qwaqwa Napisano 25 Maja 2008 Zgłoś Napisano 25 Maja 2008 Proszę o pomoc w związku z tym robakiem, chce zaznaczyć ze przed pojawieniem sie Trojan-gena byłem posiadaczem Rootkita (coooL!), który zniknął na miejsce TYTULOWEGO robala. Nie powiem jak pozbylem sie Rootkita bo uzylem wszystkich polecanych programow. Widzialem tematy juz na temat tego robala, ale sa dosyć stare i mam nadzieje ze są mozliwe jakies latwiejsze metody "rzekomego" pozbycia go. Dodam tylko ze identyczne rzeczy dzieja sie na kompie kolegi czyli Rootkit>Trojan-gen Posiadam spybota i avasta, ale mialem tez inne programy ktore nie pomogly (moze to byly zle programy) ps. Jeszcze jedno, ten robal wgryza sie tylko w system czy mam wszystko zawirusowane....? (prosze o jezyk ktory zrozumie nie-zaawansowany uzytkownik) Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
Kolobos Napisano 25 Maja 2008 Zgłoś Napisano 25 Maja 2008 Daj log z combofix oraz podaj jaka nazwe ma zainfekowany plik i gdzie na dysku sie znajduje. Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
qwaqwa Napisano 25 Maja 2008 Zgłoś Napisano 25 Maja 2008 (edytowane) HEh po uruchomieniu programu ktory mi podales Avast przestal wykrywać robala w zwiazku z tym niemoge podac jego dokladnej lokalizacji. Napewno dawniej bylo to: C:\docume~1\Jacek\USTAWI~1\Temp\ "COŚ".kdll, oraz jakies CUŚ z "moem" - nie pamietam dokladnie - lipa troche - Może jeszcze sie uaktywni » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - ComboFix ComboFix 08-05-24.1 - Jacek 2008-05-25 12:22:12.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.1369 [GMT 2:00] Running from: E:\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo1.dll D:\Autorun.inf E:\Autorun.inf F:\Autorun.inf I:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NWSAPAGENT -------\Service_NwSapAgent ((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))) . 2008-05-24 01:07 . 2008-05-24 01:11 <DIR> d-------- C:\Program Files\FlashGet 2008-05-24 00:54 . 2008-05-24 08:10 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-05-24 00:54 . 2008-05-24 00:54 <DIR> d-------- C:\Documents and Settings\Jacek\Dane aplikacji\PC Tools 2008-05-24 00:54 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-05-24 00:54 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-05-24 00:54 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-05-24 00:54 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-05-22 16:35 . 2008-05-22 16:35 <DIR> d-------- C:\cos 2008-05-17 17:02 . 2008-05-17 17:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-17 14:25 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-05-17 14:15 . 2008-05-17 14:15 2,021,790 --a------ C:\WINDOWS\system32\2051.mht 2008-05-17 14:15 . 2008-05-17 14:15 185,824 --a------ C:\WINDOWS\system32\96a2.sys 2008-05-17 09:25 . 2008-05-17 09:26 <DIR> d-------- C:\Program Files\Panda Security 2008-05-15 22:31 . 2008-04-16 17:30 103,424 -r-hs---- C:\pa39xth.cmd 2008-05-14 07:35 . 2008-05-14 07:35 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-05-14 00:34 . 2008-05-14 00:36 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-04-26 12:19 . 2008-04-26 12:19 <DIR> d-------- C:\WINDOWS\system32\URTTEMP 2008-04-26 12:18 . 2008-04-26 12:18 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-26 12:18 . 2008-04-26 12:18 22,328 --a------ C:\Documents and Settings\Jacek\Dane aplikacji\PnkBstrK.sys 2008-04-26 12:17 . 2008-04-26 12:17 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-04-26 12:17 . 2008-04-26 12:18 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-04-26 12:17 . 2008-04-26 12:17 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-25 06:59 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-05-25 06:59 --------- d-----w C:\Program Files\SpeedFan 2008-05-24 13:01 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\OpenOffice.org2 2008-05-18 06:01 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-05-17 08:43 --------- d-----w C:\Program Files\SkanerOnline 2008-05-17 07:24 --------- d-----w C:\Program Files\ICQToolbar 2008-05-17 01:04 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\Skype 2008-05-15 21:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-15 20:29 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-04-22 00:32 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\U3 2008-04-19 18:36 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-04-18 20:00 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\Winamp 2008-04-18 19:41 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\MegauploadToolbar 2008-04-18 19:35 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\ICQ 2008-04-18 18:53 --------- d-----w C:\Program Files\Winamp Remote 2008-04-18 18:53 --------- d-----w C:\Program Files\Winamp 2008-04-18 18:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks 2008-04-15 20:27 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\gtk-2.0 2008-04-15 16:40 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\ICQ Toolbar 2008-04-07 00:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-05 09:05 --------- d-----w C:\Program Files\Office Mouse Driver 2008-04-02 19:25 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\Atari 2008-04-01 12:22 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-01 12:22 --------- d-----w C:\Program Files\DAEMON Tools 2008-04-01 12:22 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\DAEMON Tools 2008-03-26 22:26 --------- d-----w C:\Program Files\Google . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104] "TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2007-05-09 22:33 106904] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-03-25 04:59 507904] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "Fraps"="F:\PROGRAM FILES\FRAPS\FRAPS.EXE" [2008-01-14 14:53 913064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-06 03:30 1840128] "RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 09:06 868352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "combofix"="C:\WINDOWS\system32\CF5354.exe" [2006-03-02 14:00 395776] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] C:\Documents and Settings\Jacek\Menu Start\Programy\Autostart\ Skr˘t do Core Maximizer.lnk - F:\CoreMaximizer1.03\Core Maximizer.exe [2008-01-02 10:42:28 1740800] SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2007-09-17 19:04:02 2902528] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-13 17:52:12 67128] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-05 10:57:48 789008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "aux1"= ctwdm32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KamikazeKat] --------- 2008-01-24 13:22 283648 C:\Program Files\ScreenMates\kamikazekat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-09-13 14:31 22880040 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] F:\Steam\Steam.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "F:\\Diablo II\\Game.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "F:\\mmm\\3DMark05.exe"= "F:\\Program Files\\Quake III Arena\\quake3.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"= "F:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"= "F:\\Program Files\\ICQ6\\ICQ.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "F:\\Program Files\\Valve\\Steam\\SteamApps\\alacham\\counter-strike\\hl.exe"= "F:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "F:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "F:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53] R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 10:27] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 06:28] S0 02615;02615;C:\WINDOWS\system32\drivers\02615.SYS [] S1 44f16;44f16;C:\WINDOWS\system32\drivers\44f16.SYS [] S2 9ab17;9ab17;C:\WINDOWS\system32\drivers\9ab17.SYS [] S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc [] S3 96a2;96a2;C:\WINDOWS\system32\96a2.sys [2008-05-17 14:15] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Documents and Settings\Jacek\Pulpit\everestultimate420(dobreprogramy.pl)\kerneld.wnt [] S3 GGNYJCSMACO;GGNYJCSMACO;C:\DOCUME~1\Jacek\USTAWI~1\Temp\GGNYJCSMACO.exe [] S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-06 03:30] S3 RSFLXHWSDVZX;RSFLXHWSDVZX;C:\DOCUME~1\Jacek\USTAWI~1\Temp\RSFLXHWSDVZX.exe [] S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 17:55] S3 YWVQOPBMV;YWVQOPBMV;C:\DOCUME~1\Jacek\USTAWI~1\Temp\YWVQOPBMV.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75abd978-0b25-11dd-a97a-0018f38b78e0}] \Shell\AutoRun\command - J:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 12:25:57 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\C:\Documents and Settings\Jacek\Pulpit\everestultimate420(dobreprogramy.pl)\kerneld.wnt" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe . ************************************************************************** . Completion time: 2008-05-25 12:30:47 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-25 10:30:44 Pre-Run: 8,183,386,112 bajtów wolnych Post-Run: 8,583,852,032 bajt˘w wolnych 201 --- E O F --- 2008-05-17 01:01:29 Edytowane 25 Maja 2008 przez XaD_ Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
Kolobos Napisano 25 Maja 2008 Zgłoś Napisano 25 Maja 2008 Daj jeszcze log z SDFix zrobiony w trybie awaryjnym. Utworz tez na pulpicie plik CFScript.txt i wklej do niego: Driver:: 02615 44f16 9ab17 96a2 EverestDriver GGNYJCSMACO RSFLXHWSDVZX YWVQOPBMV File:: C:\WINDOWS\system32\2051.mht C:\WINDOWS\system32\96a2.sys C:\pa39xth.cmd Zapisz i przeciagnij go na ikone combofix i daj nowy log. Do tego "Zapobieganie infekcji z pendrive" z tej strony: http://www.searchengines.pl/Infekcje-z-pen...ych-t94761.html Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
