“Piotr P.” Twoj planik nie wypalil zrobilem co napisales wcisnolem Zainstaluj i otwozyl sie notatnik i Hinskie znaki 
– Dodane 23.06.2009 (Wt) 1:07 –
Komenda w Starrrrrt>> uruchom "Hinskie Znaki 
Gdy to zrobilem “Moj komputerWlasciwosci” To HINSKIE znaki 
Skorzystalem ze skanera " http://www.mks.com.pl/skaner/ " Nie udało mi sie skopiować raportu ale przeskanowało:127594plikow, a liczba zainfekowanych plikow :9 Zainfekowane pliki skasowałem.
– Dodane 23.06.2009 (Wt) 11:13 –
Tu wklejam proces skanowania z “SDFix”
SDFix: Version 1.240
Run by MasterAdmin on 2009-06-23 at 11:02
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 11:07:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden services system hive …
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
“s1”=dword:2df9c43f
“s2”=dword:110480d0
“h0”=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
“h0”=dword:00000000
“ujdew”=hex:ea,27,82,8e,dd,49,75,10,3a,65,ef,11,12,c7,e7,18,eb,52,8e,34,43,…
“p0”=“C:\Program Files\Alcohol Soft\Alcohol 120”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“p0”=“C:\Program Files\DAEMON Tools Lite”
“h0”=dword:00000001
“khjeh”=hex:8e,f4,9d,2e,ff,95,4c,1a,bf,d1,e7,0d,44,a7,b3,85,08,d9,a0,8a,d9,…
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“a0”=hex:20,01,00,00,e1,79,5d,77,ee,8d,e7,01,09,c9,8c,75,ff,93,03,0d,67,…
“khjeh”=hex:83,75,d6,9e,69,c4,6f,0e,d2,02,0e,88,3a,96,fc,36,f5,e5,b7,f2,bc,…
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:64,60,fe,27,8d,9a,d4,7b,4e,56,0e,59,5a,4f,0b,d5,a0,82,a0,fd,63,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
“h0”=dword:00000000
“ujdew”=hex:ea,27,82,8e,dd,49,75,10,3a,65,ef,11,12,c7,e7,18,eb,52,8e,34,43,…
“p0”=“C:\Program Files\Alcohol Soft\Alcohol 120”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
“p0”=“C:\Program Files\DAEMON Tools Lite”
“h0”=dword:00000001
“khjeh”=hex:8e,f4,9d,2e,ff,95,4c,1a,bf,d1,e7,0d,44,a7,b3,85,08,d9,a0,8a,d9,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
“a0”=hex:20,01,00,00,e1,79,5d,77,ee,8d,e7,01,09,c9,8c,75,ff,93,03,0d,67,…
“khjeh”=hex:83,75,d6,9e,69,c4,6f,0e,d2,02,0e,88,3a,96,fc,36,f5,e5,b7,f2,bc,…
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
“khjeh”=hex:64,60,fe,27,8d,9a,d4,7b,4e,56,0e,59,5a,4f,0b,d5,a0,82,a0,fd,63,…
scanning hidden registry entries …
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
“TracesProcessed”=dword:000000ad
“TracesSuccessful”=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“DeviceNotSelectedTimeout”=“15”
“GDIProcessHandleQuota”=dword:00002710
“Spooler”=“yes”
“swapdisk”=""
“TransmissionRetryTimeout”=“90”
“USERProcessHandleQuota”=dword:00002710
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
“C:\Program Files\BitComet\BitComet.exe”=“C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client”
“C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny”
“D:\Gry misada\metin2.bin”=“D:\Gry misada\metin2.bin:*:Enabled:metin2”
“D:\Gry misada\Game\TC2.exe”=“D:\Gry misada\Game\TC2.exe:*:Enabled:TC2”
“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=“C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil”
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook”
“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove”
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote”
“D:\Counter-Strike\hl.exe”=“D:\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher”
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe”
“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe”
“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe”
“C:\Program Files\Motorola\Software Update\msu.exe”=“C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu”
“C:\Program Files\Bonjour\mDNSResponder.exe”=“C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour”
“C:\Program Files\iTunes\iTunes.exe”=“C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes”
“C:\Program Files\Nowe Gadu-Gadu\gg.exe”=“C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu”
“E:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe”=“E:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV”
“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype”
“C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe”=“C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe:*:Enabled:Office Password Recovery PRO”
“D:\Gry misada\System\SplinterCell3.exe”=“D:\Gry misada\System\SplinterCell3.exe:*:Enabled:SplinterCell3”
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
Files with Hidden Attributes :
Fri 19 Dec 2008 4,348 A.SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak”
Mon 13 Nov 2006 319,456 A…H. — “C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll”
Sun 22 Mar 2009 444 …HR — “C:\Documents and Settings\MasterAdmin\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak”
Finished!