Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
15 Maj 2008, 17:53
oto log
chyba dobrze poszło
co to są za pliki tak w ogóle??
chyba dobrze poszło
co to są za pliki tak w ogóle??
- Kod:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Documents and Settings\pykoo\Ustawienia lokalne\Temp\Av-test.txt" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP173\A0132234.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP173\A0132275.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132300.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132316.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132318.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132322.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132323.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132324.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132325.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132326.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132327.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132328.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132329.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132337.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132338.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132339.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP174\A0132346.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP175\A0133378.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP176\A0134437.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP176\A0134438.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP177\A0135570.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP177\A0135573.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP177\A0136535.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP177\A0137540.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP177\A0137569.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP178\A0138671.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP178\A0139638.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP178\A0139641.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP178\A0139644.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP178\A0139645.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP178\A0139676.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139679.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139699.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139726.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139730.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139778.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139780.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139785.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP179\A0139786.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP180\A0139792.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP180\A0141782.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP180\A0141810.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP180\A0141811.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP180\A0141813.EXE" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP180\A0141857.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0141861.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0141865.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0141866.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0142803.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0142806.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0142835.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP181\A0142842.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0142845.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0142870.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143871.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143880.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143900.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143924.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143956.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143973.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP182\A0143984.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0143990.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0144973.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0144977.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0144981.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0145975.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0145992.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP183\A0145999.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP184\A0146002.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP184\A0146023.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP184\A0146027.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP184\A0146028.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0146037.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0146060.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0146078.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0146081.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0147059.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0147065.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0147084.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP185\A0147112.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0147121.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148112.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148134.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148153.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148154.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148155.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148156.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148157.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148158.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148159.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148160.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148161.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148162.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148163.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148164.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148165.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148166.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148167.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148168.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148169.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148170.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148171.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148172.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148173.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148174.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148175.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148176.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148177.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148178.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148179.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148180.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148181.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148182.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148183.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148184.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148185.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148186.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148187.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148188.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148189.EXE" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148190.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148191.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148192.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148193.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148194.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148195.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148196.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148197.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148198.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148199.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148200.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148201.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148202.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148203.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148204.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148205.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148206.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148207.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148208.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148209.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148210.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148211.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148212.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148213.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148214.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148215.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148216.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148217.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148218.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148219.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148220.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148221.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148222.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148223.EXE" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148224.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148225.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148226.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148227.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148228.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148229.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148230.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148231.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148232.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148233.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148234.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148235.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148236.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148237.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148238.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148239.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148240.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148241.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148242.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148243.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148244.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148245.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148246.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148247.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148248.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148249.EXE" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148250.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148251.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148252.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148253.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148254.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148255.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148256.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148258.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148259.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148260.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148261.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148262.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148263.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148264.EXE" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148265.EXE" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148266.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148267.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148268.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148269.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148270.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148271.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148272.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148273.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148274.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148275.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148276.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148277.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148278.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148279.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148280.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148281.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148282.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148283.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148284.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148285.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148286.EXE" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148287.EXE" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148288.EXE" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148289.EXE" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148290.EXE" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148291.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148292.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148293.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148294.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148295.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148296.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148297.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148298.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148299.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148300.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148301.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148302.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148303.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148304.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148305.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148306.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP186\A0148307.exe" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP187\A0148313.com" deleted successfully.
