kenwood utworzono 14 czerwca 2009 utworzono 14 czerwca 2009 Witam! Ciąg dalszy TEGO tematu. ComboFix 09-06-13.09 - Administrator 2009-06-14 11:37.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1551 [GMT 2:00]Uruchomiony z: d:\documents and settings\Administrator.KENWOOD-B9542AE\Pulpit\ComboFix.exeAV: avast! antivirus 4.8.1335 [VPS 090613-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}.((((((((((((((((((((((((( Pliki utworzone od 2009-05-14 do 2009-06-14 ))))))))))))))))))))))))))))))).2009-06-13 16:38 . 2009-06-13 16:38 107888 ----a-w- d:\windows\system32\CmdLineExt.dll2009-06-13 16:34 . 2009-06-13 16:34 -------- d-----w- d:\windows\1C4551A64743409391E41477CD655043.TMP2009-06-13 16:34 . 2009-04-30 20:02 457248 ----a-w- d:\windows\system32\nvudisp.exe2009-06-13 16:14 . 2009-06-13 16:14 -------- d-----w- d:\program files\CCleaner2009-06-13 15:40 . 2009-06-13 15:41 -------- d-----w- d:\program files\Driver Cleaner2009-06-13 14:25 . 2009-02-05 20:06 23152 ----a-w- d:\windows\system32\drivers\aswRdr.sys2009-06-13 14:25 . 2009-02-05 20:06 51376 ----a-w- d:\windows\system32\drivers\aswTdi.sys2009-06-13 14:25 . 2009-02-05 20:05 26944 ----a-w- d:\windows\system32\drivers\aavmker4.sys2009-06-13 14:25 . 2009-02-05 20:04 97480 ----a-w- d:\windows\system32\AvastSS.scr2009-06-13 14:25 . 2009-02-05 20:08 93296 ----a-w- d:\windows\system32\drivers\aswmon.sys2009-06-13 14:25 . 2009-02-05 20:08 94032 ----a-w- d:\windows\system32\drivers\aswmon2.sys2009-06-13 14:25 . 2009-02-05 20:07 114768 ----a-w- d:\windows\system32\drivers\aswSP.sys2009-06-13 14:25 . 2009-02-05 20:07 20560 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys2009-06-13 14:24 . 2009-02-05 20:11 1256296 ----a-w- d:\windows\system32\aswBoot.exe2009-06-13 14:24 . 2003-03-18 19:20 1060864 ----a-w- d:\windows\system32\MFC71.dll2009-06-13 14:24 . 2003-03-18 18:14 499712 ----a-w- d:\windows\system32\MSVCP71.dll2009-06-13 14:24 . 2003-02-21 02:42 348160 ----a-w- d:\windows\system32\MSVCR71.dll2009-06-13 14:24 . 2009-06-13 14:24 -------- d-----w- d:\program files\Alwil Software2009-06-13 13:36 . 2009-06-13 13:36 -------- d-----w- d:\program files\AGEIA Technologies2009-06-13 13:36 . 2009-06-13 13:36 -------- d-----w- d:\windows\system32\AGEIA2009-06-13 13:35 . 2009-06-13 13:36 -------- d-----w- d:\windows\NV57565760.TMP2009-06-13 13:35 . 2009-04-26 22:42 457248 ----a-w- d:\windows\system32\NVUNINST.EXE2009-06-13 13:16 . 2009-06-13 13:36 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard2009-06-12 11:16 . 2009-06-12 11:18 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\Ahead2009-06-12 11:16 . 2009-06-12 11:16 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\LightScribe2009-06-12 11:16 . 2009-06-12 11:16 -------- d-----w- d:\program files\Common Files\LightScribe2009-06-12 11:15 . 2009-06-12 11:18 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Ahead2009-06-12 11:12 . 2009-06-12 11:16 -------- d-----w- d:\program files\Common Files\Ahead2009-06-12 11:12 . 2009-06-12 11:12 -------- d-----w- d:\program files\Nero2009-06-12 11:12 . 2009-06-12 11:12 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\Nero2009-06-12 10:40 . 2009-06-12 10:40 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\The Creative Assembly2009-06-12 10:40 . 2009-03-09 13:27 453456 ----a-w- d:\windows\system32\d3dx10_41.dll2009-06-12 10:40 . 2009-03-09 13:27 1846632 ----a-w- d:\windows\system32\D3DCompiler_41.dll2009-06-12 10:40 . 2009-03-16 12:18 69448 ----a-w- d:\windows\system32\XAPOFX1_3.dll2009-06-12 10:40 . 2009-03-16 12:18 517448 ----a-w- d:\windows\system32\XAudio2_4.dll2009-06-12 10:40 . 2009-03-16 12:18 235352 ----a-w- d:\windows\system32\xactengine3_4.dll2009-06-12 10:40 . 2009-03-09 13:27 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll2009-06-12 10:40 . 2009-03-16 12:18 22360 ----a-w- d:\windows\system32\X3DAudio1_6.dll2009-06-12 10:40 . 2008-10-15 04:22 452440 ----a-w- d:\windows\system32\d3dx10_40.dll2009-06-12 10:40 . 2008-10-15 04:22 4379984 ----a-w- d:\windows\system32\D3DX9_40.dll2009-06-12 10:40 . 2008-10-15 04:22 2036576 ----a-w- d:\windows\system32\D3DCompiler_40.dll2009-06-12 10:39 . 2008-10-15 05:03 70992 ----a-w- d:\windows\system32\XAPOFX1_2.dll2009-06-12 10:39 . 2008-10-15 05:03 235856 ----a-w- d:\windows\system32\xactengine3_3.dll2009-06-12 10:39 . 2008-10-15 05:03 514384 ----a-w- d:\windows\system32\XAudio2_3.dll2009-06-12 10:39 . 2008-10-15 05:03 23376 ----a-w- d:\windows\system32\X3DAudio1_5.dll2009-06-12 10:39 . 2008-07-30 04:20 68616 ----a-w- d:\windows\system32\XAPOFX1_1.dll2009-06-12 10:39 . 2008-07-30 04:20 509448 ----a-w- d:\windows\system32\XAudio2_2.dll2009-06-12 10:39 . 2008-07-30 04:20 238088 ----a-w- d:\windows\system32\xactengine3_2.dll2009-06-12 10:39 . 2008-07-10 09:01 467984 ----a-w- d:\windows\system32\d3dx10_39.dll2009-06-10 18:10 . 2009-06-10 18:10 -------- d-----w- d:\program files\Electronic Arts2009-06-10 06:59 . 2009-06-10 18:05 104655 --sh--r- D:\6phx.com2009-06-09 14:54 . 2009-06-09 14:54 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\Identities2009-06-09 09:51 . 2004-08-03 20:58 5504 -c--a-w- d:\windows\system32\dllcache\mstee.sys2009-06-09 09:51 . 2004-08-03 20:58 5504 ----a-w- d:\windows\system32\drivers\MSTEE.sys2009-06-09 09:51 . 2004-08-03 21:10 10880 -c--a-w- d:\windows\system32\dllcache\ndisip.sys2009-06-09 09:51 . 2004-08-03 21:10 10880 ----a-w- d:\windows\system32\drivers\NdisIP.sys2009-06-09 07:41 . 2009-06-09 07:41 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Ulead Systems2009-06-09 07:41 . 2009-06-09 07:41 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\Help2009-06-09 07:41 . 2009-06-09 07:41 -------- d-----w- d:\windows\system32\windows media2009-06-09 07:40 . 2009-06-09 07:40 -------- d-----w- d:\program files\Windows Media Components2009-06-09 07:40 . 2009-06-09 07:41 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\Ulead Systems2009-06-09 07:40 . 2009-06-09 07:40 -------- d-----w- d:\program files\Common Files\Ulead Systems2009-06-09 07:40 . 2009-06-09 07:40 -------- d-----w- d:\program files\Ulead Systems2009-06-09 06:28 . 2004-08-03 21:08 26496 -c--a-w- d:\windows\system32\dllcache\usbstor.sys2009-06-08 19:37 . 2009-06-11 08:47 24088 ----a-w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-08 18:41 . 2009-06-08 18:41 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Sports Interactive2009-06-08 18:27 . 2009-06-08 18:27 -------- d--h--w- d:\documents and settings\Administrator.KENWOOD-B9542AE\InstallAnywhere2009-06-08 18:25 . 2001-08-17 21:59 3072 ----a-w- d:\windows\system32\drivers\audstub.sys2009-06-08 18:24 . 2004-08-04 00:35 58624 ----a-w- d:\windows\system32\drivers\redbook.sys2009-06-08 18:24 . 2004-08-03 23:01 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys2009-06-08 18:24 . 2001-08-17 21:46 6400 ----a-w- d:\windows\system32\drivers\enum1394.sys2009-06-08 18:23 . 2004-08-03 22:44 77312 -c--a-w- d:\windows\system32\dllcache\usbui.dll2009-06-08 18:23 . 2004-08-03 22:44 77312 ----a-w- d:\windows\system32\usbui.dll2009-06-08 18:20 . 2009-06-13 16:38 -------- d--h--r- d:\documents and settings\All Users.WINDOWS\Dane aplikacji2009-06-08 18:19 . 