\Program Files\microsoft frontpage 2008-03-30 08:03 --------- d-----w D:\Program Files\Usługi online 2008-01-29 10:02 107,368 ----a-w D:\WINDOWS\system32\GEARAspi.dll . ------- Sigcheck ------- 2007-12-07 02:48 668672 5c0b1281e1245d2f4af571b21b0ab21f D:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll 2004-08-04 00:44 658944 d37dafb534ac8343d59a1b501abe852c D:\WINDOWS\$NtUninstallKB944533$\wininet.dll 2007-10-31 00:32 666112 fcd4c436984c50f5d4f99c69f8206009 D:\WINDOWS\ServicePackFiles\i386\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2gdr\wininet.dll 2007-12-07 02:48 668672 5c0b1281e1245d2f4af571b21b0ab21f D:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2qfe\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\system32\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\system32\dllcache\wininet.dll 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c D:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 19:33 361088 9d87f804f66c26eea4b6d7405bcb996c D:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys 2007-10-30 19:33 361088 9d87f804f66c26eea4b6d7405bcb996c D:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot_2008-04-24_23.02.05,93 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-24 13:30:00 2,048 --s-a-w D:\WINDOWS\bootstat.dat + 2008-04-26 16:09:19 2,048 --s-a-w D:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-01-12 01:31 73728 D:\WINDOWS\SOUNDMAN.EXE] "ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07 61440] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 D:\WINDOWS\KHALMNPR.Exe] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "nod32kui"="C:\Program Files\NOD32\nod32kui.exe" [2008-04-17 18:31 949376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2007-10-31 00:32 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ ATI CATALYST - pasek zadaä.lnk - D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 01:07:30 61440] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-03-30 10:29:46 573440] MoorHunt.lnk - C:\Program Files\MoorHunt\MoorHunt.exe [2008-03-30 10:45:21 3567616] [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2007-10-31 00:32 15360 D:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-03-30 10:30 16384 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Palringo] --a------ 2008-03-18 13:52 348160 C:\Program Files\Palringo\palringo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 D:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix] C:\SDFIX\SDFix\RunThis.bat /second [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-30 13:51 1271032 E:\Gry\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDownloader] --a------ 2008-01-26 11:39 528384 F:\Download\Programy\Drobne\USD\USDownloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"= "D:\\WINDOWS\\system32\\rserver30\\rserver3.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\WinAVI Video Converter\\WinAVI.exe"= "D:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "E:\\Gry\\Steam\\steamapps\\jayo1990\\counter-strike\\hl.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:6112 "6112:UDP"= 6112:UDP:6112 "6348:TCP"= 6348:TCP:6348 "6348:UDP"= 6348:UDP:6348 R1 raddrvv3;raddrvv3;D:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-10-31 15:30] R2 RServer3;Radmin Server V3;"D:\WINDOWS\system32\rserver30\RServer3.exe" /service [] R3 mirrorv3;mirrorv3;D:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01] R3 upperdev;upperdev;D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39] R3 UsbserFilt;UsbserFilt;D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39] S2 PmlClipSrv;Pml Driver HPZ12 PmlClipSrv;D:\WINDOWS\system32\accessy.exe [] S2 WmiApSrvMessenger;Karta wydajności WMI WmiApSrvMessenger;D:\WINDOWS\system32\acluio.exe [] S3 FastLynx;FastLynx;C:\Program Files\FastLynx\FastLynx.sys [] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17] S3 nmwcdnsuc;Nokia USB Flashing Generic;D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17] S3 zebrbus;Sony Ericsson Composite Device driver;D:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 08:50] . Contents of the 'Scheduled Tasks' folder "2008-04-20 16:51:14 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-27 00:22:10 Windows 5.1.2600 Service Pack 3, v.3244 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-27 0:22:55 ComboFix-quarantined-files.txt 2008-04-26 22:22:38 ComboFix2.txt 2008-04-24 22:16:26 ComboFix3.txt 2008-04-24 21:02:32 ComboFix4.txt 2008-04-20 21:22:21 ComboFix5.txt 2008-04-20 17:23:02 Pre-Run: 13,839,233,024 bytes free Post-Run: 13,859,794,944 bytes free 301 --- E O F --- 2008-04-26 15:57:00

