menina utworzono 1 grudnia 2008 utworzono 1 grudnia 2008 Witam skonczyla mi sie dzisiaj wersja testowa Gdata-chce go odistalowac i zainstalowac inny antywirus..., w kwarantannie znajduja sie wirusy--m.in 2 keyloggery i trojan o podobnym dzialaniu---jak odinstaljue g.data --to co sie stanie--wejda doo systemu czy usuna sie... sorry za takie banalne pytania ale po prostu nie wiem
Gość komentarz 1 grudnia 2008 komentarz 1 grudnia 2008 Usuń poprostu G-DATE, trojany itd. też powinny się usunąć. Po odinstalowaniu możesz pokazać log z ComboFixa.
menina komentarz 1 grudnia 2008 Autor komentarz 1 grudnia 2008 Nie umie sie obslugiwac tym combofix-mam go zainstalowanego ale nie widze go w programach tylko dopiero jak klikne na C-jest tam folder Combofix z milionem podfolderow i nie wiem co z tym zrobic..., a czy logi z hjthis wystarcza???
Gość komentarz 1 grudnia 2008 komentarz 1 grudnia 2008 Nie. Usuń tego i ściągnij nowego. Normalnie odpal.
menina komentarz 1 grudnia 2008 Autor komentarz 1 grudnia 2008 Logi z cobo fix 2008-12-01 14:45 . 2008-12-01 14:46 <DIR> d-------- c:\program files\a-squared Anti-Malware2008-12-01 14:20 . 2008-12-01 14:20 <DIR> d-------- c:\program files\ESET2008-12-01 13:52 . 2008-12-01 13:52 <DIR> d-------- c:\users\All Users\ESET2008-12-01 13:52 . 2008-12-01 13:52 <DIR> d-------- c:\programdata\ESET2008-12-01 12:03 . 2008-12-01 12:03 <DIR> d-------- c:\users\Kasia\DoctorWeb2008-11-28 12:54 . 2008-11-28 12:53 410,976 --a------ c:\windows\System32\deploytk.dll2008-11-28 12:31 . 2008-11-29 21:14 <DIR> d-------- c:\program files\Windows Live Toolbar2008-11-28 12:10 . 2008-11-28 12:27 <DIR> d-------- c:\program files\Windows Live2008-11-28 11:51 . 2008-11-28 11:51 <DIR> d-------- c:\program files\tmn2008-11-28 00:35 . 2008-11-28 00:35 2,608 --a------ c:\windows\System32\settings.aaw2008-11-28 00:35 . 2008-11-28 00:35 960 --a------ c:\windows\System32\history.aaw2008-11-27 23:43 . 2008-11-27 23:43 <DIR> d-------- c:\program files\Trend Micro2008-11-27 20:53 . 2008-11-28 14:59 81,984 --a------ c:\windows\System32\bdod.bin2008-11-27 20:43 . 2008-11-28 15:05 <DIR> d-------- c:\program files\Common Files\Softwin2008-11-27 17:33 . 2008-12-01 14:44 <DIR> d-a------ c:\users\All Users\TEMP2008-11-27 17:33 . 2008-12-01 14:44 <DIR> d-a------ c:\programdata\TEMP2008-11-27 17:28 . 2008-12-01 14:45 <DIR> d-------- c:\program files\Spyware Doctor2008-11-26 21:19 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll2008-11-26 21:19 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll2008-11-26 21:19 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll2008-11-26 21:19 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll2008-11-26 21:19 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll2008-11-26 21:19 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll2008-11-26 21:19 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll2008-11-16 19:58 . 2008-11-16 20:04 <DIR> d-------- c:\users\All Users\Lavasoft2008-11-16 19:58 . 2008-11-16 20:04 <DIR> d-------- c:\programdata\Lavasoft2008-11-16 19:58 . 2008-11-16 19:58 <DIR> d-------- c:\program files\Lavasoft2008-11-16 19:55 . 2008-11-16 19:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard2008-11-16 19:43 . 2008-12-01 13:41 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy2008-11-16 19:43 . 2008-12-01 13:41 <DIR> d-------- c:\programdata\Spybot - Search & Destroy2008-11-16 19:43 . 