Disallowed Program/Driver [128017]
nikt - 2009-10-23, 20:14
Mam problem z kickowanie przez xray.
Nie pomaga mi wylaczenie xfire ,przeinstalowaniu sterownikow, wyczyszczenie kompa z wirusow czy ktos ma jakis pomysl zeby mnie nie kickowalo
Eth3r - 2009-10-23, 21:28
http://www.xraygaming.com/forums/showthread.php?t=9456
Czasami wystarczy poszukać ;)
nikt - 2009-10-23, 22:27
o to chodzi ze nic co tam jest wymienione nie dziala patrz @up xD
r4m1k* - 2009-10-24, 07:44
Wstaw loga z combofixa.
nikt - 2009-10-24, 09:20
Kod: Zaznacz całyComboFix 09-10-23.01 - RiDeR 2009-10-24 10:58.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1220 [GMT 2:00]
Uruchomiony z: c:\documents and settings\RiDeR\Pulpit\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\burnlib.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\dsp_sps.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_aacplus.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_flac.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_flake.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_lame.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_vorbis.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_wav.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_wma.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\gen_crasher.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\gen_dropbox.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\gen_ff.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\gen_hotkeys.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\gen_ml.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\gen_tray.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_cdda.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_dshow.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_flac.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_flv.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_linein.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_midi.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_mod.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_mp3.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_mp4.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_nsv.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_swf.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_vorbis.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_wav.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_wave.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_wm.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_wv.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_autotag.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_bookmarks.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_disc.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_history.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_impex.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_local.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_nowplaying.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_online.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_playlists.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_plg.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_pmp.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_rg.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_transcode.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_wire.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\out_disk.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\out_ds.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\out_wave.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\playlist.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\pmp_activesync.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\pmp_ipod.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\pmp_njb.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\pmp_p4s.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\pmp_usb.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\tagz.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\vis_avs.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\vis_milk2.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\vis_nsfs.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\winamp.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\winampa.lng
c:\documents and settings\RiDeR\Dane aplikacji\wiaserva.log
c:\documents and settings\RiDeR\Menu Start\Programy\Autostart\ikowin32.exe
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\burnlib.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\dsp_sps.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_aacplus.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_flac.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_flake.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_lame.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_vorbis.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_wav.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_wma.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\gen_crasher.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\gen_dropbox.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\gen_ff.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\gen_hotkeys.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\gen_ml.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\gen_tray.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_cdda.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_dshow.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_flac.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_flv.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_linein.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_midi.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_mod.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_mp3.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_mp4.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_nsv.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_swf.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_vorbis.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_wav.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_wave.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_wm.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_wv.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_autotag.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_bookmarks.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_disc.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_history.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_impex.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_local.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_nowplaying.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_online.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_playlists.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_plg.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_pmp.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_rg.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_transcode.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_wire.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\out_disk.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\out_ds.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\out_wave.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\playlist.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\pmp_activesync.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\pmp_ipod.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\pmp_njb.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\pmp_p4s.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\pmp_usb.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\tagz.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\vis_avs.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\vis_milk2.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\vis_nsfs.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\winamp.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\winampa.lng
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\winlogon.exe . . . jest zainfekowany!!
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_glaide32
((((((((((((((((((((((((( Pliki utworzone od 2009-09-24 do 2009-10-24 )))))))))))))))))))))))))))))))
.
2009-10-23 18:16 . 2009-10-23 18:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-10-23 17:11 . 2009-10-23 17:15 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-10-15 15:08 . 2009-10-15 15:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-10-15 13:18 . 2009-10-15 13:18 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-10-15 13:16 . 2009-10-15 15:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-14 23:58 . 2009-10-14 23:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-10-12 18:40 . 2009-10-23 20:20 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-10-12 18:40 . 2009-10-23 20:20 -------- d-----w- c:\program files\ALLPlayer
2009-10-12 13:31 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-12 13:31 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-12 13:31 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-12 13:31 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-12 13:31 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-12 13:31 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-12 13:31 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-10-04 19:56 . 2009-10-04 19:56 -------- d-----w- c:\documents and settings\RiDeR\Ustawienia lokalne\Dane aplikacji\World in Conflict
2009-09-28 15:23 . 2009-09-28 15:23 -------- d-----w- c:\program files\Gravity
2009-09-27 16:19 . 2009-09-27 16:19 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-26 20:28 . 2009-09-26 20:28 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-09-26 20:15 . 2009-09-26 20:15 -------- d-----w- c:\program files\EA Games
2009-09-25 15:25 . 2009-09-25 17:39 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\Winamp
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 08:28 . 2009-08-18 21:22 -------- d-----w- c:\program files\Steam
2009-10-23 23:26 . 2009-07-20 10:55 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\Xfire
2009-10-23 21:53 . 2009-07-20 12:30 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-23 21:53 . 2009-07-20 12:29 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-23 21:34 . 2009-07-20 19:47 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\mIRC
2009-10-23 21:29 . 2009-07-20 19:47 -------- d-----w- c:\program files\mIRC
2009-10-23 20:23 . 2009-07-22 15:33 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\uTorrent
2009-10-23 20:22 . 2009-07-24 09:34 -------- d-----w- c:\program files\IrfanView
2009-10-23 20:21 . 2009-08-13 15:38 -------- d-----w- c:\program files\Mumble
2009-10-23 20:20 . 2009-07-20 10:35 -------- d-----w- c:\program files\Yahoo!
