Witam
Problem polega na tym, ze gdy odpalam gre lub czasem nawet film uzycie procesora wzrasta do 100% i pojawia sie kilka lub nawet kilkanascie procesow rundll32.exe. Powoduje to dosc znaczne przyciecia ktore wczesniej nie mialy miejsca. Po wylaczeniu aplikacji wszystkie te procesy znikaja i system chodzi normalnie. Przeskanowalem dyski Kasperskim i Spybotem ale nic to nie dalo. Log jest w porzadku i zadne smiecie nie laduja sie w autostarcie. jakies pomysly?
Bede wdzieczny za pomocne rady.
Pozdrawiam
[inne]Użycie procesora 100%; procesy rundll32.exe
Rozpoczęty przez
traxit
, 24 01 2009 17:38
-
Temat jest zamknięty
6 odpowiedzi w tym temacie
#2
eunstachy
-
-
- 512 postów
Zaawansowany użytkownik
Napisano 24 01 2009 - 18:02
run32dll.exe to jest jakiś syf szpiegowski.
Znajduje się w folderze C:\Windows\System32. Zaleca się usunięcie tego g**na.
Znajduje się w folderze C:\Windows\System32. Zaleca się usunięcie tego g**na.
#3
traxit
-
-
- 4 postów
Nowy
Napisano 24 01 2009 - 18:22
Tyle, ze w system32 jest tylko jeden taki plik i wydaje mi sie ze jest on potrzebny. W C:\WINDOWS\Prefetch sa pliki oznaczonew w taki sposob: RUNDLL32.EXE-4619B116 rozniace sie tym numerem na koncu.
#4
Macsch15
-
-
- 3 705 postów
Profesjonalista
Napisano 24 01 2009 - 18:37
rundll32.exe jest nawet bardzo potrzebny ...
Pobierz
http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx
i zobacz jakie usługi korzystają z rundll32.exe
Bardzo często się zdarza że w tym pliku są wirusy ....
I daj loga z hijackthisa i combofixa
http://forum.idg.pl/bezpieczenstwo_kompute...ia-t118804.html
Pobierz
http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx
i zobacz jakie usługi korzystają z rundll32.exe
Bardzo często się zdarza że w tym pliku są wirusy ....
I daj loga z hijackthisa i combofixa
http://forum.idg.pl/bezpieczenstwo_kompute...ia-t118804.html
#5
traxit
-
-
- 4 postów
Nowy
Napisano 24 01 2009 - 20:07
Jezeli nie mam uruchomionej gry to to w ogole nie ma tego procesu na liscie. Po zaladowaniu gry klikajac na RUNDLL32.EXE w Process Explorer nie wyswietlaja mi sie zadne informacje na jego temat.
Oto logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:17, on 2009-01-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\kaspersky\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Mixer.exe
D:\Programy\kaspersky\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programy\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Ahmed\USTAWI~1\Temp\Rar$EX00.125\procexp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy\kaspersky\ievkbd.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.21\RivaTuner.exe" /S
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVP] "D:\Programy\kaspersky\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: G.Art 2.lnk = ?
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy\kaspersky\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A23B6E0C-C7A9-4463-A42C-D4DA67B987E6}: NameServer = 192.168.0.254 194.204.152.34
O20 - AppInit_DLLs: D:\Programy\KASPER~1\mzvkbd.dll,D:\Programy\KASPER~1\mzvkbd3.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Programy\kaspersky\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3653 bytes
i
ComboFix 09-01-21.04 - Ahmed 2009-01-24 18:56:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.767.379 [GMT 1:00]
Uruchomiony z: d:\instalatory\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ahmed\Dane aplikacji\BITS
c:\documents and settings\Ahmed\Dane aplikacji\BITS\BITS.ini
c:\documents and settings\Ahmed\Dane aplikacji\BITS\DHTTable.dat
c:\documents and settings\Ahmed\Dane aplikacji\BITS\ProxyList.ini
c:\documents and settings\Ahmed\Dane aplikacji\BITS\Torrent\20080910005701.torrent
c:\documents and settings\Ahmed\Dane aplikacji\BITS\Torrent\20080910005701.torrent.~tmp
c:\documents and settings\Ahmed\Dane aplikacji\BITS\Torrent\20080910005701.torrent.bits
c:\documents and settings\Ahmed\Dane aplikacji\BITS\Torrent\20080910005701.torrent.filelist
c:\documents and settings\Ahmed\Dane aplikacji\BITS\Torrent\20080910005701.torrent.seeds
c:\documents and settings\Ahmed\Dane aplikacji\BITS\UPnP.ini
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\48c6ff3d.torrent
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Pliki utworzone od 2008-12-24 do 2009-01-24 )))))))))))))))))))))))))))))))
.