qwaqwa Napisano 25 Maja 2008 Zgłoś Napisano 25 Maja 2008 (edytowane) OK, » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - ComboFix ComboFix 08-05-24.1 - Jacek 2008-05-25 20:26:44.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1541 [GMT 2:00] Running from: E:\ComboFix.exe Command switches used :: C:\Documents and Settings\Jacek\Pulpit\CFScript.txt.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\pa39xth.cmd C:\WINDOWS\system32\2051.mht C:\WINDOWS\system32\96a2.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\pa39xth.cmd C:\WINDOWS\system32\2051.mht C:\WINDOWS\system32\96a2.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_96A2 -------\Legacy_9AB17 -------\Legacy_EVERESTDRIVER -------\Legacy_GGNYJCSMACO -------\Legacy_RSFLXHWSDVZX -------\Legacy_YWVQOPBMV -------\Service_02615 -------\Service_44f16 -------\Service_96a2 -------\Service_9ab17 -------\Service_EverestDriver -------\Service_GGNYJCSMACO -------\Service_RSFLXHWSDVZX -------\Service_YWVQOPBMV ((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 ))))))))))))))))))))))))))))))) . 2008-05-25 20:12 . 2008-05-25 20:12 <DIR> d-------- C:\WINDOWS\ERUNT 2008-05-25 19:56 . 2008-05-25 19:56 <DIR> d-------- C:\SDFix 2008-05-25 14:35 . 2008-05-25 14:35 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2008-05-25 14:35 . 2008-05-25 14:35 <DIR> d-------- C:\Program Files\AGEIA Technologies 2008-05-24 01:07 . 2008-05-24 01:11 <DIR> d-------- C:\Program Files\FlashGet 2008-05-22 16:35 . 2008-05-22 16:35 <DIR> d-------- C:\cos 2008-05-17 17:02 . 2008-05-25 13:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-17 14:25 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-05-17 09:25 . 2008-05-17 09:26 <DIR> d-------- C:\Program Files\Panda Security 2008-05-14 07:35 . 2008-05-14 07:35 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-05-14 00:34 . 2008-05-14 00:36 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-04-26 12:19 . 2008-04-26 12:19 <DIR> d-------- C:\WINDOWS\system32\URTTEMP 2008-04-26 12:18 . 2008-04-26 12:18 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-26 12:18 . 2008-04-26 12:18 22,328 --a------ C:\Documents and Settings\Jacek\Dane aplikacji\PnkBstrK.sys 2008-04-26 12:17 . 2008-04-26 12:17 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe 2008-04-26 12:17 . 2008-04-26 12:18 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-04-26 12:17 . 2008-04-26 12:17 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-25 18:30 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-05-25 18:23 --------- d-----w C:\Program Files\SpeedFan 2008-05-25 12:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-25 11:59 --------- d-----w C:\Program Files\Google 2008-05-25 11:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-05-25 10:46 --------- d-----w C:\Program Files\ICQToolbar 2008-05-24 13:01 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\OpenOffice.org2 2008-05-17 08:43 --------- d-----w C:\Program Files\SkanerOnline 2008-05-17 01:04 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\Skype 2008-05-15 21:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-15 20:29 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-04-22 00:32 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\U3 2008-04-19 18:36 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-04-18 20:00 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\Winamp 2008-04-18 19:41 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\MegauploadToolbar 2008-04-18 19:35 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\ICQ 2008-04-18 18:53 --------- d-----w C:\Program Files\Winamp Remote 2008-04-18 18:53 --------- d-----w C:\Program Files\Winamp 2008-04-18 18:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks 2008-04-15 20:27 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\gtk-2.0 2008-04-15 16:40 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\ICQ Toolbar 2008-04-05 09:05 --------- d-----w C:\Program Files\Office Mouse Driver 2008-04-02 19:25 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\Atari 2008-04-01 12:22 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-01 12:22 --------- d-----w C:\Program Files\DAEMON Tools 2008-04-01 12:22 --------- d-----w C:\Documents and Settings\Jacek\Dane aplikacji\DAEMON Tools . ((((((((((((((((((((((((((((( snapshot@2008-05-25_12.30.30.