2009-10-23 20:20 . 2009-07-20 10:35 -------- d-----w- c:\program files\Common Files\Scanner
2009-10-23 20:19 . 2009-07-20 10:55 -------- d-----w- c:\program files\Xfire
2009-10-23 20:19 . 2009-07-22 17:33 -------- d-----w- c:\program files\SpeedFan
2009-10-23 20:18 . 2009-07-20 12:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\avg8
2009-10-23 20:18 . 2009-09-18 19:33 -------- d-----w- c:\program files\GG Ikony
2009-10-23 18:39 . 2009-07-20 10:33 -------- d-----w- c:\program files\Common Files\Logishrd
2009-10-23 18:39 . 2009-07-20 10:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LogiShrd
2009-10-23 18:38 . 2009-10-23 18:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-10-22 19:42 . 2009-07-20 12:09 -------- d-----w- c:\program files\Activision
2009-10-15 15:11 . 2009-07-28 12:46 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\DAEMON Tools Pro
2009-10-15 15:04 . 2009-07-28 12:33 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-15 14:58 . 2009-07-20 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 13:18 . 2009-07-28 12:59 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-10-15 13:18 . 2009-07-28 12:59 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-10-15 13:18 . 2009-07-20 13:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-15 13:18 . 2009-07-28 12:33 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\DAEMON Tools Lite
2009-10-14 08:56 . 2009-07-20 10:41 16504 ----a-w- c:\documents and settings\RiDeR\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-10-11 10:44 . 2009-09-14 14:36 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\skypePM
2009-09-27 16:19 . 2009-09-27 16:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 14:12 . 2009-07-20 10:38 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 14:12 . 2009-06-10 04:03 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12 . 2009-06-10 04:03 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12 . 2009-06-10 04:03 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12 . 2009-06-10 04:03 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 14:12 . 2007-04-12 15:44 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 14:12 . 2007-04-12 15:44 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 14:12 . 2007-04-12 15:44 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 14:12 . 2007-04-12 15:44 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 14:12 . 2007-04-12 15:44 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 14:12 . 2007-04-12 15:44 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-26 20:28 . 2009-07-20 12:30 139152 ----a-w- c:\documents and settings\RiDeR\Dane aplikacji\PnkBstrK.sys
2009-09-26 20:07 . 2009-09-14 14:17 -------- d-----w- c:\program files\Metin2_PL
2009-09-25 15:25 . 2009-07-20 11:56 -------- d-----w- c:\program files\Winamp
2009-09-24 07:24 . 2009-07-20 10:37 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-23 13:19 . 2009-09-23 13:19 -------- d-----w- c:\documents and settings\NetworkService\Dane aplikacji\Xfire Plus
2009-09-22 12:47 . 2009-07-20 10:33 -------- d-----w- c:\program files\Logitech
2009-09-15 14:48 . 2009-09-15 14:48 -------- d-----w- c:\program files\Alwil Software
2009-09-14 14:36 . 2009-09-14 14:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-14 14:33 . 2009-07-20 13:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2009-09-12 12:57 . 2009-08-13 15:38 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\Mumble
2009-09-11 19:37 . 2009-09-11 19:37 -------- d--h--r- c:\documents and settings\RiDeR\Dane aplikacji\SecuROM
2009-09-11 19:36 . 2009-09-11 19:26 69024 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-09-11 19:33 . 2006-03-02 12:00 83880 ----a-w- c:\windows\system32\perfc015.dat
2009-09-11 19:33 . 2006-03-02 12:00 490628 ----a-w- c:\windows\system32\perfh015.dat
2009-09-11 19:27 . 2009-09-11 19:27 -------- d-----w- c:\program files\AMD
2009-09-11 19:26 . 2009-09-11 19:26 -------- d-----w- c:\program files\MSBuild
2009-09-11 19:23 . 2009-09-11 19:23 -------- d-----w- c:\program files\Reference Assemblies
2009-09-10 10:37 . 2009-07-20 10:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-08 12:32 . 2009-07-27 08:23 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-09-05 15:08 . 2009-07-20 13:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-05 15:08 . 2009-09-05 15:08 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-05 15:08 . 2009-09-05 15:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation
2009-09-05 14:37 . 2009-08-30 19:02 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-01 09:47 . 2009-09-01 09:47 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\gtk-2.0
2009-08-26 16:52 . 2006-03-02 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-08-22 12:34 . 2006-03-02 12:00 504832 ----a-w- c:\windows\system32\winlogon.exe
2009-08-19 08:43 . 2009-07-20 12:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 08:43 . 2009-07-20 12:01 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 08:43 . 2009-07-20 12:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-11 12:27 . 2009-08-11 12:27 3133674 ----a-w- C:\cpl_cgd_map_crash_ineyes_RiDeR_9158917.zip
2009-08-09 15:13 . 2009-08-09 15:13 4879482 ----a-w- C:\cpl_mERC_bothmaps_ineyes_RiDeR_9152990.zip
2009-08-05 19:48 . 2009-08-05 14:41 0 ----a-w- c:\windows\system32\drivers\soqwx32.sys
2009-08-05 09:08 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 22:21 . 2009-08-02 22:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll
2009-07-29 10:53 . 2009-07-29 10:53 163840 ----a-w- c:\windows\um.dll
2009-07-29 10:12 . 2009-07-29 10:12 98304 ----a-w- c:\windows\system32CmdLineExt.dll
.
------- Sigcheck -------
[-] 2009-08-22 . 381221F69D1248864861889A64F100B6 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-27 12:35 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 877568]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-23 148888]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-20 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 08:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alien102471\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alien102471\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\RiDeR\\Ustawienia lokalne\\Dane aplikacji\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Metin2_PL\\metin2.bin"=
"c:\\Program Files\\Metin2_PL\\metin2client.bin"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-07-20 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-07-20 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-20 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-20 297752]
S1 soqwx32;soqwx32;c:\windows\system32\drivers\soqwx32.sys [2009-08-05 0]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-08-28 10664]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
FF - ProfilePath - c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2147396&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pgc.com.pl/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\{4d5b7775-6a80-4397-976c-fa46a4147905}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\RiDeR\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-NWEReboot - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 11:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-823518204-725345543-2050222586-1003\Software\securom\License information*]
"datasecu"=hex:d9,98,f8,c8,dc,47,6b,2b,4b,95,81,7f,0b,1e,be,f7,75,29,e5,6f,33,
d8,6f,8e,23,d5,a3,bc,1e,e9,af,c9,90,29,05,e6,90,35,ab,95,d4,d7,d0,62,72,09,\
"rkeysecu"=hex:61,f4,84,aa,a9,85,d9,d6,df,f9,7b,33,40,a7,39,e1
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(3496)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\combofix\CF3017.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Czas ukończenia: 2009-10-24 11:09 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-10-24 09:09
Przed: 37 652 725 760 bajtów wolnych
Po: 37 766 651 904 bajtów wolnych
- - End Of File - - FE398472EF4840C23B42E8A98ECD1BA5
r4m1k* - 2009-10-24, 10:59
Zacznij od czyszczenia systemu, rejestru, oraz usuń wirusy.
nikt - 2009-10-24, 11:35
zrobione co dalej?
r4m1k* - 2009-10-24, 11:44
zrobione co dalej?
