GloomRelic utworzono 16 czerwca 2009 utworzono 16 czerwca 2009 Nie otwiera mi się np strona Microsoftu oto logi z combofixa ComboFix 09-06-14.02 - GriX 2009-06-15 14:16.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1547 [GMT 2:00]Uruchomiony z: c:\documents and settings\GriX\Pulpit\ComboFix.exeAV: avast! antivirus 4.8.1335 [VPS 090614-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\IE4 Error Log.txt.((((((((((((((((((((((((( Pliki utworzone od 2009-05-15 do 2009-06-15 ))))))))))))))))))))))))))))))).2009-06-14 19:23 . 2009-06-14 19:23 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2009-06-14 19:23 . 2009-06-14 19:23 189072 ----a-w- c:\windows\system32\PnkBstrB.exe2009-06-14 19:23 . 2009-06-14 19:23 75064 ----a-w- c:\windows\system32\PnkBstrA.exe2009-06-14 16:23 . 2008-12-01 12:35 593920 ------w- c:\windows\system32\ati2sgag.exe2009-06-14 16:22 . 2009-06-14 16:22 -------- d-----w- C:\ATI2009-06-14 15:01 . 2009-06-14 17:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll2009-06-14 07:52 . 2009-06-14 07:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI2009-06-13 17:59 . 2008-10-21 12:51 118784 ----a-w- c:\windows\system32\atibrtmon.exe2009-06-13 17:59 . 2008-05-16 09:48 446464 ----a-w- c:\windows\system32\NVUNINST.EXE2009-06-13 16:00 . 2009-06-13 16:03 -------- d-----w- c:\documents and settings\GriX\polanie-online2009-06-13 10:36 . 2009-06-13 10:36 -------- d-----w- C:\icytower1.32009-06-13 07:51 . 2008-07-10 09:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll2009-06-12 18:13 . 2009-06-12 18:13 -------- d-----w- C:\Ice Tower 42009-06-04 20:26 . 2009-06-04 20:26 1700352 ----a-w- c:\windows\system32\gdiplus.dll2009-06-04 17:39 . 2009-06-13 19:48 1324 ----a-w- c:\windows\system32\d3d9caps.dat2009-06-04 16:23 . 2009-06-04 16:23 -------- d-----w- c:\program files\MSBuild2009-06-04 16:23 . 2009-06-15 05:20 1880472 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-06-04 16:21 . 2009-06-04 16:21 -------- d-----w- c:\windows\system32\XPSViewer2009-06-04 16:20 . 2009-06-04 16:20 -------- d-----w- c:\program files\Reference Assemblies2009-06-04 16:20 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll2009-06-04 15:56 . 2009-06-04 16:26 -------- d-----w- c:\documents and settings\GriX\Ustawienia lokalne\Dane aplikacji\Rockstar Games2009-06-04 15:50 . 2009-06-04 16:55 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE2009-06-04 15:50 . 2009-06-04 15:50 -------- d-----w- c:\windows\system32\xlive2009-06-02 15:02 . 2009-06-02 15:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Bluetooth2009-05-28 20:03 . 2009-06-07 20:10 -------- d-----w- c:\windows\system32\Adobe2009-05-23 18:26 . 2009-05-23 18:26 -------- d-----w- c:\documents and settings\GriX\Ustawienia lokalne\Dane aplikacji\Help2009-05-23 10:31 . 2009-05-23 10:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\FLEXnet2009-05-23 10:28 . 2009-05-23 10:28 -------- d-----w- c:\program files\Bonjour2009-05-23 09:44 . 2009-05-23 09:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared2009-05-16 16:21 . 2009-05-16 16:21 -------- d-----w- c:\program files\Common Files\DirectX.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-06-14 17:48 . 2009-04-22 18:35 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP2009-06-14 16:28 . 2009-02-09 18:02 -------- d--h--w- c:\program files\InstallShield Installation Information2009-06-14 07:52 . 2009-02-09 18:24 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\ATI2009-06-14 07:51 . 2009-02-09 18:17 -------- d-----w- c:\program files\ATI Technologies2009-06-13 14:32 . 2009-02-12 19:01 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\gtk-2.02009-06-04 16:52 . 2009-02-09 18:24 64760 ----a-w- c:\documents and settings\GriX\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-04 16:24 . 2004-08-04 12:00 96732 ----a-w- c:\windows\system32\perfc015.dat2009-06-04 16:24 . 2004-08-04 12:00 526636 ----a-w- c:\windows\system32\perfh015.dat2009-05-30 16:52 . 2009-02-10 16:51 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\teamspeak22009-05-23 10:29 . 2009-02-16 13:53 -------- d-----w- c:\program files\Common Files\Adobe2009-05-22 07:57 . 2009-03-25 16:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TrackMania2009-05-05 16:37 . 2009-05-05 16:31 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\DAEMON Tools Lite2009-05-05 16:35 . 2009-05-05 16:35 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite2009-05-05 16:34 . 2009-05-05 16:34 -------- d-----w- c:\program files\DAEMON Tools Toolbar2009-05-05 16:31 . 2009-03-10 16:54 721904 ----a-w- c:\windows\system32\drivers\sptd.sys2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll2009-03-31 16:37 . 2009-03-31 16:37 152576 ----a-w- c:\documents and settings\GriX\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll2009-03-24 16:11 . 2009-03-31 15:17 154624 ----a-w- c:\windows\system32\zlib4.dll2009-03-21 13:32 . 2009-03-03 13:12 22328 ----a-w- c:\documents and settings\GriX\Dane aplikacji\PnkBstrK.sys2009-03-21 13:32 . 2009-03-03 13:12 22328 ----a-w- c:\documents and settings\GriX\Dane aplikacji\PnkBstrK.sys2009-03-19 20:19 . 2009-03-19 20:19 6834 ----a-w- c:\windows\system32\ealregsnapshot1.reg2004-08-04 12:00 . 2004-08-04 12:00 163185 --sha-r- c:\windows\system32\fzznfnom.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]"Nowe Gadu-Gadu"="f:\program files\Gadu-Gadu\gg.exe" [2009-04-20 9818728]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]"EA Core"="f:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]"DAEMON Tools Lite"="f:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]"RGSC"="f:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-06-14 306088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"avast!"="f:\progra~1\Avast\Avast4\ashDisp.exe" [2009-02-05 81000]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-03 61440]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-22 16858112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-05-28 181624][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\ASRock WiFi-802.11g.lnk - c:\program files\ASRock WiFi-802.11g\RtWLan.exe [2009-2-9 978944][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]2001-12-20 22:34 24576 ----a-w- f:\program files\AlienGUIse\fastload.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\windows\system32\wbsys.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@=""[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="f:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="f:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="f:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="f:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3451:TCP"= 3451:TCP:gwkjqexgR1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-31 114768]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-31 20560]R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-02-09 93184]S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]S2 uahavip;Support Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsuahavip[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe".Zawartość folderu 'Zaplanowane zadania'2009-06-15 c:\windows\Tasks\NSSstub.job- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-28 20:03].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-AQQ - f:\progra~1\WapSter\WAPSTE~1\AQQ.exeNotify-klogon - (no file).------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localIE: Compare Prices with &Dealio - c:\documents and settings\GriX\Dane aplikacji\Dealio\kb127\res\DealioSearch.htmlIE: Dodaj do blokowanych banerówIE: E&ksport do programu Microsoft Excel - f:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\GriX\Dane aplikacji\Mozilla\Firefox\Profiles\ory7kj0p.default\FF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dllFF - plugin: f:\program files\Mozilla Firefox\plugins\np-mswmp.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-06-15 14:17Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uahavip]"ServiceDll"="c:\windows\system32\fzznfnom.dll".--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-2000478354-73586283-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]@Denied: (Full) (LocalSystem)[HKEY_USERS\S-1-5-21-2000478354-73586283-725345543-1004\Software\SecuROM\License information*]"datasecu"=hex:74,13,b7,c5,1a,54,37,a9,0d,a6,63,6e,4f,1f,78,4f,8b,54,65,bb,a1, d6,fd,46,e4,d7,71,d0,ea,94,a1,5a,9a,4d,db,43,6c,4e,3d,dd,b2,f3,20,5c,44,e3,\"rkeysecu"=hex:c7,13,b5,ed,e0,62,39,50,2a,6b,a7,a8,74,d2,e5,d8.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(972)c:\windows\system32\Ati2evxx.dllf:\program files\AlienGUIse\fastload.dll.Czas ukończenia: 2009-06-15 14:18ComboFix-quarantined-files.txt 2009-06-15 12:18Przed: 65 934 397 440 bajtów wolnychPo: 65 979 441 152 bajtów wolnychCurrent=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4180= ';
Mateusz J. komentarz 16 czerwca 2009 komentarz 16 czerwca 2009 Do notatnika wklej: Folder::c:\program files\Dealioc:\program files\Search SettingsRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"au"=-"SearchSettings"=- >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.