2009-06-12 11:16 -------- d--h--w- d:\documents and settings\Default User.WINDOWS2009-06-08 18:19 . 2009-06-08 16:30 -------- d-----w- d:\documents and settings\All Users.WINDOWS2009-06-08 18:18 . 2004-04-30 07:37 160640 ----a-w- d:\windows\system32\drivers\a347bus.sys2009-06-08 18:18 . 2004-04-30 07:33 5248 ----a-w- d:\windows\system32\drivers\a347scsi.sys2009-06-08 18:09 . 2006-05-04 08:26 2808832 ------r- d:\windows\alcwzrd.exe2009-06-08 18:09 . 2005-05-03 10:43 69632 ------r- d:\windows\Alcmtr.exe2009-06-08 18:09 . 2008-05-07 11:21 4739072 ------r- d:\windows\system32\drivers\RtkHDAud.sys2009-06-08 18:09 . 2008-05-07 07:39 16862208 ------r- d:\windows\RTHDCPL.exe2009-06-08 18:09 . 2008-04-02 01:27 1196032 ------r- d:\windows\RtlUpd.exe2009-06-08 18:09 . 2007-11-20 10:15 1826816 ------r- d:\windows\SkyTel.exe2009-06-08 18:09 . 2007-06-28 08:44 2165760 ------r- d:\windows\MicCal.exe2009-06-08 18:09 . 2007-03-23 11:19 9715200 ------r- d:\windows\RTLCPL.exe2009-06-08 18:09 . 2006-08-01 07:02 49152 ------r- d:\windows\system32\ChCfg.exe2009-06-08 18:09 . 2006-07-21 08:14 86016 ------r- d:\windows\SoundMan.exe2009-06-08 18:09 . 2008-03-05 10:07 520192 ------r- d:\windows\RtlExUpd.dll2009-06-08 18:08 . 2004-11-18 08:42 22752 ----a-w- d:\windows\system32\spupdsvc.exe2009-06-08 17:56 . 2009-06-08 17:58 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Winamp2009-06-08 17:48 . 2009-06-08 17:51 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Nowe Gadu-Gadu2009-06-08 17:47 . 2009-06-14 09:32 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\uTorrent2009-06-08 17:45 . 2009-06-08 18:30 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\Sports Interactive2009-06-08 17:35 . 2009-06-08 17:35 0 ----a-w- d:\windows\nsreg.dat2009-06-08 17:35 . 2009-06-08 17:35 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\Mozilla2009-06-08 17:32 . 2005-11-04 14:55 126976 ----a-w- d:\windows\system32\coclassfast.dll2009-06-08 17:11 . 2008-01-03 14:10 105856 ----a-r- d:\windows\system32\drivers\Rtenicxp.sys2009-06-08 17:11 . 2009-06-08 17:11 -------- d-----w- d:\windows\OPTIONS2009-06-08 17:11 . 2009-06-08 17:11 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\InstallShield2009-06-08 17:09 . 2009-06-08 18:09 -------- d-----w- d:\program files\Realtek2009-06-08 17:09 . 2009-06-08 17:09 315392 ----a-w- d:\windows\HideWin.exe2009-06-08 16:53 . 2008-03-26 03:15 53248 ----a-r- d:\windows\system32\CSVer.dll2009-06-08 16:52 . 2009-06-14 09:41 16608 ----a-w- d:\windows\gdrv.sys2009-06-08 16:46 . 2009-06-08 16:46 -------- d-sh--w- d:\documents and settings\LocalService.ZARZĄDZANIE NT2009-06-08 16:36 . 2009-06-08 16:36 -------- d-sh--w- d:\documents and settings\NetworkService.ZARZĄDZANIE NT2009-06-08 16:33 . 2004-08-03 21:44 40960 -c--a-w- d:\windows\system32\dllcache\msiregmv.exe2009-06-08 16:32 . 2001-10-26 16:28 13463552 -c--a-w- d:\windows\system32\dllcache\hwxjpn.dll2009-06-08 16:31 . 2001-10-26 16:29 9728 -c--a-w- d:\windows\system32\dllcache\change.exe2009-06-08 16:30 . 2009-06-12 11:12 -------- d-sh--w- d:\documents and settings\All Users.WINDOWS\DRM2009-06-08 16:28 . 2004-08-03 21:44 726078 -c--a-w- d:\windows\system32\dllcache\srchui.dll2009-06-08 16:27 . 2001-10-26 16:30 5632 -c--a-w- d:\windows\system32\dllcache\write.exe2009-06-08 08:12 . 2009-06-08 08:12 -------- d-s---w- d:\documents and settings\Administrator.KENWOOD-25032AC\UserData2009-06-08 08:02 . 2009-06-08 16:28 -------- d-----w- d:\windows\system32\wbem\Repository2009-06-06 10:03 . 2009-06-06 10:04 -------- d-----w- d:\program files\Common Files\Sony Ericsson Shared2009-06-06 10:03 . 2009-06-06 10:04 -------- d-----w- d:\program files\Common Files\Teleca Shared2009-06-06 10:03 . 2009-06-06 10:03 -------- d-----w- d:\program files\Sony Ericsson2009-06-06 10:03 . 2009-06-06 10:03 -------- d-----w- d:\windows\Downloaded Installations2009-06-04 12:45 . 2009-06-04 12:45 -------- d-----w- d:\program files\Common Files\TV2009-06-04 12:45 . 2009-06-04 12:46 -------- d-----w- d:\program files\AVerTV2009-06-03 11:22 . 2009-06-11 20:06 -------- d-----w- d:\program files\Tibia.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-06-12 10:16 . 2009-06-12 09:12 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\PeaZip2009-06-12 09:12 . 2009-06-12 09:12 -------- d-----w- d:\program files\PeaZip2009-06-12 08:58 . 2009-06-11 18:31 103184 --sh--r- D:\9dlvtiil.exe2009-06-11 20:07 . 2009-06-11 20:06 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Tibia2009-06-10 18:21 . 2009-06-10 18:21 10134 ----a-r- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe2009-06-10 18:21 . 2009-06-10 18:21 -------- d-----w- d:\program files\Microsoft WSE2009-06-10 18:21 . 2001-10-26 15:15 74450 ----a-w- d:\windows\system32\perfc015.dat2009-06-10 18:21 . 2001-10-26 15:15 448348 ----a-w- d:\windows\system32\perfh015.dat2009-06-10 18:10 . 2009-06-02 17:36 -------- d--h--w- d:\program files\InstallShield Installation Information2009-06-09 18:23 . 2009-06-08 16:30 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat2009-06-09 07:40 . 2009-06-02 17:36 -------- d-----w- d:\program files\Common Files\InstallShield2009-06-08 17:56 . 2009-06-02 19:07 -------- d-----w- d:\program files\Winamp2009-06-08 17:48 . 2009-06-02 18:36 -------- d-----w- d:\program files\Nowe Gadu-Gadu2009-06-08 16:28 . 2009-06-08 16:28 21856 ----a-w- d:\windows\system32\emptyregdb.dat2009-06-02 19:22 . 2009-06-02 19:21 -------- d--h--w- d:\program files\Zero G Registry2009-06-02 19:21 . 2009-06-02 19:21 -------- d-----w- d:\program files\Sports Interactive2009-06-02 19:15 . 2009-06-02 19:15 -------- d-----w- d:\program files\Alcohol Soft2009-06-02 19:09 . 2009-06-02 19:09 -------- d-----w- d:\program files\Winamp Toolbar2009-06-02 18:31 . 2009-06-02 18:31 -------- d-----w- d:\program files\AskSearch2009-06-02 18:31 . 2009-06-02 18:31 -------- d-----w- d:\program files\AskBarDis2009-06-02 18:30 . 2009-06-02 18:30 -------- d-----w- d:\program files\uTorrent2009-06-02 18:22 . 2009-06-02 18:22 -------- d-----w- d:\program files\SAGEM2009-06-02 17:37 . 2009-06-02 17:37 -------- d-----w- d:\program files\Intel2009-06-02 17:36 . 2009-06-02 17:36 -------- d-----w- d:\program files\GIGABYTE2009-06-02 17:29 . 2009-06-02 17:29 -------- d-----w- d:\program files\microsoft frontpage2009-06-02 17:28 . 2009-06-02 17:28 -------- d-----w- d:\program files\Usługi online2009-05-28 09:23 . 2009-05-28 09:23 42088 ----a-w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- d:\windows\system32\nvcplui.exe2009-04-30 20:02 . 2009-04-30 20:02 9994240 ----a-w- d:\windows\system32\nvoglnt.dll2009-04-30 20:02 . 2009-04-30 20:02 806912 ----a-w- d:\windows\system32\SETB9.tmp2009-04-30 20:02 . 2009-04-30 20:02 5896320 ----a-w- d:\windows\system32\SETB7.tmp2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- d:\windows\system32\nvdata.bin2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- d:\windows\system32\SETC2.tmp2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- d:\windows\system32\nvcodins.dll2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- d:\windows\system32\nvcod.dll2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- d:\windows\system32\nvcuvenc.dll2009-04-30 20:02 . 