**Posty:** 18165 · przez **wojtas** 27 Kwi 2008, 10:10

Start do awaryjnego ( F8 ) przy starcie komputera. a w nim kasujesz te wszystkie pliki do kosza:

D:\Program Files\Common Files\odevumut.pif
D:\Program Files\Common Files\ilatetek.reg
D:\Program Files\Common Files\umedihipew.com
D:\WINDOWS\system32\unidysuq.inf
D:\WINDOWS\ocikumo.dll
D:\WINDOWS\kywobi.vbs
D:\Documents and Settings\JaYo^\Dane aplikacji\exyto.pif
D:\WINDOWS\surijun.lib
D:\WINDOWS\ifip.bat
D:\WINDOWS\adixacanu._sy
D:\Program Files\Common Files\niku.bat
D:\WINDOWS\atyruvuje.sys
D:\WINDOWS\ocezo.ban
D:\WINDOWS\system32\ykyq.sys
D:\Documents and Settings\JaYo^\Dane aplikacji\nuqa.scr
D:\Documents and Settings\All Users\Dane aplikacji\obujymer.bat
D:\Program Files\Common Files\ydowyt.scr
D:\WINDOWS\musykeka.com
D:\WINDOWS\xenaf.bat
D:\WINDOWS\system32\dllcache\figaro.sys.vir

Jeśli nie będą widoczne, to najpierw usuń atrybuty ochronne:
>>Start>>Panel Sterowania>>Opcje Folderów>>Widok>>usuń zaznaczenie przy "Ukryj chronione pliki systemowe">
>zaznacz przy "Pokaż ukryte pliki">>Zastosuj>>OK.

potem nowy log

**Posty:** 24 · przez **JaYo^** 25 Maj 2008, 11:13

COMBOFIX:

Kod: Zaznacz wszystko: ComboFix 08-05-21.3 - JaYo^ 2008-05-25 11:08:31.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.489 [GMT 2:00] Running from: D:\Documents and Settings\JaYo^\Moje dokumenty\Opera\ComboFix.exe * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))) . 2008-05-23 20:38 . 2008-05-23 20:38 612 --a------ D:\WINDOWS\eReg.dat 2008-05-19 20:37 . 2007-05-16 16:45 3,497,832 --a------ D:\WINDOWS\system32\d3dx9_34.dll 2008-05-18 20:27 . 2008-05-18 21:17 <DIR> d-------- D:\Temp 2008-05-17 12:16 . 2008-05-17 12:16 108,144 --a------ D:\WINDOWS\system32\CmdLineExt.dll 2008-05-16 22:42 . 2008-05-16 22:42 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Mathsoft 2008-05-16 22:40 . 2008-05-16 22:40 <DIR> d-------- D:\Program Files\Mathcad 2008-05-13 21:29 . 2008-05-13 21:29 <DIR> d-------- D:\Program Files\PDFCreator Toolbar 2008-05-13 21:29 . 2004-03-09 00:00 662,288 --a------ D:\WINDOWS\system32\MSCOMCT2.OCX 2008-05-13 21:29 . 2008-05-13 21:29 253,116 --a------ D:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2078.exe 2008-05-13 21:29 . 2005-10-15 12:32 196,608 --a------ D:\WINDOWS\system32\pdfcmnnt.dll 2008-05-13 21:29 . 1998-06-24 00:00 137,000 --a------ D:\WINDOWS\system32\MSMAPI32.OCX 2008-05-13 21:29 . 1998-07-06 00:00 23,552 --a------ D:\WINDOWS\system32\MSMPIDE.DLL 2008-05-13 21:29 . 2008-05-13 21:29 14,290 --a------ D:\Program Files\settings.dat 2008-05-13 19:40 . 2008-05-13 20:00 286 --a------ D:\WINDOWS\pdfpage.INI 2008-05-13 19:39 . 2008-05-13 19:59 1,024 --a------ D:\WINDOWS\system32\pdfpg.dat 2008-05-12 16:12 . 2008-05-04 12:28 60,273 --a------ D:\WINDOWS\system32\pthreadGC2.dll 2008-05-12 16:12 . 2008-05-04 12:28 7,680 --a------ D:\WINDOWS\system32\ff_vfw.dll 2008-05-12 16:12 . 2008-05-04 12:28 6,144 --a------ D:\WINDOWS\system32\ff_acm.acm 2008-05-12 16:12 . 2008-05-04 12:28 547 --a------ D:\WINDOWS\system32\ff_vfw.dll.manifest 2008-05-06 09:33 . 2008-05-06 09:33 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\Media Player Classic 2008-05-03 11:19 . 2008-05-15 22:21 295 --a------ D:\WINDOWS\wcx_ftp.ini 2008-05-01 10:01 . 2008-05-01 10:01 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies 2008-05-01 09:37 . 2008-05-01 09:37 <DIR> d-------- D:\Documents and Settings\All Users\Dane aplikacji\DeskSoft 2008-05-01 09:32 . 2008-05-01 09:58 <DIR> d-------- D:\Documents and Settings\JaYo^\Dane aplikacji\DeskSoft 2008-04-26 14:10 . 2008-05-15 23:39 248 --a------ D:\WINDOWS\WINCMD.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-24 15:32 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Skype 2008-05-23 18:38 12,464 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys 2008-05-20 17:18 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\teamspeak2 2008-05-20 14:38 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-05-18 13:58 361,088 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys 2008-05-17 00:13 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\AdobeUM 2008-05-16 20:42 --------- d-----w D:\Program Files\Common Files\InstallShield 2008-05-13 18:31 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Azureus 2008-05-13 18:31 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-04-24 22:04 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Apple Computer 2008-04-23 06:57 --------- d-----w D:\Program Files\Bonjour 2008-04-22 20:41 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Thinstall 2008-04-20 16:52 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-04-20 16:51 --------- d-----w D:\Program Files\QuickTime 2008-04-20 16:51 --------- d-----w D:\Program Files\Apple Software Update 2008-04-20 16:50 --------- d-----w D:\Program Files\Common Files\Apple 2008-04-20 16:50 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Apple 2008-04-19 14:40 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Hamachi 2008-04-17 16:31 512,096 ----a-w D:\WINDOWS\system32\drivers\amon.sys 2008-04-17 16:31 298,104 ----a-w D:\WINDOWS\system32\imon.dll 2008-04-17 16:31 15,424 ----a-w D:\WINDOWS\system32\drivers\nod32drv.sys 2008-04-17 16:03 25,280 ----a-w D:\WINDOWS\system32\drivers\hamachi.sys 2008-04-16 20:52 --------- d-----w D:\Program Files\Common Files\Adobe 2008-04-15 20:54 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Nokia Multimedia Player 2008-04-15 17:25 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-04-15 17:21 12,632 ----a-w D:\WINDOWS\system32\lsdelete.exe 2008-04-14 14:06 2,394 ----a-w D:\WINDOWS\system32\tmp.reg 2008-04-13 21:31 86,528 ----a-w D:\WINDOWS\system32\VACFix.exe 2008-04-13 11:50 