GloomRelic komentarz 16 czerwca 2009 Autor komentarz 16 czerwca 2009 Zrobiłem wszystko usunelem ten folder . Oto ten log: ComboFix 09-06-15.06 - GriX 2009-06-16 14:21.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1488 [GMT 2:00]Uruchomiony z: c:\documents and settings\GriX\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\GriX\Pulpit\CFScript.txtAV: avast! antivirus 4.8.1335 [VPS 090615-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\Dealioc:\program files\Search Settingsc:\program files\Dealio\DealioAU.exec:\program files\Dealio\kb127\Dealio Deskbar.exec:\program files\Dealio\kb127\Dealio.dllc:\program files\Dealio\kb127\DealioRes409.dllc:\program files\Dealio\kb127\res\alerts.gifc:\program files\Dealio\kb127\res\alerts_over.gifc:\program files\Dealio\kb127\res\alerts_rec.gifc:\program files\Dealio\kb127\res\alerts_rec_over.gifc:\program files\Dealio\kb127\res\chevron-small.gifc:\program files\Dealio\kb127\res\deal_report.jpgc:\program files\Dealio\kb127\res\DealioSearch.htmlc:\program files\Dealio\kb127\res\deals-leftcap.gifc:\program files\Dealio\kb127\res\ebay_login.jpgc:\program files\Dealio\kb127\res\err_mainwindow.htmlc:\program files\Dealio\kb127\res\err_toolbar.htmlc:\program files\Dealio\kb127\res\global_scripts.jsc:\program files\Dealio\kb127\res\headerbgthin.jpgc:\program files\Dealio\kb127\res\highlight-bg.pngc:\program files\Dealio\kb127\res\logo.gifc:\program files\Dealio\kb127\res\logo_over.gifc:\program files\Dealio\kb127\res\man_toolbar.cssc:\program files\Dealio\kb127\res\man_toolbar.htmlc:\program files\Dealio\kb127\res\man_toolbar.jsc:\program files\Dealio\kb127\res\man_toolbarl.jsc:\program files\Dealio\kb127\res\post-this-deal.gifc:\program files\Dealio\kb127\res\post-this-deal_over.gifc:\program files\Dealio\kb127\res\scripts.jsc:\program files\Dealio\kb127\res\scroller.jsc:\program files\Dealio\kb127\res\search-chevron.gifc:\program files\Dealio\kb127\res\search-chevron_over.gifc:\program files\Dealio\kb127\res\search_bg_blink.gifc:\program files\Dealio\kb127\res\separator.gifc:\program files\Dealio\kb127\res\settings.gifc:\program files\Dealio\kb127\res\settings_over.gifc:\program files\Dealio\kb127\res\yahoo-search.pngc:\program files\Dealio\kb127\resDN\bottom.gifc:\program files\Dealio\kb127\resDN\chevron_down.gifc:\program files\Dealio\kb127\resDN\chevron_up.gifc:\program files\Dealio\kb127\resDN\close.gifc:\program files\Dealio\kb127\resDN\deskbar.cssc:\program files\Dealio\kb127\resDN\deskbar.jsc:\program files\Dealio\kb127\resDN\dispatch_helper.jsc:\program files\Dealio\kb127\resDN\ebay_compatible.jpgc:\program files\Dealio\kb127\resDN\logo.gifc:\program files\Dealio\kb127\resDN\logo_chevron_bkg.gifc:\program files\Dealio\kb127\resDN\losing.gifc:\program files\Dealio\kb127\resDN\lost.gifc:\program files\Dealio\kb127\resDN\man_deskbar.htmlc:\program files\Dealio\kb127\resDN\menu_arrow.gifc:\program files\Dealio\kb127\resDN\menu_check.gifc:\program files\Dealio\kb127\resDN\no_image.gifc:\program files\Dealio\kb127\resDN\prod_img.gifc:\program files\Dealio\kb127\resDN\search_chevron.gifc:\program files\Dealio\kb127\resDN\spacer.gifc:\program files\Dealio\kb127\resDN\textfield_bkg.gifc:\program files\Dealio\kb127\resDN\top.gifc:\program files\Dealio\kb127\resDN\unknown.gifc:\program files\Dealio\kb127\resDN\winning.gifc:\program files\Dealio\kb127\resDN\won.gifc:\program files\Dealio\kb127\rules\index.76.35c:\program files\Dealio\kb127\rules\rules.1.10.76c:\program files\Dealio\kb127\rules\rules.1.109.43c:\program files\Dealio\kb127\rules\rules.1.110.43c:\program files\Dealio\kb127\rules\rules.1.12.52c:\program files\Dealio\kb127\rules\rules.1.13.58c:\program files\Dealio\kb127\rules\rules.1.130.58c:\program files\Dealio\kb127\rules\rules.1.135.50c:\program files\Dealio\kb127\rules\rules.1.153.44c:\program files\Dealio\kb127\rules\rules.1.155.43c:\program files\Dealio\kb127\rules\rules.1.156.49c:\program files\Dealio\kb127\rules\rules.1.16.60c:\program files\Dealio\kb127\rules\rules.1.161.52c:\program files\Dealio\kb127\rules\rules.1.178.66c:\program files\Dealio\kb127\rules\rules.1.184.55c:\program files\Dealio\kb127\rules\rules.1.188.52c:\program files\Dealio\kb127\rules\rules.1.189.45c:\program files\Dealio\kb127\rules\rules.1.196.43c:\program files\Dealio\kb127\rules\rules.1.198.56c:\program files\Dealio\kb127\rules\rules.1.199.43c:\program files\Dealio\kb127\rules\rules.1.200.53c:\program files\Dealio\kb127\rules\rules.1.201.43c:\program files\Dealio\kb127\rules\rules.1.202.43c:\program files\Dealio\kb127\rules\rules.1.203.71c:\program files\Dealio\kb127\rules\rules.1.205.62c:\program files\Dealio\kb127\rules\rules.1.213.71c:\program files\Dealio\kb127\rules\rules.1.214.49c:\program files\Dealio\kb127\rules\rules.1.215.43c:\program files\Dealio\kb127\rules\rules.1.216.67c:\program files\Dealio\kb127\rules\rules.1.217.67c:\program files\Dealio\kb127\rules\rules.1.218.52c:\program files\Dealio\kb127\rules\rules.1.219.43c:\program files\Dealio\kb127\rules\rules.1.220.43c:\program files\Dealio\kb127\rules\rules.1.221.57c:\program files\Dealio\kb127\rules\rules.1.222.43c:\program files\Dealio\kb127\rules\rules.1.223.68c:\program files\Dealio\kb127\rules\rules.1.226.68c:\program files\Dealio\kb127\rules\rules.1.227.43c:\program files\Dealio\kb127\rules\rules.1.228.62c:\program files\Dealio\kb127\rules\rules.1.229.76c:\program files\Dealio\kb127\rules\rules.1.23.63c:\program files\Dealio\kb127\rules\rules.1.239.43c:\program files\Dealio\kb127\rules\rules.1.24.43c:\program files\Dealio\kb127\rules\rules.1.240.43c:\program files\Dealio\kb127\rules\rules.1.241.43c:\program files\Dealio\kb127\rules\rules.1.242.43c:\program files\Dealio\kb127\rules\rules.1.243.43c:\program files\Dealio\kb127\rules\rules.1.244.63c:\program files\Dealio\kb127\rules\rules.1.245.43c:\program files\Dealio\kb127\rules\rules.1.247.43c:\program files\Dealio\kb127\rules\rules.1.248.43c:\program files\Dealio\kb127\rules\rules.1.249.43c:\program files\Dealio\kb127\rules\rules.1.250.43c:\program files\Dealio\kb127\rules\rules.1.251.43c:\program files\Dealio\kb127\rules\rules.1.252.43c:\program files\Dealio\kb127\rules\rules.1.253.43c:\program files\Dealio\kb127\rules\rules.1.254.43c:\program files\Dealio\kb127\rules\rules.1.255.43c:\program files\Dealio\kb127\rules\rules.1.256.43c:\program files\Dealio\kb127\rules\rules.1.257.43c:\program files\Dealio\kb127\rules\rules.1.279.43c:\program files\Dealio\kb127\rules\rules.1.28.58c:\program files\Dealio\kb127\rules\rules.1.282.75c:\program files\Dealio\kb127\rules\rules.1.283.43c:\program files\Dealio\kb127\rules\rules.1.284.43c:\program files\Dealio\kb127\rules\rules.1.289.67c:\program files\Dealio\kb127\rules\rules.1.290.62c:\program files\Dealio\kb127\rules\rules.1.291.61c:\program files\Dealio\kb127\rules\rules.1.296.43c:\program files\Dealio\kb127\rules\rules.1.297.43c:\program files\Dealio\kb127\rules\rules.1.304.43c:\program files\Dealio\kb127\rules\rules.1.307.43c:\program files\Dealio\kb127\rules\rules.1.308.75c:\program files\Dealio\kb127\rules\rules.1.31.47c:\program files\Dealio\kb127\rules\rules.1.310.46c:\program files\Dealio\kb127\rules\rules.1.311.43c:\program files\Dealio\kb127\rules\rules.1.315.43c:\program files\Dealio\kb127\rules\rules.1.316.43c:\program files\Dealio\kb127\rules\rules.1.317.43c:\program files\Dealio\kb127\rules\rules.1.318.43c:\program files\Dealio\kb127\rules\rules.1.319.49c:\program files\Dealio\kb127\rules\rules.1.32.48c:\program files\Dealio\kb127\rules\rules.1.334.44c:\program files\Dealio\kb127\rules\rules.1.335.60c:\program files\Dealio\kb127\rules\rules.1.336.44c:\program files\Dealio\kb127\rules\rules.1.337.44c:\program files\Dealio\kb127\rules\rules.1.338.75c:\program files\Dealio\kb127\rules\rules.1.339.47c:\program files\Dealio\kb127\rules\rules.1.34.43c:\program files\Dealio\kb127\rules\rules.1.340.47c:\program files\Dealio\kb127\rules\rules.1.341.47c:\program files\Dealio\kb127\rules\rules.1.349.50c:\program files\Dealio\kb127\rules\rules.1.35.48c:\program files\Dealio\kb127\rules\rules.1.350.50c:\program files\Dealio\kb127\rules\rules.1.351.51c:\program files\Dealio\kb127\rules\rules.1.352.54c:\program files\Dealio\kb127\rules\rules.1.353.51c:\program