Sprawdź czy ci działa. Jeśli nie to daj loga z combo jeszcze raz.
nikt - 2009-10-24, 12:50
dalej to samo ;o
nowy log:
Kod: Zaznacz całyComboFix 09-10-23.01 - RiDeR 2009-10-24 14:43.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1516 [GMT 2:00]
Uruchomiony z: c:\documents and settings\RiDeR\Pulpit\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\RiDeR\Moje dokumenty\cc_20091024_133754.reg
c:\windows\system32\winlogon.exe . . . jest zainfekowany!!
.
((((((((((((((((((((((((( Pliki utworzone od 2009-09-24 do 2009-10-24 )))))))))))))))))))))))))))))))
.
2009-10-23 18:16 . 2009-10-23 18:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-10-23 17:11 . 2009-10-23 17:15 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-10-15 15:08 . 2009-10-15 15:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-10-15 13:18 . 2009-10-15 13:18 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-10-15 13:16 . 2009-10-15 15:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-14 23:58 . 2009-10-14 23:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-10-12 18:40 . 2009-10-23 20:20 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-10-12 18:40 . 2009-10-23 20:20 -------- d-----w- c:\program files\ALLPlayer
2009-10-12 13:31 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-12 13:31 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-12 13:31 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-12 13:31 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-12 13:31 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-12 13:31 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-12 13:31 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-10-04 19:56 . 2009-10-04 19:56 -------- d-----w- c:\documents and settings\RiDeR\Ustawienia lokalne\Dane aplikacji\World in Conflict
2009-09-28 15:23 . 2009-09-28 15:23 -------- d-----w- c:\program files\Gravity
2009-09-27 16:19 . 2009-09-27 16:19 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-26 20:28 . 2009-09-26 20:28 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-09-26 20:15 . 2009-09-26 20:15 -------- d-----w- c:\program files\EA Games
2009-09-25 15:25 . 2009-09-25 17:39 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\Winamp
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 12:39 . 2009-07-20 10:55 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\Xfire
2009-10-24 12:39 . 2009-07-20 12:29 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-24 12:38 . 2009-07-20 12:30 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-24 09:06 . 2009-08-18 21:22 -------- d-----w- c:\program files\Steam
2009-10-23 21:34 . 2009-07-20 19:47 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\mIRC
2009-10-23 21:29 . 2009-07-20 19:47 -------- d-----w- c:\program files\mIRC
2009-10-23 20:23 . 2009-07-22 15:33 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\uTorrent
2009-10-23 20:22 . 2009-07-24 09:34 -------- d-----w- c:\program files\IrfanView
2009-10-23 20:21 . 2009-08-13 15:38 -------- d-----w- c:\program files\Mumble
2009-10-23 20:20 . 2009-07-20 10:35 -------- d-----w- c:\program files\Yahoo!
2009-10-23 20:20 . 2009-07-20 10:35 -------- d-----w- c:\program files\Common Files\Scanner
2009-10-23 20:19 . 2009-07-20 10:55 -------- d-----w- c:\program files\Xfire
2009-10-23 20:19 . 2009-07-22 17:33 -------- d-----w- c:\program files\SpeedFan
2009-10-23 20:18 . 2009-07-20 12:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\avg8
2009-10-23 20:18 . 2009-09-18 19:33 -------- d-----w- c:\program files\GG Ikony
2009-10-23 18:39 . 2009-07-20 10:33 -------- d-----w- c:\program files\Common Files\Logishrd
2009-10-23 18:39 . 2009-07-20 10:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LogiShrd
2009-10-23 18:38 . 2009-10-23 18:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-10-22 19:42 . 2009-07-20 12:09 -------- d-----w- c:\program files\Activision
2009-10-15 15:11 . 2009-07-28 12:46 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\DAEMON Tools Pro
2009-10-15 15:04 . 2009-07-28 12:33 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-15 14:58 . 2009-07-20 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 13:18 . 2009-07-28 12:59 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-10-15 13:18 . 2009-07-28 12:59 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-10-15 13:18 . 2009-07-20 13:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-15 13:18 . 2009-07-28 12:33 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\DAEMON Tools Lite
2009-10-14 08:56 . 2009-07-20 10:41 16504 ----a-w- c:\documents and settings\RiDeR\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-10-11 10:44 . 2009-09-14 14:36 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\skypePM
2009-09-27 16:19 . 2009-09-27 16:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 14:12 . 2009-07-20 10:38 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 14:12 . 2009-06-10 04:03 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12 . 2009-06-10 04:03 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12 . 2009-06-10 04:03 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12 . 2009-06-10 04:03 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 14:12 . 2007-04-12 15:44 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 14:12 . 2007-04-12 15:44 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 14:12 . 2007-04-12 15:44 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 14:12 . 2007-04-12 15:44 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 14:12 . 2007-04-12 15:44 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 14:12 . 2007-04-12 15:44 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-26 20:28 . 2009-07-20 12:30 139152 ----a-w- c:\documents and settings\RiDeR\Dane aplikacji\PnkBstrK.sys
2009-09-26 20:07 . 2009-09-14 14:17 -------- d-----w- c:\program files\Metin2_PL
2009-09-25 15:25 . 2009-07-20 11:56 -------- d-----w- c:\program files\Winamp
2009-09-24 07:24 . 2009-07-20 10:37 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-23 13:19 . 2009-09-23 13:19 -------- d-----w- c:\documents and settings\NetworkService\Dane aplikacji\Xfire Plus
2009-09-22 12:47 . 2009-07-20 10:33 -------- d-----w- c:\program files\Logitech
