steryd12 utworzono 28 marca 2009 utworzono 28 marca 2009 Proszę o sprawdzenie loga. ComboFix 09-03-27.02 - Marcin 2009-03-28 23:21:48.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1561 [GMT 1:00]Uruchomiony z: d:\download firefox\ComboFix.exeAV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracaniaUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\_005443_.tmp.dllc:\windows\system32\_005444_.tmp.dllc:\windows\system32\_005445_.tmp.dllc:\windows\system32\_005446_.tmp.dllc:\windows\system32\_005453_.tmp.dllc:\windows\system32\_005454_.tmp.dllc:\windows\system32\_005455_.tmp.dllc:\windows\system32\_005456_.tmp.dllc:\windows\system32\_005458_.tmp.dllc:\windows\system32\_005459_.tmp.dllc:\windows\system32\_005462_.tmp.dllc:\windows\system32\_005463_.tmp.dllc:\windows\system32\_005466_.tmp.dllc:\windows\system32\_005467_.tmp.dllc:\windows\system32\_005469_.tmp.dllc:\windows\system32\_005472_.tmp.dllc:\windows\system32\_005473_.tmp.dllc:\windows\system32\_005478_.tmp.dllc:\windows\system32\_005480_.tmp.dllc:\windows\system32\_005483_.tmp.dllc:\windows\system32\_005485_.tmp.dllc:\windows\system32\_005486_.tmp.dllc:\windows\system32\_005487_.tmp.dllc:\windows\system32\_005488_.tmp.dllc:\windows\system32\_005489_.tmp.dllc:\windows\system32\_005492_.tmp.dllc:\windows\system32\_005493_.tmp.dllc:\windows\system32\_005494_.tmp.dllc:\windows\system32\_005495_.tmp.dllc:\windows\system32\_005496_.tmp.dllc:\windows\system32\_005501_.tmp.dllc:\windows\system32\AutoRun.infc:\windows\system32\Dvbpws.dll.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_ISODRIVE-------\Service_ISODrive-------\Service_PCIDump((((((((((((((((((((((((( Pliki utworzone od 2009-02-28 do 2009-03-28 ))))))))))))))))))))))))))))))).2009-03-27 18:56 . 2009-03-27 18:56 248 --a------ c:\windows\RomeTW.ini2009-03-26 20:38 . 2009-03-27 16:11 <DIR> d-------- c:\program files\Traffic Giant Gold2009-03-23 16:08 . 2009-03-23 16:08 <DIR> d--hs---- c:\documents and settings\All Users\Dane aplikacji\SecuROM2009-03-20 23:25 . 2009-03-20 23:25 41,808 --a------ c:\windows\system32\xfcodec.dll2009-03-15 12:51 . 2009-03-15 12:51 <DIR> d-------- c:\program files\AutoHotkey2009-03-14 02:29 . 2009-03-14 02:29 <DIR> dr-h----- c:\documents and settings\Marcin\Dane aplikacji\SecuROM2009-03-13 21:36 . 2009-03-14 20:27 43,520 --a------ c:\windows\system32\CmdLineExt03.dll2009-03-12 18:14 . 2009-03-12 18:14 <DIR> d-------- c:\documents and settings\NetworkService\Dane aplikacji\Xfire2009-03-11 13:12 . 2009-03-11 13:13 <DIR> d-------- c:\program files\Common Files\Adobe2009-03-10 19:13 . 2009-03-10 19:13 <DIR> d-------- c:\documents and settings\LocalService\Dane aplikacji\Xfire2009-03-10 01:47 . 2009-03-26 07:13 <DIR> d-------- c:\program files\Xfire2009-03-10 01:47 . 2009-03-28 23:20 <DIR> d-------- c:\documents and settings\Marcin\Dane aplikacji\Xfire2009-03-09 19:15 . 2009-03-09 19:15 <DIR> d-------- C:\PITy2008_20092009-03-09 18:54 . 2009-03-24 00:01 <DIR> d-------- c:\program files\Pity 20082009-03-07 15:39 . 2009-03-07 15:40 8 --a------ c:\windows\system32\nvModes.dat2009-03-07 15:38 . 2009-03-07 15:38 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\nView_Profiles2009-03-06 18:52 . 2009-03-06 18:52 <DIR> d-------- c:\windows\Downloaded Installations2009-03-06 17:37 . 2009-03-06 17:37 <DIR> d-------- c:\documents and settings\Marcin\Dane aplikacji\id Software2009-03-06 17:36 . 2009-03-06 17:36 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\id Software2009-03-06 17:36 . 2009-03-06 17:36 2,246,144 --a------ c:\windows\system32\pbsvc.exe2009-03-04 21:27 . 2009-03-04 21:28 <DIR> d-------- c:\program files\Rigs of Rods 0.33d2009-03-04 19:26 . 2009-03-04 19:26 <DIR> d-------- c:\program files\Hamachi2009-03-04 19:26 . 2009-03-28 23:24 <DIR> d-------- c:\documents and settings\Marcin\Dane aplikacji\Hamachi2009-03-04 19:26 . 2009-03-04 20:26 25,280 --a------ c:\windows\system32\drivers\hamachi.sys2009-03-04 00:02 . 2009-03-12 07:16 664 --a------ c:\windows\system32\d3d9caps.dat2009-03-03 21:28 . 