2008-12-01 13:41 <DIR> d-------- c:\program files\Spybot - Search & Destroy2008-11-15 09:46 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll2008-11-15 09:46 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll2008-11-15 09:46 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe2008-11-15 09:46 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll2008-11-15 09:44 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll2008-11-15 09:44 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll2008-11-15 09:44 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll2008-11-15 09:44 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll2008-11-15 09:44 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe2008-11-12 16:20 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll2008-11-12 16:20 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll2008-11-12 16:19 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll2008-11-12 16:19 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys2008-11-12 16:19 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll2008-11-01 01:34 . 2008-11-01 01:34 29,128 --a------ c:\windows\System32\drivers\GRD.sys2008-11-01 01:27 . 2008-11-01 01:27 50,888 --a------ c:\windows\System32\drivers\MiniIcpt.sys2008-11-01 01:26 . 2008-12-01 13:32 <DIR> d-------- c:\users\All Users\G DATA2008-11-01 01:26 . 2008-12-01 13:32 <DIR> d-------- c:\programdata\G DATA2008-11-01 01:25 . 2008-11-01 01:25 39,880 --a------ c:\windows\System32\drivers\gdwfpcd32.sys2008-11-01 01:23 . 2008-12-01 13:31 <DIR> d-------- c:\program files\G DATA2008-11-01 01:23 . 2008-12-01 13:31 <DIR> d-------- c:\program files\Common Files\G DATA2008-11-01 01:06 . 2008-11-01 01:06 <DIR> d-------- c:\program files\Alwil Software.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-29 20:21 --------- d-----w c:\programdata\Winamp Toolbar2008-11-28 14:17 --------- d-----w c:\program files\Common Files\GTK2008-11-28 11:53 --------- d-----w c:\program files\Java2008-11-28 11:07 --------- d-----w c:\programdata\WLInstaller2008-11-27 15:26 --------- d-----w c:\program files\SmokersCalc2008-11-26 22:09 --------- d-----w c:\users\Kasia\AppData\Roaming\Skype2008-11-26 15:06 --------- d-----w c:\users\Kasia\AppData\Roaming\skypePM2008-11-13 09:54 --------- d-----w c:\programdata\Microsoft Help2008-11-02 14:19 --------- d-----w c:\programdata\Kaspersky Lab2008-10-25 08:07 --------- d-----w c:\program files\Microsoft Silverlight2008-10-19 10:54 --------- d-----w c:\program files\Zeallsoft2008-10-17 07:52 --------- d-----w c:\program files\Windows Mail2008-10-07 10:22 --------- d-----w c:\users\Kasia\AppData\Roaming\.purple2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll2008-10-01 09:23 --------- d-----w c:\program files\Kaspersky Lab2008-10-01 09:14 --------- d-----w c:\programdata\Kaspersky Lab Setup Files2008-07-10 07:57 174 --sha-w c:\program files\desktop.ini2008-06-11 19:59 88 --sh--r c:\users\All Users\8ABB3FEBEC.sys2008-06-11 19:59 88 --sh--r c:\programdata\8ABB3FEBEC.sys2008-06-11 19:59 2,516 --sha-w c:\users\All Users\KGyGaAvL.sys2008-06-11 19:59 2,516 --sha-w c:\programdata\KGyGaAvL.sys2008-01-06 19:18 32 ----a-w c:\users\All Users\ezsid.dat2008-01-06 19:18 32 ----a-w c:\programdata\ezsid.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2008-11-20 2780816]"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 c:\windows\RtHDVCpl.exe][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UacDisableNotify"=dword:00000001"InternetSettingsDisableNotify"=dword:00000001"AutoUpdateDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{8017AD92-7E55-4741-B56F-30CEBD7E5E3A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{70FE5189-D535-4BBE-9A39-EEEF36268326}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD"{90F86335-FDE2-432C-A1E2-302F76DF594B}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb"{0EA85105-4A52-4C0C-871F-851EFAD4D340}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb"{21C5BE7C-5A1B-4806-BA48-4C80B8FCF45D}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray"{58F55B89-CF74-499A-AE02-CDEAB0E5AD9C}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray"{F1A6AE83-4B2A-443F-B099-BC0AAE26A103}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client"{CC285375-848D-4278-BB27-9C0EC1E91C1F}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client"{4ED5EC44-3824-438E-9DD7-4297EF93F7A8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)"TCP