2009-09-15 14:48 . 2009-09-15 14:48 -------- d-----w- c:\program files\Alwil Software
2009-09-14 14:36 . 2009-09-14 14:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-14 14:33 . 2009-07-20 13:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2009-09-12 12:57 . 2009-08-13 15:38 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\Mumble
2009-09-11 19:37 . 2009-09-11 19:37 -------- d--h--r- c:\documents and settings\RiDeR\Dane aplikacji\SecuROM
2009-09-11 19:36 . 2009-09-11 19:26 69024 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-09-11 19:33 . 2006-03-02 12:00 83880 ----a-w- c:\windows\system32\perfc015.dat
2009-09-11 19:33 . 2006-03-02 12:00 490628 ----a-w- c:\windows\system32\perfh015.dat
2009-09-11 19:27 . 2009-09-11 19:27 -------- d-----w- c:\program files\AMD
2009-09-11 19:26 . 2009-09-11 19:26 -------- d-----w- c:\program files\MSBuild
2009-09-11 19:23 . 2009-09-11 19:23 -------- d-----w- c:\program files\Reference Assemblies
2009-09-10 10:37 . 2009-07-20 10:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-08 12:32 . 2009-07-27 08:23 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-09-05 15:08 . 2009-07-20 13:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-05 15:08 . 2009-09-05 15:08 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-05 15:08 . 2009-09-05 15:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation
2009-09-05 14:37 . 2009-08-30 19:02 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-01 09:47 . 2009-09-01 09:47 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\gtk-2.0
2009-08-26 16:52 . 2006-03-02 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-08-22 12:34 . 2006-03-02 12:00 504832 ----a-w- c:\windows\system32\winlogon.exe
2009-08-19 08:43 . 2009-07-20 12:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 08:43 . 2009-07-20 12:01 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 08:43 . 2009-07-20 12:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-11 12:27 . 2009-08-11 12:27 3133674 ----a-w- C:\cpl_cgd_map_crash_ineyes_RiDeR_9158917.zip
2009-08-09 15:13 . 2009-08-09 15:13 4879482 ----a-w- C:\cpl_mERC_bothmaps_ineyes_RiDeR_9152990.zip
2009-08-05 19:48 . 2009-08-05 14:41 0 ----a-w- c:\windows\system32\drivers\soqwx32.sys
2009-08-05 09:08 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 22:21 . 2009-08-02 22:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll
2009-07-29 10:53 . 2009-07-29 10:53 163840 ----a-w- c:\windows\um.dll
2009-07-29 10:12 . 2009-07-29 10:12 98304 ----a-w- c:\windows\system32CmdLineExt.dll
.
------- Sigcheck -------
[-] 2009-08-22 . 381221F69D1248864861889A64F100B6 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-27 12:35 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-23 148888]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-20 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 08:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alien102471\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alien102471\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\RiDeR\\Ustawienia lokalne\\Dane aplikacji\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Metin2_PL\\metin2.bin"=
"c:\\Program Files\\Metin2_PL\\metin2client.bin"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-07-20 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-07-20 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-20 297752]
S1 soqwx32;soqwx32;c:\windows\system32\drivers\soqwx32.sys [2009-08-05 0]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-20 908056]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-08-28 10664]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - PNKBSTRB
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2147396&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pgc.com.pl/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\{4d5b7775-6a80-4397-976c-fa46a4147905}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\RiDeR\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 14:48
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-823518204-725345543-2050222586-1003\Software\securom\License information*]
"datasecu"=hex:d9,98,f8,c8,dc,47,6b,2b,4b,95,81,7f,0b,1e,be,f7,75,29,e5,6f,33,
d8,6f,8e,23,d5,a3,bc,1e,e9,af,c9,90,29,05,e6,90,35,ab,95,d4,d7,d0,62,72,09,\
"rkeysecu"=hex:61,f4,84,aa,a9,85,d9,d6,df,f9,7b,33,40,a7,39,e1
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Czas ukończenia: 2009-10-24 14:49
ComboFix-quarantined-files.txt 2009-10-24 12:49
ComboFix2.txt 2009-10-24 09:09
Przed: 36 684 644 352 bajtów wolnych
Po: 37 452 619 776 bajtów wolnych
- - End Of File - - 45AD3A16227046ACDE40B2622E00E36E
r4m1k* - 2009-10-24, 13:32
Jak wklejasz logi używaj opcji CODE. Bo musze edytować twoje posty przez to.
Teraz tak.
1. Dodaj serwer na którym chcesz grać, do ulubionych w xfire.
2. Dołącz do serwera za pomocą ulubionych w xfire. Pamiętaj żeby Xray był uruchomiony w tle w tym czsie.
3. Jak już wejdziesz do gry możesz wyłączyć xfire za pomocą alt - tab
Próbowałeś wyłączyć AVG? Bo często antivirusy powodują również takie problemy.
nikt - 2009-10-24, 13:40
zawsze robie tak jak napisales ;] i to nie dziala
r4m1k* - 2009-10-24, 17:06
A wyłączałeś w procesach xfire oraz AVG. Posiadasz jeszcze jakieś inne antywirusy?
nikt - 2009-10-24, 17:52
tak wszystko powylaczalem i nie mam juz zadnego antyvirusa
r4m1k* - 2009-10-24, 18:32
Więc jedynym rozwiązaniem pozostało chyba całkowite odinstalowanie xfire (razem z folderami w ustawieniach), wyczyszczenie po nim rejestru, restart kompa. Pamietaj aby zrobić sobie kopie xfire przed deinstalacją. Najlepiej skopiować cały folder z ustawieniami na inny dysk. Folder może być tutaj - C => użytkownik => nazwa użytkownika => AppData => Roaming => i cały folder xfire kopiujesz.
nikt - 2009-10-24, 20:02
a po tym odinstalowaniu moge sobie go zainstalowac ponownie tak?
r4m1k* - 2009-10-24, 20:18
Tak. Ale znowu może nie działać.
nikt - 2009-10-24, 21:04
nic to nie dalo ;[
r4m1k* - 2009-10-24, 21:42
No to pozostały tylko 3 rzeczy:
Ram
Hacks
Cracked Game
nikt - 2009-10-24, 21:55
cd-key 2007 jakby mai hacki kupilbym sobie obejscia do xraya ;]
czyli zostaje ram ;]zanotowane.pl doc.pisz.pl pdf.pisz.pl ilemaszlat.htw.pl
nikt - 2009-10-23, 20:14
Mam problem z kickowanie przez xray.