File "D:\System Volume Information\_restore{1A9329ED-F4C5-46E8-9787-65721D0542DD}\RP187\A0150136.com" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
15 Maj 2008, 18:10
Pliki wirusa, powinno być ok ale przeskanuj ponownie Kasperskim i daj log na forum
15 Maj 2008, 19:17
no nie poszło tak dobrze jak sie spodziewałem
- Kod:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
15 maj 2008 19:14:20
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus15/05/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus775174
-------------------------------------------------------------------------------
Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak
Obszar skanowania - Foldery:
C:\
D:\
Statystyki skanowania:
Liczba skanowanych obiektów: 43238
Liczba wykrytych wirusów: 2
Liczba zainfekowanych obiektów: 142
Liczba podejrzanych obiektów: 0
Czas trwania skanowania: 01:00:08
Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\pykoo\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\pykoo\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\pykoo\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Historia\History.IE5\MSHist012008051520080516\index.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-05-15.17-56-24.log Object is locked pominięty
C:\Program Files\KonnektPlus\data\log\konnekt_live_08-05-15[01].log Object is locked pominięty
C:\Program Files\Softwin\BitDefender9\asdict.dat Object is locked pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\change.log Object is locked pominięty
C:\WINDOWS\CSC\00000001 Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\Temp\tmp000007db\tmp00000000 Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
D:\Avenger\A0132234.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0132275.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0132300.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0132316.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0132318.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0132322.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0132323.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0132324.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0132325.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0132326.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0132328.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0132329.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0132346.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0134438.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0135573.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0137540.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0138671.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0139638.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0139645.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0139676.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0139679.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0139778.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0139792.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0141813.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0141861.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0141866.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0142803.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0142835.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0142845.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0142870.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0143871.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0143880.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0143900.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0143924.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0143956.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0143973.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0143990.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0144973.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0144977.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0145975.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0145992.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0146002.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0146023.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0146027.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0146037.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0146060.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0146078.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0147059.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0147065.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0147084.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0147112.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0147121.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0148112.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0148134.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0148155.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148176.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148177.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148195.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148199.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148201.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148202.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148203.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148204.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148205.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148206.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148209.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148219.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148228.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148235.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148236.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148237.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148238.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148239.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148240.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148241.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148242.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148243.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148244.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148245.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148246.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148247.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148248.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148249.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148250.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148251.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148252.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148253.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148254.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148255.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148256.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148258.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148259.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148260.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148261.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148262.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148263.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148264.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148265.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148266.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148267.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148268.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148269.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148270.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148271.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148272.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148273.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148274.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148275.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148276.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148277.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148278.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148279.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148280.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148281.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148282.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148283.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148284.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148285.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148286.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148287.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148288.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148289.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148290.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148291.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148292.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148293.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148294.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148295.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148296.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148297.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148298.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148299.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148300.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148301.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148302.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148303.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148304.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148305.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148306.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148307.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\Avenger\A0148313.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\Avenger\A0150136.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\GRY\World of Warcraft\World of Warcraft\Logs\gx.log Object is locked pominięty
D:\GRY\World of Warcraft\World of Warcraft\Logs\SESound.log Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
Proces skanowania został zakończony.
15 Maj 2008, 19:54
Usuń ten folder:
D:\Avenger
i powinno być ok
D:\Avenger
i powinno być ok
15 Maj 2008, 21:07
już mi wszystko jedno za każdym razem wykrywa coś na D
Trojan-PSW.Win32.OnLineGames.too co to jest?? może to przez to ze gram w mmo po sieci??
zostawię już to chyba tak jak jest, żadne błędy mi nie wyskakują jak narazie, dzięki za pomoc
Trojan-PSW.Win32.OnLineGames.too co to jest?? może to przez to ze gram w mmo po sieci??
zostawię już to chyba tak jak jest, żadne błędy mi nie wyskakują jak narazie, dzięki za pomoc
- Kod:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
15 maj 2008 20:58:39
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus15/05/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus775447
-------------------------------------------------------------------------------
Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak
Obszar skanowania - Foldery:
C:\
D:\
Statystyki skanowania:
Liczba skanowanych obiektów: 43302
Liczba wykrytych wirusów: 2
Liczba zainfekowanych obiektów: 142
Liczba podejrzanych obiektów: 0
Czas trwania skanowania: 00:53:20
Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\pykoo\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\pykoo\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\pykoo\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Historia\History.IE5\MSHist012008051520080516\index.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-05-15.17-56-24.log Object is locked pominięty
C:\Program Files\KonnektPlus\data\log\konnekt_live_08-05-15[01].log Object is locked pominięty
C:\Program Files\Softwin\BitDefender9\asdict.dat Object is locked pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\change.log Object is locked pominięty
C:\WINDOWS\CSC\00000001 Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\Temp\tmp000007db\tmp00000000 Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007686.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007687.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007688.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007689.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007690.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007691.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007692.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007693.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007694.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007695.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007697.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007698.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007702.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007705.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007707.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007709.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007711.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007712.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007715.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007716.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007717.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007720.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007723.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007727.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007729.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007731.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007732.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007734.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007736.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007737.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007738.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007739.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007740.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007741.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007742.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007743.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007745.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007746.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007747.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007749.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007750.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007752.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007753.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007754.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007756.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007757.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007758.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007760.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007761.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007762.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007763.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007764.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007765.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007766.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007769.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007788.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007789.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007807.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007811.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007813.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007814.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007815.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007816.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007817.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007818.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007821.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007831.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007840.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007847.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007848.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007849.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007850.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007851.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007852.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007853.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007854.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007855.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007856.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007857.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007858.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007859.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007860.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007861.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007862.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007863.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007864.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007865.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007866.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007867.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007868.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007869.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007870.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007871.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007872.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007873.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007874.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007875.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007876.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007877.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007878.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007879.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007880.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007881.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007882.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007883.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007884.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007885.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007886.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007887.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007888.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007889.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007890.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007891.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007892.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007893.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007894.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007895.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007896.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007897.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007898.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007899.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007900.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007901.EXE Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007902.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007903.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007904.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007905.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007906.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007907.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007908.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007909.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007910.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007911.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007912.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007913.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007914.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007915.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007916.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007917.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007918.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007919.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007920.com Zainfekowanych: Trojan-PSW.Win32.OnLineGames.too pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\change.log Object is locked pominięty