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-25 10:25:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-25 18:29:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-23 01:54:18 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-05-25 18:12:55 7,856,128 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-05-25 18:12:55 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-05-23 01:54:18 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-05-25 18:12:54 7,856,128 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-05-25 18:12:54 167,936 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat + 2008-05-25 12:48:03 2,238 ----a-r C:\WINDOWS\Installer\{25F28E39-FDBB-11DB-8314-0800200C9A66}\MOHA.exe - 2007-07-23 08:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelFrench.dll + 2007-04-20 05:57:28 53,248 ----a-w C:\WINDOWS\system32\AgCPanelFrench.dll - 2007-07-23 08:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelGerman.dll + 2007-04-20 05:57:28 53,248 ----a-w C:\WINDOWS\system32\AgCPanelGerman.dll - 2007-07-23 08:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelJapanese.dll + 2007-04-20 05:57:28 53,248 ----a-w C:\WINDOWS\system32\AgCPanelJapanese.dll - 2007-07-23 08:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelKorean.dll + 2007-04-20 05:57:28 53,248 ----a-w C:\WINDOWS\system32\AgCPanelKorean.dll - 2007-07-23 08:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelPortugese.dll + 2007-04-20 05:57:28 53,248 ----a-w C:\WINDOWS\system32\AgCPanelPortugese.dll - 2007-07-23 08:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll + 2007-04-20 05:57:28 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll - 2007-07-23 08:03:32 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSpanish.dll + 2007-04-20 05:57:28 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSpanish.dll - 2007-07-23 08:03:32 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSwedish.dll + 2007-04-20 05:57:28 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSwedish.dll - 2007-07-23 08:03:32 53,248 ----a-w C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll + 2007-04-20 05:57:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll - 2007-07-24 07:20:06 207,405 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\app.bin + 2007-06-12 07:22:58 207,277 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\app.bin - 2007-05-16 07:42:42 122,249 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\diag.bin + 2007-04-16 07:24:38 122,249 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\diag.bin - 2007-07-25 07:30:38 214,141 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\app.bin + 2007-06-12 07:22:58 214,141 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\app.bin - 2007-05-16 07:42:44 105,981 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\diag.bin + 2007-07-10 09:13:42 113,313 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\diag.bin + 2008-05-25 11:02:11 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat - 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys + 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys + 2007-06-26 09:15:22 117,888 -c--a-w C:\WINDOWS\system32\DRVSTORE\PhysX32_28DEC1919B015F1DB41BE86D222D95CA59F30701\physX32.sys - 2007-09-13 08:45:50 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll + 2007-06-19 06:59:36 70,400 ----a-w C:\WINDOWS\system32\PhysXLoader.dll + 2008-05-25 18:29:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_71c.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39 2119104] "TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2007-05-09 22:33 106904] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-03-25 04:59 507904] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "Fraps"="F:\PROGRAM FILES\FRAPS\FRAPS.EXE" [2008-01-14 14:53 913064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232] "RivaTuner"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 20:05 2650112] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-03-16 09:06 868352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] C:\Documents and Settings\Jacek\Menu Start\Programy\Autostart\ Skr˘t do Core Maximizer.lnk - F:\CoreMaximizer1.03\Core Maximizer.exe [2008-01-02 10:42:28 1740800] SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2007-09-17 19:04:02 2902528] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-13 17:52:12 67128] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-05 10:57:48 789008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "aux1"= ctwdm32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KamikazeKat] --------- 2008-01-24 13:22 283648 C:\Program Files\ScreenMates\kamikazekat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-09-13 14:31 22880040 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] F:\Steam\Steam.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "F:\\Diablo II\\Game.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "F:\\mmm\\3DMark05.exe"= "F:\\Program Files\\Quake III Arena\\quake3.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"= "F:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"= "F:\\Program Files\\ICQ6\\ICQ.