Avast wykrył Win32:Trojan-gen {Other}

Pabblo-83 · 20 Grudzień 2007 16:45

hej

pojawił się dziś z komputerem następujący problem: podczas skanu pendrive’a Avast wykrył INF-Autorun-G [Trj], do kwarantanny trafił plik autorun.inf

Zaraz potem podczas uruchamiania systemu Avast zaczął wykrywać Win32:Trojan-gen, w plikach kavo0.dll, (w C:\WINDOWS\system32) i w pliku w.dll (w C:\DOCUME~1\user\USTAWI~1\Temp), które odnawiały się przy każdym restarcie (do kwarantanny trafiło w sumie po pięć kavo0.dll i w.dll) . Skan Avastem przed uruchomieniem systemu nic nie wykazał.

Log z HijackThis 2.0.2:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:17:30, on 2007-12-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tlen.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 “EPSON Stylus C66 Series” /O6 “USB001” /M “Stylus C66” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\bally4d.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU…\Run: [MagicSpeedBooster] C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe O4 - HKCU…\Run: [kava] C:\WINDOWS\system32\kavo.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe – End of file - 7853 bytes

i z ComboFix

ComboFix 07-12-20.1 - user 2007-12-20 17:27:53.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.266 [GMT 1:00] Running from: C:\Documents and Settings\user\Moje dokumenty\Logi i programy antywirusowe\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\kavo.exe . ((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))) . 2007-12-12 22:31 . 2007-12-12 22:31 2007-12-05 18:06 . 2007-12-05 18:06 2007-11-24 09:34 . 2007-11-26 12:08 175 --a------ C:\WINDOWS\system32\MInfoCfg.ini 2007-11-24 09:33 . 2007-11-24 09:33 2007-11-24 09:33 . 2002-08-07 13:48 94,208 --a------ C:\WINDOWS\system32\B4DCPL.cpl 2007-11-24 09:33 . 2001-05-10 14:42 6,144 --a------ C:\WINDOWS\system32\drivers\Ms2KFlt.sys 2007-11-24 09:33 . 2003-04-12 20:52 5,908 --a------ C:\WINDOWS\system32\drivers\MsW2kFlt.inf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 16:28 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Skype 2007-12-16 21:28 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Tlen.pl 2007-12-04 18:12 --------- d-----w C:\Program Files\Symantec 2007-12-04 18:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-04 18:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-11-26 16:14 --------- d-----w C:\Program Files\Java 2007-11-24 08:33 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-17 17:47 --------- d-----w C:\Program Files\Smart PC Solutions 2007-11-17 17:47 --------- d-----w C:\Documents and Settings\user\Dane aplikacji\Smart PC Solutions 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-30 23:26 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-28 18:32 --------- d-----w C:\Program Files\GK3neu 2007-10-25 18:41 --------- d-----w C:\Program Files\Edgard Multimedia 2007-10-25 16:44 8,488,960 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 09:01 2,109,440 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll 2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-10 23:52 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-10 23:52 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-10 23:52 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-10-10 23:52 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-10-10 23:52 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-10-10 23:52 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-10 23:52 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-10-10 23:52 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-10-10 23:52 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-10-10 23:52 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-10 23:52 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-10 23:52 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-10-10 23:52 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-10-10 23:52 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-10-10 23:52 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-10 23:52 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-10 23:52 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-10-10 23:52 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-10 23:52 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-10-10 23:52 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-10-10 23:52 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-10-10 23:52 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-10 11:03 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-10-10 11:02 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-10-02 19:07 274,432 ----a-w C:\WINDOWS\system32\IscDbc.dll 2007-10-02 19:07 262,144 ----a-w C:\WINDOWS\system32\OdbcJdbcMT.dll 2007-10-02 19:07 253,952 ----a-w C:\WINDOWS\system32\OdbcJdbc.dll 2007-10-02 19:07 155,648 ----a-w C:\WINDOWS\system32\OdbcJdbcSetup.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-12-18 17:32] “Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2007-02-12 11:01] “updateMgr”=“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 15:45] “MagicSpeedBooster”=“C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedBooster.exe” [2007-04-10 15:42] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-02-08 09:36] “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2005-02-08 09:32] “GhostStartTrayApp”=“C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe” [2002-08-14 14:21] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2004-11-10 09:58] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2004-11-10 09:58] “IAAnotif”=“C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2005-03-09 09:29] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 09:50] “EPSON Stylus C66 Series”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.exe” [2003-11-26 08:00] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00] “HorngTech4D”=“C:\PROGRA~1\MOUSES~1\bally4d.exe” [2002-07-31 10:37] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00] R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 14:11] R1 SSHDRV86;SSHDRV86;C:\WINDOWS\system32\drivers\SSHDRV86.sys [2006-03-08 17:33] S3 MouseCmn;Mouse Driver;C:\WINDOWS\system32\DRIVERS\Ms2KFlt.sys [2001-05-10 14:42] . Contents of the ‘Scheduled Tasks’ folder “2007-12-20 13:24:23 C:\WINDOWS\Tasks\Symantec NetDetect.job” - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 17:29:26 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-20 17:30:41 C:\ComboFix2.txt … 2007-12-12 21:53 C:\ComboFix3.txt … 2007-12-04 22:49 . 2007-12-12 16:19:35 — E O F —