Proces skanowania został zakończony.
15 Maj 2008, 21:53
Pobierz Avenger
wklej do niego ten tekst:
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
wklej do niego ten tekst:
- Kod:
Files to delete:
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007686.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007687.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007688.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007689.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007690.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007691.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007692.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007693.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007694.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007695.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007697.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007698.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007702.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007705.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007707.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007709.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007711.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007712.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007715.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007716.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007717.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007720.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007723.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007727.EXE
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007729.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007731.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007732.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007734.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007736.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007737.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007738.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007739.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007740.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007741.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007742.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007743.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007745.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007746.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007747.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007749.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007750.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007752.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007753.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007754.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007756.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007757.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007758.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007760.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007761.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007762.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007763.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007764.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007765.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007766.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007769.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007788.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007789.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007807.exe Zainfekowanych: Virus.Win32.Hidrag.a pominięty
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007811.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007813.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007814.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007815.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007816.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007817.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007818.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007821.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007831.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007840.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007847.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007848.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007849.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007850.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007851.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007852.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007853.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007854.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007855.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007856.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007857.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007858.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007859.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007860.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007861.EXE
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007862.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007863.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007864.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007865.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007866.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007867.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007868.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007869.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007870.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007871.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007872.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007873.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007874.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007875.EXE
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007876.EXE
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007877.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007878.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007879.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007880.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007881.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007882.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007883.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007884.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007885.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007886.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007887.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007888.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007889.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007890.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007891.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007892.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007893.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007894.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007895.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007896.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007897.EXE
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007898.EXE
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007899.EXE
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007900.EXE
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007901.EXE
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007902.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007903.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007904.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007905.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007906.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007907.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007908.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007909.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007910.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007911.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007912.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007913.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007914.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007915.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007916.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007917.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007918.exe
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007919.com
D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007920.com
kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt
15 Maj 2008, 22:14
oto log
- Kod:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007686.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007687.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007688.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007689.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007690.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007691.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007692.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007693.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007694.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007695.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007697.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007698.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007702.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007705.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007707.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007709.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007711.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007712.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007715.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007716.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007717.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007720.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007723.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007727.EXE" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007729.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007731.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007732.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007734.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007736.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007737.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007738.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007739.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007740.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007741.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007742.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007743.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007745.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007746.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007747.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007749.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007750.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007752.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007753.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007754.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007756.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007757.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007758.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007760.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007761.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007762.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007763.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007764.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007765.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007766.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007769.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007788.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007789.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007807.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007811.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007813.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007814.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007815.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007816.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007817.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007818.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007821.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007831.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007840.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007847.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007848.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007849.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007850.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007851.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007852.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007853.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007854.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007855.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007856.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007857.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007858.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007859.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007860.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007861.EXE" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007862.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007863.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007864.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007865.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007866.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007867.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007868.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007869.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007870.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007871.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007872.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007873.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007874.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007875.EXE" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007876.EXE" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007877.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007878.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007879.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007880.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007881.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007882.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007883.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007884.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007885.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007886.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007887.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007888.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007889.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007890.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007891.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007892.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007893.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007894.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007895.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007896.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007897.EXE" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007898.EXE" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007899.EXE" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007900.EXE" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007901.EXE" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007902.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007903.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007904.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007905.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007906.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007907.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007908.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007909.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007910.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007911.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007912.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007913.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007914.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007915.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007916.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007917.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007918.exe" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007919.com" deleted successfully.