Query User{84FFB9B9-28F2-40CE-BF79-574582E97518}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{86E9E029-0CF0-4C39-BE05-1E1D4A60683D}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{0C14474A-BC1A-4303-9709-DF89D1E5D459}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny"UDP Query User{FC01DF39-3495-4C71-9638-EE6834041B99}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny"TCP Query User{5949DB2C-7771-4B71-9E26-B6CDC606B33D}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows"UDP Query User{83E59B09-C7E9-4A08-B472-BD617CA30D6A}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows"{599867B2-EAA2-4717-BA4C-31F20B8FD97F}"= Disabled:UDP:c:\program files\POL\POL.exe:Ardamax Keylogger"{FD8F318D-7018-4781-BE59-FD8A69D87F1E}"= Disabled:TCP:c:\program files\POL\POL.exe:Ardamax Keylogger"TCP Query User{98EF7061-85C1-4BFD-89D1-8A0AEEE3D2A0}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\polish\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\polish\setup.exe:Kaspersky Anti-Virus 7.0 Setup"UDP Query User{07DD879A-3F73-4E93-9C81-BDA8667D502D}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\polish\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\polish\setup.exe:Kaspersky Anti-Virus 7.0 Setup"{E33C4BA5-9308-4AD2-9F75-C0E36F210074}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2008-01-06 18:22:40 13560]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]S3 GTSCSER;GT SC SER;c:\windows\system32\DRIVERS\gtscser.sys [2007-11-30 21504]S3 ZSMC302;Conceptronic Chatcam;c:\windows\system32\Drivers\usbvm302.sys [2004-03-19 90968][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f781eb6-bd33-11dd-8f7b-000000000000}]\shell\AutoRun\command - F:\setup.exe AUTORUN=1.Zawartość folderu 'Zaplanowane zadania'2008-12-01 c:\windows\Tasks\User_Feed_Synchronization-{E620105F-3C30-4697-AF28-011B7E1FE827}.job- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-Acer Tour Reminder - (no file)HKLM-Run-LogitechSetup - e:\setup\Setup.exeHKLM-Run-Acer Tour - (no file)HKLM-Run-eRecoveryService - (no file).------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000c:\windows\Downloaded Program Files\Navy.dll - O16 -: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64}hxxp://67.15.101.33/g_bin/pl/navy_2_0_0_29.cabc:\windows\Downloaded Program Files\Navy.infc:\windows\Downloaded Program Files\words.dll - O16 -: {BFA1F11D-3121-AFE1-4112-894323212DAC}hxxp://67.15.101.33/g_bin/pl/words_2_0_0_51.cabc:\windows\Downloaded Program Files\words.inf.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-01 15:20:01Windows 6.0.6000 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... **************************************************************************. // Logi wstawiamy w tagi CODE // djarta
Gość komentarz 1 grudnia 2008 komentarz 1 grudnia 2008 Czemu masz kilka Antyvirusów.? W tym G-DATA + NOD + Kasper + Avast.? Jeśli chodzi o infekcję - czysto.
menina komentarz 1 grudnia 2008 Autor komentarz 1 grudnia 2008 humm--mam aktualnie jeden-nod32---moze musze recznie odinstalowac resztki z uzywanych wczesniej antywirusow .Narzuce sie jeszcze--jak to zrobic?
Gość komentarz 1 grudnia 2008 komentarz 1 grudnia 2008 Usuniemy po przez ComboFixa. Zostawię Ci tylko Eseta + Spyware Doctor + Malwarebytes + Doctor Web. Wklej do Notatnika: File::c:\windows\System32\drivers\GRD.sysc:\windows\System32\drivers\MiniIcpt.sysc:\windows\System32\drivers\gdwfpcd32.sysFolder::c:\program files\Spyware Doctorc:\users\All Users\Lavasoftc:\programdata\Lavasoftc:\program files\Lavasoftc:\users\All Users\Spybot - Search & Destroyc:\programdata\Spybot - Search & Destroyc:\program files\Spybot - Search & Destroyc:\users\All Users\G DATAc:\programdata\G DATAc:\program files\G DATAc:\program files\Common Files\G DATAc:\program files\Alwil Softwarec:\program files\Kaspersky Labc:\programdata\Kaspersky Lab Setup Files >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.