2009-01-24 15:57 . 2009-01-24 18:58 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne
2009-01-24 15:57 . 2008-08-20 21:12 <DIR> d-------- c:\documents and settings\Administrator\Ulubione
2009-01-24 15:57 . 2008-08-20 19:19 <DIR> d--h----- c:\documents and settings\Administrator\Szablony
2009-01-24 15:57 . 2008-08-20 21:12 <DIR> d-------- c:\documents and settings\Administrator\Pulpit
2009-01-24 15:57 . 2008-08-20 21:12 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty
2009-01-24 15:57 . 2008-08-20 21:12 <DIR> dr------- c:\documents and settings\Administrator\Menu Start
2009-01-24 15:57 . 2008-08-20 21:12 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji
2009-01-24 15:57 . 2009-01-24 15:58 <DIR> d-------- c:\documents and settings\Administrator
2009-01-24 15:25 . 2009-01-24 15:25 <DIR> d-------- c:\program files\Trend Micro
2009-01-23 14:50 . 2009-01-23 15:01 721 --a------ c:\windows\Thps3.INI
2009-01-17 12:24 . 2009-01-24 19:00 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-01-17 12:24 . 2009-01-24 18:58 3,605,536 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-17 12:24 . 2009-01-24 18:58 385,056 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-17 12:24 . 2009-01-17 12:58 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-17 12:24 . 2009-01-17 12:24 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-17 12:24 . 2009-01-24 18:58 33,440 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-17 12:24 . 2009-01-24 18:58 6,588 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-16 14:54 . 2004-08-03 23:44 70,144 --a------ c:\windows\AhnRpta.exe
2009-01-08 16:24 . 2009-01-08 16:24 <DIR> d-------- c:\documents and settings\Ahmed\Dane aplikacji\Gearbox Software
2008-12-25 11:11 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-12-25 11:11 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-12-25 11:11 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2008-12-25 11:11 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2008-12-25 11:11 . 2006-11-15 11:38 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2008-12-24 18:04 . 2008-12-24 18:04 <DIR> dr-h----- c:\documents and settings\Ahmed\Dane aplikacji\SecuROM
2008-12-24 18:04 . 2008-12-24 18:04 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-24 17:46 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-24 17:46 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-12-24 17:46 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2008-12-24 17:45 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-12-24 17:45 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-24 17:45 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-12-24 17:45 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 17:58 --------- d-----w c:\documents and settings\Ahmed\Dane aplikacji\foobar2000
2009-01-24 14:35 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-01-23 13:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-17 11:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-01-17 11:20 --------- d-----w c:\documents and settings\Ahmed\Dane aplikacji\uTorrent
2008-12-30 17:49 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-22 21:03 --------- d-----w c:\documents and settings\Ahmed\Dane aplikacji\ipla
2008-12-22 16:16 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-18 17:27 --------- d-----w c:\documents and settings\Ahmed\Dane aplikacji\Disney Interactive Studios
2008-12-17 17:56 --------- d-----w c:\documents and settings\Ahmed\Dane aplikacji\Leadertech
2008-12-13 15:34 --------- d-----w c:\program files\RivaTuner v2.21
2008-12-12 14:28 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2008-12-10 19:30 4,224 ----a-w c:\windows\system32\drivers\NVStrap.sys
2008-12-07 17:26 --------- d-----w c:\program files\ASUS
2008-10-18 15:07 50,576 ----a-w c:\documents and settings\Ahmed\Dane aplikacji\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.21\RivaTuner.exe" [2008-12-10 2732032]
"AVP"="d:\programy\kaspersky\avp.exe" [2008-07-29 206088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"=
"d:\\Programy\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\Polish\\setup.exe"=
"d:\\Programy\\worms\\wormsarm\\WA.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008-12-15 4224]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