files\Dealio\kb127\rules\rules.1.354.51c:\program files\Dealio\kb127\rules\rules.1.357.62c:\program files\Dealio\kb127\rules\rules.1.358.52c:\program files\Dealio\kb127\rules\rules.1.359.52c:\program files\Dealio\kb127\rules\rules.1.360.53c:\program files\Dealio\kb127\rules\rules.1.361.54c:\program files\Dealio\kb127\rules\rules.1.362.68c:\program files\Dealio\kb127\rules\rules.1.363.58c:\program files\Dealio\kb127\rules\rules.1.364.54c:\program files\Dealio\kb127\rules\rules.1.365.53c:\program files\Dealio\kb127\rules\rules.1.367.56c:\program files\Dealio\kb127\rules\rules.1.368.58c:\program files\Dealio\kb127\rules\rules.1.369.55c:\program files\Dealio\kb127\rules\rules.1.370.56c:\program files\Dealio\kb127\rules\rules.1.371.56c:\program files\Dealio\kb127\rules\rules.1.372.57c:\program files\Dealio\kb127\rules\rules.1.373.55c:\program files\Dealio\kb127\rules\rules.1.375.56c:\program files\Dealio\kb127\rules\rules.1.376.57c:\program files\Dealio\kb127\rules\rules.1.377.55c:\program files\Dealio\kb127\rules\rules.1.378.65c:\program files\Dealio\kb127\rules\rules.1.384.58c:\program files\Dealio\kb127\rules\rules.1.386.71c:\program files\Dealio\kb127\rules\rules.1.387.59c:\program files\Dealio\kb127\rules\rules.1.388.59c:\program files\Dealio\kb127\rules\rules.1.389.59c:\program files\Dealio\kb127\rules\rules.1.390.60c:\program files\Dealio\kb127\rules\rules.1.391.60c:\program files\Dealio\kb127\rules\rules.1.392.60c:\program files\Dealio\kb127\rules\rules.1.393.60c:\program files\Dealio\kb127\rules\rules.1.394.60c:\program files\Dealio\kb127\rules\rules.1.396.61c:\program files\Dealio\kb127\rules\rules.1.397.61c:\program files\Dealio\kb127\rules\rules.1.398.60c:\program files\Dealio\kb127\rules\rules.1.399.60c:\program files\Dealio\kb127\rules\rules.1.403.61c:\program files\Dealio\kb127\rules\rules.1.404.63c:\program files\Dealio\kb127\rules\rules.1.405.61c:\program files\Dealio\kb127\rules\rules.1.406.61c:\program files\Dealio\kb127\rules\rules.1.407.76c:\program files\Dealio\kb127\rules\rules.1.408.63c:\program files\Dealio\kb127\rules\rules.1.409.61c:\program files\Dealio\kb127\rules\rules.1.412.62c:\program files\Dealio\kb127\rules\rules.1.413.62c:\program files\Dealio\kb127\rules\rules.1.414.62c:\program files\Dealio\kb127\rules\rules.1.415.62c:\program files\Dealio\kb127\rules\rules.1.416.62c:\program files\Dealio\kb127\rules\rules.1.417.62c:\program files\Dealio\kb127\rules\rules.1.418.62c:\program files\Dealio\kb127\rules\rules.1.419.62c:\program files\Dealio\kb127\rules\rules.1.420.62c:\program files\Dealio\kb127\rules\rules.1.421.62c:\program files\Dealio\kb127\rules\rules.1.423.63c:\program files\Dealio\kb127\rules\rules.1.424.63c:\program files\Dealio\kb127\rules\rules.1.425.63c:\program files\Dealio\kb127\rules\rules.1.426.63c:\program files\Dealio\kb127\rules\rules.1.427.63c:\program files\Dealio\kb127\rules\rules.1.428.65c:\program files\Dealio\kb127\rules\rules.1.429.63c:\program files\Dealio\kb127\rules\rules.1.430.63c:\program files\Dealio\kb127\rules\rules.1.432.65c:\program files\Dealio\kb127\rules\rules.1.433.64c:\program files\Dealio\kb127\rules\rules.1.434.65c:\program files\Dealio\kb127\rules\rules.1.435.64c:\program files\Dealio\kb127\rules\rules.1.436.76c:\program files\Dealio\kb127\rules\rules.1.437.64c:\program files\Dealio\kb127\rules\rules.1.438.71c:\program files\Dealio\kb127\rules\rules.1.439.71c:\program files\Dealio\kb127\rules\rules.1.440.75c:\program files\Dealio\kb127\rules\rules.1.442.73c:\program files\Dealio\kb127\rules\rules.1.443.73c:\program files\Dealio\kb127\rules\rules.1.444.73c:\program files\Dealio\kb127\rules\rules.1.445.68c:\program files\Dealio\kb127\rules\rules.1.446.69c:\program files\Dealio\kb127\rules\rules.1.450.67c:\program files\Dealio\kb127\rules\rules.1.451.67c:\program files\Dealio\kb127\rules\rules.1.452.68c:\program files\Dealio\kb127\rules\rules.1.453.68c:\program files\Dealio\kb127\rules\rules.1.454.69c:\program files\Dealio\kb127\rules\rules.1.456.69c:\program files\Dealio\kb127\rules\rules.1.457.75c:\program files\Dealio\kb127\rules\rules.1.458.70c:\program files\Dealio\kb127\rules\rules.1.459.70c:\program files\Dealio\kb127\rules\rules.1.460.69c:\program files\Dealio\kb127\rules\rules.1.462.74c:\program files\Dealio\kb127\rules\rules.1.463.69c:\program files\Dealio\kb127\rules\rules.1.464.70c:\program files\Dealio\kb127\rules\rules.1.465.68c:\program files\Dealio\kb127\rules\rules.1.468.70c:\program files\Dealio\kb127\rules\rules.1.469.70c:\program files\Dealio\kb127\rules\rules.1.470.70c:\program files\Dealio\kb127\rules\rules.1.471.73c:\program files\Dealio\kb127\rules\rules.1.472.70c:\program files\Dealio\kb127\rules\rules.1.478.74c:\program files\Dealio\kb127\rules\rules.1.479.73c:\program files\Dealio\kb127\rules\rules.1.480.68c:\program files\Dealio\kb127\rules\rules.1.481.71c:\program files\Dealio\kb127\rules\rules.1.482.74c:\program files\Dealio\kb127\rules\rules.1.49.67c:\program files\Dealio\kb127\rules\rules.1.50.43c:\program files\Dealio\kb127\rules\rules.1.500.71c:\program files\Dealio\kb127\rules\rules.1.501.74c:\program files\Dealio\kb127\rules\rules.1.502.71c:\program files\Dealio\kb127\rules\rules.1.51.69c:\program files\Dealio\kb127\rules\rules.1.52.72c:\program files\Dealio\kb127\rules\rules.1.520.76c:\program files\Dealio\kb127\rules\rules.1.521.76c:\program files\Dealio\kb127\rules\rules.1.522.76c:\program files\Dealio\kb127\rules\rules.1.53.51c:\program files\Dealio\kb127\rules\rules.1.531.76c:\program files\Dealio\kb127\rules\rules.1.532.75c:\program files\Dealio\kb127\rules\rules.1.534.75c:\program files\Dealio\kb127\rules\rules.1.54.47c:\program files\Dealio\kb127\rules\rules.1.55.45c:\program files\Dealio\kb127\rules\rules.1.56.69c:\program files\Dealio\kb127\rules\rules.1.57.43c:\program files\Dealio\kb127\rules\rules.1.58.47c:\program files\Dealio\kb127\rules\rules.1.593.76c:\program files\Dealio\kb127\rules\rules.1.595.76c:\program files\Dealio\kb127\rules\rules.1.63.57c:\program files\Dealio\kb127\rules\rules.1.66.47c:\program files\Dealio\kb127\rules\rules.1.70.75c:\program files\Dealio\kb127\rules\rules.1.71.43c:\program files\Dealio\SearchSettingsKit.exec:\program files\Search Settings\kb127\SearchSettings.dllc:\program files\Search Settings\kb127\SearchSettingsRes409.dllc:\program files\Search Settings\SearchSettings.exe.((((((((((((((((((((((((( Pliki utworzone od 2009-05-16 do 2009-06-16 ))))))))))))))))))))))))))))))).2009-06-15 18:43 . 2009-06-15 18:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll2009-06-15 18:05 . 2009-06-15 18:05 -------- d-----w- c:\windows\system32\wbem\Repository2009-06-15 18:01 . 2009-06-15 18:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI2009-06-15 17:42 . 2009-06-15 17:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI(2)2009-06-15 17:35 . 2008-06-24 13:36 887724 ----a-r- c:\windows\system32\ativva6x.dat2009-06-15 17:35 . 2008-06-24 13:36 3107788 ----a-r- c:\windows\system32\ativva5x.dat2009-06-15 17:35 . 2008-06-24 13:36 3107788 ----a-r- c:\windows\system32\ativvaxx.dat2009-06-15 17:35 . 2008-06-10 09:50 174819 ----a-r- c:\windows\system32\atiicdxx.dat2009-06-15 12:59 . 2009-06-15 17:52 -------- d-sh--w- C:\RECYCLER(2)2009-06-13 18:08 . 2009-03-03 22:24 43520 ----a-w- c:\windows\system32\ati2edxx(16).dll2009-06-13 16:00 . 2009-06-15 17:59 -------- d-----w- c:\documents and settings\GriX\polanie-online2009-06-13 10:36 . 2009-06-13 10:36 -------- d-----w- C:\icytower1.32009-06-12 18:13 . 2009-06-12 18:13 -------- d-----w- C:\Ice Tower 42009-06-10 14:20 . 2009-03-16 14:04 11563008 ----a-w- c:\windows\system32\atioglxx.dll2009-06-10 14:20 . 2009-03-16 13:40 49664 ----a-w- c:\windows\system32\atimpc32.dll2009-06-10 14:20 . 2009-03-16 13:35 45056 ----a-w- c:\windows\system32\aticalrt.dll2009-06-10 14:20 . 2009-03-16 13:34 45056 ----a-w- c:\windows\system32\aticalcl.dll2009-06-10 14:20 . 2009-03-16 13:33 3264512 ----a-w- c:\windows\system32\aticaldd.dll2009-06-10 14:20 . 2009-03-03 13:56 118784 ----a-w- c:\windows\system32\atibtmon.exe2009-06-04 20:26 . 2009-06-04 20:26 1700352 ----a-w- c:\windows\system32\gdiplus.dll2009-06-04 17:39 . 2009-06-15 17:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat2009-06-04 16:23 . 2009-06-04 16:23 -------- d-----w- c:\program files\MSBuild2009-06-04 16:23 . 