File "D:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP27\A0007920.com" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
15 Maj 2008, 22:18
Pliki sie usuneły, przeskanuj ponownie Kasperskim i daj log na forum
15 Maj 2008, 23:11
wielkie dziki Kasperski nic nie wykrył oto log
- Kod:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
15 maj 2008 23:08:18
System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus15/05/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus775984
-------------------------------------------------------------------------------
Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak
Obszar skanowania - Foldery:
C:\
D:\
Statystyki skanowania:
Liczba skanowanych obiektów: 42954
Liczba wykrytych wirusów: 0
Liczba zainfekowanych obiektów: 0
Liczba podejrzanych obiektów: 0
Czas trwania skanowania: 00:47:31
Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\pykoo\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\pykoo\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\pykoo\ntuser.dat.LOG Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Historia\History.IE5\MSHist012008051520080516\index.dat Object is locked pominięty
C:\Documents and Settings\pykoo\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-05-15.22-08-46.log Object is locked pominięty
C:\Program Files\Softwin\BitDefender9\asdict.dat Object is locked pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\System Volume Information\_restore{937938D1-ADBA-4AFB-9029-0FB557D46A16}\RP28\change.log Object is locked pominięty
C:\WINDOWS\CSC\00000001 Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\Temp\tmp000048ff\tmp00000000 Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
Proces skanowania został zakończony.
16 Maj 2008, 05:29
Też się cieszę bo trochę czasu spędziełem przy pisaniu skryptu
17 Maj 2008, 15:55
witam log z combofixa
laptop brata sie zainfekowal ;]
laptop brata sie zainfekowal ;]
- Kod:
ComboFix 08-05-15.3 - RaJieru 2008-05-17 15:48:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.739 [GMT 2:00]
Running from: C:\Documents and Settings\RaJieru\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.
2008-05-11 11:23 . 2008-05-11 11:33 <DIR> d-------- C:\Documents and Settings\RaJieru\Application Data\eXPert PDF Editor
2008-05-11 11:17 . 2008-05-11 11:17 <DIR> d-------- C:\Program Files\Visagesoft
2008-05-11 11:16 . 2008-05-11 11:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 22:31 . 2008-05-11 22:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 22:29 . 2008-05-08 22:30 <DIR> d-------- C:\Program Files\FlashFXP
2008-05-08 22:29 . 2008-05-08 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-05-01 17:27 . 2008-03-21 13:13 102,536 -r-hs---- C:\v.com
2008-04-27 17:36 . 2008-04-27 17:36 <DIR> d-------- C:\Program Files\Hamachi
2008-04-27 17:36 . 2008-05-13 20:03 <DIR> d-------- C:\Documents and Settings\RaJieru\Application Data\Hamachi
2008-04-27 17:36 . 2008-04-27 17:36 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-27 17:19 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-04-26 17:39 . 2008-04-26 17:39 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-19 14:00 . 2008-04-26 17:39 <DIR> d-------- C:\TEMP
2008-04-17 20:04 . 2008-04-17 20:04 6,688 --a------ C:\WINDOWS\movexe.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 13:51 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\Skype
2008-05-17 13:47 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\foobar2000
2008-05-17 13:46 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-05-17 11:28 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\skypePM
2008-05-15 23:34 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\X-Chat 2
2008-05-13 14:34 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\WTablet
2008-05-12 05:13 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\AdobeUM
2008-04-15 17:09 --------- d-----w C:\Program Files\Tablet
2008-04-14 11:57 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\WTablet
2008-04-13 23:07 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\MySQL
2008-04-11 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 09:07 --------- d-----w C:\Program Files\FlashGet
2008-04-03 13:21 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\StoneLoops
2008-04-03 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\StoneLoops!