2009-02-18 12:44 806912 ----a-w- d:\windows\system32\nvapi.dll2009-04-30 20:02 . 2009-02-18 12:44 663552 ----a-w- d:\windows\system32\nvcuvid.dll2009-04-30 20:02 . 2009-02-18 12:44 1720320 ----a-w- d:\windows\system32\nvcuda.dll2009-04-30 20:02 . 2008-05-09 02:56 8055584 ----a-w- d:\windows\system32\drivers\nv4_mini.sys2009-04-30 20:02 . 2008-05-09 02:56 5896320 ----a-w- d:\windows\system32\nv4_disp.dll.------- Sigcheck -------[-] 2008-03-05 19:54 1548288 44A87287F63395AE9E7950D266A73160 d:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]2009-05-28 09:23 42088 ----a-w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Nowe Gadu-Gadu"="d:\program files\Nowe Gadu-Gadu\gg.exe" [2009-05-28 10486376]"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]"LightScribe Control Panel"="d:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"WiseStubReboot"="MSIEXEC" [X][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GEST"="m‘|\ü" [X]"WinampAgent"="d:\program files\Winamp\winampa.exe" [2009-04-10 37888]"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-04-30 86016]"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-04-30 13750272]"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2008-05-07 16862208]"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-04-30 1657376][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-03 15360][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\uTorrent\\uTorrent.exe"="d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2009-06-13 114768]R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2009-06-13 20560]R2 GEST Service;GEST Service for program management.;d:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-06-02 80392][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"d:\program files\Common Files\LightScribe\LSRunOnce.exe"..------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = hxxp://192.168.1.1/.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-06-14 11:40Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... ? [39404]? [41952]? [42984]? [41212]? [41416]? [41452]skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'explorer.exe'(237820)d:\program files\Common Files\Ahead\Lib\NeroSearchBar.dlld:\program files\Common Files\Ahead\Lib\MFC71U.DLLd:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll.Czas ukończenia: 2009-06-14 11:42ComboFix-quarantined-files.txt 2009-06-14 09:42Przed: 164 172 922 880 bajtów wolnychPo: 164 174 266 368 bajtów wolnych244
Gość komentarz 14 czerwca 2009 komentarz 14 czerwca 2009 1. Użyj (w Trybie Awaryjnym)-->SDFix. (niżej na stronie linku). Pokaż Report.txt znajdujący się w folderze SDFix. 2. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. .
kenwood komentarz 14 czerwca 2009 Autor komentarz 14 czerwca 2009 Tutaj masz raport z SDFix w Trybie Awaryjnym: [b]SDFix: Version 1.240 [/b]Run by Administrator on 2009-06-14 at 12:23Microsoft Windows XP [Wersja 5.1.2600]Running From: D:\SDFix[b]Checking Services [/b]:Restoring Default Security ValuesRestoring Default Hosts FileRebooting[b]Checking Files [/b]: No Trojan Files FoundRemoving Temp Files[b]ADS Check [/b]: [b]Final Check [/b]:catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-06-14 12:29:15Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]"ujdew"=hex:20,02,00,00,86,bd,a0,55,de,6a,8a,b5,42,fa,7f,79,d4,07,06,6d,46,.."ljej40"=hex:cc,73,25,db,ed,a7,69,0d,ed,4a,11,19,d2,2d,59,ea,52,6e,8c,c5,2f,.."ljej41"=hex:76,73,25,db,95,a7,69,0d,ec,4a,10,19,d3,2d,59,ea,52,6e,8c,c5,41,.."ljej42"=hex:76,73,25,db,95,a7,69,0d,ec,4a,10,19,d3,2d,59,ea,52,6e,8c,c5,41,.."ljej43"=hex:76,73,25,db,95,a7,69,0d,ec,4a,10,19,d3,2d,59,ea,52,6e,8c,c5,41,.."ljej44"=hex:76,73,25,db,95,a7,69,0d,ec,4a,10,19,d3,2d,59,ea,52,6e,8c,c5,41,..scanning hidden registry entries ...[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]"DisplayName"="Alcohol 120%"scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0[b]Remaining Services [/b]:Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent""D:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"="D:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe:*:Enabled:Football Manager 2009"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"[b]Remaining Files [/b]:[b]Files with Hidden Attributes [/b]:Wed 10 Jun 2009 104,655 ..SHR --- "D:\6phx.com"Fri 12 Jun 2009 103,184 ..SHR --- "D:\9dlvtiil.exe"[b]Finished![/b]
kenwood komentarz 14 czerwca 2009 Autor komentarz 14 czerwca 2009 (edytowane) Już mam: Malwarebytes' Anti-Malware 1.37Wersja bazy definicji: 2274Windows 5.1.2600 Dodatek Service Pack 22009-06-14 13:05:32mbam-log-2009-06-14 (13-05-32).txtTyp skanowania: Pełne skanowanie (C:\|D:\|)Przeskanowane obiekty: 155482Upłynęło: 31 minute(s), 11 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 0Zainfekowane wartości rejestru: 0Zainfekowane pliki rejestru: 0Zainfekowane foldery: 0Zainfekowane pliki: 21Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:(Nie wykryto groźnych plików)Zainfekowane wartości rejestru:(Nie wykryto groźnych plików)Zainfekowane pliki rejestru:(Nie wykryto groźnych plików)Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:c:\9dlvtiil.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.c:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP15\A0004029.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.c:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP16\A0004039.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.c:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP17\A0004047.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.c:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP17\A0004113.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.c:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP18\A0004177.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.c:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP18\A0004260.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\9dlvtiil.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP15\A0004028.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP15\A0004031.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP15\A0004033.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP16\A0004041.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP17\A0004049.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP17\A0004080.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP17\A0004115.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP18\A0004179.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP18\A0004259.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP18\A0004262.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP18\A0004264.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP18\A0004265.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.d:\system volume information\_restore{e6746759-6d76-4435-9963-f786c311e9ee}\RP20\A0004512.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. DODAM ŻE TE PLIKI KTÓRE USUNĄŁ PROGRAM USUWAŁ MI WCZEŚNIEJ ANTYVIR...