2009-06-16 12:11 1880472 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-06-04 16:21 . 2009-06-04 16:21 -------- d-----w- c:\windows\system32\XPSViewer2009-06-04 16:20 . 2009-06-04 16:20 -------- d-----w- c:\program files\Reference Assemblies2009-06-04 16:20 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll2009-06-04 15:56 . 2009-06-04 16:26 -------- d-----w- c:\documents and settings\GriX\Ustawienia lokalne\Dane aplikacji\Rockstar Games2009-06-04 15:50 . 2009-06-04 16:55 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE2009-06-04 15:50 . 2009-06-04 15:50 -------- d-----w- c:\windows\system32\xlive2009-06-02 15:02 . 2009-06-02 15:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Bluetooth2009-05-28 20:03 . 2009-06-07 20:10 -------- d-----w- c:\windows\system32\Adobe2009-05-23 18:26 . 2009-05-23 18:26 -------- d-----w- c:\documents and settings\GriX\Ustawienia lokalne\Dane aplikacji\Help2009-05-23 10:31 . 2009-05-23 10:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\FLEXnet2009-05-23 10:28 . 2009-05-23 10:28 -------- d-----w- c:\program files\Bonjour2009-05-23 09:44 . 2009-05-23 09:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-06-15 18:15 . 2009-02-09 18:02 -------- d--h--w- c:\program files\InstallShield Installation Information2009-06-15 18:00 . 2009-02-09 18:24 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\ATI2009-06-15 17:59 . 2009-02-12 19:01 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\gtk-2.02009-06-15 17:50 . 2009-02-09 18:17 -------- d-----w- c:\program files\ATI Technologies2009-06-14 17:48 . 2009-04-22 18:35 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP2009-06-09 20:06 . 2009-03-03 15:07 189072 ----a-w- c:\windows\system32\PnkBstrB.exe2009-06-09 20:05 . 2009-03-03 15:07 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2009-06-04 16:52 . 2009-02-09 18:24 64760 ----a-w- c:\documents and settings\GriX\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-04 16:24 . 2004-08-04 12:00 96732 ----a-w- c:\windows\system32\perfc015.dat2009-06-04 16:24 . 2004-08-04 12:00 526636 ----a-w- c:\windows\system32\perfh015.dat2009-05-30 16:52 . 2009-02-10 16:51 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\teamspeak22009-05-23 10:29 . 2009-02-16 13:53 -------- d-----w- c:\program files\Common Files\Adobe2009-05-22 07:57 . 2009-03-25 16:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TrackMania2009-05-16 16:21 . 2009-05-16 16:21 -------- d-----w- c:\program files\Common Files\DirectX2009-05-05 16:37 . 2009-05-05 16:31 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\DAEMON Tools Lite2009-05-05 16:35 . 2009-05-05 16:35 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite2009-05-05 16:34 . 2009-05-05 16:34 -------- d-----w- c:\program files\DAEMON Tools Toolbar2009-05-05 16:31 . 2009-03-10 16:54 721904 ----a-w- c:\windows\system32\drivers\sptd.sys2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(32).dll2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(31).dll2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(30).dll2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(29).dll2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(28).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(31).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(30).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(29).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(28).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(27).dll2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll2009-03-31 16:37 . 2009-03-31 16:37 152576 ----a-w- c:\documents and settings\GriX\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll2009-03-24 16:11 . 2009-03-31 15:17 154624 ----a-w- c:\windows\system32\zlib4.dll2009-03-21 13:32 . 2009-03-03 13:12 22328 ----a-w- c:\documents and settings\GriX\Dane aplikacji\PnkBstrK.sys2009-03-21 13:32 . 2009-03-03 13:12 22328 ----a-w- c:\documents and settings\GriX\Dane aplikacji\PnkBstrK.sys2009-03-21 13:31 . 2009-03-21 13:31 682280 ----a-w- c:\windows\system32\pbsvc.exe2009-03-19 20:19 . 2009-03-19 20:19 6834 ----a-w- c:\windows\system32\ealregsnapshot1.reg2004-08-04 12:00 . 2004-08-04 12:00 163185 --sha-r- c:\windows\system32\fzznfnom.dll.((((((((((((((((((((((((((((( SnapShot@2009-06-16_12.09.48 ))))))))))))))))))))))))))))))))))))))))).+ 2009-06-16 12:13 . 2009-06-16 12:13 16384 c:\windows\Temp\Perflib_Perfdata_7d8.dat+ 2009-06-16 12:13 . 2009-06-16 12:13 16384 c:\windows\Temp\Perflib_Perfdata_340.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]"AQQ"="f:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [bU]"Nowe Gadu-Gadu"="f:\program files\Gadu-Gadu\gg.exe" [2009-04-20 9818728]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]"EA Core"="f:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]"DAEMON Tools Lite"="f:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]"RGSC"="f:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-06-15 306088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"avast!"="f:\progra~1\Avast\Avast4\ashDisp.exe" [2009-02-05 81000]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-22 16858112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-05-28 181624][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\ASRock WiFi-802.11g.lnk - c:\program files\ASRock WiFi-802.11g\RtWLan.exe [2009-2-9 978944][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]2001-12-20 22:34 24576 ----a-w- f:\program files\AlienGUIse\fastload.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon] [bU][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\windows\system32\wbsys.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@=""[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="f:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="f:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="f:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="f:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3451:TCP"= 3451:TCP:gwkjqexgR1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-31 114768]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-31 20560]R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-02-09 99856]S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]S2 uahavip;Support Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsuahavip[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe".Zawartość folderu 'Zaplanowane zadania'2009-06-16 c:\windows\Tasks\NSSstub.job- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-28 20:03]..------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localIE: Compare Prices with &Dealio - c:\documents and settings\GriX\Dane aplikacji\Dealio\kb127\res\DealioSearch.htmlIE: Dodaj do blokowanych banerówIE: E&ksport do programu Microsoft Excel - f:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\GriX\Dane aplikacji\Mozilla\Firefox\Profiles\ory7kj0p.default\FF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dllFF - plugin: f:\program files\Mozilla Firefox\plugins\np-mswmp.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-06-16 14:23Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uahavip]"ServiceDll"="c:\windows\system32\fzznfnom.dll".--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-2000478354-73586283-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]@Denied: (Full) (LocalSystem)[HKEY_USERS\S-1-5-21-2000478354-73586283-725345543-1004\Software\SecuROM\License information*]"datasecu"=hex:54,5e,d2,94,f5,ff,9d,2c,01,d4,71,96,a4,a0,c8,dc,aa,2d,40,4b,10, 08,29,9a,e6,ed,b2,b4,08,29,72,8b,93,06,e7,65,f4,6c,e5,d0,04,31,80,c8,ba,56,\"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(972)c:\windows\system32\Ati2evxx.dllf:\program files\AlienGUIse\fastload.dll.Czas ukończenia: 2009-06-16 14:24ComboFix-quarantined-files.txt 2009-06-16 12:24ComboFix2.txt 2009-06-16 12:10ComboFix3.txt 2009-06-15 12:18Przed: 62 709 530 624 bajtów wolnychPo: 62 686 998 528 bajtów wolnych488= ';
Gość komentarz 16 czerwca 2009 komentarz 16 czerwca 2009 S2 uahavip;Support Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336] Tym się zajmie SDFix. Użyj (w Trybie Awaryjnym)-->SDFix. (niżej na stronie linku). Pokaż Report.txt znajdujący się w folderze SDFix. .