2008-03-25 14:11 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-03-25 12:45 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-03-25 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-24 19:25 --------- d-----w C:\Program Files\Opera
2008-03-19 08:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-19 08:20 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-18 16:26 --------- d-----w C:\Program Files\Ateksoft
2007-03-03 13:41 461 ----a-w C:\Program Files\INSTALL.LOG
2002-07-01 14:13 243 --sha-w C:\Documents and Settings\All Users\Application Data\system16driver.dat
2007-03-03 15:10 56 --sh--r C:\WINDOWS\system32\D0E7B49BA7.sys
2007-03-03 15:10 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06 1667584]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 22:02 1204224]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 12:46 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 14:00 16384]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2004-08-04 14:00 271872]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 07:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"00THotkey"="C:\WINDOWS\system32\[u]0[/u]0THotkey.exe" [2005-02-02 16:01 270336]
"CrossMenu"="C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe" [2005-04-04 13:07 798720]
"000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40 196608]
"TFNF5"="TFNF5.exe" [2004-06-28 10:16 73728 C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-04 12:40 118784]
"TosRotation"="C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2005-04-04 16:18 266240]
"TPSMain"="TPSMain.exe" [2005-04-06 12:24 266240 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2005-04-06 12:24 102400 C:\WINDOWS\system32\TPSODDCtl.exe]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [2005-04-05 09:35 118784]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [2005-04-05 09:34 77824]
"TMESBS.EXE"="C:\Program Files\TOSHIBA\TME3\TMESBS32.exe" [2003-10-28 15:38 77824]
"TFncKy"="TFncKy.exe" []
"TAcelMgr"="C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2005-04-04 17:18 86016]
"TSkrMain"="C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2005-04-04 17:18 45056]
"DpUtil"="C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe" [2003-12-19 13:10 155648]
"NDSTray.exe"="NDSTray.exe" []
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152]
"TAudEffect"="C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" [2005-01-14 12:40 340032]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-03-03 15:40 372736]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 18:53 90112]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 11:28 9728]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 14:09 33280]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-04 14:15 155648]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 07:22 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="%windir%\help\wizard.hta" [ ]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 14:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 04:41 11776 C:\WINDOWS\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 14:00 30208 C:\WINDOWS\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Konnekt\\konnekt.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"D:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Program Files\\Zend\\ZendStudio-5.5.0\\jre\\bin\\javaw.exe"=
"D:\\GRY\\Quake3\\quake3.exe"=
"C:\\Program Files\\Ateksoft\\WebCamera Plus\\camviewer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\GRY\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9405:TCP"= 9405:TCP:BitComet 9405 TCP
"9405:UDP"= 9405:UDP:BitComet 9405 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-28 00:31]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 13:24]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 12:08]
R2 Tmesbs;Tmesbs32;"C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service []
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-05-13 11:58]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;C:\WINDOWS\system32\DRIVERS\TBtnKey.sys [2002-09-12 23:48]
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2005-01-13 11:58]
R3 TMicAry;Toshiba Audio Effect with MicArray;C:\WINDOWS\system32\DRIVERS\TMicAry.sys [2004-02-04 11:27]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18]
R3 WacomISDPen;Wacom Penabled HID MiniDriver;C:\WINDOWS\system32\DRIVERS\wacomisdpen.sys [2006-04-27 10:36]
S3 AteksoftAudio;WebCamera Plus Audio;C:\WINDOWS\system32\drivers\ateksoftaudio.sys [2007-12-25 12:06]
S3 VSPerfDrv;Performance Tools Driver;C:\Program Files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 03:42]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-04 01:04]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{151b6b37-8c3f-11dc-88de-000e7b1593e0}]