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Image Zone Express 2008-04-13 11:48 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\HP 2008-04-12 18:17 0 ---ha-w D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-04-12 18:17 0 ---ha-w D:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-04-12 18:15 --------- d-----w D:\Program Files\Nokia 2008-04-12 18:15 --------- d-----w D:\Program Files\MSXML 6.0 2008-04-12 18:13 --------- d-----w D:\Program Files\Common Files\Nokia 2008-04-12 18:13 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-04-12 17:37 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\PC Suite 2008-04-12 17:19 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Nokia 2008-04-12 11:49 82,432 ----a-w D:\WINDOWS\system32\IEDFix.exe 2008-04-08 14:21 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Ahead 2008-04-04 12:35 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2008-04-04 09:09 196,608 ----a-w D:\WINDOWS\system32\libssl32.dll 2008-04-04 08:31 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Nokia 2008-04-03 13:22 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\dvdcss 2008-04-03 11:25 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Locktime 2008-04-03 11:24 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Locktime 2008-04-02 09:12 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Radmin 2008-04-02 07:59 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Simply Super Software 2008-04-01 17:11 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-04-01 17:07 --------- d-----w D:\Program Files\DIFX 2008-04-01 17:07 --------- d-----w D:\Program Files\Common Files\PCSuite 2008-04-01 17:06 --------- d-----w D:\Program Files\PC Connectivity Solution 2008-04-01 13:52 81,701 ----a-w D:\WINDOWS\system32\drivers\klif.cab 2008-04-01 13:51 --------- d---a-w D:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-04-01 13:51 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-04-01 06:31 --------- d-----w D:\Program Files\MSXML 4.0 2008-03-30 15:50 --------- d-----w D:\Program Files\directx 2008-03-30 12:15 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\vlc 2008-03-30 10:52 14,229 ----a-w D:\WINDOWS\system32\ykyq.sys 2008-03-30 10:48 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\MetaProducts 2008-03-30 10:44 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Logitech 2008-03-30 10:44 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\ATI 2008-03-30 10:42 34,816 ----a-w D:\WINDOWS\system32\drivers\beep.sys 2008-03-30 10:05 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Gadu-Gadu 2008-03-30 09:21 --------- d-----w D:\Program Files\Common Files\Macrovision Shared 2008-03-30 09:13 --------- d-----w D:\Documents and Settings\JaYo^\Dane aplikacji\Programy 2008-03-30 08:57 --------- d-----w D:\Program Files\Windows Media Connect 2 2008-03-30 08:49 --------- d-----w D:\Program Files\Skype 2008-03-30 08:49 --------- d-----w D:\Program Files\Common Files\Skype 2008-03-30 08:49 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-03-30 08:46 --------- d-----w D:\Program Files\Common Files\Ahead 2008-03-30 08:42 --------- d-----w D:\Program Files\Java 2008-03-30 08:42 --------- d-----w D:\Program Files\Common Files\Java 2008-03-30 08:35 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard 2008-03-30 08:33 --------- d-----w D:\Program Files\SAGEM 2008-03-30 08:30 81,920 ------r D:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe 2008-03-30 08:29 --------- d-----w D:\Program Files\Common Files\Logitech 2008-03-30 08:26 --------- d-----w D:\Program Files\Common Files\HP 2008-03-30 08:26 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\HP 2008-03-30 08:25 --------- d-----w D:\Program Files\Hewlett-Packard 2008-03-30 08:24 --------- d-----w D:\Program Files\Common Files\Hewlett-Packard 2008-03-30 08:21 --------- d-----w D:\Program Files\HP 2008-03-30 08:19 --------- d-----w D:\Program Files\Marvell 2008-03-30 08:14 --------- d-----w D:\Program Files\ATI Technologies 2008-03-30 08:13 --------- d-----w D:\Program Files\Realtek Sound Manager 2008-03-30 08:13 --------- d-----w D:\Program Files\AvRack 2008-03-30 08:04 --------- d-----w D:\Program Files\microsoft frontpage 2008-03-30 08:03 --------- d-----w D:\Program Files\Usługi online . ------- Sigcheck ------- 2007-12-07 02:48 668672 5c0b1281e1245d2f4af571b21b0ab21f D:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll 2004-08-04 00:44 658944 d37dafb534ac8343d59a1b501abe852c D:\WINDOWS\$NtUninstallKB944533$\wininet.dll 2007-10-31 00:32 666112 fcd4c436984c50f5d4f99c69f8206009 