beedu utworzono 27 kwietnia 2009 utworzono 27 kwietnia 2009 (edytowane) ComboFix 09-04-21.A8 - ppp 2009-04-27 14:36.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.515 [GMT 2:00]Uruchomiony z: c:\documents and settings\ppp\Pulpit\ComboFix.exeAV: ArcaVir *On-access scanning disabled* (Updated)AV: BitDefender Antivirus *On-access scanning disabled* (Updated)FW: ArcaFirewall 2007 *disabled*.((((((((((((((((((((((((( Pliki utworzone od 2009-03-27 do 2009-04-27 ))))))))))))))))))))))))))))))).2009-04-26 20:09 . 2009-04-26 20:09 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\LEGO Company2009-04-21 14:47 . 2009-04-21 14:51 2 ----a-w c:\windows\Twain001.Mtx2009-04-21 14:47 . 2009-04-21 14:51 156 ----a-w c:\windows\Twunk001.MTX2009-04-21 14:47 . 2009-04-21 14:47 0 ----a-w c:\windows\Twunk002.MTX2009-04-18 15:23 . 2009-04-18 15:23 -------- d-----w c:\windows\Sun2009-04-18 15:22 . 2009-04-18 15:22 73728 ----a-w c:\windows\system32\javacpl.cpl2009-04-18 15:22 . 2009-04-18 15:22 410984 ----a-w c:\windows\system32\deploytk.dll2009-04-18 13:56 . 2009-04-18 13:56 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\OpenFM2009-04-18 13:45 . 2009-04-18 13:56 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\Nowe Gadu-Gadu2009-04-17 15:09 . 2008-10-09 14:31 192512 ----a-w c:\windows\system32\txmlutil.dll2009-04-16 17:42 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe2009-04-16 17:42 . 2009-03-06 14:22 285696 -c----w c:\windows\system32\dllcache\pdh.dll2009-04-16 17:42 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe2009-04-16 17:42 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll2009-04-16 17:42 . 2009-02-09 10:53 686592 -c----w c:\windows\system32\dllcache\advapi32.dll2009-04-16 17:42 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll2009-04-16 17:42 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe2009-04-16 17:42 . 2009-02-09 10:53 731136 -c----w c:\windows\system32\dllcache\lsasrv.dll2009-04-16 17:42 . 2009-02-09 10:53 722944 -c----w c:\windows\system32\dllcache\ntdll.dll2009-04-16 17:42 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll2009-04-16 17:38 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb2009-04-16 17:38 . 2008-04-21 21:16 218112 -c----w c:\windows\system32\dllcache\wordpad.exe2009-04-16 12:27 . 2009-04-16 12:27 4403 ----a-w c:\windows\system32\BDUpdateV1.xml2009-04-12 14:57 . 2009-04-12 14:57 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\Bitdefender2009-04-12 14:47 . 2008-06-14 17:36 273024 -c----w c:\windows\system32\dllcache\bthport.sys2009-04-12 14:47 . 2009-02-20 08:12 668672 -c----w c:\windows\system32\dllcache\wininet.dll2009-04-12 14:47 . 2009-03-02 23:11 1499136 -c----w c:\windows\system32\dllcache\shdocvw.dll2009-04-12 14:47 . 2009-02-20 08:12 619520 -c----w c:\windows\system32\dllcache\urlmon.dll2009-04-12 14:43 . 2009-02-10 17:09 2067328 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe2009-04-12 14:43 . 2009-02-09 11:26 2025472 -c----w c:\windows\system32\dllcache\ntkrpamp.exe2009-04-12 14:43 . 2009-02-09 11:26 2146816 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe2009-04-12 14:42 . 2009-02-09 11:26 2190336 -c----w c:\windows\system32\dllcache\ntoskrnl.exe2009-04-12 14:42 . 