S3 cpuz131;cpuz131;\??\c:\docume~1\Ahmed\USTAWI~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\Ahmed\USTAWI~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-09-02 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-09-02 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-09-02 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-09-02 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-09-02 98568]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b0f1041-70ec-11dd-9548-00e018998877}]
\Shell\AutoRun\command - G:\ij.bat
\Shell\explore\Command - G:\ij.bat
\Shell\open\Command - G:\ij.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cae23300-adc4-11dd-bc2c-00e018998877}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f09bdf3a-ae7d-11dd-bc30-00e018998877}]
\Shell\AutoRun\command - K:\Menu.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -
Notify-AtiExtEvent - (no file)
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: E&ksport do programu Microsoft Excel - d:\programy\Office\Office10\EXCEL.EXE/3000
TCP: {A23B6E0C-C7A9-4463-A42C-D4DA67B987E6} = 192.168.0.254 194.204.152.34
FF - ProfilePath - c:\documents and settings\Ahmed\Dane aplikacji\Mozilla\Firefox\Profiles\trh1tnsi.default\
FF - prefs.js: browser.startup.homepage - google.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBOARDS.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 19:00:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-789336058-1757981266-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:05,6f,ed,7b,d1,d2,4d,9d,c9,39,ae,1b,d8,1f,04,d7,3a,62,3b,a4,1b,
18,5d,cb,c5,a3,bb,5b,95,11,5e,9f,bc,41,43,30,0b,8a,78,eb,c4,9a,26,e6,91,2d,\
"rkeysecu"=hex:16,1a,19,69,41,56,6f,8c,ad,d0,07,ee,41,20,2a,8b
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
d:\programy\Gadu-Gadu\gg.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-24 19:02:08 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-01-24 18:02:05
Przed: 1 558 691 840 bajtów wolnych
Po: 1,489,862,656 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
423
Oto logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:17, on 2009-01-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\kaspersky\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Mixer.exe
D:\Programy\kaspersky\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programy\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Ahmed\USTAWI~1\Temp\Rar$EX00.125\procexp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Programy\kaspersky\ievkbd.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.21\RivaTuner.exe" /S
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVP] "D:\Programy\kaspersky\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: G.Art 2.lnk = ?
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programy\kaspersky\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programy\Spybot - Search & Destroy\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A23B6E0C-C7A9-4463-A42C-D4DA67B987E6}: NameServer = 192.168.0.254 194.204.152.34
O20 - AppInit_DLLs: D:\Programy\KASPER~1\mzvkbd.dll,D:\Programy\KASPER~1\mzvkbd3.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Programy\kaspersky\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3653 bytes
i
ComboFix 09-01-21.04 - Ahmed 2009-01-24 18:56:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.767.379 [GMT 1:00]
Uruchomiony z: d:\instalatory\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ahmed\Dane aplikacji\BITS
c:\documents and settings\Ahmed\Dane aplikacji\BITS\BITS.ini
c:\documents and settings\Ahmed\Dane aplikacji\BITS\DHTTable.dat
c:\documents and settings\Ahmed\Dane aplikacji\BITS\ProxyList.ini
c:\documents and settings\Ahmed\Dane aplikacji\BITS\Torrent\20080910005701.torrent
c:\documents and settings\Ahmed\Dane aplikacji\BITS\Torrent\20080910005701.torrent.~tmp
c:\documents and settings\Ahmed\Dane aplikacji\BITS\Torrent\20080910005701.torrent.bits
c:\documents and settings\Ahmed\Dane aplikacji\BITS\Torrent\20080910005701.torrent.filelist
c:\documents and settings\Ahmed\Dane aplikacji\BITS\Torrent\20080910005701.torrent.seeds
c:\documents and settings\Ahmed\Dane aplikacji\BITS\UPnP.ini
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\48c6ff3d.torrent
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Pliki utworzone od 2008-12-24 do 2009-01-24 )))))))))))))))))))))))))))))))
.