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "F:\\Program Files\\Valve\\Steam\\SteamApps\\alacham\\counter-strike\\hl.exe"= "F:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "F:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "F:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "F:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys [2007-05-18 21:53] R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys [2007-05-18 21:52] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-05-04 10:27] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 06:28] S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc [] S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 17:55] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75abd978-0b25-11dd-a97a-0018f38b78e0}] \Shell\AutoRun\command - J:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 20:30:27 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\nvsvc32.exe F:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe . ************************************************************************** . Completion time: 2008-05-25 20:34:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-25 18:34:21 ComboFix2.txt 2008-05-25 10:30:47 Pre-Run: 9,072,697,344 bajtów wolnych Post-Run: 9,066,303,488 bajt˘w wolnych 242 --- E O F --- 2008-05-17 01:01:29 » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - SDFix SDFix: Version 1.185 Run by Jacek on 2008-05-25 at 20:14 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-25 20:18:29 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:af,a0,0c,3a,af,c5,7e,f9,41,c7,51,ca,af,f4,2e,83,d8,5e,50,c7,ea,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:23,2e,6b,6c,23,55,40,e0,21,04,5b,95,8b,41,68,76,54,17,95,c1,3e,.. "a0"=hex:20,01,00,00,82,14,10,59,3a,8b,4a,ed,1e,4e,f5,82,a2,bf,31,46,34,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:b8,ee,ad,08,38,31,94,dc,a0,8c,b5,a3,24,a3,c8,99,6a,4a,c8,c3,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:24,76,01,9b,f9,ec,ba,7c,bc,bd,27,74,a2,33,81,d4,05,4a,cd,ca,fa,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:af,a0,0c,3a,af,c5,7e,f9,41,c7,51,ca,af,f4,2e,83,d8,5e,50,c7,ea,.. "p0"="C:\Program Files\DAEMON Tools Lite\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "khjeh"=hex:23,2e,6b,6c,23,55,40,e0,21,04,5b,95,8b,41,68,76,54,17,95,c1,3e,.. "a0"=hex:20,01,00,00,82,14,10,59,3a,8b,4a,ed,1e,4e,f5,82,a2,bf,31,46,34,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:b8,ee,ad,08,38,31,94,dc,a0,8c,b5,a3,24,a3,c8,99,6a,4a,c8,c3,01,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:24,76,01,9b,f9,ec,ba,7c,bc,bd,27,74,a2,33,81,d4,05,4a,cd,ca,fa,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "F:\\Diablo II\\Game.exe"="F:\\Diablo II\\Game.exe:*:Enabled:Diablo II" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "F:\\mmm\\3DMark05.exe"="F:\\mmm\\3DMark05.exe:*:Enabled:3DMark05" "F:\\Program Files\\Quake III Arena\\quake3.exe"="F:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"="C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup" "F:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"="F:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe:*:Enabled:Supreme Commander" "F:\\Program Files\\ICQ6\\ICQ.exe"="F:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6" "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb" "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray" "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "F:\\Program Files\\Valve\\Steam\\SteamApps\\alacham\\counter-strike\\hl.exe"="F:\\Program Files\\Valve\\Steam\\SteamApps\\alacham\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "F:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="F:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32" "F:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="F:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "F:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"="F:\\Program Files\\Codemasters\\DiRT\\DiRT.exe:*:Disabled:DiRT Executable" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget" "F:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="F:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" Remaining Files : File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Thu 2 Mar 2006 60,928 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Tue 6 Nov 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe" Tue 6 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 13 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\05030212059e1b9876d47b8cf2fa5e95\BIT1.tmp" Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Jacek\Dane aplikacji\U3\temp\Launchpad Removal.exe" Finished! (wogole to dzieki za fatyge) Edytowane 25 Maja 2008 przez XaD_ Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
Kolobos Napisano 25 Maja 2008 Zgłoś Napisano 25 Maja 2008 Juz wyglada ok. Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