2009-02-20 08:12 3089408 -c----w c:\windows\system32\dllcache\mshtml.dll2009-04-12 14:41 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys2009-04-12 14:41 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys2009-04-12 14:40 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys2009-04-12 14:40 . 2008-05-01 14:37 331776 -c----w c:\windows\system32\dllcache\msadce.dll2009-04-12 14:40 . 2008-04-11 19:06 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll2009-04-12 14:36 . 2008-10-03 10:04 247326 -c----w c:\windows\system32\dllcache\strmdll.dll2009-04-12 14:36 . 2008-10-15 16:36 337408 -c----w c:\windows\system32\dllcache\netapi32.dll2009-04-12 14:35 . 2008-09-04 17:17 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll2009-04-10 23:51 . 2009-04-12 14:54 121 ----a-w c:\windows\bdagent.INI2009-04-10 20:12 . 2009-04-10 20:12 850 ----a-w c:\windows\system32\ProductTweaks.xml2009-04-10 20:12 . 2009-04-10 20:12 385 ----a-w c:\windows\system32\user_gensett.xml2009-04-10 20:10 . 2009-04-12 14:54 81984 ----a-w c:\windows\system32\bdod.bin2009-04-10 19:57 . 2009-04-10 19:57 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\BitDefender2009-04-06 19:56 . 2009-04-06 19:56 28 ----a-w C:\.prj2009-04-05 12:31 . 1999-12-17 08:13 86016 ----a-w c:\windows\unvise32.exe2009-04-05 12:05 . 2009-04-05 12:18 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\PSpad2009-04-05 11:41 . 2009-04-05 11:41 19 ----a-w c:\windows\cie12.ini.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-04-27 12:36 . 2008-09-22 16:03 -------- d-----w c:\program files\Neostrada TP2009-04-27 10:50 . 2008-09-19 14:56 -------- d--h--w c:\program files\InstallShield Installation Information2009-04-27 10:49 . 2001-10-26 18:15 83988 ----a-w c:\windows\system32\perfc015.dat2009-04-27 10:49 . 2001-10-26 18:15 490808 ----a-w c:\windows\system32\perfh015.dat2009-04-24 09:57 . 2008-11-30 13:54 43520 ----a-w c:\windows\system32\CmdLineExt03.dll2009-04-21 14:50 . 2008-10-29 16:03 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\Image Zone Express2009-04-21 13:55 . 2009-02-09 15:00 59979 ----a-w C:\MP4debug.log2009-04-21 13:29 . 2009-02-22 18:39 37440 ----a-w c:\windows\system32\drivers\pssdklbf.drv2009-04-21 13:29 . 2009-02-22 18:39 30272 ----a-w c:\windows\system32\drivers\pssdk31.drv2009-04-20 19:56 . 2008-11-29 12:23 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\Skype2009-04-20 19:50 . 2008-11-29 12:28 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\skypePM2009-04-18 15:22 . 2008-09-22 16:03 -------- d-----w c:\program files\Java2009-04-17 15:15 . 2009-03-23 17:24 138168 ----a-w c:\windows\system32\drivers\PnkBstrK.sys2009-04-17 15:14 . 2008-10-25 21:11 189472 ----a-w c:\windows\system32\PnkBstrB.exe2009-04-17 15:10 . 2009-04-10 19:47 -------- d-----w c:\program files\Common Files\BitDefender2009-04-16 15:17 . 2009-03-25 17:15 -------- d-----w c:\program files\Belt Generator2009-04-15 15:52 . 2009-04-15 15:52 -------- d-----w c:\program files\MSXML 4.02009-04-11 18:51 . 2009-04-11 15:34 -------- d-----w c:\program files\FlashGet2009-04-10 21:38 . 2009-02-06 16:13 -------- d-----w c:\program files\RelevantKnowledge2009-04-10 19:57 . 2009-04-10 19:57 -------- d-----w c:\program files\BitDefender2009-04-10 19:27 . 2008-10-04 22:05 -------- d-----w c:\program files\SkanerOnline2009-04-10 19:26 . 2009-04-10 19:26 3794 ----a-w C:\mksbasel.cpp.log2009-04-10 19:23 . 2009-04-10 19:23 -------- d-----w c:\program files\Trend Micro2009-04-10 19:19 . 