kenwood komentarz 14 czerwca 2009 Autor komentarz 14 czerwca 2009 Proszę: ComboFix 09-06-13.09 - Administrator 2009-06-14 14:19.3 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1594 [GMT 2:00]Uruchomiony z: d:\documents and settings\Administrator.KENWOOD-B9542AE\Pulpit\ComboFix.exeAV: avast! antivirus 4.8.1335 [VPS 090613-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}.((((((((((((((((((((((((( Pliki utworzone od 2009-05-14 do 2009-06-14 ))))))))))))))))))))))))))))))).2009-06-14 10:33 . 2009-06-14 10:33 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Malwarebytes2009-06-14 10:33 . 2009-05-26 11:20 40160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys2009-06-14 10:33 . 2009-06-14 10:33 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes2009-06-14 10:33 . 2009-05-26 11:19 19096 ----a-w- d:\windows\system32\drivers\mbam.sys2009-06-14 10:33 . 2009-06-14 10:33 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware2009-06-14 10:22 . 2009-06-14 10:22 -------- d-----w- d:\windows\ERUNT2009-06-13 16:38 . 2009-06-13 16:38 107888 ----a-w- d:\windows\system32\CmdLineExt.dll2009-06-13 16:34 . 2009-06-13 16:34 -------- d-----w- d:\windows\1C4551A64743409391E41477CD655043.TMP2009-06-13 16:34 . 2009-04-30 20:02 457248 ----a-w- d:\windows\system32\nvudisp.exe2009-06-13 16:14 . 2009-06-13 16:14 -------- d-----w- d:\program files\CCleaner2009-06-13 15:40 . 2009-06-13 15:41 -------- d-----w- d:\program files\Driver Cleaner2009-06-13 14:25 . 2009-02-05 20:06 23152 ----a-w- d:\windows\system32\drivers\aswRdr.sys2009-06-13 14:25 . 2009-02-05 20:06 51376 ----a-w- d:\windows\system32\drivers\aswTdi.sys2009-06-13 14:25 . 2009-02-05 20:05 26944 ----a-w- d:\windows\system32\drivers\aavmker4.sys2009-06-13 14:25 . 2009-02-05 20:04 97480 ----a-w- d:\windows\system32\AvastSS.scr2009-06-13 14:25 . 2009-02-05 20:08 93296 ----a-w- d:\windows\system32\drivers\aswmon.sys2009-06-13 14:25 . 2009-02-05 20:08 94032 ----a-w- d:\windows\system32\drivers\aswmon2.sys2009-06-13 14:25 . 2009-02-05 20:07 114768 ----a-w- d:\windows\system32\drivers\aswSP.sys2009-06-13 14:25 . 2009-02-05 20:07 20560 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys2009-06-13 14:24 . 2009-02-05 20:11 1256296 ----a-w- d:\windows\system32\aswBoot.exe2009-06-13 14:24 . 2003-03-18 19:20 1060864 ----a-w- d:\windows\system32\MFC71.dll2009-06-13 14:24 . 2003-03-18 18:14 499712 ----a-w- d:\windows\system32\MSVCP71.dll2009-06-13 14:24 . 2003-02-21 02:42 348160 ----a-w- d:\windows\system32\MSVCR71.dll2009-06-13 14:24 . 2009-06-13 14:24 -------- d-----w- d:\program files\Alwil Software2009-06-13 13:36 . 2009-06-13 13:36 -------- d-----w- d:\program files\AGEIA Technologies2009-06-13 13:36 . 2009-06-13 13:36 -------- d-----w- d:\windows\system32\AGEIA2009-06-13 13:35 . 2009-06-13 13:36 -------- d-----w- d:\windows\NV57565760.TMP2009-06-13 13:35 . 2009-04-26 22:42 457248 ----a-w- d:\windows\system32\NVUNINST.EXE2009-06-13 13:16 . 2009-06-13 13:36 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard2009-06-12 11:16 . 2009-06-12 11:18 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\Ahead2009-06-12 11:16 . 2009-06-12 11:16 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\LightScribe2009-06-12 11:16 . 2009-06-12 11:16 -------- d-----w- d:\program files\Common Files\LightScribe2009-06-12 11:15 . 2009-06-12 11:18 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Ahead2009-06-12 11:12 . 2009-06-12 11:16 -------- d-----w- d:\program files\Common Files\Ahead2009-06-12 11:12 . 2009-06-12 11:12 -------- d-----w- d:\program files\Nero2009-06-12 11:12 . 2009-06-12 11:12 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\Nero2009-06-12 10:40 . 2009-06-12 10:40 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\The Creative Assembly2009-06-12 10:40 . 2009-03-09 13:27 453456 ----a-w- d:\windows\system32\d3dx10_41.dll2009-06-12 10:40 . 2009-03-09 13:27 1846632 ----a-w- d:\windows\system32\D3DCompiler_41.dll2009-06-12 10:40 . 2009-03-16 12:18 69448 ----a-w- d:\windows\system32\XAPOFX1_3.dll2009-06-12 10:40 . 2009-03-16 12:18 517448 ----a-w- d:\windows\system32\XAudio2_4.dll2009-06-12 10:40 . 2009-03-16 12:18 235352 ----a-w- d:\windows\system32\xactengine3_4.dll2009-06-12 10:40 . 2009-03-09 13:27 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll2009-06-12 10:40 . 2009-03-16 12:18 22360 ----a-w- d:\windows\system32\X3DAudio1_6.dll2009-06-12 10:40 . 2008-10-15 04:22 452440 ----a-w- d:\windows\system32\d3dx10_40.dll2009-06-12 10:40 . 2008-10-15 04:22 4379984 ----a-w- d:\windows\system32\D3DX9_40.dll2009-06-12 10:40 . 2008-10-15 04:22 2036576 ----a-w- d:\windows\system32\D3DCompiler_40.dll2009-06-12 10:39 . 2008-10-15 05:03 70992 ----a-w- d:\windows\system32\XAPOFX1_2.dll2009-06-12 10:39 . 2008-10-15 05:03 235856 ----a-w- d:\windows\system32\xactengine3_3.dll2009-06-12 10:39 . 2008-10-15 05:03 514384 ----a-w- d:\windows\system32\XAudio2_3.dll2009-06-12 10:39 . 2008-10-15 05:03 23376 ----a-w- d:\windows\system32\X3DAudio1_5.dll2009-06-12 10:39 . 2008-07-30 04:20 68616 ----a-w- d:\windows\system32\XAPOFX1_1.dll2009-06-12 10:39 . 2008-07-30 04:20 509448 ----a-w- d:\windows\system32\XAudio2_2.dll2009-06-12 10:39 . 2008-07-30 04:20 238088 ----a-w- d:\windows\system32\xactengine3_2.dll2009-06-10 18:10 . 2009-06-10 18:10 -------- d-----w- d:\program files\Electronic Arts2009-06-10 06:59 . 2009-06-10 18:05 104655 --sh--r- D:\6phx.com2009-06-09 14:54 . 2009-06-09 14:54 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\Identities2009-06-09 09:51 . 2004-08-03 20:58 5504 -c--a-w- d:\windows\system32\dllcache\mstee.sys2009-06-09 09:51 . 2004-08-03 20:58 5504 ----a-w- d:\windows\system32\drivers\MSTEE.sys2009-06-09 09:51 . 2004-08-03 21:10 10880 -c--a-w- d:\windows\system32\dllcache\ndisip.sys2009-06-09 09:51 . 2004-08-03 21:10 10880 ----a-w- d:\windows\system32\drivers\NdisIP.sys2009-06-09 07:41 . 2009-06-09 07:41 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Ulead Systems2009-06-09 07:41 . 2009-06-09 07:41 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\Help2009-06-09 07:41 . 2009-06-09 07:41 -------- d-----w- d:\windows\system32\windows media2009-06-09 07:40 . 2009-06-09 07:40 -------- d-----w- d:\program files\Windows Media Components2009-06-09 07:40 . 2009-06-09 07:41 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\Ulead Systems2009-06-09 07:40 . 2009-06-09 07:40 -------- d-----w- d:\program files\Common Files\Ulead Systems2009-06-09 07:40 . 2009-06-09 07:40 -------- d-----w- d:\program files\Ulead Systems2009-06-09 06:28 . 2004-08-03 21:08 26496 -c--a-w- d:\windows\system32\dllcache\usbstor.sys2009-06-08 19:37 . 2009-06-11 08:47 24088 ----a-w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-08 18:41 . 2009-06-08 18:41 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Sports Interactive2009-06-08 18:27 . 2009-06-08 18:27 -------- d--h--w- d:\documents and settings\Administrator.KENWOOD-B9542AE\InstallAnywhere2009-06-08 18:25 . 