2009-01-24 15:57 . 2009-01-24 18:58 <DIR> d--h----- c:\documents and settings\Administrator\Ustawienia lokalne
2009-01-24 15:57 . 2008-08-20 21:12 <DIR> d-------- c:\documents and settings\Administrator\Ulubione
2009-01-24 15:57 . 2008-08-20 19:19 <DIR> d--h----- c:\documents and settings\Administrator\Szablony
2009-01-24 15:57 . 2008-08-20 21:12 <DIR> d-------- c:\documents and settings\Administrator\Pulpit
2009-01-24 15:57 . 2008-08-20 21:12 <DIR> d-------- c:\documents and settings\Administrator\Moje dokumenty
2009-01-24 15:57 . 2008-08-20 21:12 <DIR> dr------- c:\documents and settings\Administrator\Menu Start
2009-01-24 15:57 . 2008-08-20 21:12 <DIR> dr-h----- c:\documents and settings\Administrator\Dane aplikacji
2009-01-24 15:57 . 2009-01-24 15:58 <DIR> d-------- c:\documents and settings\Administrator
2009-01-24 15:25 . 2009-01-24 15:25 <DIR> d-------- c:\program files\Trend Micro
2009-01-23 14:50 . 2009-01-23 15:01 721 --a------ c:\windows\Thps3.INI
2009-01-17 12:24 . 2009-01-24 19:00 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-01-17 12:24 . 2009-01-24 18:58 3,605,536 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-17 12:24 . 2009-01-24 18:58 385,056 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-17 12:24 . 2009-01-17 12:58 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-17 12:24 . 2009-01-17 12:24 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-17 12:24 . 2009-01-24 18:58 33,440 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-17 12:24 . 2009-01-24 18:58 6,588 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-16 14:54 . 2004-08-03 23:44 70,144 --a------ c:\windows\AhnRpta.exe
2009-01-08 16:24 . 2009-01-08 16:24 <DIR> d-------- c:\documents and settings\Ahmed\Dane aplikacji\Gearbox Software
2008-12-25 11:11 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-12-25 11:11 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2008-12-25 11:11 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2008-12-25 11:11 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2008-12-25 11:11 . 2006-11-15 11:38 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2008-12-24 18:04 . 2008-12-24 18:04 <DIR> dr-h----- c:\documents and settings\Ahmed\Dane aplikacji\SecuROM
2008-12-24 18:04 . 2008-12-24 18:04 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-24 17:46 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-24 17:46 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-12-24 17:46 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2008-12-24 17:45 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-12-24 17:45 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-24 17:45 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2008-12-24 17:45 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 17:58 --------- d-----w c:\documents and settings\Ahmed\Dane aplikacji\foobar2000
2009-01-24 14:35 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-01-23 13:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-17 11:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-01-17 11:20 --------- d-----w c:\documents and settings\Ahmed\Dane aplikacji\uTorrent
2008-12-30 17:49 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-22 21:03 --------- d-----w c:\documents and settings\Ahmed\Dane aplikacji\ipla
2008-12-22 16:16 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-12-18 17:27 --------- d-----w c:\documents and settings\Ahmed\Dane aplikacji\Disney Interactive Studios
2008-12-17 17:56 --------- d-----w c:\documents and settings\Ahmed\Dane aplikacji\Leadertech
2008-12-13 15:34 --------- d-----w c:\program files\RivaTuner v2.21
2008-12-12 14:28 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2008-12-10 19:30 4,224 ----a-w c:\windows\system32\drivers\NVStrap.sys