GloomRelic komentarz 16 czerwca 2009 Autor komentarz 16 czerwca 2009 (edytowane) Oto raport: [b]SDFix: Version 1.240 [/b]Run by GriX on 2009-06-16 at 15:24Microsoft Windows XP [Wersja 5.1.2600]Running From: C:\SDFix[b]Checking Services [/b]:Restoring Default Security ValuesRestoring Default Hosts FileRebooting[b]Checking Files [/b]: No Trojan Files FoundRemoving Temp Files[b]ADS Check [/b]: [b]Final Check [/b]:catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-06-16 17:26:23Windows 5.1.2600 Dodatek Service Pack 3 NTFSscanning hidden processes ...scanning hidden services & system hive ...[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]"s1"=dword:2df9c43f"s2"=dword:110480d0"h0"=dword:00000002[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]"h0"=dword:00000000"ujdew"=hex:b1,23,09,dd,91,82,d5,01,cc,c6,1e,b7,8b,a9,b7,c8,49,25,c6,08,45,..[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]"p0"="f:\Program Files\DAEMON Tools Lite\""h0"=dword:00000001"hdf12"=hex:e3,c8,f6,9e,70,79,8b,b9,ef,24,99,52,6f,15,0d,0e,da,56,3e,41,9b,..[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]"a0"=hex:20,01,00,00,2c,36,ad,05,9b,c3,09,a4,44,8a,e2,1f,f0,4c,40,18,62,.."hdf12"=hex:a4,d1,d3,f9,4b,87,3a,72,0d,cf,54,8c,f4,bd,91,0a,ba,bb,c8,02,c7,..[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]"hdf12"=hex:32,c1,16,79,fc,93,9d,0e,14,97,d6,5d,4f,f9,79,bb,97,e2,a4,33,e4,..[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uahavip]"DisplayName"="Support Windows""Type"=dword:00000020"Start"=dword:00000002"ErrorControl"=dword:00000000"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs""ObjectName"="LocalSystem""Description"="Umo|liwia uruchamianie procesów z u|yciem alternatywnych po[wiadczeD. Je[li ta usBuga zostanie zatrzymana, ten typ dostpu poprzez logowanie stanie si niedostpny. Je[li ta usBuga zostanie wyBczona, wszelkie usBugi jawnie od niej zale|ne przestan si uruchamia."[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uahavip\Parameters]"ServiceDll"=str(2):"C:\WINDOWS\system32\fzznfnom.dll"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uahavip]"DisplayName"="Support Windows""Type"=dword:00000020"Start"=dword:00000002"ErrorControl"=dword:00000000"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs""ObjectName"="LocalSystem""Description"="Umo|liwia uruchamianie procesów z u|yciem alternatywnych po[wiadczeD. Je[li ta usBuga zostanie zatrzymana, ten typ dostpu poprzez logowanie stanie si niedostpny. Je[li ta usBuga zostanie wyBczona, wszelkie usBugi jawnie od niej zale|ne przestan si uruchamia."[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uahavip\Parameters]"ServiceDll"=str(2):"C:\WINDOWS\system32\fzznfnom.dll"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]"h0"=dword:00000000"ujdew"=hex:b1,23,09,dd,91,82,d5,01,cc,c6,1e,b7,8b,a9,b7,c8,49,25,c6,08,45,..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]"p0"="f:\Program Files\DAEMON Tools Lite\""h0"=dword:00000001"hdf12"=hex:e3,c8,f6,9e,70,79,8b,b9,ef,24,99,52,6f,15,0d,0e,da,56,3e,41,9b,..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]"a0"=hex:20,01,00,00,2c,36,ad,05,9b,c3,09,a4,44,8a,e2,1f,f0,4c,40,18,62,.."hdf12"=hex:a4,d1,d3,f9,4b,87,3a,72,0d,cf,54,8c,f4,bd,91,0a,ba,bb,c8,02,c7,..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]"hdf12"=hex:32,c1,16,79,fc,93,9d,0e,14,97,d6,5d,4f,f9,79,bb,97,e2,a4,33,e4,..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\uahavip]"DisplayName"="Support Windows""Type"=dword:00000020"Start"=dword:00000002"ErrorControl"=dword:00000000"ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs""ObjectName"="LocalSystem""Description"="Umo|liwia uruchamianie procesów z u|yciem alternatywnych po[wiadczeD. Je[li ta usBuga zostanie zatrzymana, ten typ dostpu poprzez logowanie stanie si niedostpny. Je[li ta usBuga zostanie wyBczona, wszelkie usBugi jawnie od niej zale|ne przestan si uruchamia."[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\uahavip\Parameters]"ServiceDll"=str(2):"C:\WINDOWS\system32\fzznfnom.dll"scanning hidden registry entries ...scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0[b]Remaining Services [/b]:Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA""C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB""F:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="F:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare ""F:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="F:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War""F:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="F:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty® - World at War""C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour""F:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="F:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil""F:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="F:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club""F:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"="F:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"[b]Remaining Files [/b]:[b]Files with Hidden Attributes [/b]:Wed 4 Aug 2004 163,185 A.SHR --- "C:\WINDOWS\system32\fzznfnom.dll"Wed 11 Feb 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"Tue 16 Jun 2009 3,954 ...HR --- "C:\Documents and Settings\GriX\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak"[b]Finished![/b]= '; .