2009-03-03 21:29 <DIR> d-------- c:\program files\Symulator Jazdy Samochodem 2006 PL2009-03-03 20:15 . 2009-03-03 20:15 1,060,864 --a------ c:\windows\system32\mfc71.dll2009-03-03 20:04 . 2009-03-03 20:04 107,888 --a------ c:\windows\system32\CmdLineExt.dll2009-03-03 20:02 . 2009-03-03 20:02 <DIR> d-------- c:\windows\system32\xlive2009-03-03 20:02 . 2009-03-03 20:03 <DIR> d-------- c:\windows\system32\drivers\umdf2009-03-03 20:02 . 2009-03-03 20:27 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE2009-03-03 20:02 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll2009-03-03 20:02 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll2009-03-03 20:02 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll2009-03-03 19:27 . 2009-03-03 19:27 <DIR> d-------- c:\program files\MSBuild2009-03-03 19:25 . 2009-03-03 19:25 <DIR> d-------- c:\windows\system32\XPSViewer2009-03-03 19:25 . 2009-03-03 19:25 <DIR> d-------- c:\program files\Reference Assemblies2009-03-03 19:24 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll2009-02-28 22:16 . 2009-03-28 19:00 189,072 --a------ c:\windows\system32\PnkBstrB.xtr.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-03-28 22:21 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\Skype2009-03-28 17:40 138,920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys2009-03-28 15:03 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\skypePM2009-03-27 22:13 --------- d--h--w c:\program files\InstallShield Installation Information2009-03-27 21:11 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\uTorrent2009-03-22 14:55 --------- d-----w c:\program files\NAPI-PROJEKT2009-03-06 16:36 22,328 ----a-w c:\documents and settings\Marcin\Dane aplikacji\PnkBstrK.sys2009-02-27 19:20 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\Creative2009-02-26 19:48 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu2009-02-25 21:21 --------- d-----w c:\program files\Nowe Gadu-Gadu2009-02-25 18:41 --------- d-----w c:\program files\Creative2009-02-21 16:37 --------- d-----w c:\program files\Common Files\INCA Shared2009-02-21 12:36 --------- d-----w c:\program files\GameTribe2009-02-20 17:23 --------- d-----w c:\program files\Common Files\InstallShield2009-02-20 17:17 --------- d-----w c:\program files\Common Files\EZB Systems2009-02-18 22:32 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\Gadu-Gadu2009-02-18 20:59 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\DAEMON Tools Lite2009-02-18 20:58 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\DAEMON Tools Pro2009-02-18 20:58 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\DAEMON Tools2009-02-18 20:57 --------- d-----w c:\program files\DAEMON Tools Lite2009-02-18 20:57 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite2009-02-18 20:49 717,296 ----a-w c:\windows\system32\drivers\sptd.sys2009-02-18 18:39 --------- d-----w c:\program files\Gadu-Gadu2009-02-18 17:50 --------- d-----w c:\program files\HP2009-02-18 17:50 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\HPAppData2009-02-18 17:50 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\WEBREG2009-02-18 17:49 --------- d-----w c:\program files\Hewlett-Packard2009-02-18 17:49 --------- d-----w c:\program files\Common Files\HP2009-02-18 17:49 --------- d-----w c:\program files\Common Files\Hewlett-Packard2009-02-18 17:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP2009-02-18 17:48 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard2009-02-18 17:40 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2009-02-18 15:14 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ulead Systems2009-02-17 22:53 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\Winamp2009-02-17 20:17 --------- d-----w c:\program files\Winamp2009-02-17 20:16 --------- d-----w c:\program files\K-Lite Codec Pack2009-02-17 20:09 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ArcSoft2009-02-17 18:17 --------- d-----w c:\program files\Unlocker2009-02-17 15:42 