2009-04-10 19:19 -------- d-----w c:\program files\Uniblue2009-04-07 14:36 . 2009-04-07 14:36 -------- d-----w c:\program files\IrfanView2009-04-06 20:04 . 2009-04-06 20:04 -------- d-----w c:\program files\Migajek Software2009-04-05 12:29 . 2009-04-05 12:29 -------- d-----w c:\program files\Binboy2009-04-05 12:05 . 2009-04-05 12:05 -------- d-----w c:\program files\PSPad editor2009-04-01 13:31 . 2009-04-01 13:31 -------- d-----w c:\program files\Ortalion Entertainment2009-03-30 18:22 . 2008-09-29 14:51 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\gtk-2.02009-03-29 00:54 . 2008-10-08 17:47 -------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP2009-03-26 08:42 . 2009-02-13 19:43 -------- d-----w c:\program files\D-Bug2009-03-23 17:27 . 2009-03-22 16:12 139152 ----a-w c:\documents and settings\ppp\Dane aplikacji\PnkBstrK.sys2009-03-23 17:26 . 2009-03-23 16:29 794408 ----a-w c:\windows\system32\pbsvc.exe2009-03-23 17:24 . 2008-10-25 21:10 75064 ----a-w c:\windows\system32\PnkBstrA.exe2009-03-23 14:55 . 2009-03-23 14:51 -------- d-----w c:\program files\Eusing Free Registry Cleaner2009-03-23 14:51 . 2008-10-02 12:12 -------- d-----w c:\program files\EA GAMES2009-03-23 14:50 . 2009-03-23 14:50 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\InstallShield Installation Information2009-03-06 14:22 . 2004-08-04 00:44 285696 ----a-w c:\windows\system32\pdh.dll2009-02-28 15:00 . 2008-09-19 14:43 31264 ----a-w c:\documents and settings\ppp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-02-28 14:48 . 2008-09-22 16:27 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2009-02-28 14:46 . 2009-02-28 14:46 -------- d-----w c:\program files\MSECache2009-02-28 14:46 . 2008-09-22 16:28 -------- d-----w c:\program files\Microsoft Works2009-02-28 11:57 . 2009-02-28 11:57 -------- d-----w c:\program files\Windows Media Connect 22009-02-28 11:33 . 2009-02-28 11:33 128160 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-02-28 11:33 . 2009-02-28 11:33 -------- d-----w c:\program files\MSBuild2009-02-28 11:33 . 2009-02-28 11:33 -------- d-----w c:\program files\Reference Assemblies2009-02-28 10:55 . 2008-09-19 14:29 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat2009-02-28 10:49 . 2004-08-03 22:59 251152 --sha-r C:\ntldr2009-02-26 18:31 . 2009-02-26 18:26 -------- d-----w c:\program files\Bad Day LA2009-02-20 08:12 . 2006-06-23 11:16 668672 ----a-w c:\windows\system32\wininet.dll2009-02-20 08:11 . 2004-08-04 00:44 81920 ----a-w c:\windows\system32\ieencode.dll2009-02-14 08:42 . 2009-02-13 19:43 86016 ----a-w c:\windows\system32\OpenAL32.dll2009-02-14 08:42 . 2009-02-13 19:43 413696 ----a-w c:\windows\system32\wrap_oal.dll2009-02-10 17:09 . 2004-08-04 00:38 2067328 ----a-w c:\windows\system32\ntkrnlpa.exe2009-02-09 14:07 . 2006-08-10 13:58 1847040 ----a-w c:\windows\system32\win32k.sys2009-02-09 11:26 . 2006-08-10 13:50 2190336 ----a-w c:\windows\system32\ntoskrnl.exe2009-02-09 11:25 . 2004-08-04 00:44 111104 ----a-w c:\windows\system32\services.exe2009-02-09 10:53 . 2006-08-10 13:57 731136 ----a-w c:\windows\system32\lsasrv.dll2009-02-09 10:53 . 2006-08-10 13:54 401408 ----a-w c:\windows\system32\rpcss.dll2009-02-09 10:53 . 2004-08-04 00:43 686592 ----a-w c:\windows\system32\advapi32.dll2009-02-09 10:53 . 2004-08-04 00:43 722944 ----a-w c:\windows\system32\ntdll.dll2009-02-06 10:39 . 