x-kom hosting

Prosze o sprawdzenie tych logów

adsko
utworzono
utworzono (edytowane)

Proszę o sprawdzenie logów z programów bo dałem się nabrać na keyloggera:/

\/\/\/Silent Runners\/\/\/

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"EPSON Stylus DX4400 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\Ram\USTAWI~1\Temp\E_S84.tmp" /EF "HKCU"" ["SEIKO EPSON CORPORATION"]"BitTorrent DNA" = ""C:\Program Files\DNA\btdna.exe"" ["BitTorrent, Inc."]"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]"AQQ" = "F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe" [empty string]"ALLUpdate" = ""C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"" [null data]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"GEST" = "=" [file not found]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{201f27d4-3704-41d6-89c1-aa35e39143ed}\(Default) = "AskBar BHO"  -> {HKLM...CLSID} = "AskBar BHO"				   \InProcServer32\(Default) = "C:\Program Files\AskBarDis\bar\bin\askBar.dll" ["Ask.com"]{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)  -> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"				   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll" ["RealPlayer"]{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"  -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)  -> {HKLM...CLSID} = "EpsonToolBandKicker Class"				   \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"  -> {HKLM...CLSID} = "History Band"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]"{10677009-C23C-4FC2-A62C-29323A2201F0}" = "AQQ File Transfer Shell Extension"  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"				   \InProcServer32\(Default) = "F:\PROGRA~1\WapSter\WAPSTE~1\System\AQQSHE~1.DLL" [null data]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"  -> {HKLM...CLSID} = "Microsoft Office Outlook"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"  -> {HKLM...CLSID} = "Outlook File Icon Extension"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"				   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio"  -> {HKLM...CLSID} = "JetFlExt Class"				   \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AQQFileTransfer\(Default) = "{10677009-C23C-4FC2-A62C-29323A2201F0}"  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"				   \InProcServer32\(Default) = "F:\PROGRA~1\WapSter\WAPSTE~1\System\AQQSHE~1.DLL" [null data]EPPShellEx\(Default) = "{509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll" ["SEIKO EPSON CORPORATION"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"  -> {HKLM...CLSID} = "JetFlExt Class"				   \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"  -> {HKLM...CLSID} = "JetFlExt Class"				   \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Ram\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\EpsonCreativitySuite\"Provider" = "FileManager""InvokeProgID" = "EpsonCreativitySuite""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\EpsonCreativitySuite\shell\Play\DropTarget\CLSID = "{7720BCC1-4F11-4f17-A80F-0BB69EF9788F}"  -> {HKLM...CLSID} = (no title provided)				   \LocalServer32\(Default) = "C:\Program Files\EPSON\Creativity Suite\File Manager\eppqcom.exe" [null data]JABurnCDAudioOnArrival\"Provider" = "jetAudio""InvokeProgID" = "jetAudio.MediaHandler""InvokeVerb" = "burncd"HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\burncd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /burncd "%1"" ["COWON America, Inc."]JACreateAlbumOnArrival\"Provider" = "jetAudio""InvokeProgID" = "jetAudio.MediaHandler""InvokeVerb" = "createalbum"HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\createalbum\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /createalbum "%1"" ["COWON America, Inc."]JAPlayCDAudioOnArrival\"Provider" = "jetAudio""InvokeProgID" = "jetAudio.MediaHandler""InvokeVerb" = "playcd"HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playcd "%1"" ["COWON America, Inc."]JAPlayDVDMovieOnArrival\"Provider" = "jetAudio""InvokeProgID" = "jetAudio.MediaHandler""InvokeVerb" = "playdvd"HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playdvd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playdvd "%1"" ["COWON America, Inc."]JAPlayMediaOnArrival\"Provider" = "jetAudio""InvokeProgID" = "jetAudio.MediaHandler""InvokeVerb" = "playmedia"HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playmedia\DropTarget\CLSID = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}"  -> {HKLM...CLSID} = "JetFlExt Class"				   \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]JAPlaySVCDMovieOnArrival\"Provider" = "jetAudio""InvokeProgID" = "jetAudio.MediaHandler""InvokeVerb" = "playvcd"HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playvcd "%1"" ["COWON America, Inc."]JAPlayVCDMovieOnArrival\"Provider" = "jetAudio""InvokeProgID" = "jetAudio.MediaHandler""InvokeVerb" = "playvcd"HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\playvcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /playvcd "%1"" ["COWON America, Inc."]JARipCDAudioOnArrival\"Provider" = "jetAudio""InvokeProgID" = "jetAudio.MediaHandler""InvokeVerb" = "ripcd"HKLM\SOFTWARE\Classes\jetAudio.MediaHandler\shell\ripcd\command\(Default) = ""C:\Program Files\JetAudio\jetAudio.exe" /ripcd "%1"" ["COWON America, Inc."]MSPlayCDAudioOnArrival\"Provider" = "ALLPlayer""InvokeProgID" = "AllPlayerFile""InvokeVerb" = "play"HKCU\Software\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\JetAudio\JetAudio.exe" "%1"" ["COWON America, Inc."]HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\DropTarget\CLSID = "{8D1636FD-CA49-4b4e-90E4-0A20E03A15E8}"  -> {HKLM...CLSID} = "JetFlExt Class"				   \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["COWON America"]NeroAutoPlayEmptyCD\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay""InvokeVerb" = "EmptyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\EmptyCD\command\(Default) = ""C:\Program Files\Ahead\nero startsmart\nerostartsmart.exe" /Drive:%L" ["Ahead Software AG"]NeroAutoPlayVideoDVD\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay""InvokeVerb" = "VideoDVD"HKLM\SOFTWARE\Classes\Nero.AutoPlay\shell\VideoDVD\command\(Default) = ""C:\Program Files\Ahead\nero startsmart\nerostartsmart.exe" /Drive:%L" ["Ahead Software AG"]RPCDBurningOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.CDBurn.6""InvokeVerb" = "open"HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]RPDeviceOnArrival\"Provider" = "RealPlayer""ProgID" = "RealPlayer.HWEventHandler"HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"  -> {HKLM...CLSID} = "RealNetworks Scheduler"				   \LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]RPPlayCDAudioOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AudioCD.6""InvokeVerb" = "play"HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe"  /play %1 " ["RealNetworks, Inc."]RPPlayDVDMovieOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.DVD.6""InvokeVerb" = "play"HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe"  /dvd %1 " ["RealNetworks, Inc."]RPPlayMediaOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AutoPlay.6""InvokeVerb" = "open"HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]Startup items in "Ram" & "All Users" startup folders:-----------------------------------------------------C:\Documents and Settings\Ram\Menu Start\Programy\Autostart"hamachi" -> shortcut to: "C:\Program Files\Hamachi\hamachi.exe" ["LogMeIn Inc."]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart" Gigaset WLAN Adapter Monitor" -> shortcut to: "C:\Program Files\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe" [empty string]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"  -> {HKLM...CLSID} = "Ask Toolbar"				   \InProcServer32\(Default) = "C:\Program Files\AskBarDis\bar\bin\askBar.dll" ["Ask.com"]HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)  -> {HKLM...CLSID} = "EPSON Web-To-Page"				   \InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" = (no title provided)  -> {HKLM...CLSID} = "Ask Toolbar"				   \InProcServer32\(Default) = "C:\Program Files\AskBarDis\bar\bin\askBar.dll" ["Ask.com"]Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}\(Default) = "Ask Toolbar Quick View"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Research"{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]EPSON V3 Service4(01), EPSON_PM_RPCV4_01, "C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE" ["SEIKO EPSON CORPORATION"]GEST Service for program management., GEST Service, ""C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe"" [null data]Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\EPSON Stylus DX4400 Series 32MonitorBE\Driver = "E_FLBCAE.DLL" ["SEIKO EPSON CORPORATION"]---------- (launch time: 2009-03-29 10:25:36)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points, use the -supp parameter or answer "No" at the  first message box and "Yes" at the second message box.---------- (total run time: 23 seconds, including 4 seconds for message boxes)