GloomRelic komentarz 18 czerwca 2009 Autor komentarz 18 czerwca 2009 Proszę: ComboFix 09-06-15.06 - GriX 2009-06-16 21:24.3 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1557 [GMT 2:00]Uruchomiony z: c:\documents and settings\GriX\Pulpit\ComboFix.exeAV: avast! antivirus 4.8.1335 [VPS 090615-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((( Pliki utworzone od 2009-05-16 do 2009-06-16 ))))))))))))))))))))))))))))))).2009-06-16 13:23 . 2009-06-16 13:23 580096 -c--a-w- c:\windows\system32\dllcache\user32.dll2009-06-16 13:22 . 2009-06-16 13:22 -------- d-----w- c:\windows\ERUNT2009-06-16 13:13 . 2009-06-16 15:27 -------- d-----w- C:\SDFix2009-06-15 18:43 . 2009-06-15 18:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll2009-06-15 18:05 . 2009-06-15 18:05 -------- d-----w- c:\windows\system32\wbem\Repository2009-06-15 18:01 . 2009-06-15 18:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI2009-06-15 17:42 . 2009-06-15 17:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI(2)2009-06-15 17:35 . 2008-06-24 13:36 887724 ----a-r- c:\windows\system32\ativva6x.dat2009-06-15 17:35 . 2008-06-24 13:36 3107788 ----a-r- c:\windows\system32\ativva5x.dat2009-06-15 17:35 . 2008-06-24 13:36 3107788 ----a-r- c:\windows\system32\ativvaxx.dat2009-06-15 17:35 . 2008-06-10 09:50 174819 ----a-r- c:\windows\system32\atiicdxx.dat2009-06-15 12:59 . 2009-06-15 17:52 -------- d-sh--w- C:\RECYCLER(2)2009-06-13 18:08 . 2009-03-03 22:24 43520 ----a-w- c:\windows\system32\ati2edxx(16).dll2009-06-13 16:00 . 2009-06-15 17:59 -------- d-----w- c:\documents and settings\GriX\polanie-online2009-06-13 10:36 . 2009-06-13 10:36 -------- d-----w- C:\icytower1.32009-06-12 18:13 . 2009-06-12 18:13 -------- d-----w- C:\Ice Tower 42009-06-10 14:20 . 2009-03-16 14:04 11563008 ----a-w- c:\windows\system32\atioglxx.dll2009-06-10 14:20 . 2009-03-16 13:40 49664 ----a-w- c:\windows\system32\atimpc32.dll2009-06-10 14:20 . 2009-03-16 13:35 45056 ----a-w- c:\windows\system32\aticalrt.dll2009-06-10 14:20 . 2009-03-16 13:34 45056 ----a-w- c:\windows\system32\aticalcl.dll2009-06-10 14:20 . 2009-03-16 13:33 3264512 ----a-w- c:\windows\system32\aticaldd.dll2009-06-10 14:20 . 2009-03-03 13:56 118784 ----a-w- c:\windows\system32\atibtmon.exe2009-06-04 20:26 . 2009-06-04 20:26 1700352 ----a-w- c:\windows\system32\gdiplus.dll2009-06-04 17:39 . 2009-06-15 17:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat2009-06-04 16:23 . 2009-06-04 16:23 -------- d-----w- c:\program files\MSBuild2009-06-04 16:23 . 2009-06-16 13:13 1880472 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-06-04 16:21 . 2009-06-04 16:21 -------- d-----w- c:\windows\system32\XPSViewer2009-06-04 16:20 . 2009-06-04 16:20 -------- d-----w- c:\program files\Reference Assemblies2009-06-04 16:20 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll2009-06-04 15:56 . 2009-06-04 16:26 -------- d-----w- c:\documents and settings\GriX\Ustawienia lokalne\Dane aplikacji\Rockstar Games2009-06-04 15:50 . 2009-06-04 16:55 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE2009-06-04 15:50 . 2009-06-04 15:50 -------- d-----w- c:\windows\system32\xlive2009-06-02 15:02 . 2009-06-02 15:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Bluetooth2009-05-28 20:03 . 2009-06-07 20:10 -------- d-----w- c:\windows\system32\Adobe2009-05-23 18:26 . 2009-05-23 18:26 -------- d-----w- c:\documents and settings\GriX\Ustawienia lokalne\Dane aplikacji\Help2009-05-23 10:31 . 2009-05-23 10:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\FLEXnet2009-05-23 10:28 . 2009-05-23 10:28 -------- d-----w- c:\program files\Bonjour2009-05-23 09:44 . 2009-05-23 09:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-06-16 16:47 . 2009-02-10 16:51 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\teamspeak22009-06-16 16:31 . 2009-03-03 15:07 189072 ----a-w- c:\windows\system32\PnkBstrB.exe2009-06-16 16:30 . 2009-03-03 15:07 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2009-06-15 18:15 . 2009-02-09 18:02 -------- d--h--w- c:\program files\InstallShield Installation Information2009-06-15 18:00 . 2009-02-09 18:24 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\ATI2009-06-15 17:59 . 2009-02-12 19:01 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\gtk-2.02009-06-15 17:50 . 2009-02-09 18:17 -------- d-----w- c:\program files\ATI Technologies2009-06-14 17:48 . 2009-04-22 18:35 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP2009-06-04 16:52 . 2009-02-09 18:24 64760 ----a-w- c:\documents and settings\GriX\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-04 16:24 . 2004-08-04 12:00 96732 ----a-w- c:\windows\system32\perfc015.dat2009-06-04 16:24 . 2004-08-04 12:00 526636 ----a-w- c:\windows\system32\perfh015.dat2009-05-23 10:29 . 2009-02-16 13:53 -------- d-----w- c:\program files\Common Files\Adobe2009-05-22 07:57 . 2009-03-25 16:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TrackMania2009-05-16 16:21 . 2009-05-16 16:21 -------- d-----w- c:\program files\Common Files\DirectX2009-05-05 16:37 . 2009-05-05 16:31 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\DAEMON Tools Lite2009-05-05 16:35 . 2009-05-05 16:35 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite2009-05-05 16:34 . 2009-05-05 16:34 -------- d-----w- c:\program files\DAEMON Tools Toolbar2009-05-05 16:31 . 2009-03-10 16:54 721904 ----a-w- c:\windows\system32\drivers\sptd.sys2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(32).dll2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(31).dll2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(30).dll2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(29).dll2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(28).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(31).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(30).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(29).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(28).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(27).dll2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll2009-03-31 16:37 . 2009-03-31 16:37 152576 ----a-w- c:\documents and settings\GriX\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll2009-03-24 16:11 . 2009-03-31 15:17 154624 ----a-w- c:\windows\system32\zlib4.dll2009-03-21 13:32 . 2009-03-03 13:12 22328 ----a-w- c:\documents and settings\GriX\Dane aplikacji\PnkBstrK.sys2009-03-21 13:32 . 2009-03-03 13:12 22328 ----a-w- c:\documents and settings\GriX\Dane aplikacji\PnkBstrK.sys2009-03-21 13:31 . 2009-03-21 13:31 682280 ----a-w- c:\windows\system32\pbsvc.exe2009-03-19 20:19 . 2009-03-19 20:19 6834 ----a-w- c:\windows\system32\ealregsnapshot1.reg2004-08-04 12:00 . 2004-08-04 12:00 163185 --sha-r- c:\windows\system32\fzznfnom.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]"Nowe Gadu-Gadu"="f:\program files\Gadu-Gadu\gg.exe" [2009-04-20 9818728]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]"EA Core"="f:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]"DAEMON Tools Lite"="f:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]"RGSC"="f:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-06-15 306088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"avast!"="f:\progra~1\Avast\Avast4\ashDisp.exe" [2009-02-05 81000]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-22 16858112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-05-28 181624][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\ASRock WiFi-802.11g.lnk - c:\program files\ASRock WiFi-802.11g\RtWLan.exe [2009-2-9 978944][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]2001-12-20 22:34 24576 ----a-w- f:\program files\AlienGUIse\fastload.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\windows\system32\wbsys.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@=""[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="f:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="f:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="f:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="f:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3451:TCP"= 3451:TCP:gwkjqexgR1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-31 114768]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-31 20560]R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-02-09 99856]S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]S2 uahavip;Support Windows;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]--- Inne Usługi/Sterowniki w Pamięci ---*NewlyCreated* - PNKBSTRBHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsuahavip[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe".Zawartość folderu 'Zaplanowane zadania'2009-06-16 c:\windows\Tasks\NSSstub.job- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-28 20:03].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-AQQ - f:\progra~1\WapSter\WAPSTE~1\AQQ.exeNotify-klogon - (no file).------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localIE: Compare Prices with &Dealio - c:\documents and settings\GriX\Dane aplikacji\Dealio\kb127\res\DealioSearch.htmlIE: Dodaj do blokowanych banerówIE: E&ksport do programu Microsoft Excel - f:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\GriX\Dane aplikacji\Mozilla\Firefox\Profiles\ory7kj0p.default\FF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dllFF - plugin: f:\program files\Mozilla Firefox\plugins\np-mswmp.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-06-16 21:26Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uahavip]"ServiceDll"="c:\windows\system32\fzznfnom.dll".--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-2000478354-73586283-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]@Denied: (Full) (LocalSystem)[HKEY_USERS\S-1-5-21-2000478354-73586283-725345543-1004\Software\SecuROM\License information*]"datasecu"=hex:fe,c2,21,64,3d,62,95,30,40,12,76,c1,da,97,02,6b,16,75,bb,af,6f, 7d,a5,cb,3c,de,f7,3e,f6,9b,28,2a,39,39,4c,42,5a,b9,66,05,77,39,e1,67,e0,cd,\"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(972)c:\windows\system32\Ati2evxx.dllf:\program files\AlienGUIse\fastload.dll- - - - - - - > 'explorer.exe'(2224)c:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Czas ukończenia: 2009-06-16 21:27ComboFix-quarantined-files.txt 2009-06-16 19:27ComboFix2.txt 2009-06-16 12:24Przed: 62 585 192 448 bajtów wolnychPo: 62 574 096 384 bajtów wolnych202= '; . . .
Gość komentarz 18 czerwca 2009 komentarz 18 czerwca 2009 Wklej do Notatnika: File::c:\windows\system32\fzznfnom.dllNetSvc::uahavipDriver::uahavipRegistry::[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uahavip] >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox. .