D:\WINDOWS\ServicePackFiles\i386\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2gdr\wininet.dll 2007-12-07 02:48 668672 5c0b1281e1245d2f4af571b21b0ab21f D:\WINDOWS\SoftwareDistribution\Download\85c25307802ce7da8e16b341d8577ba4\sp2qfe\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\system32\wininet.dll 2007-12-07 03:08 662016 d337ab52ead29afff58bc70bda22e9a4 D:\WINDOWS\system32\dllcache\wininet.dll 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\$NtServicePackUninstall$\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c D:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2008-05-18 15:58 361088 5acbe0f5c41ad07af2f6b7f9464b5441 D:\WINDOWS\ServicePackFiles\i386\tcpip.sys 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys 2008-05-18 15:58 361088 5acbe0f5c41ad07af2f6b7f9464b5441 D:\WINDOWS\system32\dllcache\tcpip.sys 2008-05-18 15:58 361088 5acbe0f5c41ad07af2f6b7f9464b5441 D:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot_2008-04-24_23.02.05,93 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-20 10:45:48 53,248 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2008-05-20 10:45:48 12,800 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2008-05-20 10:45:48 473,600 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2008-05-20 10:45:43 2,676,224 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-20 10:45:43 2,846,720 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-20 10:45:44 563,712 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-20 10:45:44 567,296 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-20 10:45:45 576,000 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-20 10:45:45 577,024 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-20 10:45:46 577,536 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-20 10:45:46 577,536 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-20 10:45:46 578,560 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-20 10:45:48 578,560 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-20 10:45:49 145,920 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2008-05-20 10:45:49 159,232 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2008-05-20 10:45:49 364,544 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2008-05-20 10:45:49 178,176 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2008-05-20 10:45:47 223,232 ----a-w D:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll - 2008-04-24 13:30:00 2,048 --s-a-w D:\WINDOWS\bootstat.dat + 2008-05-25 08:16:13 2,048 --s-a-w D:\WINDOWS\bootstat.dat + 2008-05-16 20:42:35 49,152 ----a-r D:\WINDOWS\Installer\{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}\ARPPRODUCTICON.exe + 2008-05-16 20:42:35 49,152 ----a-r D:\WINDOWS\Installer\{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}\NewShortcut4_E666A69BA76D43D5AF284B2150A6EDE2.exe + 2005-03-18 14:23:10 53,248 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll + 2005-03-18 14:23:10 12,800 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll + 2005-03-18 14:23:14 473,600 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll + 2004-09-29 10:38:58 2,676,224 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll + 2005-03-18 14:23:10 145,920 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll + 2005-03-18 14:23:10 159,232 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll + 2005-03-18 14:23:14 364,544 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll + 2005-03-18 14:23:12 178,176 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll + 2005-03-18 14:23:14 223,232 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll + 2004-12-01 13:53:06 2,846,720 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll + 2005-02-05 17:32:54 563,712 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll + 2005-03-18 15:23:14 567,296 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll + 2005-05-26 13:15:56 576,000 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll + 2005-07-22 15:21:34 577,024 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll + 2005-09-28 12:11:52 577,536 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll + 2005-12-05 15:20:50 577,536 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll + 2006-02-03 05:40:48 578,560 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll + 2006-03-31 09:27:50 578,560 ----a-w D:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll - 2008-03-30 08:37:54 34,308 ----a-w D:\WINDOWS\system32\BASSMOD.dll + 2008-05-01 08:18:14 34,308 ----a-w D:\WINDOWS\system32\BASSMOD.dll + 2007-03-12 