Nie pomaga mi wylaczenie xfire ,przeinstalowaniu sterownikow, wyczyszczenie kompa z wirusow czy ktos ma jakis pomysl zeby mnie nie kickowalo
Eth3r - 2009-10-23, 21:28
http://www.xraygaming.com/forums/showthread.php?t=9456
Czasami wystarczy poszukać ;)
nikt - 2009-10-23, 22:27
o to chodzi ze nic co tam jest wymienione nie dziala patrz @up xD
r4m1k* - 2009-10-24, 07:44
Wstaw loga z combofixa.
nikt - 2009-10-24, 09:20
Kod: Zaznacz całyComboFix 09-10-23.01 - RiDeR 2009-10-24 10:58.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1220 [GMT 2:00]
Uruchomiony z: c:\documents and settings\RiDeR\Pulpit\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\burnlib.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\dsp_sps.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_aacplus.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_flac.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_flake.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_lame.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_vorbis.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_wav.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\enc_wma.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\gen_crasher.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\gen_dropbox.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\gen_ff.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\gen_hotkeys.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\gen_ml.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\gen_tray.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_cdda.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_dshow.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_flac.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_flv.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_linein.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_midi.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_mod.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_mp3.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_mp4.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_nsv.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_swf.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_vorbis.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_wav.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_wave.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_wm.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\in_wv.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_autotag.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_bookmarks.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_disc.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_history.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_impex.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_local.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_nowplaying.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_online.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_playlists.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_plg.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_pmp.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_rg.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_transcode.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\ml_wire.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\out_disk.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\out_ds.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\out_wave.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\playlist.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\pmp_activesync.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\pmp_ipod.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\pmp_njb.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\pmp_p4s.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\pmp_usb.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\tagz.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\vis_avs.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\vis_milk2.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\vis_nsfs.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\winamp.lng
c:\docume~1\RiDeR\USTAWI~1\Temp\WLZEE2.tmp\winampa.lng
c:\documents and settings\RiDeR\Dane aplikacji\wiaserva.log
c:\documents and settings\RiDeR\Menu Start\Programy\Autostart\ikowin32.exe
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\burnlib.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\dsp_sps.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_aacplus.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_flac.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_flake.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_lame.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_vorbis.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_wav.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\enc_wma.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\gen_crasher.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\gen_dropbox.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\gen_ff.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\gen_hotkeys.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\gen_ml.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\gen_tray.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_cdda.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_dshow.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_flac.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_flv.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_linein.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_midi.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_mod.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_mp3.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_mp4.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_nsv.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_swf.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_vorbis.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_wav.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_wave.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_wm.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\in_wv.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_autotag.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_bookmarks.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_disc.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_history.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_impex.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_local.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_nowplaying.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_online.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_playlists.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_plg.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_pmp.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_rg.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_transcode.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\ml_wire.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\out_disk.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\out_ds.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\out_wave.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\playlist.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\pmp_activesync.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\pmp_ipod.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\pmp_njb.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\pmp_p4s.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\pmp_usb.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\tagz.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\vis_avs.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\vis_milk2.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\vis_nsfs.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\winamp.lng
c:\documents and settings\RiDeR\Ustawienia lokalne\Temp\WLZEE2.tmp\winampa.lng
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\winlogon.exe . . . jest zainfekowany!!
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_glaide32
((((((((((((((((((((((((( Pliki utworzone od 2009-09-24 do 2009-10-24 )))))))))))))))))))))))))))))))
.
2009-10-23 18:16 . 2009-10-23 18:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-10-23 17:11 . 2009-10-23 17:15 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-10-15 15:08 . 2009-10-15 15:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-10-15 13:18 . 2009-10-15 13:18 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-10-15 13:16 . 2009-10-15 15:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-14 23:58 . 2009-10-14 23:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-10-12 18:40 . 2009-10-23 20:20 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-10-12 18:40 . 2009-10-23 20:20 -------- d-----w- c:\program files\ALLPlayer
2009-10-12 13:31 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-12 13:31 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-12 13:31 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-12 13:31 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-12 13:31 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-12 13:31 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-12 13:31 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-10-04 19:56 . 2009-10-04 19:56 -------- d-----w- c:\documents and settings\RiDeR\Ustawienia lokalne\Dane aplikacji\World in Conflict
2009-09-28 15:23 . 2009-09-28 15:23 -------- d-----w- c:\program files\Gravity
2009-09-27 16:19 . 2009-09-27 16:19 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-26 20:28 . 2009-09-26 20:28 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-09-26 20:15 . 2009-09-26 20:15 -------- d-----w- c:\program files\EA Games
2009-09-25 15:25 . 2009-09-25 17:39 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\Winamp
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 08:28 . 2009-08-18 21:22 -------- d-----w- c:\program files\Steam
2009-10-23 23:26 . 2009-07-20 10:55 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\Xfire
2009-10-23 21:53 . 2009-07-20 12:30 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-23 21:53 . 2009-07-20 12:29 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-23 21:34 . 2009-07-20 19:47 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\mIRC
2009-10-23 21:29 . 2009-07-20 19:47 -------- d-----w- c:\program files\mIRC
2009-10-23 20:23 . 2009-07-22 15:33 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\uTorrent
2009-10-23 20:22 . 2009-07-24 09:34 -------- d-----w- c:\program files\IrfanView
2009-10-23 20:21 . 2009-08-13 15:38 -------- d-----w- c:\program files\Mumble
2009-10-23 20:20 . 2009-07-20 10:35 -------- d-----w- c:\program files\Yahoo!