2001-10-26 19:30 35328 ----a-w c:\windows\system32\sc.exe2009-02-03 19:58 . 2004-08-04 00:44 56832 ----a-w c:\windows\system32\secur32.dll2008-10-21 13:42 . 2008-10-21 13:40 30 ----a-w c:\documents and settings\ppp\jagex_runescape_preferences.dat2008-09-22 17:31 . 2008-09-22 17:23 9232 ----a-w c:\documents and settings\ppp\mqdmmdfl.sys2008-09-22 17:31 . 2008-09-22 17:23 92064 ----a-w c:\documents and settings\ppp\mqdmmdm.sys2008-09-22 17:31 . 2008-09-22 17:23 79328 ----a-w c:\documents and settings\ppp\mqdmserd.sys2008-09-22 17:31 . 2008-09-22 17:23 66656 ----a-w c:\documents and settings\ppp\mqdmbus.sys2008-09-22 17:31 . 2008-09-22 17:23 6208 ----a-w c:\documents and settings\ppp\mqdmcmnt.sys2008-09-22 17:31 . 2008-09-22 17:23 5936 ----a-w c:\documents and settings\ppp\mqdmwhnt.sys2008-09-22 17:31 . 2008-09-22 17:23 4048 ----a-w c:\documents and settings\ppp\mqdmcr.sys2008-09-22 17:31 . 2008-09-22 17:23 25600 ----a-w c:\documents and settings\ppp\usbsermptxp.sys2008-09-22 17:31 . 2008-09-22 17:23 22768 ----a-w c:\documents and settings\ppp\usbsermpt.sys2009-03-05 16:2009-04-10 20:00 08:04 . c:\program files\mozilla firefox\components\FFComm.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-09-29 1279216]"EdHTML"="c:\program files\Binboy\EdHTMLv5.0\EdHTML.exe" [2003-03-24 1443328][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AvMenu"="c:\program files\ArcaBit\ArcaVir\AVMenu.exe" [2008-01-29 481800]"ABRegmon"="c:\program files\ArcaBit\ArcaVir\ABregmon.exe" [2007-07-12 303104]"ArcaCheck"="c:\program files\ArcaBit\ArcaVir\ArcaCheck.exe" [2007-07-27 836912]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-26 77824][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TS_LogonListener]2007-01-12 14:41 101376 ----a-w c:\windows\system32\TS_LogonListener.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\[u]0[/u]pdboot.exe\[u]0[/u]autocheck autochk *[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk]backup=c:\windows\pss\Kalendarz XP.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="e:\\Instalki\\Steam\\steamapps\\albadar\\zombie panic! source\\hl2.exe"="e:\\Instalki\\Steam\\steamapps\\albadar\\diprip warm up\\hl2.exe"="e:\\Instalki\\Steam\\steamapps\\albadar\\team fortress 2\\hl2.exe"="c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="e:\\Instalki\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="e:\\Instalki\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="e:\\Instalki\\Counter-Strike 1.6\\hl.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="e:\\Nowe Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;c:\program files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2007-01-11 237568]R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]R3 PD91Engine;PD91Engine;e:\perfectdisk2008\PD91Engine.exe [2008-01-16 894216]R3 PsSdk31;PsSdk31;c:\windows\system32\Drivers\pssdk31.drv [2009-04-21 30272]R3 PsSdkLBF;PsSdkLBF;c:\windows\system32\Drivers\pssdklbf.drv [2009-04-21 37440]S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-11-06 39472]S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]S0 ulsata2;ulsata2; [x]S1 ABTDI;ABTDI;c:\program files\ArcaBit\ArcaVir\ABTDI.sys [2007-05-08 44032]S2 ABFileMon;ArcaBit FileMonitor;c:\program files\ArcaBit\ArcaVir\FileMonSV.exe [2008-12-16 158216]S2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;c:\program