14:42:30 1,123,696 ----a-w D:\WINDOWS\system32\D3DCompiler_33.dll + 2007-05-16 14:45:16 1,124,720 ----a-w D:\WINDOWS\system32\D3DCompiler_34.dll + 2007-07-19 16:14:42 1,358,192 ----a-w D:\WINDOWS\system32\D3DCompiler_35.dll + 2007-10-12 13:14:00 1,374,232 ----a-w D:\WINDOWS\system32\D3DCompiler_36.dll + 2007-03-15 14:57:58 443,752 ----a-w D:\WINDOWS\system32\d3dx10_33.dll + 2007-05-16 14:45:16 443,752 ----a-w D:\WINDOWS\system32\d3dx10_34.dll + 2007-07-19 16:14:42 444,776 ----a-w D:\WINDOWS\system32\d3dx10_35.dll + 2007-10-02 07:56:34 444,776 ----a-w D:\WINDOWS\system32\d3dx10_36.dll + 2005-02-05 17:45:26 2,222,800 ----a-w D:\WINDOWS\system32\d3dx9_24.dll + 2005-03-18 15:19:58 2,337,488 ----a-w D:\WINDOWS\system32\d3dx9_25.dll + 2005-05-26 13:34:52 2,297,552 ----a-w D:\WINDOWS\system32\d3dx9_26.dll + 2005-07-22 17:59:04 2,319,568 ----a-w D:\WINDOWS\system32\d3dx9_27.dll + 2005-12-05 16:09:18 2,323,664 ----a-w D:\WINDOWS\system32\d3dx9_28.dll + 2006-02-03 06:43:16 2,332,368 ----a-w D:\WINDOWS\system32\d3dx9_29.dll + 2006-03-31 10:40:58 2,388,176 ----a-w D:\WINDOWS\system32\d3dx9_30.dll + 2006-09-28 14:05:20 2,414,360 ----a-w D:\WINDOWS\system32\d3dx9_31.dll + 2006-11-29 11:06:18 3,426,072 ----a-w D:\WINDOWS\system32\d3dx9_32.dll + 2007-03-12 14:42:30 3,495,784 ----a-w D:\WINDOWS\system32\d3dx9_33.dll + 2007-07-19 16:14:42 3,727,720 ----a-w D:\WINDOWS\system32\d3dx9_35.dll + 2007-10-12 13:14:00 3,734,536 ----a-w D:\WINDOWS\system32\d3dx9_36.dll + 2007-10-30 16:40:24 23,040 -c--a-w D:\WINDOWS\system32\dllcache\mouclass.sys + 2007-10-30 22:32:10 26,624 -c--a-w D:\WINDOWS\system32\dllcache\udhisapi.dll + 2006-09-13 22:01:40 76,160 ----a-w D:\WINDOWS\system32\drivers\nltdi.sys - 2008-04-05 06:41:51 1,435,328 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT + 2008-05-23 20:48:58 1,458,112 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT + 2004-05-04 09:53:40 1,645,320 ----a-w D:\WINDOWS\system32\GDIPLUS.DLL - 2007-11-20 14:52:00 2,884,992 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2008-03-25 03:21:18 2,889,088 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - 2007-11-20 14:52:00 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-03-25 03:21:20 218,496 ----a-w D:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-05-06 13:27:06 70,264 ----a-w D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe + 2007-10-30 22:32:12 20,480 ----a-w D:\WINDOWS\system32\mssockuw.dll + 2008-04-28 03:00:00 278,528 ----a-w D:\WINDOWS\system32\pncrt.dll + 2008-04-28 03:00:00 6,656 ----a-w D:\WINDOWS\system32\pndx5016.dll + 2008-04-28 03:00:00 5,632 ----a-w D:\WINDOWS\system32\pndx5032.dll + 2008-04-28 03:00:00 185,944 ----a-w D:\WINDOWS\system32\rmoc3260.dll + 2005-06-25 11:16:50 138,240 ----a-w D:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL + 2005-06-25 11:16:52 480,256 ----a-w D:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL + 2007-10-30 22:32:12 7,475 ----a-w D:\WINDOWS\system32\wwbdnt.dll + 2006-02-03 06:41:26 14,032 ----a-w D:\WINDOWS\system32\x3daudio1_0.dll + 2007-03-05 10:42:18 15,128 ----a-w D:\WINDOWS\system32\x3daudio1_1.dll + 2007-10-22 01:37:16 17,928 ----a-w D:\WINDOWS\system32\X3DAudio1_2.dll + 2006-02-03 06:42:06 230,096 ----a-w D:\WINDOWS\system32\xactengine2_0.dll + 2006-03-31 10:39:48 229,584 ----a-w D:\WINDOWS\system32\xactengine2_1.dll + 2007-10-22 01:39:54 267,272 ----a-w D:\WINDOWS\system32\xactengine2_10.dll + 2006-05-31 05:24:16 230,168 ----a-w D:\WINDOWS\system32\xactengine2_2.dll + 2006-07-28 07:30:32 236,824 ----a-w D:\WINDOWS\system32\xactengine2_3.dll + 2006-09-28 14:05:56 237,848 ----a-w D:\WINDOWS\system32\xactengine2_4.dll + 2006-12-08 10:02:00 251,672 ----a-w D:\WINDOWS\system32\xactengine2_5.dll + 2007-01-24 13:27:30 255,848 ----a-w D:\WINDOWS\system32\xactengine2_6.dll + 2007-04-04 16:55:00 261,480 ----a-w D:\WINDOWS\system32\xactengine2_7.dll + 2007-06-20 18:46:04 266,088 ----a-w D:\WINDOWS\system32\xactengine2_8.dll + 2007-07-19 22:57:12 267,112 ----a-w D:\WINDOWS\system32\xactengine2_9.dll + 2006-03-31 10:39:24 62,672 ----a-w D:\WINDOWS\system32\xinput1_1.dll + 2006-07-28 07:30:14 62,744 ----a-w D:\WINDOWS\system32\xinput1_2.dll + 2007-04-04 16:53:42 81,768 ----a-w D:\WINDOWS\system32\xinput1_3.dll + 2005-12-05 16:07:30 61,136 ----a-w D:\WINDOWS\system32\xinput9_1_0.dll + 2005-09-23 04:49:12 95,744 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll + 2005-09-23 06:16:02 1,093,632 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll + 2005-09-23 06:16:06 1,079,808 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll + 2005-09-23 