2009-10-23 20:20 . 2009-07-20 10:35 -------- d-----w- c:\program files\Common Files\Scanner
2009-10-23 20:19 . 2009-07-20 10:55 -------- d-----w- c:\program files\Xfire
2009-10-23 20:19 . 2009-07-22 17:33 -------- d-----w- c:\program files\SpeedFan
2009-10-23 20:18 . 2009-07-20 12:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\avg8
2009-10-23 20:18 . 2009-09-18 19:33 -------- d-----w- c:\program files\GG Ikony
2009-10-23 18:39 . 2009-07-20 10:33 -------- d-----w- c:\program files\Common Files\Logishrd
2009-10-23 18:39 . 2009-07-20 10:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LogiShrd
2009-10-23 18:38 . 2009-10-23 18:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-10-22 19:42 . 2009-07-20 12:09 -------- d-----w- c:\program files\Activision
2009-10-15 15:11 . 2009-07-28 12:46 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\DAEMON Tools Pro
2009-10-15 15:04 . 2009-07-28 12:33 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-15 14:58 . 2009-07-20 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 13:18 . 2009-07-28 12:59 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-10-15 13:18 . 2009-07-28 12:59 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-10-15 13:18 . 2009-07-20 13:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-15 13:18 . 2009-07-28 12:33 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\DAEMON Tools Lite
2009-10-14 08:56 . 2009-07-20 10:41 16504 ----a-w- c:\documents and settings\RiDeR\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-10-11 10:44 . 2009-09-14 14:36 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\skypePM
2009-09-27 16:19 . 2009-09-27 16:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 14:12 . 2009-07-20 10:38 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 14:12 . 2009-06-10 04:03 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12 . 2009-06-10 04:03 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12 . 2009-06-10 04:03 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12 . 2009-06-10 04:03 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 14:12 . 2007-04-12 15:44 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 14:12 . 2007-04-12 15:44 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 14:12 . 2007-04-12 15:44 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 14:12 . 2007-04-12 15:44 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 14:12 . 2007-04-12 15:44 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 14:12 . 2007-04-12 15:44 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-26 20:28 . 2009-07-20 12:30 139152 ----a-w- c:\documents and settings\RiDeR\Dane aplikacji\PnkBstrK.sys
2009-09-26 20:07 . 2009-09-14 14:17 -------- d-----w- c:\program files\Metin2_PL
2009-09-25 15:25 . 2009-07-20 11:56 -------- d-----w- c:\program files\Winamp
2009-09-24 07:24 . 2009-07-20 10:37 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-23 13:19 . 2009-09-23 13:19 -------- d-----w- c:\documents and settings\NetworkService\Dane aplikacji\Xfire Plus
2009-09-22 12:47 . 2009-07-20 10:33 -------- d-----w- c:\program files\Logitech
2009-09-15 14:48 . 2009-09-15 14:48 -------- d-----w- c:\program files\Alwil Software
2009-09-14 14:36 . 2009-09-14 14:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-14 14:33 . 2009-07-20 13:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2009-09-12 12:57 . 2009-08-13 15:38 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\Mumble
2009-09-11 19:37 . 2009-09-11 19:37 -------- d--h--r- c:\documents and settings\RiDeR\Dane aplikacji\SecuROM
2009-09-11 19:36 . 2009-09-11 19:26 69024 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-09-11 19:33 . 2006-03-02 12:00 83880 ----a-w- c:\windows\system32\perfc015.dat
2009-09-11 19:33 . 2006-03-02 12:00 490628 ----a-w- c:\windows\system32\perfh015.dat
2009-09-11 19:27 . 2009-09-11 19:27 -------- d-----w- c:\program files\AMD
2009-09-11 19:26 . 2009-09-11 19:26 -------- d-----w- c:\program files\MSBuild
2009-09-11 19:23 . 2009-09-11 19:23 -------- d-----w- c:\program files\Reference Assemblies
2009-09-10 10:37 . 2009-07-20 10:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-08 12:32 . 2009-07-27 08:23 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-09-05 15:08 . 2009-07-20 13:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-05 15:08 . 2009-09-05 15:08 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-05 15:08 . 2009-09-05 15:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation
2009-09-05 14:37 . 2009-08-30 19:02 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-01 09:47 . 2009-09-01 09:47 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\gtk-2.0
2009-08-26 16:52 . 2006-03-02 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-08-22 12:34 . 2006-03-02 12:00 504832 ----a-w- c:\windows\system32\winlogon.exe
2009-08-19 08:43 . 2009-07-20 12:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 08:43 . 2009-07-20 12:01 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 08:43 . 2009-07-20 12:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-11 12:27 . 2009-08-11 12:27 3133674 ----a-w- C:\cpl_cgd_map_crash_ineyes_RiDeR_9158917.zip
2009-08-09 15:13 . 2009-08-09 15:13 4879482 ----a-w- C:\cpl_mERC_bothmaps_ineyes_RiDeR_9152990.zip
2009-08-05 19:48 . 2009-08-05 14:41 0 ----a-w- c:\windows\system32\drivers\soqwx32.sys
2009-08-05 09:08 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 22:21 . 2009-08-02 22:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll
2009-07-29 10:53 . 2009-07-29 10:53 163840 ----a-w- c:\windows\um.dll
2009-07-29 10:12 . 2009-07-29 10:12 98304 ----a-w- c:\windows\system32CmdLineExt.dll
.
------- Sigcheck -------
[-] 2009-08-22 . 381221F69D1248864861889A64F100B6 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-27 12:35 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-08-06 877568]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-23 148888]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-20 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 08:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alien102471\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alien102471\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\RiDeR\\Ustawienia lokalne\\Dane aplikacji\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Metin2_PL\\metin2.bin"=
"c:\\Program Files\\Metin2_PL\\metin2client.bin"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-07-20 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-07-20 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-20 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-20 297752]
S1 soqwx32;soqwx32;c:\windows\system32\drivers\soqwx32.sys [2009-08-05 0]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-08-28 10664]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
FF - ProfilePath - c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2147396&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pgc.com.pl/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\{4d5b7775-6a80-4397-976c-fa46a4147905}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\RiDeR\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-NWEReboot - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 11:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-823518204-725345543-2050222586-1003\Software\securom\License information*]
"datasecu"=hex:d9,98,f8,c8,dc,47,6b,2b,4b,95,81,7f,0b,1e,be,f7,75,29,e5,6f,33,
d8,6f,8e,23,d5,a3,bc,1e,e9,af,c9,90,29,05,e6,90,35,ab,95,d4,d7,d0,62,72,09,\
"rkeysecu"=hex:61,f4,84,aa,a9,85,d9,d6,df,f9,7b,33,40,a7,39,e1
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(3496)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\combofix\CF3017.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Czas ukończenia: 2009-10-24 11:09 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-10-24 09:09
Przed: 37 652 725 760 bajtów wolnych
Po: 37 766 651 904 bajtów wolnych
- - End Of File - - FE398472EF4840C23B42E8A98ECD1BA5
r4m1k* - 2009-10-24, 10:59
Zacznij od czyszczenia systemu, rejestru, oraz usuń wirusy.
nikt - 2009-10-24, 11:35
zrobione co dalej?
r4m1k* - 2009-10-24, 11:44
zrobione co dalej?