files\ArcaBit\Common\TaskScheduler.exe [2007-01-12 270336]S2 AVUpdate;ArcaBit Update Service;c:\program files\ArcaBit\ArcaUpdate\update.exe [2007-02-26 167936]S2 CrypticDisk;CrypticDisk;c:\windows\system32\Drivers\CrypticDisk.sys [2006-11-25 66688]S2 PD91Agent;PD91Agent;e:\perfectdisk2008\PD91Agent.exe [2008-01-16 664840]S3 ABFLT;ArcaBit File Monitor Driver;c:\progra~1\ArcaBit\ArcaVir\ABFLT.sys [2007-09-12 30208]S3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;c:\program files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2007-01-11 200704][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx REG_MULTI_SZ scan[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{264b7505-2c1f-11de-8747-000e50c76529}]\Shell\AutoRun\command - F:\m9ma.exe\Shell\explore\Command - F:\m9ma.exe\Shell\open\Command - F:\m9ma.exe.Zawartość folderu 'Zaplanowane zadania'2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]..------- Skan uzupełniający -------.uStart Page = hxxp://www.neostrada.pluInternet Connection Wizard,ShellNext = iexploreIE: Download All by FlashGetIE: Download using FlashGetIE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000IE: { - c:\program files\Messenger\msmsgs.exeDPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocxDPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\documents and settings\ppp\Dane aplikacji\Mozilla\Firefox\Profiles\y5p4m22p.default\FF - prefs.js: browser.search.selectedEngine - DAEMON SearchFF - component: c:\program files\Mozilla Firefox\components\FFComm.dllFF - plugin: e:\instalki\Real Alternative\browser\plugins\nppl3260.dllFF - plugin: e:\instalki\Real Alternative\browser\plugins\nprpjplug.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-04-27 14:38Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdk31]"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdkLBF]"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv".--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-117609710-2147232141-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F08F3C1-337E-6007-0702-26711210B35A}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"mabiklepghibcbopllojmmljnm"=hex:64,61,63,6e,68,61,63,6c,00,00"labiklepegicikkkohigboep"=hex:64,61,63,6e,69,61,6b,6c,00,00"nabiklepkfebkbmfejkbbdoikgfp"=hex:64,61,63,6e,68,61,70,6b,00,00"iaihemjcoijdcjofaf"=hex:62,61,6b,6d,00,00"laihglcmoffegoflblpbmchb"=hex:62,61,6a,6d,00,00"oahdlepagadjbabjemahmgbjejhghk"=hex:62,61,6b,6d,00,00"oahdlepagadjbabjemahmfjlgdecgl"=hex:62,61,6a,6d,00,00"bbhdlepagadjbabjemahoeejecliebekmgjg"=hex:62,61,6a,6d,00,00"paihalhdoplpngeoiodoihncbjfpbida"=hex:62,61,6b,6d,00,00"oaihalhdoplpngnmechjeombldaibf"=hex:62,61,6a,6d,00,00"dbihalhdoplpngdnfkhhhgfmgjafcdoijpdapdda"=hex:62,61,6a,6d,00,00"jaihemjakpjhnlgjfndh"=hex:62,61,6a,6d,00,00"kaihemjaaahidbcaagngbp"=hex:62,61,6a,6d,00,00"maihemjaopnialaobhgamhjeik"=hex:62,61,6a,6d,00,00"oaihemjafbmbliaoojnldpcheeoebi"=hex:62,61,6b,6d,00,00"haihemjacbdcbipa"=hex:62,61,6b,6d,00,00"nabidohaaialocdigeigkmcoidjn"=hex:63,61,6d,6d,63,61,00,00"kbhdbdbelbjgmhofbkjcmoadjmlmkbmbikjnlmmbhacpaodkmobckd"=hex:62,61,6b,6d,00,61"iagkaipapppjbbeceo"=hex:68,61,6e,6a,6b,69,6d,65,6b,62,6c,67,6c,6e,6a,65,00,b9"haikkdjajafbampj"=hex:6f,61,70,6b,66,67,6c,6e,65,66,65,65,6e,62,63,69,6e,6f, 6c,6f,64,69,68,6f,68,70,66,62,64,63,00,00"jahdhdleplaccigcdfgk"=hex:64,62,6e,6a,6a,67,68,69,70,6e,67,6e,69,6a,62,62,6d, 