/\/\/\Silent Runners/\/\/\

\/\/\/Hijack this\/\/\/

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:27:03, on 2009-03-29Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXEC:\Program Files\DNA\btdna.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exeC:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXEC:\Program Files\GIGABYTE\EnergySaver\GSvr.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Java\jre6\bin\java.exeF:\Program Files\WapSter\WapSter AQQ\AQQ.exeC:\Program Files\Windows NT\Accessories\WORDPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dllO3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO4 - HKLM\..\Run: [GEST] =O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\Ram\USTAWI~1\Temp\E_S84.tmp" /EF "HKCU"O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [AQQ] F:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exeO4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Startup: hamachi.lnk = ?O4 - Global Startup:  Gigaset WLAN Adapter Monitor.lnk = C:\Program Files\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXEO23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe--End of file - 6863 bytes

/\/\/\Hijack this/\/\/\

\/\/\/Combo Fix\/\/\/

ComboFix 09-03-28.06 - Ram 2009-03-29 20:42:22.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2046.961 [GMT 2:00]Uruchomiony z: c:\documents and settings\Ram\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracaniaUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Ram\Dane aplikacji\EurekaLogc:\documents and settings\Ram\Dane aplikacji\EurekaLog\EurekaLog.ini.(((((((((((((((((((((((((   Pliki utworzone od 2009-02-28 do 2009-03-29  ))))))))))))))))))))))))))))))).2009-03-29 15:32 . 2009-03-29 15:32	<DIR>	d--------	c:\program files\Active Ports2009-03-29 15:32 . 1999-12-17 10:13	49,664	--a------	c:\windows\unvise32.exe2009-03-29 08:24 . 2009-03-29 08:24	<DIR>	d--------	c:\windows\Sun2009-03-29 08:22 . 2009-03-29 08:22	<DIR>	d--------	c:\program files\Java2009-03-29 08:22 . 2009-03-29 08:22	410,984	--a------	c:\windows\system32\deploytk.dll2009-03-29 08:22 . 2009-03-29 08:22	73,728	--a------	c:\windows\system32\javacpl.cpl2009-03-28 09:25 . 2009-03-28 09:25	1,544,770	---hs----	c:\windows\svchost.pif2009-03-24 20:26 . 2009-03-24 20:26	<DIR>	d--------	c:\windows\Pulpit2009-03-08 19:28 . 2009-03-08 19:28	<DIR>	d--------	c:\documents and settings\Ram\Dane aplikacji\COWON2009-03-08 17:48 . 2009-03-08 17:48	<DIR>	d--------	c:\documents and settings\Ram\Dane aplikacji\teamspeak22009-03-08 17:47 . 2009-03-08 17:48	<DIR>	d--------	c:\program files\Teamspeak2_RC22009-03-08 17:47 . 2009-03-08 17:47	34,064	--a------	c:\windows\system32\lhacm.acm2009-03-05 20:03 . 2009-03-28 10:02	<DIR>	d--------	c:\program files\JetAudio2009-03-05 20:03 . 2009-03-05 20:03	<DIR>	d--------	c:\program files\Common Files\COWON2009-03-05 20:03 . 2009-03-05 20:03	25	--a------	c:\windows\cdplayer.ini2009-03-05 20:02 . 2009-03-05 20:02	<DIR>	d--------	c:\program files\Real2009-03-05 20:02 . 2009-03-05 20:02	<DIR>	d--------	c:\program files\Common Files\xing shared2009-03-05 20:02 . 2009-03-05 20:02	<DIR>	d--------	c:\program files\Common Files\Real2009-03-05 20:02 . 2009-03-05 20:02	499,712	--a------	c:\windows\system32\msvcp71.dll2009-03-05 20:02 . 2009-03-05 20:02	348,160	--a------	c:\windows\system32\msvcr71.dll2009-03-04 19:21 . 2009-03-04 19:21	<DIR>	d--h-----	c:\windows\PIF2009-03-01 08:06 . 2009-03-01 08:06	<DIR>	d--------	c:\program files\Trend Micro.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-03-29 18:34	---------	d-----w	c:\documents and settings\Ram\Dane aplikacji\DNA2009-03-29 13:19	---------	d-----w	c:\program files\AskBarDis2009-03-29 06:14	---------	d-----w	c:\documents and settings\Ram\Dane aplikacji\Hamachi2009-03-29 06:13	16,608	----a-w	c:\windows\gdrv.sys2009-03-29 06:13	---------	d-----w	c:\program files\DNA2009-03-28 18:09	---------	d-----w	c:\program files\Steam2009-03-05 18:03	---------	d--h--w	c:\program files\InstallShield Installation Information2009-03-01 14:59	---------	d-----w	c:\program files\ALLPlayer2009-03-01 06:35	---------	d-----w	c:\documents and settings\Ram\Dane