GloomRelic komentarz 18 czerwca 2009 Autor komentarz 18 czerwca 2009 Proszę: ComboFix 09-06-17.04 - GriX 2009-06-18 16:09.4 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1517 [GMT 2:00]Uruchomiony z: c:\documents and settings\GriX\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\GriX\Pulpit\CFScript.txtAV: avast! antivirus 4.8.1335 [VPS 090617-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!FILE ::"c:\windows\system32\fzznfnom.dll".((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\ATIODCLI.exec:\windows\system32\ATIODE.exec:\windows\system32\fzznfnom.dll.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_UAHAVIP-------\Service_uahavip((((((((((((((((((((((((( Pliki utworzone od 2009-05-18 do 2009-06-18 ))))))))))))))))))))))))))))))).2009-06-18 07:56 . 2009-06-18 07:56 107888 ----a-w- c:\windows\system32\CmdLineExt.dll2009-06-17 19:12 . 2009-06-17 19:12 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\Auslogics2009-06-16 13:23 . 2009-06-16 13:23 580096 -c--a-w- c:\windows\system32\dllcache\user32.dll2009-06-16 13:22 . 2009-06-16 13:22 -------- d-----w- c:\windows\ERUNT2009-06-16 13:13 . 2009-06-16 15:27 -------- d-----w- C:\SDFix2009-06-15 18:05 . 2009-06-15 18:05 -------- d-----w- c:\windows\system32\wbem\Repository2009-06-15 18:01 . 2009-06-15 18:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI2009-06-15 17:42 . 2009-06-15 17:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI(2)2009-06-15 17:35 . 2008-06-24 13:36 887724 ----a-r- c:\windows\system32\ativva6x.dat2009-06-15 17:35 . 2008-06-24 13:36 3107788 ----a-r- c:\windows\system32\ativva5x.dat2009-06-15 17:35 . 2008-06-24 13:36 3107788 ----a-r- c:\windows\system32\ativvaxx.dat2009-06-15 17:35 . 2008-06-10 09:50 174819 ----a-r- c:\windows\system32\atiicdxx.dat2009-06-15 12:59 . 2009-06-15 17:52 -------- d-sh--w- C:\RECYCLER(2)2009-06-13 18:08 . 2009-03-03 22:24 43520 ----a-w- c:\windows\system32\ati2edxx(16).dll2009-06-13 16:00 . 2009-06-15 17:59 -------- d-----w- c:\documents and settings\GriX\polanie-online2009-06-13 10:36 . 2009-06-13 10:36 -------- d-----w- C:\icytower1.32009-06-12 18:13 . 2009-06-12 18:13 -------- d-----w- C:\Ice Tower 42009-06-10 14:20 . 2009-03-16 14:04 11563008 ----a-w- c:\windows\system32\atioglxx.dll2009-06-10 14:20 . 2009-03-16 13:40 49664 ----a-w- c:\windows\system32\atimpc32.dll2009-06-10 14:20 . 2009-03-16 13:35 45056 ----a-w- c:\windows\system32\aticalrt.dll2009-06-10 14:20 . 2009-03-16 13:34 45056 ----a-w- c:\windows\system32\aticalcl.dll2009-06-10 14:20 . 2009-03-16 13:33 3264512 ----a-w- c:\windows\system32\aticaldd.dll2009-06-10 14:20 . 2009-03-03 13:56 118784 ----a-w- c:\windows\system32\atibtmon.exe2009-06-04 20:26 . 2009-06-04 20:26 1700352 ----a-w- c:\windows\system32\gdiplus.dll2009-06-04 17:39 . 2009-06-15 17:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat2009-06-04 16:23 . 2009-06-04 16:23 -------- d-----w- c:\program files\MSBuild2009-06-04 16:23 . 2009-06-18 14:11 1880472 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-06-04 16:21 . 2009-06-04 16:21 -------- d-----w- c:\windows\system32\XPSViewer2009-06-04 16:20 . 2009-06-04 16:20 -------- d-----w- c:\program files\Reference Assemblies2009-06-04 16:20 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll2009-06-04 15:56 . 2009-06-04 16:26 -------- d-----w- c:\documents and settings\GriX\Ustawienia lokalne\Dane aplikacji\Rockstar Games2009-06-04 15:50 . 2009-06-04 16:55 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE2009-06-04 15:50 . 2009-06-04 15:50 -------- d-----w- c:\windows\system32\xlive2009-06-02 15:02 . 2009-06-17 15:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Bluetooth2009-05-28 20:03 . 2009-06-07 20:10 -------- d-----w- c:\windows\system32\Adobe2009-05-23 18:26 . 2009-05-23 18:26 -------- d-----w- c:\documents and settings\GriX\Ustawienia lokalne\Dane aplikacji\Help2009-05-23 10:31 . 2009-05-23 10:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\FLEXnet2009-05-23 10:28 . 2009-05-23 10:28 -------- d-----w- c:\program files\Bonjour2009-05-23 09:44 . 2009-05-23 09:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-06-18 14:02 . 2009-03-03 15:07 189072 ----a-w- c:\windows\system32\PnkBstrB.exe2009-06-18 13:49 . 2009-03-03 15:07 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2009-06-18 07:22 . 2009-02-09 18:02 -------- d--h--w- c:\program files\InstallShield Installation Information2009-06-16 16:47 . 2009-02-10 16:51 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\teamspeak22009-06-15 18:00 . 2009-02-09 18:24 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\ATI2009-06-15 17:59 . 2009-02-12 19:01 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\gtk-2.02009-06-15 17:50 . 2009-02-09 18:17 -------- d-----w- c:\program files\ATI Technologies2009-06-14 17:48 . 2009-04-22 18:35 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP2009-06-04 16:52 . 2009-02-09 18:24 64760 ----a-w- c:\documents and settings\GriX\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-04 16:24 . 2004-08-04 12:00 96732 ----a-w- c:\windows\system32\perfc015.dat2009-06-04 16:24 . 2004-08-04 12:00 526636 ----a-w- c:\windows\system32\perfh015.dat2009-05-23 10:29 . 2009-02-16 13:53 -------- d-----w- c:\program files\Common Files\Adobe2009-05-22 07:57 . 2009-03-25 16:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TrackMania2009-05-16 16:21 . 2009-05-16 16:21 -------- d-----w- c:\program files\Common Files\DirectX2009-05-05 16:37 . 2009-05-05 16:31 -------- d-----w- c:\documents and settings\GriX\Dane aplikacji\DAEMON Tools Lite2009-05-05 16:35 . 2009-05-05 16:35 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite2009-05-05 16:34 . 2009-05-05 16:34 -------- d-----w- c:\program files\DAEMON Tools Toolbar2009-05-05 16:31 . 2009-03-10 16:54 721904 ----a-w- c:\windows\system32\drivers\sptd.sys2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(32).dll2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(31).dll2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(30).dll2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(29).dll2009-04-29 02:07 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx(28).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(31).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(30).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(29).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(28).dll2009-04-29 01:20 . 2008-06-24 13:18 135168 ----a-w- c:\windows\system32\atiadlxx(27).dll2009-04-21 22:20 . 2009-04-21 22:20 14311680 ----a-w- c:\windows\system32\xlive.dll2009-04-21 22:20 . 2009-04-21 22:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll2009-03-31 16:37 . 2009-03-31 16:37 152576 ----a-w- c:\documents and settings\GriX\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll2009-03-24 16:11 . 2009-03-31 15:17 154624 ----a-w- c:\windows\system32\zlib4.dll2009-03-21 13:32 . 2009-03-03 13:12 22328 ----a-w- c:\documents and settings\GriX\Dane aplikacji\PnkBstrK.sys2009-03-21 13:32 . 2009-03-03 13:12 22328 ----a-w- c:\documents and settings\GriX\Dane aplikacji\PnkBstrK.sys2009-03-21 13:31 . 2009-03-21 13:31 682280 ----a-w- c:\windows\system32\pbsvc.exe.((((((((((((((((((((((((((((( SnapShot@2009-06-16_19.26.30 ))))))))))))))))))))))))))))))))))))))))).+ 2009-06-18 14:13 . 2009-06-18 14:13 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat+ 2009-06-18 14:13 . 2009-06-18 14:13 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat+ 2003-07-03 09:58 . 2003-07-03 09:58 63488 c:\windows\system32\drivers\wssbtr1f.sys- 2003-07-04 00:58 . 2003-07-04 00:58 63488 c:\windows\system32\drivers\wssbtr1f.sys+ 2007-03-05 03:57 . 2007-03-05 03:57 19472 c:\windows\system32\drivers\VHIDMini.sys+ 2007-03-05 03:53 . 2007-03-05 03:53 44304 c:\windows\system32\drivers\VCommMgr.sys+ 2007-03-05 03:52 . 2007-03-05 03:52 34448 c:\windows\system32\drivers\VComm.sys+ 2007-03-05 03:55 . 2007-03-05 03:55 20880 c:\windows\system32\drivers\vbtenum.sys+ 2004-03-22 17:26 . 2004-03-22 17:26 48556 c:\windows\system32\drivers\SktBt2k.sys- 2004-03-23 08:26 . 2004-03-23 08:26 48556 c:\windows\system32\drivers\SktBt2k.sys- 2002-09-18 05:11 . 2002-09-18 05:11 77824 c:\windows\system32\drivers\SioUi2k.dll+ 2002-09-17 14:11 . 2002-09-17 14:11 77824 c:\windows\system32\drivers\SioUi2k.dll+ 2004-02-10 20:29 . 2004-02-10 20:29 48076 c:\windows\system32\drivers\Sio9502k.sys- 2004-02-11 11:29 . 2004-02-11 11:29 48076 c:\windows\system32\drivers\Sio9502k.sys- 2002-09-23 05:30 . 2002-09-23 05:30 40960 c:\windows\system32\drivers\SCTray.exe+ 2007-01-12 03:22 . 2007-01-12 03:22 40960 c:\windows\system32\drivers\SCTray.exe- 2003-04-28 23:31 . 2003-04-28 23:31 51169 c:\windows\system32\drivers\OXSER.SYS+ 2003-04-28 08:31 . 2003-04-28 08:31 51169 c:\windows\system32\drivers\OXSER.SYS+ 2006-11-21 20:41 . 2006-11-21 20:41 22416 c:\windows\system32\drivers\BTNetFilter.sys+ 2007-03-05 03:59 . 2007-03-05 03:59 18320 c:\windows\system32\drivers\btnetdrv.sys+ 2007-03-05 03:56 . 2007-03-05 03:56 35600 c:\windows\system32\drivers\BTHidMgr.sys+ 2007-03-05 04:01 . 2007-03-05 04:01 39184 c:\windows\system32\drivers\btcusb.sys+ 2007-03-05 04:00 . 2007-03-05 04:00 27792 c:\windows\system32\drivers\BlueletSCOAudio.sys+ 2007-03-05 03:51 . 