63,63,68,68,68,6c,68,6d,6c,6d,62,62,6b,68,62,6f,70,62,61,6b,64,68,65,00,05"jafknhiopnogagfglgmf"=hex:62,61,6b,6d,00,00"bacj"=hex:67,61,66,6d,6f,6f,65,6e,6d,68,67,6f,67,6e,00,00"babj"=hex:67,61,66,6d,6f,6f,65,6e,6d,68,67,6f,67,6e,00,00"cahiij"=hex:64,61,6a,6d,70,62,64,69,00,68"cahijj"=hex:63,61,68,6e,63,6f,00,69"iahjdfmbhhmldnibco"=hex:65,61,6a,6d,6a,70,68,61,67,6a,00,6f"iahjdfmbhhmldnibbo"=hex:64,61,6c,6d,6f,70,66,63,00,6a"gbihemjcoijdbjepicnbcalpahkihfcffidlgkjbcjodcd"=hex:62,61,6a,6d,00,a6"kbjjnkndnldcmcmdkibjofokflhkldmmcboadldpdlbakeefdgnlld"=hex:6e,61,6a,68,6f,6e, 63,61,65,6c,69,6f,6e,6b,6e,68,6e,6d,64,6d,66,69,6c,64,6f,65,65,6b,00,00[HKEY_USERS\S-1-5-21-117609710-2147232141-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:f4,ed,57,b2,e3,c6,b3,bf,21,41,26,7f,85,68,8a,86,ea,8d,76,54,26,7f,c4, 4a,fb,23,ef,d9,c4,3b,68,43,12,fa,22,14,7f,70,c8,45,5a,15,e7,a8,fe,fe,4a,8f,\"??"=hex:44,1e,df,1e,8f,9f,74,57,37,eb,04,8a,39,5b,97,6d[HKEY_USERS\S-1-5-21-117609710-2147232141-839522115-1003\Software\SecuROM\License information*]"datasecu"=hex:57,76,a2,36,11,c2,c6,ae,9a,eb,db,65,47,60,bf,08,92,41,82,ca,e8, 09,1a,72,e4,0c,d7,3b,bc,56,7d,e4,3d,6e,4b,96,51,ea,e4,81,6c,d1,0a,9a,e2,e3,\"rkeysecu"=hex:37,45,8b,59,3e,15,ab,88,3f,a0,a0,2b,16,24,3c,18.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(684)c:\windows\system32\TS_LogonListener.dll- - - - - - - > 'explorer.exe'(1416)c:\windows\system32\nview.dllc:\windows\system32\NVWRSPL.DLLc:\windows\system32\msi.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\program files\WinRAR\rarext.dllc:\program files\BitDefender\BitDefender 2009\bdshelxt.dllc:\windows\system32\txmlutil.dllc:\program files\BitDefender\BitDefender 2009\txmlx.dllc:\program files\BitDefender\BitDefender 2009\ENU\bdshelxt.uic:\progra~1\PSPADE~1\PSPADS~1.DLLc:\progra~1\Creative\SHARED~1\CtCmeCtx.dllc:\program files\ArcaBit\arcavir\avshell.dll.Czas ukończenia: 2009-04-27 14:39ComboFix-quarantined-files.txt 2009-04-27 12:39ComboFix2.txt 2009-04-21 18:54Przed: 25 974 587 392 bajtów wolnychPo: 25 982 353 408 bajtów wolnychCurrent=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4335 --- E O F --- 2009-04-26 12:24 Ponawiam prośbe o sprawdzenie loga z tematu-> http://www.forumpc.pl/index.php?showtopic=...15335Skanowanie nic nie dało-> auto restart->błąd botowania-> restart-> i dopiero botujeNie wiem czy to totalne olewactwo czy może nikt teraz nie ma czasu czy ja coś źle robie...sprawdziłby to ktoś //Nie piszemy z włączonym capslockiem! //Usuwam caps, następnym razem będzie warn! //Michał Paluch
Gość komentarz 27 kwietnia 2009 komentarz 27 kwietnia 2009 Proszę zainstalaować i przeskanować tym --> MBAM, (pełne skanowanie, po znalezieniu proszę zaznaczyć "Usuń zaznaczone".) .
beedu komentarz 27 kwietnia 2009 Autor komentarz 27 kwietnia 2009 Malwarebytes' Anti-Malware 1.36Wersja bazy definicji: 2047Windows 5.1.2600 Dodatek Service Pack 32009-04-27 15:51:52mbam-log-2009-04-27 (15-51-48).txtTyp skanowania: Pełne skanowanie (C:\|E:\|G:\|)Przeskanowane obiekty: 201860Upłynęło: 33 minute(s), 49 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 0Zainfekowane wartości rejestru: 0Zainfekowane pliki rejestru: 2Zainfekowane foldery: 1Zainfekowane pliki: 3Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:(Nie wykryto groźnych plików)Zainfekowane