2001-08-17 21:59 3072 ----a-w- d:\windows\system32\drivers\audstub.sys2009-06-08 18:24 . 2004-08-04 00:35 58624 ----a-w- d:\windows\system32\drivers\redbook.sys2009-06-08 18:24 . 2004-08-03 23:01 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys2009-06-08 18:24 . 2001-08-17 21:46 6400 ----a-w- d:\windows\system32\drivers\enum1394.sys2009-06-08 18:23 . 2004-08-03 22:44 77312 -c--a-w- d:\windows\system32\dllcache\usbui.dll2009-06-08 18:23 . 2004-08-03 22:44 77312 ----a-w- d:\windows\system32\usbui.dll2009-06-08 18:20 . 2009-06-14 10:33 -------- d--h--r- d:\documents and settings\All Users.WINDOWS\Dane aplikacji2009-06-08 18:19 . 2009-06-12 11:16 -------- d--h--w- d:\documents and settings\Default User.WINDOWS2009-06-08 18:19 . 2009-06-08 16:30 -------- d-----w- d:\documents and settings\All Users.WINDOWS2009-06-08 18:18 . 2004-04-30 07:37 160640 ----a-w- d:\windows\system32\drivers\a347bus.sys2009-06-08 18:18 . 2004-04-30 07:33 5248 ----a-w- d:\windows\system32\drivers\a347scsi.sys2009-06-08 18:09 . 2006-05-04 08:26 2808832 ------r- d:\windows\alcwzrd.exe2009-06-08 18:09 . 2005-05-03 10:43 69632 ------r- d:\windows\Alcmtr.exe2009-06-08 18:09 . 2008-05-07 11:21 4739072 ------r- d:\windows\system32\drivers\RtkHDAud.sys2009-06-08 18:09 . 2008-05-07 07:39 16862208 ------r- d:\windows\RTHDCPL.exe2009-06-08 18:09 . 2008-04-02 01:27 1196032 ------r- d:\windows\RtlUpd.exe2009-06-08 18:09 . 2007-11-20 10:15 1826816 ------r- d:\windows\SkyTel.exe2009-06-08 18:09 . 2007-06-28 08:44 2165760 ------r- d:\windows\MicCal.exe2009-06-08 18:09 . 2007-03-23 11:19 9715200 ------r- d:\windows\RTLCPL.exe2009-06-08 18:09 . 2006-08-01 07:02 49152 ------r- d:\windows\system32\ChCfg.exe2009-06-08 18:09 . 2006-07-21 08:14 86016 ------r- d:\windows\SoundMan.exe2009-06-08 18:09 . 2008-03-05 10:07 520192 ------r- d:\windows\RtlExUpd.dll2009-06-08 18:08 . 2004-11-18 08:42 22752 ----a-w- d:\windows\system32\spupdsvc.exe2009-06-08 17:56 . 2009-06-08 17:58 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Winamp2009-06-08 17:48 . 2009-06-08 17:51 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Nowe Gadu-Gadu2009-06-08 17:47 . 2009-06-14 09:50 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\uTorrent2009-06-08 17:45 . 2009-06-08 18:30 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\Sports Interactive2009-06-08 17:35 . 2009-06-08 17:35 0 ----a-w- d:\windows\nsreg.dat2009-06-08 17:35 . 2009-06-08 17:35 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\Mozilla2009-06-08 17:32 . 2005-11-04 14:55 126976 ----a-w- d:\windows\system32\coclassfast.dll2009-06-08 17:11 . 2008-01-03 14:10 105856 ----a-r- d:\windows\system32\drivers\Rtenicxp.sys2009-06-08 17:11 . 2009-06-08 17:11 -------- d-----w- d:\windows\OPTIONS2009-06-08 17:11 . 2009-06-08 17:11 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\InstallShield2009-06-08 17:09 . 2009-06-08 18:09 -------- d-----w- d:\program files\Realtek2009-06-08 17:09 . 2009-06-08 17:09 315392 ----a-w- d:\windows\HideWin.exe2009-06-08 16:53 . 2008-03-26 03:15 53248 ----a-r- d:\windows\system32\CSVer.dll2009-06-08 16:52 . 2009-06-14 12:22 16608 ----a-w- d:\windows\gdrv.sys2009-06-08 16:46 . 2009-06-08 16:46 -------- d-sh--w- d:\documents and settings\LocalService.ZARZĄDZANIE NT2009-06-08 16:36 . 2009-06-08 16:36 -------- d-sh--w- d:\documents and settings\NetworkService.ZARZĄDZANIE NT2009-06-08 16:33 . 2004-08-03 21:44 40960 -c--a-w- d:\windows\system32\dllcache\msiregmv.exe2009-06-08 16:32 . 2001-10-26 16:28 13463552 -c--a-w- d:\windows\system32\dllcache\hwxjpn.dll2009-06-08 16:31 . 2001-10-26 16:29 9728 -c--a-w- d:\windows\system32\dllcache\change.exe2009-06-08 16:30 . 2009-06-12 11:12 -------- d-sh--w- d:\documents and settings\All Users.WINDOWS\DRM2009-06-08 16:28 . 2004-08-03 21:44 726078 -c--a-w- d:\windows\system32\dllcache\srchui.dll2009-06-08 16:27 . 2001-10-26 16:30 5632 -c--a-w- d:\windows\system32\dllcache\write.exe2009-06-08 08:12 . 2009-06-08 08:12 -------- d-s---w- d:\documents and settings\Administrator.KENWOOD-25032AC\UserData2009-06-08 08:02 . 2009-06-08 16:28 -------- d-----w- d:\windows\system32\wbem\Repository2009-06-06 10:03 . 2009-06-06 10:04 -------- d-----w- d:\program files\Common Files\Sony Ericsson Shared2009-06-06 10:03 . 2009-06-06 10:04 -------- d-----w- d:\program files\Common Files\Teleca Shared2009-06-06 10:03 . 2009-06-06 10:03 -------- d-----w- d:\program files\Sony Ericsson2009-06-06 10:03 . 2009-06-06 10:03 -------- d-----w- d:\windows\Downloaded Installations2009-06-04 12:45 . 2009-06-04 12:45 -------- d-----w- d:\program files\Common Files\TV2009-06-04 12:45 . 2009-06-04 12:46 -------- d-----w- d:\program files\AVerTV.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-06-12 10:16 . 2009-06-12 09:12 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\PeaZip2009-06-12 09:12 . 2009-06-12 09:12 -------- d-----w- d:\program files\PeaZip2009-06-11 20:07 . 2009-06-11 20:06 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Tibia2009-06-10 18:21 . 2009-06-10 18:21 10134 ----a-r- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe2009-06-10 18:21 . 2009-06-10 18:21 -------- d-----w- d:\program files\Microsoft WSE2009-06-10 18:21 . 2001-10-26 15:15 74450 ----a-w- d:\windows\system32\perfc015.dat2009-06-10 18:21 . 2001-10-26 15:15 448348 ----a-w- d:\windows\system32\perfh015.dat2009-06-10 18:10 . 2009-06-02 17:36 -------- d--h--w- d:\program files\InstallShield Installation Information2009-06-09 18:23 . 2009-06-08 16:30 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat2009-06-09 07:40 . 2009-06-02 17:36 -------- d-----w- d:\program files\Common Files\InstallShield2009-06-08 17:56 . 2009-06-02 19:07 -------- d-----w- d:\program files\Winamp2009-06-08 17:48 . 2009-06-02 18:36 -------- d-----w- d:\program files\Nowe Gadu-Gadu2009-06-08 16:28 . 2009-06-08 16:28 21856 ----a-w- d:\windows\system32\emptyregdb.dat2009-06-02 19:22 . 2009-06-02 19:21 -------- d--h--w- d:\program files\Zero G Registry2009-06-02 19:21 . 2009-06-02 19:21 -------- d-----w- d:\program files\Sports Interactive2009-06-02 19:15 . 2009-06-02 19:15 -------- d-----w- d:\program files\Alcohol Soft2009-06-02 19:09 . 2009-06-02 19:09 -------- d-----w- d:\program files\Winamp Toolbar2009-06-02 18:31 . 2009-06-02 18:31 -------- d-----w- d:\program files\AskSearch2009-06-02 18:31 . 2009-06-02 18:31 -------- d-----w- d:\program files\AskBarDis2009-06-02 18:30 . 2009-06-02 18:30 -------- d-----w- d:\program files\uTorrent2009-06-02 18:22 . 2009-06-02 18:22 -------- d-----w- d:\program files\SAGEM2009-06-02 17:37 . 2009-06-02 17:37 -------- d-----w- d:\program files\Intel2009-06-02 17:36 . 2009-06-02 17:36 -------- d-----w- d:\program files\GIGABYTE2009-06-02 17:29 . 2009-06-02 17:29 -------- d-----w- d:\program files\microsoft frontpage2009-06-02 17:28 . 2009-06-02 17:28 -------- d-----w- d:\program files\Usługi online2009-05-28 09:23 . 