menina komentarz 1 grudnia 2008 Autor komentarz 1 grudnia 2008 tutaj sa logi po usunieciu omboFix 08-11-30.02 - Kasia 2008-12-01 17:07:45.2 - NTFSx86Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.1045.18.157 [GMT 1:00]Uruchomiony z: D:\ComboFix.exeUżyto następujących komend :: c:\users\Kasia\Desktop\CFScript.txt * Resident AV is activeFILE ::c:\windows\System32\drivers\gdwfpcd32.sysc:\windows\System32\drivers\GRD.sysc:\windows\System32\drivers\MiniIcpt.sys.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\Alwil Softwarec:\program files\Alwil Software\Avast4\Setup\setup.inic:\program files\Common Files\G DATAc:\program files\G DATAc:\program files\Kaspersky Labc:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\aphish.pplc:\program files\Lavasoftc:\program files\Lavasoft\Ad-Aware\AAWLic.exec:\program files\Lavasoft\Ad-Aware\aawservice.exec:\program files\Lavasoft\Ad-Aware\AAWTray.exec:\program files\Lavasoft\Ad-Aware\Ad-Aware.exec:\program files\Lavasoft\Ad-Aware\Ad-Watch.exec:\program files\Lavasoft\Ad-Aware\alert.wavc:\program files\Lavasoft\Ad-Aware\CEAPI.dllc:\program files\Lavasoft\Ad-Aware\Help\Ad-Awaremanual-EN.chmc:\program files\Lavasoft\Ad-Aware\Lang\DE.lslangc:\program files\Lavasoft\Ad-Aware\Lang\EN.lslangc:\program files\Lavasoft\Ad-Aware\Lang\ES.lslangc:\program files\Lavasoft\Ad-Aware\Lang\FL.lslangc:\program files\Lavasoft\Ad-Aware\Lang\FR.lslangc:\program files\Lavasoft\Ad-Aware\Lang\IT.lslangc:\program files\Lavasoft\Ad-Aware\Lang\NL.lslangc:\program files\Lavasoft\Ad-Aware\Lang\PT.lslangc:\program files\Lavasoft\Ad-Aware\lavalicense.dllc:\program files\Lavasoft\Ad-Aware\lavamessage.dllc:\program files\Lavasoft\Ad-Aware\lsupdatemanager.exec:\program files\Lavasoft\Ad-Aware\pkarchive85u.dllc:\program files\Lavasoft\Ad-Aware\Skin\Ad-Aware 2008.LGFFc:\program files\Lavasoft\Ad-Aware\Skin\Carbon.LGFFc:\program files\Lavasoft\Ad-Aware\Skin\Hawaii.LGFFc:\program files\Lavasoft\Ad-Aware\Skin\Metal.LGFFc:\program files\Lavasoft\Ad-Aware\Skin\Pink Friday.LGFFc:\program files\Lavasoft\Ad-Aware\Skin\Sedona.LGFFc:\program files\Lavasoft\Ad-Aware\threatwork.exec:\program files\Lavasoft\Ad-Aware\unrar.dllc:\program files\Lavasoft\Ad-Aware\update.dllc:\program files\Lavasoft\Ad-Aware\upmanager.dllc:\program files\Spybot - Search & Destroyc:\program files\Spybot - Search & Destroy\advcheck.dllc:\program files\Spybot - Search & Destroy\SDHelper.dllc:\program files\Spybot - Search & Destroy\Tools.dllc:\program files\Spyware Doctorc:\program files\Spyware Doctor\PCTWSC.dllc:\program files\Spyware Doctor\smumhook.dllc:\programdata\G DATAc:\programdata\Kaspersky Lab Setup Filesc:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\Polish\kav.pl.msic:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\Polish\setup.exec:\programdata\Lavasoftc:\programdata\Lavasoft\Ad-Aware\ad-aware01.datc:\programdata\Lavasoft\Ad-Aware\core.aawdefc:\programdata\Lavasoft\Ad-Aware\history.aawc:\programdata\Lavasoft\Ad-Aware\logs\aawlog.xslc:\programdata\Lavasoft\Ad-Aware\logs\Ad-Aware 20081201 13-51-09.log.xmlc:\programdata\Lavasoft\Ad-Aware\logs\Ad-Aware event.logc:\programdata\Lavasoft\Ad-Aware\logs\Update.logc:\programdata\Lavasoft\Ad-Aware\news.datc:\programdata\Lavasoft\Ad-Aware\PubKey.keyc:\programdata\Lavasoft\Ad-Aware\settings.aawc:\programdata\Lavasoft\Ad-Aware\Settings.inic:\programdata\Lavasoft\Ad-Aware\ThreatWork.lstc:\programdata\Lavasoft\Ad-Aware\update\backup\aawservice.exe.oldc:\programdata\Lavasoft\Ad-Aware\update\backup\Ad-Aware.exe.oldc:\programdata\Lavasoft\Ad-Aware\update\backup\CEAPI.dll.oldc:\programdata\Lavasoft\Ad-Aware\update\backup\Help\Ad-Awaremanual-EN.chm.oldc:\programdata\Lavasoft\Ad-Aware\update\backup\Lang\EN.lslang.oldc:\programdata\Lavasoft\Ad-Aware\update\new\aawservice.exe.newc:\programdata\Lavasoft\Ad-Aware\update\new\Ad-Aware.exe.newc:\programdata\Lavasoft\Ad-Aware\update\new\CEAPI.dll.newc:\programdata\Lavasoft\Ad-Aware\update\new\Help\Ad-Awaremanual-EN.chm.newc:\programdata\Lavasoft\Ad-Aware\update\new\Lang\EN.lslang.newc:\programdata\Lavasoft\MiniMessage\2c:\programdata\Spybot - Search & Destroyc:\programdata\Spybot - Search & Destroy\Logs\Checks.081116-2015.logc:\programdata\Spybot - Search & Destroy\Logs\Checks.081116-2116.txtc:\programdata\Spybot - Search & Destroy\Logs\Checks.081118-1617.logc:\programdata\Spybot - Search & Destroy\Logs\Checks.081118-1619.logc:\programdata\Spybot - Search & Destroy\Logs\Checks.081118-1619.txtc:\programdata\Spybot - Search & Destroy\Logs\Checks.081118-1738.txtc:\programdata\Spybot - Search & Destroy\Logs\Checks.081123-2119.logc:\programdata\Spybot - Search & Destroy\Logs\Checks.081123-2140.txtc:\programdata\Spybot - Search & Destroy\Logs\Checks.081125-1650.logc:\programdata\Spybot - Search & Destroy\Logs\Checks.081125-1756.txtc:\programdata\Spybot - Search & Destroy\Logs\Checks.081127-1642.logc:\programdata\Spybot - Search & Destroy\Logs\Checks.081127-1755.txtc:\programdata\Spybot - Search & Destroy\Logs\Checks.081201-1147.logc:\programdata\Spybot - Search & Destroy\Logs\Checks.081201-1232.txtc:\programdata\Spybot - Search & Destroy\Logs\Fixes.081116-2135.txtc:\programdata\Spybot - Search & Destroy\Logs\Fixes.081118-1741.txtc:\programdata\Spybot - Search & Destroy\Logs\Fixes.081118-1752.txtc:\programdata\Spybot - Search & Destroy\Logs\Fixes.081125-1906.txtc:\programdata\Spybot - Search & Destroy\Logs\Fixes.081125-1911.txtc:\programdata\Spybot - Search & Destroy\Logs\Update downloads.logc:\programdata\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zipc:\users\All Users\Lavasoft\Ad-Aware\ad-aware01.datc:\users\All Users\Lavasoft\Ad-Aware\core.aawdefc:\users\All Users\Lavasoft\Ad-Aware\history.aawc:\users\All Users\Lavasoft\Ad-Aware\logs\aawlog.xslc:\users\All Users\Lavasoft\Ad-Aware\logs\Ad-Aware 20081201 13-51-09.log.xmlc:\users\All Users\Lavasoft\Ad-Aware\logs\Ad-Aware event.logc:\users\All Users\Lavasoft\Ad-Aware\logs\Update.logc:\users\All Users\Lavasoft\Ad-Aware\news.datc:\users\All Users\Lavasoft\Ad-Aware\PubKey.keyc:\users\All Users\Lavasoft\Ad-Aware\settings.aawc:\users\All Users\Lavasoft\Ad-Aware\Settings.inic:\users\All Users\Lavasoft\Ad-Aware\ThreatWork.lstc:\users\All Users\Lavasoft\Ad-Aware\update\backup\aawservice.exe.oldc:\users\All Users\Lavasoft\Ad-Aware\update\backup\Ad-Aware.exe.oldc:\users\All Users\Lavasoft\Ad-Aware\update\backup\CEAPI.dll.oldc:\users\All Users\Lavasoft\Ad-Aware\update\backup\Help\Ad-Awaremanual-EN.chm.oldc:\users\All Users\Lavasoft\Ad-Aware\update\backup\Lang\EN.lslang.oldc:\users\All Users\Lavasoft\Ad-Aware\update\new\aawservice.exe.newc:\users\All Users\Lavasoft\Ad-Aware\update\new\Ad-Aware.exe.newc:\users\All Users\Lavasoft\Ad-Aware\update\new\CEAPI.dll.newc:\users\All Users\Lavasoft\Ad-Aware\update\new\Help\Ad-Awaremanual-EN.chm.newc:\users\All Users\Lavasoft\Ad-Aware\update\new\Lang\EN.lslang.newc:\users\All Users\Lavasoft\MiniMessage\2c:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081116-2015.logc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081116-2116.txtc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081118-1617.logc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081118-1619.logc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081118-1619.txtc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081118-1738.txtc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081123-2119.logc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081123-2140.txtc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081125-1650.logc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081125-1756.txtc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081127-1642.logc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081127-1755.txtc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081201-1147.logc:\users\All Users\Spybot - Search & Destroy\Logs\Checks.081201-1232.txtc:\users\All Users\Spybot - Search & Destroy\Logs\Fixes.081116-2135.txtc:\users\All Users\Spybot - Search & Destroy\Logs\Fixes.081118-1741.txtc:\users\All Users\Spybot - Search & Destroy\Logs\Fixes.081118-1752.txtc:\users\All Users\Spybot - Search & Destroy\Logs\Fixes.081125-1906.txtc:\users\All Users\Spybot - Search & Destroy\Logs\Fixes.081125-1911.txtc:\users\All Users\Spybot - Search & Destroy\Logs\Update downloads.logc:\users\All Users\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zipc:\windows\System32\drivers\gdwfpcd32.sysc:\windows\System32\drivers\GRD.sysc:\windows\System32\drivers\MiniIcpt.sys.((((((((((((((((((((((((( Pliki utworzone od 2008-11-01 do 2008-12-01 ))))))))))))))))))))))))))))))).2008-12-01 14:45 . 2008-12-01 17:04 <DIR> d-------- c:\program files\a-squared Anti-Malware2008-12-01 14:20 . 2008-12-01 14:20 <DIR> d-------- c:\program files\ESET2008-12-01 13:52 . 2008-12-01 13:52 <DIR> d-------- c:\users\All Users\ESET2008-12-01 13:52 . 2008-12-01 13:52 <DIR> d-------- c:\programdata\ESET2008-12-01 12:03 . 2008-12-01 12:03 <DIR> d-------- c:\users\Kasia\DoctorWeb2008-11-28 12:54 . 2008-11-28 12:53 410,976 --a------ c:\windows\System32\deploytk.dll2008-11-28 12:31 . 2008-11-29 21:14 <DIR> d-------- c:\program files\Windows Live Toolbar2008-11-28 12:10 . 2008-11-28 12:27 <DIR> d-------- c:\program files\Windows Live2008-11-28 11:51 . 2008-11-28 11:51 <DIR> d-------- c:\program files\tmn2008-11-28 00:35 . 2008-11-28 00:35 2,608 --a------ c:\windows\System32\settings.aaw2008-11-28 00:35 . 2008-11-28 00:35 960 --a------ c:\windows\System32\history.aaw2008-11-27 23:43 . 2008-11-27 23:43 <DIR> d-------- c:\program files\Trend Micro2008-11-27 20:53 . 2008-11-28 14:59 81,984 --a------ c:\windows\System32\bdod.bin2008-11-27 20:43 . 2008-11-28 15:05 <DIR> d-------- c:\program files\Common Files\Softwin2008-11-27 17:33 . 2008-12-01 14:44 <DIR> d-a------ c:\users\All Users\TEMP2008-11-27 17:33 . 2008-12-01 14:44 <DIR> d-a------ c:\programdata\TEMP2008-11-26 21:19 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll2008-11-26 21:19 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll2008-11-26 21:19 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll2008-11-26 21:19 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll2008-11-26 21:19 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll2008-11-26 21:19 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll2008-11-26 21:19 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll2008-11-16 19:55 . 2008-11-16 19:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard2008-11-15 09:46 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll2008-11-15 09:46 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll2008-11-15 09:46 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe2008-11-15 09:46 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll2008-11-15 09:44 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll2008-11-15 09:44 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll2008-11-15 09:44 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll2008-11-15 09:44 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll2008-11-15 09:44 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe2008-11-12 16:20 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll2008-11-12 16:20 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll2008-11-12 16:19 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll2008-11-12 16:19 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys2008-11-12 16:19 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-29 20:21 --------- d-----w c:\programdata\Winamp Toolbar2008-11-28 14:17 --------- d-----w c:\program files\Common Files\GTK2008-11-28 11:53 --------- d-----w c:\program files\Java2008-11-28 11:07 --------- d-----w c:\programdata\WLInstaller2008-11-27 15:26 --------- d-----w c:\program files\SmokersCalc2008-11-26 