wartości rejestru:(Nie wykryto groźnych plików)Zainfekowane pliki rejestru:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.Zainfekowane foldery:C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> No action taken.Zainfekowane pliki:C:\Program Files\RelevantKnowledge\rlservice.exe (Adware.RelevantKnowledge) -> No action taken.C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.Marketscore) -> No action taken.C:\WINDOWS\system32\syssetub.dll (Trojan.Agent) -> No action taken. Log z m'ki
beedu komentarz 27 kwietnia 2009 Autor komentarz 27 kwietnia 2009 (edytowane) Bo usunąłem tylko dałem loga sprzed usuwania...umiem czytać
beedu komentarz 27 kwietnia 2009 Autor komentarz 27 kwietnia 2009 ComboFix 09-04-21.A8 - ppp 2009-04-27 18:27.6 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.546 [GMT 2:00]Uruchomiony z: c:\documents and settings\ppp\Pulpit\ComboFix.exeAV: ArcaVir *On-access scanning disabled* (Updated)AV: BitDefender Antivirus *On-access scanning disabled* (Updated)FW: ArcaFirewall 2007 *disabled*.((((((((((((((((((((((((( Pliki utworzone od 2009-03-27 do 2009-04-27 ))))))))))))))))))))))))))))))).2009-04-27 13:11 . 2009-04-27 13:11 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\Malwarebytes2009-04-27 13:11 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys2009-04-27 13:11 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys2009-04-27 13:11 . 2009-04-27 13:11 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-04-26 20:09 . 2009-04-26 20:09 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\LEGO Company2009-04-21 14:47 . 2009-04-21 14:51 2 ----a-w c:\windows\Twain001.Mtx2009-04-21 14:47 . 2009-04-21 14:51 156 ----a-w c:\windows\Twunk001.MTX2009-04-21 14:47 . 2009-04-21 14:47 0 ----a-w c:\windows\Twunk002.MTX2009-04-18 15:23 . 2009-04-18 15:23 -------- d-----w c:\windows\Sun2009-04-18 15:22 . 2009-04-18 15:22 73728 ----a-w c:\windows\system32\javacpl.cpl2009-04-18 15:22 . 2009-04-18 15:22 410984 ----a-w c:\windows\system32\deploytk.dll2009-04-18 13:56 . 2009-04-18 13:56 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\OpenFM2009-04-18 13:45 . 2009-04-18 13:56 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\Nowe Gadu-Gadu2009-04-17 15:09 . 2008-10-09 14:31 192512 ----a-w c:\windows\system32\txmlutil.dll2009-04-16 17:42 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe2009-04-16 17:42 . 2009-03-06 14:22 285696 -c----w c:\windows\system32\dllcache\pdh.dll2009-04-16 17:42 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe2009-04-16 17:42 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll2009-04-16 17:42 . 2009-02-09 10:53 686592 -c----w c:\windows\system32\dllcache\advapi32.dll2009-04-16 17:42 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll2009-04-16 17:42 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe2009-04-16 17:42 . 2009-02-09 10:53 731136 -c----w c:\windows\system32\dllcache\lsasrv.dll2009-04-16 17:42 . 2009-02-09 10:53 722944 -c----w c:\windows\system32\dllcache\ntdll.dll2009-04-16 17:42 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll2009-04-16 17:38 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb2009-04-16 17:38 . 2008-04-21 21:16 218112 -c----w c:\windows\system32\dllcache\wordpad.exe2009-04-16 12:27 . 2009-04-16 12:27 4403 ----a-w c:\windows\system32\BDUpdateV1.xml2009-04-12 14:57 . 