2009-05-28 09:23 42088 ----a-w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- d:\windows\system32\nvcplui.exe2009-04-30 20:02 . 2009-04-30 20:02 9994240 ----a-w- d:\windows\system32\nvoglnt.dll2009-04-30 20:02 . 2009-04-30 20:02 806912 ----a-w- d:\windows\system32\SETB9.tmp2009-04-30 20:02 . 2009-04-30 20:02 5896320 ----a-w- d:\windows\system32\SETB7.tmp2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- d:\windows\system32\nvdata.bin2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- d:\windows\system32\SETC2.tmp2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- d:\windows\system32\nvcodins.dll2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- d:\windows\system32\nvcod.dll2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- d:\windows\system32\nvcuvenc.dll2009-04-30 20:02 . 2009-02-18 12:44 806912 ----a-w- d:\windows\system32\nvapi.dll2009-04-30 20:02 . 2009-02-18 12:44 663552 ----a-w- d:\windows\system32\nvcuvid.dll2009-04-30 20:02 . 2009-02-18 12:44 1720320 ----a-w- d:\windows\system32\nvcuda.dll2009-04-30 20:02 . 2008-05-09 02:56 8055584 ----a-w- d:\windows\system32\drivers\nv4_mini.sys2009-04-30 20:02 . 2008-05-09 02:56 5896320 ----a-w- d:\windows\system32\nv4_disp.dll.------- Sigcheck -------[-] 2008-03-05 19:54 1548288 44A87287F63395AE9E7950D266A73160 d:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]2009-05-28 09:23 42088 ----a-w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Nowe Gadu-Gadu"="d:\program files\Nowe Gadu-Gadu\gg.exe" [2009-05-28 10486376]"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]"LightScribe Control Panel"="d:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"WiseStubReboot"="MSIEXEC" [X][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GEST"="m‘|\ü" [X]"WinampAgent"="d:\program files\Winamp\winampa.exe" [2009-04-10 37888]"NeroFilterCheck"="d:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-04-30 86016]"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-04-30 13750272]"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.exe [2008-05-07 16862208]"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-04-30 1657376][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-03 15360][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\uTorrent\\uTorrent.exe"="d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2009-06-13 114768]R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2009-06-13 20560]R2 GEST Service;GEST Service for program management.;d:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-06-02 80392][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"d:\program files\Common Files\LightScribe\LSRunOnce.exe"..------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = hxxp://192.168.1.1/.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-06-14 14:22Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'explorer.exe'(3528)d:\program files\Common Files\Ahead\Lib\NeroSearchBar.dlld:\program files\Common Files\Ahead\Lib\MFC71U.DLLd:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll.Czas ukończenia: 2009-06-14 14:23ComboFix-quarantined-files.txt 2009-06-14 12:23Przed: 163 861 135 360 bajtów wolnychPo: 163 854 008 320 bajtów wolnych241
Gość komentarz 14 czerwca 2009 komentarz 14 czerwca 2009 1. Wklej do Notatnika: File::C:\6phx.comD:\6phx.comFolder::\program files\AskSearchd:\program files\AskBarDisRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Nowe Gadu-Gadu"=="MSMSGS"=="BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=="LightScribe Control Panel"==[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"WiseStubReboot"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GEST"=-"WinampAgent"=-"NeroFilterCheck"=-"NvMediaCenter"=-"NvCplDaemon"=-"RTHDCPL"=-"nwiz"=- >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. 2. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt. 3. Z folderu "System Volume Information" wirusy usuniesz poprzez chwilowe wyłączenie "Przywracania Systemu": >Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka). .
kenwood komentarz 14 czerwca 2009 Autor komentarz 14 czerwca 2009 ComboFix 09-06-13.09 - Administrator 2009-06-14 14:52.5 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1601 [GMT 2:00]Uruchomiony z: d:\documents and settings\Administrator.KENWOOD-B9542AE\Pulpit\ComboFix.exeUżyto następujących komend :: d:\documents and settings\Administrator.KENWOOD-B9542AE\Pulpit\CFScript.txtAV: avast! antivirus 4.8.1335 [VPS 090613-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FILE ::"C:\6phx.com""D:\6phx.com".((((((((((((((((((((((((( Pliki utworzone od 2009-05-14 do 2009-06-14 ))))))))))))))))))))))))))))))).2009-06-14 10:33 . 2009-06-14 10:33 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Malwarebytes2009-06-14 10:33 . 2009-05-26 11:20 40160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys2009-06-14 10:33 . 2009-06-14 10:33 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes2009-06-14 10:33 . 2009-05-26 11:19 19096 ----a-w- d:\windows\system32\drivers\mbam.sys2009-06-14 10:33 . 2009-06-14 10:33 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware2009-06-14 10:22 . 2009-06-14 10:22 -------- d-----w- d:\windows\ERUNT2009-06-13 16:38 . 2009-06-13 16:38 107888 ----a-w- d:\windows\system32\CmdLineExt.dll2009-06-13 16:34 . 2009-06-13 16:34 -------- d-----w- d:\windows\1C4551A64743409391E41477CD655043.TMP2009-06-13 16:34 . 2009-04-30 20:02 457248 ----a-w- d:\windows\system32\nvudisp.exe2009-06-13 16:14 . 2009-06-13 16:14 -------- d-----w- d:\program files\CCleaner2009-06-13 15:40 . 2009-06-13 15:41 -------- d-----w- d:\program files\Driver Cleaner2009-06-13 14:25 . 2009-02-05 20:06 23152 ----a-w- d:\windows\system32\drivers\aswRdr.sys2009-06-13 14:25 . 2009-02-05 20:06 51376 ----a-w- d:\windows\system32\drivers\aswTdi.sys2009-06-13 14:25 . 2009-02-05 20:05 26944 ----a-w- d:\windows\system32\drivers\aavmker4.sys2009-06-13 14:25 . 2009-02-05 20:04 97480 ----a-w- d:\windows\system32\AvastSS.scr2009-06-13 14:25 . 2009-02-05 20:08 93296 ----a-w- d:\windows\system32\drivers\aswmon.sys2009-06-13 14:25 . 2009-02-05 20:08 94032 ----a-w- d:\windows\system32\drivers\aswmon2.sys2009-06-13 14:25 . 2009-02-05 20:07 114768 ----a-w- d:\windows\system32\drivers\aswSP.sys2009-06-13 14:25 . 2009-02-05 20:07 20560 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys2009-06-13 14:24 . 2009-02-05 20:11 1256296 ----a-w- d:\windows\system32\aswBoot.exe2009-06-13 14:24 . 2003-03-18 19:20 1060864 ----a-w- d:\windows\system32\MFC71.dll2009-06-13 14:24 . 2003-03-18 18:14 499712 ----a-w- d:\windows\system32\MSVCP71.dll2009-06-13 14:24 . 2003-02-21 02:42 348160 ----a-w- d:\windows\system32\MSVCR71.dll2009-06-13 14:24 . 2009-06-13 14:24 -------- d-----w- d:\program files\Alwil Software2009-06-13 13:36 . 2009-06-13 13:36 -------- d-----w- d:\program files\AGEIA Technologies2009-06-13 13:36 . 2009-06-13 13:36 -------- d-----w- d:\windows\system32\AGEIA2009-06-13 13:35 . 