aplikacji\BitTorrent2009-02-28 15:49	---------	d-----w	c:\program files\NAPI-PROJEKT2009-02-24 16:37	---------	d-----w	c:\documents and settings\Ram\Dane aplikacji\Tibia2009-02-23 15:25	4,032,512	----a-w	c:\windows\Help\ZZEXE.EXE2009-02-22 19:34	---------	d-----w	c:\program files\GlobalSCAPE2009-02-22 19:34	---------	d-----w	c:\documents and settings\Ram\Dane aplikacji\GlobalSCAPE2009-02-22 19:34	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\GlobalSCAPE2009-02-20 22:22	25,280	----a-w	c:\windows\system32\drivers\hamachi.sys2009-02-20 22:22	---------	d-----w	c:\program files\Hamachi2009-02-18 22:08	---------	d-----w	c:\program files\Hamachii2009-02-13 14:46	---------	d-----w	c:\documents and settings\Ram\Dane aplikacji\WypasOTS Client2009-02-05 18:07	---------	d-----w	c:\documents and settings\Ram\Dane aplikacji\EPSON.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]2008-09-29 18:24	325000	--a------	c:\program files\AskBarDis\bar\bin\askBar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-16 342848]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"AQQ"="f:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2009-02-25 4879360]"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GEST"="=" [X]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-05 198160]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-29 148888]"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 c:\windows\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]c:\documents and settings\Ram\Menu Start\Programy\Autostart\hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-02-21 625952]c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Gigaset WLAN Adapter Monitor.lnk - c:\program files\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe [2003-12-15 516096][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"<NO NAME>"= 0[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"="c:\\Program Files\\GameSpy Arcade\\Aphex.exe"="e:\\fear\\fpupdate.exe"="e:\\fear\\FEAR.exe"="e:\\fear\\FEARMP.exe"="f:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"="c:\\Program Files\\Steam\\steamapps\\adsko1\\counter-strike\\hl.exe"="c:\\Program Files\\Steam\\Steam.exe"="e:\\Soldat\\Soldat.exe"="c:\\Program Files\\TmNationsForever\\TmForever.exe"="e:\\BOS I\\game.dat"="c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="c:\\Program Files\\Steam\\steamapps\\adsko1\\condition zero deleted scenes\\hl.exe"="c:\\Program Files\\DNA\\btdna.exe"="e:\\Program Files\\BitTorrent\\bittorrent.exe"="f:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="e:\\Program Files\\FOX\\Aliens vs. Predator 2\\lithtech.exe"="e:\\Program Files\\FOX\\Aliens vs. Predator 2\\avp2.exe"="c:\\Program Files\\Hamachi\\hamachi.exe"="c:\\totalcmd\\TOTALCMD.EXE"="c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Home\\ftpte.exe"="c:\\Documents and Settings\\Ram\\Pulpit\\RealmChanger\\World Of Tibiasula\\World Of Tibiasula\\TheForgottenServer.exe"="c:\\Program Files\\Steam\\steamapps\\adsko1\\condition zero\\hl.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-09-25 80392]R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-26 93696]R3 PONDIS5;PONDIS5 NDIS Protocol Driver;c:\windows\system32\PONDIS5.sys [2003-07-17 17097]--- Inne Usługi/Sterowniki w Pamięci ---*NewlyCreated* - JAVAQUICKSTARTERSERVICE*NewlyCreated* - WMIAPSRV[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa351314-e30e-11dd-a560-0001e345c1ca}]\Shell\AutoRun\command - L:\m9ma.exe\Shell\explore\Command - L:\m9ma.exe\Shell\open\Command - L:\m9ma.exe..------- Skan uzupełniający -------.IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\Ram\Dane aplikacji\Mozilla\Firefox\Profiles\dkppvvuj.default\FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-03-29 20:43:06Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  ? [39192]? [40332]? [48612]? [50224]? [51132]? [50108]? [51188]skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1260)c:\windows\system32\Ati2evxx.dll.Czas ukończenia: 2009-03-29 20:43:36ComboFix-quarantined-files.txt  2009-03-29 18:43:35Przed: 4 057 780 224 bajtów wolnychPo: 8,309,522,432 bajtów wolnych173	--- E O F ---	2008-12-10 00:44:54