2008-12-07 17:26 --------- d-----w c:\program files\ASUS
2008-10-18 15:07 50,576 ----a-w c:\documents and settings\Ahmed\Dane aplikacji\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.21\RivaTuner.exe" [2008-12-10 2732032]
"AVP"="d:\programy\kaspersky\avp.exe" [2008-07-29 206088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Polish\\setup.exe"=
"d:\\Programy\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\Polish\\setup.exe"=
"d:\\Programy\\worms\\wormsarm\\WA.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008-12-15 4224]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
S3 cpuz131;cpuz131;\??\c:\docume~1\Ahmed\USTAWI~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\Ahmed\USTAWI~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-09-02 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-09-02 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-09-02 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-09-02 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-09-02 98568]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b0f1041-70ec-11dd-9548-00e018998877}]
\Shell\AutoRun\command - G:\ij.bat
\Shell\explore\Command - G:\ij.bat
\Shell\open\Command - G:\ij.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cae23300-adc4-11dd-bc2c-00e018998877}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f09bdf3a-ae7d-11dd-bc30-00e018998877}]
\Shell\AutoRun\command - K:\Menu.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -
Notify-AtiExtEvent - (no file)
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: E&ksport do programu Microsoft Excel - d:\programy\Office\Office10\EXCEL.EXE/3000
TCP: {A23B6E0C-C7A9-4463-A42C-D4DA67B987E6} = 192.168.0.254 194.204.152.34
FF - ProfilePath - c:\documents and settings\Ahmed\Dane aplikacji\Mozilla\Firefox\Profiles\trh1tnsi.default\
FF - prefs.js: browser.startup.homepage - google.pl
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBOARDS.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 19:00:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-789336058-1757981266-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:05,6f,ed,7b,d1,d2,4d,9d,c9,39,ae,1b,d8,1f,04,d7,3a,62,3b,a4,1b,
18,5d,cb,c5,a3,bb,5b,95,11,5e,9f,bc,41,43,30,0b,8a,78,eb,c4,9a,26,e6,91,2d,\
"rkeysecu"=hex:16,1a,19,69,41,56,6f,8c,ad,d0,07,ee,41,20,2a,8b
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
d:\programy\Gadu-Gadu\gg.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-24 19:02:08 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-01-24 18:02:05
Przed: 1 558 691 840 bajtów wolnych
Po: 1,489,862,656 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
423
#6
Macsch15
-
-
- 3 705 postów
Profesjonalista
Napisano 24 01 2009 - 22:00
W hijaku
te powyższe wpisy "sfiksuj"
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.
W combo
Wklej do notatnika
Wejdź >> Plik >> Zapisz jako... >> CFScript.txt
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
wyzeruj przywracanie systemu
http://www.searchengines.pl/Nie-moge-usuna...3-t12510.html#1
Po restarcie usuń ręcznie folder C: \Qoobox
F3 - REG:win.ini: run=
O4 - Startup: G.Art 2.lnk = ?
te powyższe wpisy "sfiksuj"
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.
W combo
Wklej do notatnika
File::
c:\windows\Thps3.INI
c:\windows\AhnRpta.exe
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b0f1041-70ec-11dd-9548-00e018998877}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f09bdf3a-ae7d-11dd-bc30-00e018998877}]Wejdź >> Plik >> Zapisz jako... >> CFScript.txt
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
wyzeruj przywracanie systemu
http://www.searchengines.pl/Nie-moge-usuna...3-t12510.html#1
Po restarcie usuń ręcznie folder C: \Qoobox
Użytkownicy przeglądający ten temat: 0
0 użytkowników, 0 gości, 0 anonimowych