Sprawdź czy ci działa. Jeśli nie to daj loga z combo jeszcze raz.
nikt - 2009-10-24, 12:50
dalej to samo ;o
nowy log:
Kod: Zaznacz całyComboFix 09-10-23.01 - RiDeR 2009-10-24 14:43.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2046.1516 [GMT 2:00]
Uruchomiony z: c:\documents and settings\RiDeR\Pulpit\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\RiDeR\Moje dokumenty\cc_20091024_133754.reg
c:\windows\system32\winlogon.exe . . . jest zainfekowany!!
.
((((((((((((((((((((((((( Pliki utworzone od 2009-09-24 do 2009-10-24 )))))))))))))))))))))))))))))))
.
2009-10-23 18:16 . 2009-10-23 18:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2009-10-23 17:11 . 2009-10-23 17:15 -------- d-----w- c:\program files\X-ray Anti-Cheat
2009-10-15 15:08 . 2009-10-15 15:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro
2009-10-15 13:18 . 2009-10-15 13:18 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-10-15 13:16 . 2009-10-15 15:06 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-14 23:58 . 2009-10-14 23:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-10-12 18:40 . 2009-10-23 20:20 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-10-12 18:40 . 2009-10-23 20:20 -------- d-----w- c:\program files\ALLPlayer
2009-10-12 13:31 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-12 13:31 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-12 13:31 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-12 13:31 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-12 13:31 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-12 13:31 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-12 13:31 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-10-04 19:56 . 2009-10-04 19:56 -------- d-----w- c:\documents and settings\RiDeR\Ustawienia lokalne\Dane aplikacji\World in Conflict
2009-09-28 15:23 . 2009-09-28 15:23 -------- d-----w- c:\program files\Gravity
2009-09-27 16:19 . 2009-09-27 16:19 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-26 20:28 . 2009-09-26 20:28 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-09-26 20:15 . 2009-09-26 20:15 -------- d-----w- c:\program files\EA Games
2009-09-25 15:25 . 2009-09-25 17:39 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\Winamp
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 12:39 . 2009-07-20 10:55 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\Xfire
2009-10-24 12:39 . 2009-07-20 12:29 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-24 12:38 . 2009-07-20 12:30 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-24 09:06 . 2009-08-18 21:22 -------- d-----w- c:\program files\Steam
2009-10-23 21:34 . 2009-07-20 19:47 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\mIRC
2009-10-23 21:29 . 2009-07-20 19:47 -------- d-----w- c:\program files\mIRC
2009-10-23 20:23 . 2009-07-22 15:33 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\uTorrent
2009-10-23 20:22 . 2009-07-24 09:34 -------- d-----w- c:\program files\IrfanView
2009-10-23 20:21 . 2009-08-13 15:38 -------- d-----w- c:\program files\Mumble
2009-10-23 20:20 . 2009-07-20 10:35 -------- d-----w- c:\program files\Yahoo!
2009-10-23 20:20 . 2009-07-20 10:35 -------- d-----w- c:\program files\Common Files\Scanner
2009-10-23 20:19 . 2009-07-20 10:55 -------- d-----w- c:\program files\Xfire
2009-10-23 20:19 . 2009-07-22 17:33 -------- d-----w- c:\program files\SpeedFan
2009-10-23 20:18 . 2009-07-20 12:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\avg8
2009-10-23 20:18 . 2009-09-18 19:33 -------- d-----w- c:\program files\GG Ikony
2009-10-23 18:39 . 2009-07-20 10:33 -------- d-----w- c:\program files\Common Files\Logishrd
2009-10-23 18:39 . 2009-07-20 10:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LogiShrd
2009-10-23 18:38 . 2009-10-23 18:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-10-22 19:42 . 2009-07-20 12:09 -------- d-----w- c:\program files\Activision
2009-10-15 15:11 . 2009-07-28 12:46 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\DAEMON Tools Pro
2009-10-15 15:04 . 2009-07-28 12:33 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-15 14:58 . 2009-07-20 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 13:18 . 2009-07-28 12:59 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-10-15 13:18 . 2009-07-28 12:59 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-10-15 13:18 . 2009-07-20 13:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-15 13:18 . 2009-07-28 12:33 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\DAEMON Tools Lite
2009-10-14 08:56 . 2009-07-20 10:41 16504 ----a-w- c:\documents and settings\RiDeR\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-10-11 10:44 . 2009-09-14 14:36 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\skypePM
2009-09-27 16:19 . 2009-09-27 16:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 14:12 . 2009-07-20 10:38 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 14:12 . 2009-06-10 04:03 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12 . 2009-06-10 04:03 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12 . 2009-06-10 04:03 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12 . 2009-06-10 04:03 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 14:12 . 2007-04-12 15:44 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 14:12 . 2007-04-12 15:44 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 14:12 . 2007-04-12 15:44 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 14:12 . 2007-04-12 15:44 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 14:12 . 2007-04-12 15:44 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 14:12 . 2007-04-12 15:44 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-26 20:28 . 2009-07-20 12:30 139152 ----a-w- c:\documents and settings\RiDeR\Dane aplikacji\PnkBstrK.sys
2009-09-26 20:07 . 2009-09-14 14:17 -------- d-----w- c:\program files\Metin2_PL
2009-09-25 15:25 . 2009-07-20 11:56 -------- d-----w- c:\program files\Winamp
2009-09-24 07:24 . 2009-07-20 10:37 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-23 13:19 . 2009-09-23 13:19 -------- d-----w- c:\documents and settings\NetworkService\Dane aplikacji\Xfire Plus
2009-09-22 12:47 . 2009-07-20 10:33 -------- d-----w- c:\program files\Logitech
2009-09-15 14:48 . 2009-09-15 14:48 -------- d-----w- c:\program files\Alwil Software