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\ArcSoft2009-02-16 19:48 --------- d-----w c:\program files\Common Files\Ulead Systems2009-02-16 19:48 --------- d-----w c:\program files\Common Files\ArcSoft2009-02-16 19:47 --------- d-----w c:\program files\WinFast2009-02-16 19:45 --------- d-----w c:\program files\Leadtek Research Inc2009-02-16 19:44 --------- d-----w c:\program files\AMD2009-02-16 19:41 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2009-02-16 19:41 --------- d-----w c:\program files\AGEIA Technologies2009-02-16 19:36 --------- d-----w c:\program files\Common Files\Skype2009-02-16 19:36 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype2009-02-16 19:36 --------- d-----r c:\program files\Skype2009-02-16 19:26 --------- d-----w c:\program files\Realtek2009-02-16 18:54 --------- d-----w c:\program files\CCleaner2009-02-16 18:50 --------- d-----w c:\program files\uTorrent2009-02-16 18:28 --------- d-----w c:\program files\Razer2009-02-16 18:28 --------- d-----w c:\program files\DIFX2009-02-16 18:28 --------- d-----w c:\documents and settings\Marcin\Dane aplikacji\InstallShield2009-02-16 18:20 315,392 ----a-w c:\windows\HideWin.exe2009-02-16 18:14 --------- d-----w c:\program files\ESET2009-02-16 18:14 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ESET2009-02-16 18:05 --------- d-----w c:\program files\microsoft frontpage2009-02-16 18:02 --------- d-----w c:\program files\Usługi online.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-06-20 2887680]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-06-20 90112]"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe]"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\Marcin\Menu Start\Programy\Autostart\hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-03-04 625952]Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-03-20 3025232]c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3fhg"= mp3fhg.acm"msacm.divxa32"= divxa32.acm"VIDC.X264"= x264vfw.dll"VIDC.HFYU"= huffyuv.dll"vidc.i263"= i263_32.drv"VIDC.XFR1"= xfcodec.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-09-12 17:45 36352 c:\program files\Winamp\winampa.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="d:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"="d:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="d:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="d:\\THQ\\Company of Heroes\\RelicCOH.exe"="d:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-02-16 36864]R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-02-16 22784]R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2009-02-25 178913]S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\Marcin\USTAWI~1\Temp\iMSPQMn.sys --> c:\docume~1\Marcin\USTAWI~1\Temp\iMSPQMn.sys [?][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-RGSC - d:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe.------- Skan uzupełniający -------.IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\ricpc6mn.default\FF - prefs.js: browser.search.selectedEngine - AllegroFF - prefs.js: browser.startup.homepage - www.google.plFF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-03-28 23:24:14Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\rundll32.exec:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exec:\windows\system32\nvsvc32.exec:\program files\Razer\DeathAdder\razertra.exec:\program files\Razer\DeathAdder\razerofa.exec:\windows\system32\PnkBstrA.exec:\windows\system32\PnkBstrB.exec:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exec:\windows\system32\wscntfy.exec:\program files\HP\Digital Imaging\bin\hpqste08.exe.**************************************************************************.Czas ukończenia: 2009-03-28 23:25:14 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-03-28 22:25:12Przed: 7 661 641 728 bajtów wolnychPo: 8,604,385,280 bajtów wolnych258
Mateusz J. komentarz 29 marca 2009 komentarz 29 marca 2009 Usuń folder c:\QooBox. Czysto. W czym problem?
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.