2007-03-05 03:51 34576 c:\windows\system32\drivers\blueletaudio.sys+ 2007-03-05 04:00 . 2007-03-05 04:00 15632 c:\windows\system32\btinstall.dll+ 2007-04-21 12:52 . 2007-04-21 12:52 57426 c:\windows\system32\btfunc.dll+ 2009-06-17 15:39 . 2009-06-17 15:39 45056 c:\windows\Installer\{85B73D1A-EEEA-4F95-BA6F-7A8EC31D94F6}\BsolStartupShortcut_5F4A9C5DDE4741A284DAEED5CA08428B.exe+ 2009-06-17 15:39 . 2009-06-17 15:39 45056 c:\windows\Installer\{85B73D1A-EEEA-4F95-BA6F-7A8EC31D94F6}\BsolDesktopShortcut_5F4A9C5DDE4741A284DAEED5CA08428B.exe+ 2009-06-17 15:39 . 2009-06-17 15:39 45056 c:\windows\Installer\{85B73D1A-EEEA-4F95-BA6F-7A8EC31D94F6}\BlueSoleilShortcut_A4441B3FD7624BD9B8E935C7D26B381D.exe+ 2009-06-18 07:47 . 2009-06-18 07:47 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll- 2009-06-15 18:42 . 2009-06-15 18:42 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll- 2009-06-15 18:42 . 2009-06-15 18:42 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll+ 2009-06-17 15:39 . 2009-06-17 15:39 8854 c:\windows\Installer\{85B73D1A-EEEA-4F95-BA6F-7A8EC31D94F6}\Uninstall_BlueSoleil_DA0C16B5026041ACAA4BA0D7EA548378.exe+ 2009-06-17 15:39 . 2009-06-17 15:39 3638 c:\windows\Installer\{85B73D1A-EEEA-4F95-BA6F-7A8EC31D94F6}\ARPPRODUCTICON.exe- 2004-09-21 16:18 . 2004-09-21 16:18 116021 c:\windows\system32\drivers\fw203x.sys+ 2004-09-21 01:18 . 2004-09-21 01:18 116021 c:\windows\system32\drivers\fw203x.sys- 2004-09-21 16:18 . 2004-09-21 16:18 148830 c:\windows\system32\drivers\bcbthub.sys+ 2004-09-21 01:18 . 2004-09-21 01:18 148830 c:\windows\system32\drivers\bcbthub.sys- 2009-06-15 18:42 . 2009-06-15 18:42 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll- 2009-06-15 18:42 . 2009-06-15 18:42 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll- 2009-06-15 18:42 . 2009-06-15 18:42 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll- 2009-06-15 18:42 . 2009-06-15 18:42 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll- 2009-06-15 18:42 . 2009-06-15 18:42 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll- 2009-06-15 18:42 . 2009-06-15 18:42 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll- 2009-06-15 18:42 . 2009-06-15 18:42 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll- 2009-06-15 18:42 . 2009-06-15 18:42 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll- 2009-06-15 18:42 . 2009-06-15 18:42 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll- 2009-06-15 18:42 . 2009-06-15 18:42 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll- 2009-06-15 18:42 . 2009-06-15 18:42 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll- 2009-06-15 18:42 . 2009-06-15 18:42 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll- 2009-06-15 18:42 . 2009-06-15 18:42 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll- 2009-06-15 18:42 . 2009-06-15 18:42 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll- 2009-06-15 18:42 . 2009-06-15 18:42 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll+ 2009-06-18 07:47 . 2009-06-18 07:47 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll- 2009-06-15 18:42 . 2009-06-15 18:42 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll.-- Migawka wyzerowana --.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]"Nowe Gadu-Gadu"="f:\program files\Gadu-Gadu\gg.exe" [2009-04-20 9818728]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]"EA Core"="f:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]"DAEMON Tools Lite"="f:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]"RGSC"="f:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-06-15 306088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"avast!"="f:\progra~1\Avast\Avast4\ashDisp.exe" [2009-02-05 81000]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 61440]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-22 16858112][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-05-28 181624][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\ASRock WiFi-802.11g.lnk - c:\program files\ASRock WiFi-802.11g\RtWLan.exe [2009-2-9 978944][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]2001-12-20 22:34 24576 ----a-w- f:\program files\AlienGUIse\fastload.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon] [bU][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\windows\system32\wbsys.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@=""[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="f:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="f:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="f:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="f:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="f:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3451:TCP"= 3451:TCP:gwkjqexgR1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-31 114768]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-31 20560]R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-02-09 99856]S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]S3 Start BT in service;Start BT in service;f:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 52080][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe".Zawartość folderu 'Zaplanowane zadania'2009-06-18 c:\windows\Tasks\NSSstub.job- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-28 20:03]..------- Skan uzupełniający -------.uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = *.localIE: Compare Prices with &Dealio - c:\documents and settings\GriX\Dane aplikacji\Dealio\kb127\res\DealioSearch.htmlIE: Dodaj do blokowanych banerówIE: E&ksport do programu Microsoft Excel - f:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\GriX\Dane aplikacji\Mozilla\Firefox\Profiles\ory7kj0p.default\FF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dllFF - plugin: f:\program files\Mozilla Firefox\plugins\np-mswmp.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-06-18 16:13Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-2000478354-73586283-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]@Denied: (Full) (LocalSystem)[HKEY_USERS\S-1-5-21-2000478354-73586283-725345543-1004\Software\SecuROM\License information*]"datasecu"=hex:b2,dd,3b,0d,1f,dd,c3,76,8c,fe,96,ce,33,61,7e,23,ec,46,9b,1d,4f, 6d,e9,e4,d3,ee,cd,14,71,40,5c,89,b4,dd,de,a2,6e,85,20,74,bf,ab,f6,ec,ca,fc,\"rkeysecu"=hex:8a,74,7b,44,bc,88,7a,d4,a9,33,64,8e,4d,0c,c9,d5.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(856)c:\windows\system32\Ati2evxx.dllf:\program files\AlienGUIse\fastload.dll- - - - - - - > 'explorer.exe'(3680)c:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\ati2evxx.exec:\windows\system32\ati2evxx.exef:\program files\Avast\Avast4\aswUpdSv.exef:\program files\Avast\Avast4\ashServ.exec:\windows\ATKKBService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\windows\system32\PnkBstrA.exec:\windows\system32\PnkBstrB.exef:\program files\Avast\Avast4\ashMaiSv.exef:\program files\Avast\Avast4\ashWebSv.exec:\windows\system32\wbem\wmiapsrv.exec:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exec:\windows\system32\wscntfy.exec:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exec:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.**************************************************************************.Czas ukończenia: 2009-06-18 16:17 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-06-18 14:17ComboFix2.txt 2009-06-16 19:27ComboFix3.txt 2009-06-16 12:24Przed: 62 269 734 912 bajtów wolnychPo: 62 159 101 952 bajtów wolnych307= ';
Gość komentarz 18 czerwca 2009 komentarz 18 czerwca 2009 Teraz jest czysto. 1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt. 2. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. .
GloomRelic komentarz 18 czerwca 2009 Autor komentarz 18 czerwca 2009 Strony już działają, dzięki wielkie, a to ten raport Malwarebytes' Anti-Malware 1.38Wersja bazy definicji: 2304Windows 5.1.2600 Dodatek Service Pack 32009-06-18 17:18:44mbam-log-2009-06-18 (17-18-44).txtTyp skanowania: Pełne skanowanie (C:\|E:\|F:\|)Przeskanowane obiekty: 219286Upłynęło: 47 minute(s), 8 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 0Zainfekowane wartości rejestru: 0Zainfekowane pliki rejestru: 0Zainfekowane foldery: 0Zainfekowane pliki: 3Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:(Nie wykryto groźnych plików)Zainfekowane wartości rejestru:(Nie wykryto groźnych plików)Zainfekowane pliki rejestru:(Nie wykryto groźnych plików)Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:c:\documents and settings\GriX\moje dokumenty\instalki z netu\SmileyCentralPFSetup2.2.60.11-2.ZNfox000.exe (Adware.MyWeb) -> Quarantined and deleted successfully.c:\system volume information\_restore{3ffb5e09-28aa-4923-954c-7023e116c029}\RP133\A0057834.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\zlib4.dll (Trojan.Agent) -> Quarantined and deleted successfully.= ';
GloomRelic komentarz 18 czerwca 2009 Autor komentarz 18 czerwca 2009 A, jeszcze chciałem wiedzieć, czemu te strony nie działały?
Gość komentarz 19 czerwca 2009 komentarz 19 czerwca 2009 Bo miałeś Rootkita, bardzo groźnego, które te strony blokował. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.