22:09 --------- d-----w c:\users\Kasia\AppData\Roaming\Skype2008-11-26 15:06 --------- d-----w c:\users\Kasia\AppData\Roaming\skypePM2008-11-13 09:54 --------- d-----w c:\programdata\Microsoft Help2008-11-02 14:19 --------- d-----w c:\programdata\Kaspersky Lab2008-10-25 08:07 --------- d-----w c:\program files\Microsoft Silverlight2008-10-19 10:54 --------- d-----w c:\program files\Zeallsoft2008-10-17 07:52 --------- d-----w c:\program files\Windows Mail2008-10-07 10:22 --------- d-----w c:\users\Kasia\AppData\Roaming\.purple2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys2008-07-10 07:57 174 --sha-w c:\program files\desktop.ini2008-06-11 19:59 88 --sh--r c:\users\All Users\8ABB3FEBEC.sys2008-06-11 19:59 88 --sh--r c:\programdata\8ABB3FEBEC.sys2008-06-11 19:59 2,516 --sha-w c:\users\All Users\KGyGaAvL.sys2008-06-11 19:59 2,516 --sha-w c:\programdata\KGyGaAvL.sys2008-01-06 19:18 32 ----a-w c:\users\All Users\ezsid.dat2008-01-06 19:18 32 ----a-w c:\programdata\ezsid.dat.((((((((((((((((((((((((((((( snapshot@2008-12-01_15.25.49,80 ))))))))))))))))))))))))))))))))))))))))).- 2008-12-01 14:19:23 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT+ 2008-12-01 16:21:25 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT+ 2008-12-01 16:21:25 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1- 2008-12-01 14:20:17 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT+ 2008-12-01 16:21:25 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT+ 2008-12-01 16:21:25 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1- 2008-12-01 13:28:24 11,402 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231135412-2650962981-1340086634-1003_UserData.bin+ 2008-12-01 16:22:47 11,574 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3231135412-2650962981-1340086634-1003_UserData.bin- 2008-12-01 13:28:24 70,956 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin+ 2008-12-01 16:22:47 71,122 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin- 2008-12-01 13:27:58 62,600 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin+ 2008-12-01 16:22:41 63,632 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2008-11-20 2780816]"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 c:\windows\RtHDVCpl.exe][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UacDisableNotify"=dword:00000001"InternetSettingsDisableNotify"=dword:00000001"AutoUpdateDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{8017AD92-7E55-4741-B56F-30CEBD7E5E3A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{70FE5189-D535-4BBE-9A39-EEEF36268326}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD"{90F86335-FDE2-432C-A1E2-302F76DF594B}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb"{0EA85105-4A52-4C0C-871F-851EFAD4D340}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb"{21C5BE7C-5A1B-4806-BA48-4C80B8FCF45D}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray"{58F55B89-CF74-499A-AE02-CDEAB0E5AD9C}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray"{F1A6AE83-4B2A-443F-B099-BC0AAE26A103}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client"{CC285375-848D-4278-BB27-9C0EC1E91C1F}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client"{4ED5EC44-3824-438E-9DD7-4297EF93F7A8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)"TCP Query User{84FFB9B9-28F2-40CE-BF79-574582E97518}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{86E9E029-0CF0-4C39-BE05-1E1D4A60683D}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{0C14474A-BC1A-4303-9709-DF89D1E5D459}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny"UDP Query User{FC01DF39-3495-4C71-9638-EE6834041B99}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny"TCP Query User{5949DB2C-7771-4B71-9E26-B6CDC606B33D}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows"UDP Query User{83E59B09-C7E9-4A08-B472-BD617CA30D6A}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows"{599867B2-EAA2-4717-BA4C-31F20B8FD97F}"= Disabled:UDP:c:\program