06:16:08 69,632 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll + 2005-09-23 06:16:10 57,344 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll + 2005-09-23 05:58:06 40,960 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll + 2005-09-23 05:58:06 45,056 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll + 2005-09-23 05:58:06 65,536 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll + 2005-09-23 05:58:06 57,344 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll + 2005-09-23 05:58:06 61,440 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll + 2005-09-23 05:58:06 61,440 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll + 2005-09-23 05:58:06 61,440 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll + 2005-09-23 05:58:06 49,152 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll + 2005-09-23 05:58:06 49,152 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-05-24 23:34 2119104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-01-12 01:31 73728 D:\WINDOWS\SOUNDMAN.EXE] "DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2007-10-31 00:32 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2008-03-30 10:29:46 573440] MoorHunt.lnk - C:\Program Files\MoorHunt\MoorHunt.exe [2008-03-30 10:45:21 3567616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=D:\WINDOWS\system32\rserver30\newtstop.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2007-10-31 00:32 15360 D:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-03-30 10:30 16384 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Palringo] --a------ 2008-03-18 13:52 348160 C:\Program Files\Palringo\palringo.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-06-18 15:10 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 D:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix] C:\SDFIX\SDFix\RunThis.bat /second [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-03-30 13:51 1271032 E:\Gry\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDownloader] --a------ 2008-01-26 11:39 528384 F:\Download\Programy\Drobne\USD\USDownloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"= "D:\\WINDOWS\\system32\\rserver30\\rserver3.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\WinAVI Video Converter\\WinAVI.exe"= "D:\\Program Files\\Bonjour\\mDNSResponder.exe"= "E:\\Gry\\Steam\\steamapps\\jayo1990\\counter-strike\\hl.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "F:\\Download\\Programy\\Drobne\\Total Commander\\TOTALCMD.EXE"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= "E:\\Gry\\Command & Conquer Generals\\game.dat"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:6112 "6112:UDP"= 6112:UDP:6112 "6348:TCP"= 6348:TCP:6348 "6348:UDP"= 6348:UDP:6348 R1 nltdi;nltdi;D:\WINDOWS\system32\drivers\nltdi.sys [2006-09-14 00:01] R1 raddrvv3;raddrvv3;D:\WINDOWS\system32\rserver30\raddrvv3.sys [2007-10-31 15:30] R2 RServer3;Radmin Server V3;"D:\WINDOWS\system32\rserver30\RServer3.exe" /service [] R3 mirrorv3;mirrorv3;D:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 05:01] S2 PmlClipSrv;Pml Driver HPZ12 PmlClipSrv;D:\WINDOWS\system32\accessy.exe [] S2 WmiApSrvMessenger;Karta wydajności WMI WmiApSrvMessenger;D:\WINDOWS\system32\acluio.exe [] S3 FastLynx;FastLynx;C:\Program Files\FastLynx\FastLynx.sys [] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;D:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17] S3 nmwcdnsuc;Nokia USB Flashing Generic;D:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17] S3 upperdev;upperdev;D:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39] S3 UsbserFilt;UsbserFilt;D:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39] S3 zebrbus;Sony Ericsson Composite Device driver;D:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 08:50] . Contents of the 'Scheduled Tasks' folder "2008-04-20 16:51:14 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - D:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 11:10:33 Windows 5.1.2600 Service Pack 3, v.3244 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql] "ImagePath"="c:\Krasnal/MYSQL/bin/mysqld.exe" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: D:\WINDOWS\explorer.exe -> C:\Program Files\Logitech\SetPoint\lgscroll.dll . Completion time: 2008-05-25 11:11:22 ComboFix-quarantined-files.txt 2008-05-25 09:10:57 ComboFix2.txt 2008-04-26 22:22:56 ComboFix3.txt 2008-04-24 22:16:26 ComboFix4.txt 2008-04-24 21:02:32 ComboFix5.txt 2008-04-20 21:22:21 Pre-Run: 12,107,370,496 bytes free Post-Run: 12,397,797,376 bytes free 381 --- E O F --- 2008-05-15 08:43:31