2009-06-13 13:36 -------- d-----w- d:\windows\NV57565760.TMP2009-06-13 13:35 . 2009-04-26 22:42 457248 ----a-w- d:\windows\system32\NVUNINST.EXE2009-06-13 13:16 . 2009-06-13 13:36 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard2009-06-12 11:16 . 2009-06-12 11:18 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\Ahead2009-06-12 11:16 . 2009-06-12 11:16 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\LightScribe2009-06-12 11:16 . 2009-06-12 11:16 -------- d-----w- d:\program files\Common Files\LightScribe2009-06-12 11:15 . 2009-06-12 11:18 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Ahead2009-06-12 11:12 . 2009-06-12 11:16 -------- d-----w- d:\program files\Common Files\Ahead2009-06-12 11:12 . 2009-06-12 11:12 -------- d-----w- d:\program files\Nero2009-06-12 11:12 . 2009-06-12 11:12 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\Nero2009-06-12 10:40 . 2009-06-12 10:40 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\The Creative Assembly2009-06-12 10:40 . 2009-03-09 13:27 453456 ----a-w- d:\windows\system32\d3dx10_41.dll2009-06-12 10:40 . 2009-03-09 13:27 1846632 ----a-w- d:\windows\system32\D3DCompiler_41.dll2009-06-12 10:40 . 2009-03-16 12:18 69448 ----a-w- d:\windows\system32\XAPOFX1_3.dll2009-06-12 10:40 . 2009-03-16 12:18 517448 ----a-w- d:\windows\system32\XAudio2_4.dll2009-06-12 10:40 . 2009-03-16 12:18 235352 ----a-w- d:\windows\system32\xactengine3_4.dll2009-06-12 10:40 . 2009-03-09 13:27 4178264 ----a-w- d:\windows\system32\D3DX9_41.dll2009-06-12 10:40 . 2009-03-16 12:18 22360 ----a-w- d:\windows\system32\X3DAudio1_6.dll2009-06-12 10:40 . 2008-10-15 04:22 452440 ----a-w- d:\windows\system32\d3dx10_40.dll2009-06-12 10:40 . 2008-10-15 04:22 4379984 ----a-w- d:\windows\system32\D3DX9_40.dll2009-06-12 10:40 . 2008-10-15 04:22 2036576 ----a-w- d:\windows\system32\D3DCompiler_40.dll2009-06-12 10:39 . 2008-10-15 05:03 70992 ----a-w- d:\windows\system32\XAPOFX1_2.dll2009-06-12 10:39 . 2008-10-15 05:03 235856 ----a-w- d:\windows\system32\xactengine3_3.dll2009-06-12 10:39 . 2008-10-15 05:03 514384 ----a-w- d:\windows\system32\XAudio2_3.dll2009-06-12 10:39 . 2008-10-15 05:03 23376 ----a-w- d:\windows\system32\X3DAudio1_5.dll2009-06-12 10:39 . 2008-07-30 04:20 68616 ----a-w- d:\windows\system32\XAPOFX1_1.dll2009-06-12 10:39 . 2008-07-30 04:20 509448 ----a-w- d:\windows\system32\XAudio2_2.dll2009-06-12 10:39 . 2008-07-30 04:20 238088 ----a-w- d:\windows\system32\xactengine3_2.dll2009-06-10 18:10 . 2009-06-10 18:10 -------- d-----w- d:\program files\Electronic Arts2009-06-09 14:54 . 2009-06-09 14:54 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\Identities2009-06-09 09:51 . 2004-08-03 20:58 5504 -c--a-w- d:\windows\system32\dllcache\mstee.sys2009-06-09 09:51 . 2004-08-03 20:58 5504 ----a-w- d:\windows\system32\drivers\MSTEE.sys2009-06-09 09:51 . 2004-08-03 21:10 10880 -c--a-w- d:\windows\system32\dllcache\ndisip.sys2009-06-09 09:51 . 2004-08-03 21:10 10880 ----a-w- d:\windows\system32\drivers\NdisIP.sys2009-06-09 07:41 . 2009-06-09 07:41 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Ulead Systems2009-06-09 07:41 . 2009-06-09 07:41 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\Help2009-06-09 07:41 . 2009-06-09 07:41 -------- d-----w- d:\windows\system32\windows media2009-06-09 07:40 . 2009-06-09 07:40 -------- d-----w- d:\program files\Windows Media Components2009-06-09 07:40 . 2009-06-09 07:41 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\Ulead Systems2009-06-09 07:40 . 2009-06-09 07:40 -------- d-----w- d:\program files\Common Files\Ulead Systems2009-06-09 07:40 . 2009-06-09 07:40 -------- d-----w- d:\program files\Ulead Systems2009-06-09 06:28 . 2004-08-03 21:08 26496 -c--a-w- d:\windows\system32\dllcache\usbstor.sys2009-06-08 19:37 . 2009-06-11 08:47 24088 ----a-w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-08 18:41 . 2009-06-08 18:41 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Sports Interactive2009-06-08 18:27 . 2009-06-08 18:27 -------- d--h--w- d:\documents and settings\Administrator.KENWOOD-B9542AE\InstallAnywhere2009-06-08 18:25 . 2001-08-17 21:59 3072 ----a-w- d:\windows\system32\drivers\audstub.sys2009-06-08 18:24 . 2004-08-04 00:35 58624 ----a-w- d:\windows\system32\drivers\redbook.sys2009-06-08 18:24 . 2004-08-03 23:01 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys2009-06-08 18:24 . 2001-08-17 21:46 6400 ----a-w- d:\windows\system32\drivers\enum1394.sys2009-06-08 18:23 . 2004-08-03 22:44 77312 -c--a-w- d:\windows\system32\dllcache\usbui.dll2009-06-08 18:23 . 2004-08-03 22:44 77312 ----a-w- d:\windows\system32\usbui.dll2009-06-08 18:20 . 2009-06-14 10:33 -------- d--h--r- d:\documents and settings\All Users.WINDOWS\Dane aplikacji2009-06-08 18:19 . 2009-06-12 11:16 -------- d--h--w- d:\documents and settings\Default User.WINDOWS2009-06-08 18:19 . 2009-06-08 16:30 -------- d-----w- d:\documents and settings\All Users.WINDOWS2009-06-08 18:18 . 2004-04-30 07:37 160640 ----a-w- d:\windows\system32\drivers\a347bus.sys2009-06-08 18:18 . 2004-04-30 07:33 5248 ----a-w- d:\windows\system32\drivers\a347scsi.sys2009-06-08 18:09 . 2006-05-04 08:26 2808832 ------r- d:\windows\alcwzrd.exe2009-06-08 18:09 . 2005-05-03 10:43 69632 ------r- d:\windows\Alcmtr.exe2009-06-08 18:09 . 2008-05-07 11:21 4739072 ------r- d:\windows\system32\drivers\RtkHDAud.sys2009-06-08 18:09 . 2008-05-07 07:39 16862208 ------r- d:\windows\RTHDCPL.exe2009-06-08 18:09 . 2008-04-02 01:27 1196032 ------r- d:\windows\RtlUpd.exe2009-06-08 18:09 . 2007-11-20 10:15 1826816 ------r- d:\windows\SkyTel.exe2009-06-08 18:09 . 2007-06-28 08:44 2165760 ------r- d:\windows\MicCal.exe2009-06-08 18:09 . 2007-03-23 11:19 9715200 ------r- d:\windows\RTLCPL.exe2009-06-08 18:09 . 2006-08-01 07:02 49152 ------r- d:\windows\system32\ChCfg.exe2009-06-08 18:09 . 2006-07-21 08:14 86016 ------r- d:\windows\SoundMan.exe2009-06-08 18:09 . 2008-03-05 10:07 520192 ------r- d:\windows\RtlExUpd.dll2009-06-08 18:08 . 2004-11-18 08:42 22752 ----a-w- d:\windows\system32\spupdsvc.exe2009-06-08 17:56 . 2009-06-08 17:58 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Winamp2009-06-08 17:48 . 2009-06-08 17:51 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Nowe Gadu-Gadu2009-06-08 17:47 . 2009-06-14 09:50 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\uTorrent2009-06-08 17:45 . 2009-06-08 18:30 -------- d-----w- d:\documents and settings\All Users.WINDOWS\Dane aplikacji\Sports Interactive2009-06-08 17:35 . 2009-06-08 17:35 0 ----a-w- d:\windows\nsreg.dat2009-06-08 17:35 . 2009-06-08 17:35 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Ustawienia lokalne\Dane aplikacji\Mozilla2009-06-08 17:32 . 2005-11-04 14:55 126976 ----a-w- d:\windows\system32\coclassfast.dll2009-06-08 17:11 . 2008-01-03 14:10 105856 ----a-r- d:\windows\system32\drivers\Rtenicxp.sys2009-06-08 17:11 . 2009-06-08 17:11 -------- d-----w- d:\windows\OPTIONS2009-06-08 17:11 . 