\Shell\AutoRun\command - H:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a37dd3a-8bbd-11dc-88db-806d6172696f}]
\Shell\AutoRun\command - D:\v.com
\Shell\explore\Command - D:\v.com
\Shell\open\Command - D:\v.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54667386-c968-11db-a587-00166f893d46}]
\Shell\AutoRun\command - G:\v.com
\Shell\explore\Command - G:\v.com
\Shell\open\Command - G:\v.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a19442a0-fd88-11dc-88f2-000e7b1593e0}]
\Shell\AutoRun\command - G:\v.com
\Shell\explore\Command - G:\v.com
\Shell\open\Command - G:\v.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6368e7c-c966-11db-a586-806d6172696f}]
\Shell\AutoRun\command - C:\v.com
\Shell\explore\Command - C:\v.com
\Shell\open\Command - C:\v.com
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-03-03 09:14:36 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-03-03 09:14:37 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-03-03 09:14:37 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 15:51:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-17 15:52:40
ComboFix-quarantined-files.txt 2008-05-17 13:52:08
Pre-Run: 3,168,763,904 bytes free
Post-Run: 4,085,198,848 bytes free
202
17 Maj 2008, 16:08
Do wyleczenia pendrive z wirusów użyj
Perlovga Removal Tool
Flash Disinfector
lub format
Po tym nie odłaczaj pendrive i wykonaj to:
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
Perlovga Removal Tool
Flash Disinfector
lub format
Po tym nie odłaczaj pendrive i wykonaj to:
Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:
- Kod:
File::
C:\v.com
D:\v.com
G:\v.com
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=-
"H/PC Connection Agent"=-
"updateMgr"=-
"WMPNSCFG"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"=-
"QuickTime Task"=-
"NeroFilterCheck"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Plik
zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu
Rozpocznie się usuwanie i powstanie log, daj ten log na forum.
17 Maj 2008, 16:27
log
- Kod:
ComboFix 08-05-15.3 - RaJieru 2008-05-17 16:20:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.689 [GMT 2:00]
Running from: C:\Documents and Settings\RaJieru\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\RaJieru\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\v.com
D:\v.com
G:\v.com
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\v.com
D:\v.com
G:\v.com
.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.
2008-05-11 11:23 . 2008-05-11 11:33 <DIR> d-------- C:\Documents and Settings\RaJieru\Application Data\eXPert PDF Editor
2008-05-11 11:17 . 2008-05-11 11:17 <DIR> d-------- C:\Program Files\Visagesoft
2008-05-11 11:16 . 2008-05-11 11:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 22:31 . 2008-05-11 22:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 22:29 . 2008-05-08 22:30 <DIR> d-------- C:\Program Files\FlashFXP
2008-05-08 22:29 . 2008-05-08 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FlashFXP
2008-04-27 17:36 . 2008-04-27 17:36 <DIR> d-------- C:\Program Files\Hamachi
2008-04-27 17:36 . 2008-05-13 20:03 <DIR> d-------- C:\Documents and Settings\RaJieru\Application Data\Hamachi
2008-04-27 17:36 . 2008-04-27 17:36 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-27 17:19 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-04-26 17:39 . 2008-04-26 17:39 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-19 14:00 . 2008-04-26 17:39 <DIR> d-------- C:\TEMP
2008-04-17 20:04 . 2008-04-17 20:04 6,688 --a------ C:\WINDOWS\movexe.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 14:16 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-05-17 14:08 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\skypePM
2008-05-17 13:51 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\Skype
2008-05-17 13:47 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\foobar2000
2008-05-15 23:34 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\X-Chat 2
2008-05-13 14:34 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\WTablet
2008-05-12 05:13 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\AdobeUM
2008-04-15 17:09 --------- d-----w C:\Program Files\Tablet
2008-04-14 11:57 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\WTablet
2008-04-13 23:07 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\MySQL
2008-04-11 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 09:07 --------- d-----w C:\Program Files\FlashGet
2008-04-03 13:21 --------- d-----w C:\Documents and Settings\RaJieru\Application Data\StoneLoops
2008-04-03 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\StoneLoops!