pozdrawiam

Paweł

v-max · 20 Grudzień 2007 17:02

Pobierz program SDFix

Pabblo-83 · 20 Grudzień 2007 20:23

hej!

Dzięki za pomoc

ComboFix usunął C:\WINDOWS\system32\kavo.exe

Raport z SDFixa:

SDFix: Version 1.117 Run by user on 2007-12-20 at 21:15 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 21:19:30 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 2 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype” “C:\Program Files\Tlen.pl\tlen.exe”=“C:\Program Files\Tlen.pl\tlen.exe:*:Disabled:Komunikator Tlen.pl” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Sat 19 Aug 2006 1,445,888 A.SH. — “C:\Documents and Settings\user\Moje dokumenty\zdj©cia\101_PANA\SIV2.tmp” Sat 19 Aug 2006 397,312 A.SH. — “C:\Documents and Settings\user\Moje dokumenty\zdj©cia\101_PANA\SIV3.tmp” Wed 14 Aug 2002 65,088 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM” Wed 14 Aug 2002 12,732 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM” Wed 14 Aug 2002 26,424 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM” Wed 14 Aug 2002 28,062 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM” Wed 14 Aug 2002 10,710 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM” Wed 14 Aug 2002 10,083 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM” Wed 14 Aug 2002 10,257 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM” Wed 14 Aug 2002 29,499 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM” Wed 14 Aug 2002 12,660 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM” Wed 14 Aug 2002 11,031 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM” Wed 14 Aug 2002 17,952 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM” Wed 14 Aug 2002 9,424 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM” Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM” Wed 14 Aug 2002 13,673 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM” Wed 14 Aug 2002 14,438 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM” Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM” Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM” Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM” Wed 14 Aug 2002 7,243 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM” Wed 14 Aug 2002 24,767 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM” Wed 14 Aug 2002 7,463 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM” Wed 14 Aug 2002 7,825 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM” Wed 14 Aug 2002 10,286 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM” Wed 14 Aug 2002 25,460 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM” Wed 14 Aug 2002 28,866 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM” Wed 14 Aug 2002 14,438 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM” Wed 14 Aug 2002 8,544 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys” Wed 14 Aug 2002 33,149 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys” Wed 28 May 2003 51,150 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI1394.SYS” Wed 14 Aug 2002 35,340 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI2DOS.SYS” Wed 14 Aug 2002 14,378 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI4DOS.SYS” Wed 14 Aug 2002 37,984 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI8DOS.SYS” Wed 14 Aug 2002 44,828 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPI8U2.SYS” Wed 14 Aug 2002 29,628 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPICD.SYS” Wed 28 May 2003 52,106 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPIEHCI.SYS” Wed 14 Aug 2002 49,242 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPIOHCI.SYS” Wed 14 Aug 2002 50,606 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\ASPIUHCI.SYS” Wed 14 Aug 2002 161,792 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\BOOTSRV.SYS” Wed 14 Aug 2002 174,080 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\bootsrv16.sys” Wed 14 Aug 2002 21,971 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\BTCDROM.SYS” Wed 14 Aug 2002 30,955 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\BTDOSM.SYS” Wed 14 Aug 2002 202,517 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\CMDS.EXE” Wed 14 Aug 2002 374,038 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\CMDS16.EXE” Wed 14 Aug 2002 22,158 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\COUNTRY.SYS” Wed 14 Aug 2002 1,608 