2009-09-14 14:36 . 2009-09-14 14:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-14 14:33 . 2009-07-20 13:33 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2009-09-12 12:57 . 2009-08-13 15:38 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\Mumble
2009-09-11 19:37 . 2009-09-11 19:37 -------- d--h--r- c:\documents and settings\RiDeR\Dane aplikacji\SecuROM
2009-09-11 19:36 . 2009-09-11 19:26 69024 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-09-11 19:33 . 2006-03-02 12:00 83880 ----a-w- c:\windows\system32\perfc015.dat
2009-09-11 19:33 . 2006-03-02 12:00 490628 ----a-w- c:\windows\system32\perfh015.dat
2009-09-11 19:27 . 2009-09-11 19:27 -------- d-----w- c:\program files\AMD
2009-09-11 19:26 . 2009-09-11 19:26 -------- d-----w- c:\program files\MSBuild
2009-09-11 19:23 . 2009-09-11 19:23 -------- d-----w- c:\program files\Reference Assemblies
2009-09-10 10:37 . 2009-07-20 10:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-08 12:32 . 2009-07-27 08:23 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-09-05 15:08 . 2009-07-20 13:17 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-05 15:08 . 2009-09-05 15:08 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-05 15:08 . 2009-09-05 15:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation
2009-09-05 14:37 . 2009-08-30 19:02 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-01 09:47 . 2009-09-01 09:47 -------- d-----w- c:\documents and settings\RiDeR\Dane aplikacji\gtk-2.0
2009-08-26 16:52 . 2006-03-02 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-08-22 12:34 . 2006-03-02 12:00 504832 ----a-w- c:\windows\system32\winlogon.exe
2009-08-19 08:43 . 2009-07-20 12:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 08:43 . 2009-07-20 12:01 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 08:43 . 2009-07-20 12:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-08-11 12:27 . 2009-08-11 12:27 3133674 ----a-w- C:\cpl_cgd_map_crash_ineyes_RiDeR_9158917.zip
2009-08-09 15:13 . 2009-08-09 15:13 4879482 ----a-w- C:\cpl_mERC_bothmaps_ineyes_RiDeR_9152990.zip
2009-08-05 19:48 . 2009-08-05 14:41 0 ----a-w- c:\windows\system32\drivers\soqwx32.sys
2009-08-05 09:08 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 22:21 . 2009-08-02 22:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll
2009-07-29 10:53 . 2009-07-29 10:53 163840 ----a-w- c:\windows\um.dll
2009-07-29 10:12 . 2009-07-29 10:12 98304 ----a-w- c:\windows\system32CmdLineExt.dll
.
------- Sigcheck -------
[-] 2009-08-22 . 381221F69D1248864861889A64F100B6 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-27 12:35 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-23 148888]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-20 813584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 08:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alien102471\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\alien102471\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\RiDeR\\Ustawienia lokalne\\Dane aplikacji\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Metin2_PL\\metin2.bin"=
"c:\\Program Files\\Metin2_PL\\metin2client.bin"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-07-20 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-07-20 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-20 297752]
S1 soqwx32;soqwx32;c:\windows\system32\drivers\soqwx32.sys [2009-08-05 0]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-20 908056]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-08-28 10664]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - PNKBSTRB
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2147396&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://pgc.com.pl/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\{4d5b7775-6a80-4397-976c-fa46a4147905}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\RiDeR\Dane aplikacji\Mozilla\Firefox\Profiles\1rgc0zhv.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\RiDeR\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 14:48
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-823518204-725345543-2050222586-1003\Software\securom\License information*]
"datasecu"=hex:d9,98,f8,c8,dc,47,6b,2b,4b,95,81,7f,0b,1e,be,f7,75,29,e5,6f,33,
d8,6f,8e,23,d5,a3,bc,1e,e9,af,c9,90,29,05,e6,90,35,ab,95,d4,d7,d0,62,72,09,\
"rkeysecu"=hex:61,f4,84,aa,a9,85,d9,d6,df,f9,7b,33,40,a7,39,e1
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(764)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Czas ukończenia: 2009-10-24 14:49
ComboFix-quarantined-files.txt 2009-10-24 12:49
ComboFix2.txt 2009-10-24 09:09
Przed: 36 684 644 352 bajtów wolnych
Po: 37 452 619 776 bajtów wolnych
- - End Of File - - 45AD3A16227046ACDE40B2622E00E36E
r4m1k* - 2009-10-24, 13:32
Jak wklejasz logi używaj opcji CODE. Bo musze edytować twoje posty przez to.
Teraz tak.
1. Dodaj serwer na którym chcesz grać, do ulubionych w xfire.
2. Dołącz do serwera za pomocą ulubionych w xfire. Pamiętaj żeby Xray był uruchomiony w tle w tym czsie.
3. Jak już wejdziesz do gry możesz wyłączyć xfire za pomocą alt - tab
Próbowałeś wyłączyć AVG? Bo często antivirusy powodują również takie problemy.
nikt - 2009-10-24, 13:40
zawsze robie tak jak napisales ;] i to nie dziala
r4m1k* - 2009-10-24, 17:06
A wyłączałeś w procesach xfire oraz AVG. Posiadasz jeszcze jakieś inne antywirusy?
nikt - 2009-10-24, 17:52
tak wszystko powylaczalem i nie mam juz zadnego antyvirusa
r4m1k* - 2009-10-24, 18:32
Więc jedynym rozwiązaniem pozostało chyba całkowite odinstalowanie xfire (razem z folderami w ustawieniach), wyczyszczenie po nim rejestru, restart kompa. Pamietaj aby zrobić sobie kopie xfire przed deinstalacją. Najlepiej skopiować cały folder z ustawieniami na inny dysk. Folder może być tutaj - C => użytkownik => nazwa użytkownika => AppData => Roaming => i cały folder xfire kopiujesz.
nikt - 2009-10-24, 20:02
a po tym odinstalowaniu moge sobie go zainstalowac ponownie tak?
r4m1k* - 2009-10-24, 20:18
Tak. Ale znowu może nie działać.
nikt - 2009-10-24, 21:04
nic to nie dalo ;[
r4m1k* - 2009-10-24, 21:42
No to pozostały tylko 3 rzeczy:
Ram
Hacks
Cracked Game
nikt - 2009-10-24, 21:55
cd-key 2007 jakby mai hacki kupilbym sobie obejscia do xraya ;]
czyli zostaje ram ;]