2008-03-25 14:11 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-03-25 12:45 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-03-25 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-24 19:25 --------- d-----w C:\Program Files\Opera
2008-03-19 08:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-19 08:20 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-18 16:26 --------- d-----w C:\Program Files\Ateksoft
2007-03-03 13:41 461 ----a-w C:\Program Files\INSTALL.LOG
2002-07-01 14:13 243 --sha-w C:\Documents and Settings\All Users\Application Data\system16driver.dat
2007-03-03 15:10 56 --sh--r C:\WINDOWS\system32\D0E7B49BA7.sys
2007-03-03 15:10 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="C:\WINDOWS\help\SplshWrp.exe" [2004-08-04 14:00 16384]
"TabletTip"="C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" [2004-08-04 14:00 271872]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 07:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"00THotkey"="C:\WINDOWS\system32\[u]0[/u]0THotkey.exe" [2005-02-02 16:01 270336]
"CrossMenu"="C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe" [2005-04-04 13:07 798720]
"000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40 196608]
"TFNF5"="TFNF5.exe" [2004-06-28 10:16 73728 C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-04 12:40 118784]
"TosRotation"="C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2005-04-04 16:18 266240]
"TPSMain"="TPSMain.exe" [2005-04-06 12:24 266240 C:\WINDOWS\system32\TPSMain.exe]
"TPSODDCtl"="TPSODDCtl.exe" [2005-04-06 12:24 102400 C:\WINDOWS\system32\TPSODDCtl.exe]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [2005-04-05 09:35 118784]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [2005-04-05 09:34 77824]
"TMESBS.EXE"="C:\Program Files\TOSHIBA\TME3\TMESBS32.exe" [2003-10-28 15:38 77824]
"TAcelMgr"="C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2005-04-04 17:18 86016]
"TSkrMain"="C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2005-04-04 17:18 45056]
"DpUtil"="C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe" [2003-12-19 13:10 155648]
"NDSTray.exe"="NDSTray.exe" []
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 16:07 49152]
"TAudEffect"="C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe" [2005-01-14 12:40 340032]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38 866816]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-03-03 15:40 372736]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 18:53 90112]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 11:28 9728]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 14:09 33280]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 07:22 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="%windir%\help\wizard.hta" [ ]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 14:00 47104 C:\Program Files\Common Files\Microsoft Shared\Ink\LoginKey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 04:41 11776 C:\WINDOWS\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 14:00 30208 C:\WINDOWS\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Konnekt\\konnekt.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"D:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Program Files\\Zend\\ZendStudio-5.5.0\\jre\\bin\\javaw.exe"=
"D:\\GRY\\Quake3\\quake3.exe"=
"C:\\Program Files\\Ateksoft\\WebCamera Plus\\camviewer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\GRY\\World of Warcraft\\WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"9405:TCP"= 9405:TCP:BitComet 9405 TCP
"9405:UDP"= 9405:UDP:BitComet 9405 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2004-12-28 00:31]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2004-11-13 13:24]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 12:08]
R2 Tmesbs;Tmesbs32;"C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service []
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2004-05-13 11:58]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;C:\WINDOWS\system32\DRIVERS\TBtnKey.sys [2002-09-12 23:48]
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2005-01-13 11:58]
R3 TMicAry;Toshiba Audio Effect with MicArray;C:\WINDOWS\system32\DRIVERS\TMicAry.sys [2004-02-04 11:27]
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 16:18]
R3 WacomISDPen;Wacom Penabled HID MiniDriver;C:\WINDOWS\system32\DRIVERS\wacomisdpen.sys [2006-04-27 10:36]
S3 AteksoftAudio;WebCamera Plus Audio;C:\WINDOWS\system32\drivers\ateksoftaudio.sys [2007-12-25 12:06]
S3 VSPerfDrv;Performance Tools Driver;C:\Program Files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys [2005-09-23 03:42]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-04 01:04]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-03-03 09:14:36 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-03-03 09:14:37 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-03-03 09:14:37 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 16:21:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-17 16:22:04
ComboFix-quarantined-files.txt 2008-05-17 14:22:00
ComboFix2.txt 2008-05-17 13:52:41
Pre-Run: 4,063,334,400 bytes free
Post-Run: 4,051,910,656 bytes free
179
17 Maj 2008, 16:33
Log wyglada na czysty
Usuń ręcznie folder C:\Qoobox,usuń instalkę Combofix z dysku
Przeczyść komputer Ccleanerem
Przeczyść programy uruchamiane w autostarcie
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
Włącz przywracanie systemu.
Usuń ręcznie folder C:\Qoobox,usuń instalkę Combofix z dysku
Przeczyść komputer Ccleanerem
Przeczyść programy uruchamiane w autostarcie
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
Włącz przywracanie systemu.