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\DEVICE.COM” Wed 14 Aug 2002 15,345 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\DISPLAY.SYS” Wed 14 Aug 2002 7,840 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\DLSHELP.SYS” Wed 14 Aug 2002 56,821 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\E.EXE” Wed 14 Aug 2002 64,425 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\FLASHPT.SYS” Wed 14 Aug 2002 32,396 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\GUEST.EXE” Wed 14 Aug 2002 14,160 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\HIMEM.SYS” Wed 14 Aug 2002 10,898 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\KEYB.COM” Wed 14 Aug 2002 53,556 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\KEYBOARD.SYS” Wed 14 Aug 2002 15,777 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\MODE.COM” Wed 14 Aug 2002 37,681 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\MOUSE.COM” Wed 14 Aug 2002 354,304 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\msbootsrv16.sys” Wed 14 Aug 2002 21,180 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\MSCDEX.EXE” Wed 14 Aug 2002 354,263 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\Net.exe” Wed 14 Aug 2002 8,513 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\NETBIND.COM” Wed 14 Aug 2002 41,302 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\OAKCDROM.SYS” Wed 14 Aug 2002 129,240 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\OHCI.EXE” Wed 14 Aug 2002 28,439 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\Paralink.com” Wed 14 Aug 2002 13,770 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\PROTMAN.EXE” Wed 14 Aug 2002 130,980 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\UHCI.EXE” Wed 14 Aug 2002 11,854 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM” Wed 14 Aug 2002 52,715 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM” Wed 14 Aug 2002 62,391 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM” Wed 14 Aug 2002 11,491 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com” Wed 14 Aug 2002 17,791 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com” Wed 14 Aug 2002 17,043 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com” Wed 14 Aug 2002 11,786 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com” Wed 14 Aug 2002 18,300 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com” Wed 14 Aug 2002 48,224 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com” Wed 14 Aug 2002 13,360 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com” Wed 14 Aug 2002 9,190 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com” Wed 14 Aug 2002 12,567 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com” Wed 14 Aug 2002 44,640 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM” Wed 14 Aug 2002 56,896 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com” Wed 14 Aug 2002 44,640 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com” Wed 14 Aug 2002 9,692 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com” Wed 14 Aug 2002 9,537 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM” Wed 14 Aug 2002 32,484 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com” Wed 14 Aug 2002 52,225 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe” Wed 14 Aug 2002 48,491 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe” Wed 14 Aug 2002 50,405 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com” Wed 14 Aug 2002 33,860 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe” Wed 14 Aug 2002 50,175 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe” Wed 14 Aug 2002 50,795 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe” Wed 14 Aug 2002 48,223 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com” Wed 14 Aug 2002 48,641 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe” Wed 14 Aug 2002 49,015 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com” Wed 14 Aug 2002 53,786 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\pcdos\command.com” Wed 14 Aug 2002 44,240 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM” Wed 14 Aug 2002 42,550 A…H. — “C:\Documents and Settings\All Users\Dane aplikacji\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM” Finished!

pozdrawiam

Paweł

Gutek · 20 Grudzień 2007 21:16

przecież Combo usunął nie wprowadzaj w błąd - OT-y KOSZ