/\/\/\Combo fix/\/\/\

A tu Skan pliku zawirusowanego

Mateusz J.
komentarz
komentarz

Log z ComboFix proszę dorzucić.

Gość
komentarz
komentarz

Dziwny ten log.

1) Zamknij robaczywe porty przy pomocy --> Windows Worms Doors Cleaner

Ustaw znaczki na zielono, Netbios może być na żółto.

Po użyciu narzędzia wymagany jest restart.

2) Użyj (w Trybie Awaryjnym)-->SDFix. (niżej na stronie linku).

Pokaż Report.txt znajdujący się w folderze SDFix.

3) Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

.

adsko
komentarz
komentarz

Ad. 1 Zamknąłem te porty i kompa zrestartowałem.

Ad. 2 Program nie chce mi się uruchomić:/

Ad. 3 Oto skan

Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeńC:\Documents and Settings\Ram\Pulpit\Evo OTS By DAMI - rehost by Masiar;3.exe Zainfekowany: Trojan.Win32.Delf.bwf 1C:\Documents and Settings\Ram\Pulpit\theforgottenserver-v0.2-win32console.7z Zainfekowany: Trojan.Win32.Delf.gug 1C:\Program Files\DAEMON Tools\SetupDTSB.exe Zainfekowany: not-a-virus:WebToolbar.Win32.WhenU.a 1C:\RECYCLER\S-1-5-21-2025429265-1450960922-1801674531-1004\Dc151.v2_julek\B-Fox_7__Seven__.v2 julek\B-Fox Seven\B-fox.exe Zainfekowany: Trojan.Win32.Delf.ebv 1C:\RECYCLER\S-1-5-21-2025429265-1450960922-1801674531-1004\Dc151.v2_julek\B-Fox_7__Seven__.v2 julek\B-Fox Seven\source\project\Cezarex OTS.exe Zainfekowany: Trojan.Win32.Delf.htb 1C:\RECYCLER\S-1-5-21-2025429265-1450960922-1801674531-1004\Dc151.v2_julek\B-Fox_7__Seven__.v2 julek\Sources\Sources\Sources\project\Cezarex OTS.exe Zainfekowany: Trojan.Win32.Delf.htb 1C:\RECYCLER\S-1-5-21-2025429265-1450960922-1801674531-1004\Dc168.exe Zainfekowany: Trojan-GameThief.Win32.Tibia.bob 1C:\RECYCLER\S-1-5-21-2025429265-1450960922-1801674531-1004\Dc200.rar Zainfekowany: Trojan.Win32.Delf.ebv 1C:\RECYCLER\S-1-5-21-2025429265-1450960922-1801674531-1004\Dc200.rar Zainfekowany: Trojan.Win32.Delf.htb 2C:\RECYCLER\S-1-5-21-2025429265-1450960922-1801674531-1004\Dc207\Evo Ots.exe Zainfekowany: Trojan.Win32.Delf.bwf 1C:\RECYCLER\S-1-5-21-2025429265-1450960922-1801674531-1004\Dc208.rar Zainfekowany: Trojan.Win32.Delf.gtw 1C:\RECYCLER\S-1-5-21-2025429265-1450960922-1801674531-1004\Dc209.40\Armonia 8.40\Armonia.exe Zainfekowany: Trojan.Win32.Delf.gtw 1C:\RECYCLER\S-1-5-21-2025429265-1450960922-1801674531-1004\Dc230.2-win32console\Mystic Spirit\The Forgotten Server.exe Zainfekowany: Trojan.Win32.Delf.gug 1C:\WINDOWS\Help\LSASS.EXE Zainfekowany: Trojan-GameThief.Win32.Tibia.bob 1

Te dwa tibia.bob wywaliłem chyba za pomocą cmd komenda del "adres pliku

Gość
komentarz
komentarz

Pobierz ---> The Avenger

Wklej do niego ten tekst:

Files to delete:C:\WINDOWS\Help\LSASS.EXEC:\Program Files\DAEMON Tools\SetupDTSB.exeFolders to delete:C:\RECYCLER

Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.

Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt

.

adsko
komentarz
komentarz (edytowane)
Logfile of The Avenger Version 2.0, ? by Swandog46http://swandog46.geekstogo.comPlatform:  Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!Error:  file "C:\WINDOWS\Help\LSASS.EXE" not found!Deletion of file "C:\WINDOWS\Help\LSASS.EXE" failed!Status: 0xc0000034 (STATUSOBJECTNAMENOTFOUND)  --> the object does not existFile "C:\Program Files\DAEMON Tools\SetupDTSB.exe" deleted successfully.Folder "C:\RECYCLER" deleted successfully.Completed script processing.*******************Finished!  Terminate.

By nie było to wywaliłem te 2 pliki ręcznie tak jak pisałem;]

Gość
komentarz
komentarz

Sorki, nie doczytałem do końca.

Przeskanuj ponownie Kasperskym.

.

adsko
komentarz
komentarz

tylko C skanować?

Gość
komentarz
komentarz

Tak.

.

adsko
komentarz
komentarz

skan czysty nic nie wykrył :D

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.