files\POL\POL.exe:Ardamax Keylogger"{FD8F318D-7018-4781-BE59-FD8A69D87F1E}"= Disabled:TCP:c:\program files\POL\POL.exe:Ardamax Keylogger"TCP Query User{98EF7061-85C1-4BFD-89D1-8A0AEEE3D2A0}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\polish\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\polish\setup.exe:Kaspersky Anti-Virus 7.0 Setup"UDP Query User{07DD879A-3F73-4E93-9C81-BDA8667D502D}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\polish\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\polish\setup.exe:Kaspersky Anti-Virus 7.0 Setup"{E33C4BA5-9308-4AD2-9F75-C0E36F210074}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2008-01-06 18:22:40 13560]R2 BcmSqlStartupSvc;Usługa startowa serwera SQL dodatku Business Contact Manager;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]S3 GTSCSER;GT SC SER;c:\windows\system32\DRIVERS\gtscser.sys [2007-11-30 21504]S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]S3 ZSMC302;Conceptronic Chatcam;c:\windows\system32\Drivers\usbvm302.sys [2004-03-19 90968][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f781eb6-bd33-11dd-8f7b-000000000000}]\shell\AutoRun\command - F:\setup.exe AUTORUN=1.Zawartość folderu 'Zaplanowane zadania'2008-12-01 c:\windows\Tasks\User_Feed_Synchronization-{E620105F-3C30-4697-AF28-011B7E1FE827}.job- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45].**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-01 17:21:35Windows 6.0.6000 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... **************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'Explorer.exe'(5648)c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dllc:\windows\system32\MsnChatHook.dllc:\windows\system32\ShowErrMsg.dllc:\windows\system32\sysenv.dllc:\windows\system32\BatchCrypto.dllc:\windows\system32\CryptoAPI.dllc:\windows\system32\keyManager.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exec:\windows\System32\audiodg.exec:\program files\a-squared Anti-Malware\a2service.exec:\acer\Empowering Technology\eDataSecurity\eDSService.exec:\program files\ESET\ESET NOD32 Antivirus\ekrn.exec:\acer\Empowering Technology\eLock\Service\eLockServ.exec:\acer\Empowering Technology\eNet\eNet Service.exec:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\acer\Mobility Center\MobilityService.exec:\program files\CyberLink\Shared Files\RichVideo.exec:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exec:\windows\System32\drivers\XAudio.exec:\acer\Empowering Technology\eRecovery\eRecoveryService.exec:\acer\Empowering Technology\eSettings\Service\capuserv.exec:\acer\Empowering Technology\ePower\ePowerSvc.exec:\windows\System32\wbem\unsecapp.exec:\windows\System32\conime.exec:\program files\Launch Manager\LManager.exec:\windows\System32\igfxsrvc.exec:\program files\tmn\tmn\tmn.exec:\program files\Windows Media Player\wmpnetwk.exec:\acer\Empowering Technology\eNet\eNMTray.exec:\acer\Empowering Technology\ePower\ePower_DMC.exec:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exec:\acer\Empowering Technology\eRecovery\eRAgent.exec:\users\Kasia\AppData\Local\Temp\RtkBtMnt.exec:\windows\System32\igfxext.exec:\windows\System32\igfxsrvc.exec:\program files\Logitech\QuickCam10\COCIManager.exec:\windows\servicing\TrustedInstaller.exec:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exec:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe.**************************************************************************.Czas ukończenia: 2008-12-01 17:31:09 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2008-12-01 16:28:41ComboFix2.txt 2008-12-01 14:28:50Przed: 22 335 135 744 bajtów wolnychPo: 22,227,619,840 bajtów wolnych387 --- E O F --- 2008-12-01 15:28:57
menina komentarz 1 grudnia 2008 Autor komentarz 1 grudnia 2008 Dziekuje Ci bardzo za pomoc!!!!!1 Pozdrawiam!!!!!!
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.