HT:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:13:10, on 2008-05-25 Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3244) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Ad-Aware 2007\aawservice.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\SOUNDMAN.EXE C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\MoorHunt\MoorHunt.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\Program Files\NOD32\nod32krn.exe D:\WINDOWS\system32\HPZipm12.exe D:\WINDOWS\system32\rserver30\RServer3.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\rserver30\FamItrfc.Exe D:\WINDOWS\system32\svchost.exe C:\Program Files\Opera\Opera.exe C:\PROGRA~1\AIMP2\AIMP2.exe C:\Program Files\NOD32\nod32kui.exe D:\WINDOWS\explorer.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: MoorHunt.lnk = C:\Program Files\MoorHunt\MoorHunt.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: D:\WINDOWS\system32\rserver30\newtstop.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: MySql - Unknown owner - c:\Krasnal/MYSQL/bin/mysqld.exe (file missing) O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\NOD32\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe O23 - Service: Pml Driver HPZ12 PmlClipSrv (PmlClipSrv) - Unknown owner - D:\WINDOWS\system32\accessy.exe (file missing) O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - D:\WINDOWS\system32\rserver30\RServer3.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Karta wydajności WMI WmiApSrvMessenger (WmiApSrvMessenger) - Unknown owner - D:\WINDOWS\system32\acluio.exe (file missing) -- End of file - 6459 bytes

**Posty:** 8001 · przez **Okocza** 25 Maj 2008, 11:16

to w hijacku kasujesz

Kod: Zaznacz wszystko: O23 - Service: MySql - Unknown owner - c:\Krasnal/MYSQL/bin/mysqld.exe (file missing) O23 - Service: Pml Driver HPZ12 PmlClipSrv (PmlClipSrv) - Unknown owner - D:\WINDOWS\system32\accessy.exe (file missing) O23 - Service: Karta wydajności WMI WmiApSrvMessenger (WmiApSrvMessenger) - Unknown owner - D:\WINDOWS\system32\acluio.exe (file missing)

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

wolna praca komputera

Wolna praca komputera

Kto jest na forum