17 Maj 2008, 22:12
oto log
- Kod:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
17 maj 2008 22:09:56
System operacyjny: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner wersja: 5.0.98.0
Ostatnia aktualizacja Kaspersky Anti-Virus17/05/2008
Liczba wpisów w bazie danych Kaspersky Anti-Virus781037
-------------------------------------------------------------------------------
Ustawienia skanowania:
Skanowanie przy użyciu następujących baz danych: rozszerzone
Skanuj archiwa: tak
Skanuj pocztowe bazy danych: tak
Obszar skanowania - Mój komputer:
C:\
D:\
E:\
F:\
G:\
Statystyki skanowania:
Liczba skanowanych obiektów: 134681
Liczba wykrytych wirusów: 1
Liczba zainfekowanych obiektów: 6
Liczba podejrzanych obiektów: 0
Czas trwania skanowania: 01:53:43
Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanie
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked pominięty
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_7f4.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_8b0.dat Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked pominięty
C:\Documents and Settings\RaJieru\Cookies\index.dat Object is locked pominięty
C:\Documents and Settings\RaJieru\Local Settings\Application Data\ApplicationHistory\TCServer.exe.7c11743d.ini.inuse Object is locked pominięty
C:\Documents and Settings\RaJieru\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked pominięty
C:\Documents and Settings\RaJieru\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked pominięty
C:\Documents and Settings\RaJieru\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty
C:\Documents and Settings\RaJieru\Local Settings\History\History.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\RaJieru\Local Settings\History\History.IE5\MSHist012008051720080518\index.dat Object is locked pominięty
C:\Documents and Settings\RaJieru\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty
C:\Documents and Settings\RaJieru\NTUSER.DAT Object is locked pominięty
C:\Documents and Settings\RaJieru\NTUSER.DAT.LOG Object is locked pominięty
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-05-17.17-15-34.log Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_22.trc Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\master.mdf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\mastlog.ldf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\model.mdf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\modellog.ldf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\msdbdata.mdf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\msdblog.ldf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\tempdb.mdf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\templog.ldf Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\LOG\ERRORLOG Object is locked pominięty
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\LOG\log_19.trc Object is locked pominięty
C:\Program Files\Softwin\BitDefender9\asdict.dat Object is locked pominięty
C:\Program Files\Softwin\BitDefender9\aspdict.dat Object is locked pominięty
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
C:\System Volume Information\_restore{41FA940C-7BCA-4A18-BE9D-4C22F669B17D}\RP1\change.log Object is locked pominięty
C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty
C:\WINDOWS\SchedLgU.Txt Object is locked pominięty
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked pominięty
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked pominięty
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\default Object is locked pominięty
C:\WINDOWS\system32\config\default.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SAM Object is locked pominięty
C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY Object is locked pominięty
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty
C:\WINDOWS\system32\config\software Object is locked pominięty
C:\WINDOWS\system32\config\software.LOG Object is locked pominięty
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty
C:\WINDOWS\system32\config\system Object is locked pominięty
C:\WINDOWS\system32\config\system.LOG Object is locked pominięty
C:\WINDOWS\system32\drivers\sptd.sys Object is locked pominięty
C:\WINDOWS\system32\h323log.txt Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty
C:\WINDOWS\Temp\tmp00000526\tmp00000000 Object is locked pominięty
C:\WINDOWS\WindowsUpdate.log Object is locked pominięty
D:\INSTALKI\INTERNET\mirc63.exe/stream/data0001/stream/data0014 Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.63 pominięty
D:\INSTALKI\INTERNET\mirc63.exe/stream/data0001/stream Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.63 pominięty
D:\INSTALKI\INTERNET\mirc63.exe/stream/data0001 Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.63 pominięty
D:\INSTALKI\INTERNET\mirc63.exe/stream Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.63 pominięty
D:\INSTALKI\INTERNET\mirc63.exe NSIS: zainfekowany - 4 pominięty
D:\Program Files\mIRC\mirc.exe Zainfekowanych: not-a-virus:Client-IRC.Win32.mIRC.63 pominięty
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty
Proces skanowania został zakończony.