2009-06-08 17:11 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\InstallShield2009-06-08 17:09 . 2009-06-08 18:09 -------- d-----w- d:\program files\Realtek2009-06-08 17:09 . 2009-06-08 17:09 315392 ----a-w- d:\windows\HideWin.exe2009-06-08 16:53 . 2008-03-26 03:15 53248 ----a-r- d:\windows\system32\CSVer.dll2009-06-08 16:52 . 2009-06-14 12:55 16608 ----a-w- d:\windows\gdrv.sys2009-06-08 16:46 . 2009-06-08 16:46 -------- d-sh--w- d:\documents and settings\LocalService.ZARZĄDZANIE NT2009-06-08 16:36 . 2009-06-08 16:36 -------- d-sh--w- d:\documents and settings\NetworkService.ZARZĄDZANIE NT2009-06-08 16:33 . 2004-08-03 21:44 40960 -c--a-w- d:\windows\system32\dllcache\msiregmv.exe2009-06-08 16:32 . 2001-10-26 16:28 13463552 -c--a-w- d:\windows\system32\dllcache\hwxjpn.dll2009-06-08 16:31 . 2001-10-26 16:29 9728 -c--a-w- d:\windows\system32\dllcache\change.exe2009-06-08 16:30 . 2009-06-12 11:12 -------- d-sh--w- d:\documents and settings\All Users.WINDOWS\DRM2009-06-08 16:28 . 2004-08-03 21:44 726078 -c--a-w- d:\windows\system32\dllcache\srchui.dll2009-06-08 16:27 . 2001-10-26 16:30 5632 -c--a-w- d:\windows\system32\dllcache\write.exe2009-06-08 08:12 . 2009-06-08 08:12 -------- d-s---w- d:\documents and settings\Administrator.KENWOOD-25032AC\UserData2009-06-08 08:02 . 2009-06-08 16:28 -------- d-----w- d:\windows\system32\wbem\Repository2009-06-06 10:03 . 2009-06-06 10:04 -------- d-----w- d:\program files\Common Files\Sony Ericsson Shared2009-06-06 10:03 . 2009-06-06 10:04 -------- d-----w- d:\program files\Common Files\Teleca Shared2009-06-06 10:03 . 2009-06-06 10:03 -------- d-----w- d:\program files\Sony Ericsson2009-06-06 10:03 . 2009-06-06 10:03 -------- d-----w- d:\windows\Downloaded Installations2009-06-04 12:45 . 2009-06-04 12:45 -------- d-----w- d:\program files\Common Files\TV2009-06-04 12:45 . 2009-06-04 12:46 -------- d-----w- d:\program files\AVerTV2009-06-03 11:22 . 2009-06-11 20:06 -------- d-----w- d:\program files\Tibia.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-06-12 10:16 . 2009-06-12 09:12 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\PeaZip2009-06-12 09:12 . 2009-06-12 09:12 -------- d-----w- d:\program files\PeaZip2009-06-11 20:07 . 2009-06-11 20:06 -------- d-----w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Tibia2009-06-10 18:21 . 2009-06-10 18:21 10134 ----a-r- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe2009-06-10 18:21 . 2009-06-10 18:21 -------- d-----w- d:\program files\Microsoft WSE2009-06-10 18:21 . 2001-10-26 15:15 74450 ----a-w- d:\windows\system32\perfc015.dat2009-06-10 18:21 . 2001-10-26 15:15 448348 ----a-w- d:\windows\system32\perfh015.dat2009-06-10 18:10 . 2009-06-02 17:36 -------- d--h--w- d:\program files\InstallShield Installation Information2009-06-09 18:23 . 2009-06-08 16:30 86327 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat2009-06-09 07:40 . 2009-06-02 17:36 -------- d-----w- d:\program files\Common Files\InstallShield2009-06-08 17:56 . 2009-06-02 19:07 -------- d-----w- d:\program files\Winamp2009-06-08 17:48 . 2009-06-02 18:36 -------- d-----w- d:\program files\Nowe Gadu-Gadu2009-06-08 16:28 . 2009-06-08 16:28 21856 ----a-w- d:\windows\system32\emptyregdb.dat2009-06-02 19:22 . 2009-06-02 19:21 -------- d--h--w- d:\program files\Zero G Registry2009-06-02 19:21 . 2009-06-02 19:21 -------- d-----w- d:\program files\Sports Interactive2009-06-02 19:15 . 2009-06-02 19:15 -------- d-----w- d:\program files\Alcohol Soft2009-06-02 19:09 . 2009-06-02 19:09 -------- d-----w- d:\program files\Winamp Toolbar2009-06-02 18:30 . 2009-06-02 18:30 -------- d-----w- d:\program files\uTorrent2009-06-02 18:22 . 2009-06-02 18:22 -------- d-----w- d:\program files\SAGEM2009-06-02 17:37 . 2009-06-02 17:37 -------- d-----w- d:\program files\Intel2009-06-02 17:36 . 2009-06-02 17:36 -------- d-----w- d:\program files\GIGABYTE2009-06-02 17:29 . 2009-06-02 17:29 -------- d-----w- d:\program files\microsoft frontpage2009-06-02 17:28 . 2009-06-02 17:28 -------- d-----w- d:\program files\Usługi online2009-05-28 09:23 . 2009-05-28 09:23 42088 ----a-w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll2009-04-30 22:30 . 2009-04-30 22:30 1194528 ----a-w- d:\windows\system32\nvcplui.exe2009-04-30 20:02 . 2009-04-30 20:02 9994240 ----a-w- d:\windows\system32\nvoglnt.dll2009-04-30 20:02 . 2009-04-30 20:02 806912 ----a-w- d:\windows\system32\SETB9.tmp2009-04-30 20:02 . 2009-04-30 20:02 5896320 ----a-w- d:\windows\system32\SETB7.tmp2009-04-30 20:02 . 2009-04-30 20:02 1579630 ----a-w- d:\windows\system32\nvdata.bin2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- d:\windows\system32\SETC2.tmp2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- d:\windows\system32\nvcodins.dll2009-04-30 20:02 . 2009-04-30 20:02 143360 ----a-w- d:\windows\system32\nvcod.dll2009-04-30 20:02 . 2009-04-30 20:02 1314816 ----a-w- d:\windows\system32\nvcuvenc.dll2009-04-30 20:02 . 2009-02-18 12:44 806912 ----a-w- d:\windows\system32\nvapi.dll2009-04-30 20:02 . 2009-02-18 12:44 663552 ----a-w- d:\windows\system32\nvcuvid.dll2009-04-30 20:02 . 2009-02-18 12:44 1720320 ----a-w- d:\windows\system32\nvcuda.dll2009-04-30 20:02 . 2008-05-09 02:56 8055584 ----a-w- d:\windows\system32\drivers\nv4_mini.sys2009-04-30 20:02 . 2008-05-09 02:56 5896320 ----a-w- d:\windows\system32\nv4_disp.dll.------- Sigcheck -------[-] 2008-03-05 19:54 1548288 44A87287F63395AE9E7950D266A73160 d:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]2009-05-28 09:23 42088 ----a-w- d:\documents and settings\Administrator.KENWOOD-B9542AE\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Nowe Gadu-Gadu"="d:\program files\Nowe Gadu-Gadu\gg.exe" [2009-05-28 10486376]"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]"LightScribe Control Panel"="d:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-03 15360][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\uTorrent\\uTorrent.exe"="d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2009-06-13 114768]R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2009-06-13 20560]R2 GEST Service;GEST Service for program management.;d:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-06-02 80392][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"d:\program files\Common Files\LightScribe\LSRunOnce.exe"..------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = hxxp://192.168.1.1/.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-06-14 14:55Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'explorer.exe'(4584)d:\program files\Common Files\Ahead\Lib\NeroSearchBar.dlld:\program files\Common Files\Ahead\Lib\MFC71U.DLLd:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll.Czas ukończenia: 2009-06-14 14:56ComboFix-quarantined-files.txt 2009-06-14 12:56Przed: 165 821 022 208 bajtów wolnychPo: 165 811 335 168 bajtów wolnych234
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.