2009-04-12 14:57 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\Bitdefender2009-04-12 14:47 . 2008-06-14 17:36 273024 -c----w c:\windows\system32\dllcache\bthport.sys2009-04-12 14:47 . 2009-02-20 08:12 668672 -c----w c:\windows\system32\dllcache\wininet.dll2009-04-12 14:47 . 2009-03-02 23:11 1499136 -c----w c:\windows\system32\dllcache\shdocvw.dll2009-04-12 14:47 . 2009-02-20 08:12 619520 -c----w c:\windows\system32\dllcache\urlmon.dll2009-04-12 14:43 . 2009-02-10 17:09 2067328 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe2009-04-12 14:43 . 2009-02-09 11:26 2025472 -c----w c:\windows\system32\dllcache\ntkrpamp.exe2009-04-12 14:43 . 2009-02-09 11:26 2146816 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe2009-04-12 14:42 . 2009-02-09 11:26 2190336 -c----w c:\windows\system32\dllcache\ntoskrnl.exe2009-04-12 14:42 . 2009-02-20 08:12 3089408 -c----w c:\windows\system32\dllcache\mshtml.dll2009-04-12 14:41 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys2009-04-12 14:41 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys2009-04-12 14:40 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys2009-04-12 14:40 . 2008-05-01 14:37 331776 -c----w c:\windows\system32\dllcache\msadce.dll2009-04-12 14:40 . 2008-04-11 19:06 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll2009-04-12 14:36 . 2008-10-03 10:04 247326 -c----w c:\windows\system32\dllcache\strmdll.dll2009-04-12 14:36 . 2008-10-15 16:36 337408 -c----w c:\windows\system32\dllcache\netapi32.dll2009-04-12 14:35 . 2008-09-04 17:17 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll2009-04-10 23:51 . 2009-04-12 14:54 121 ----a-w c:\windows\bdagent.INI2009-04-10 20:12 . 2009-04-10 20:12 850 ----a-w c:\windows\system32\ProductTweaks.xml2009-04-10 20:12 . 2009-04-10 20:12 385 ----a-w c:\windows\system32\user_gensett.xml2009-04-10 20:10 . 2009-04-12 14:54 81984 ----a-w c:\windows\system32\bdod.bin2009-04-10 19:57 . 2009-04-10 19:57 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\BitDefender2009-04-06 19:56 . 2009-04-06 19:56 28 ----a-w C:\.prj2009-04-05 12:31 . 1999-12-17 08:13 86016 ----a-w c:\windows\unvise32.exe2009-04-05 12:05 . 2009-04-05 12:18 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\PSpad2009-04-05 11:41 . 2009-04-05 11:41 19 ----a-w c:\windows\cie12.ini.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-04-27 16:27 . 2008-09-22 16:03 -------- d-----w c:\program files\Neostrada TP2009-04-27 15:35 . 2001-10-26 18:15 83988 ----a-w c:\windows\system32\perfc015.dat2009-04-27 15:35 . 2001-10-26 18:15 490808 ----a-w c:\windows\system32\perfh015.dat2009-04-27 13:11 . 2009-04-27 13:11 -------- d-----w c:\program files\Malwarebytes' Anti-Malware2009-04-27 10:50 . 2008-09-19 14:56 -------- d--h--w c:\program files\InstallShield Installation Information2009-04-24 09:57 . 2008-11-30 13:54 43520 ----a-w c:\windows\system32\CmdLineExt03.dll2009-04-21 14:50 . 2008-10-29 16:03 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\Image Zone Express2009-04-21 13:55 . 2009-02-09 15:00 59979 ----a-w C:\MP4debug.log2009-04-21 13:29 . 2009-02-22 18:39 37440 ----a-w c:\windows\system32\drivers\pssdklbf.drv2009-04-21 13:29 . 2009-02-22 18:39 30272 ----a-w c:\windows\system32\drivers\pssdk31.drv2009-04-20 19:56 . 2008-11-29 12:23 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\Skype2009-04-20 19:50 . 2008-11-29 12:28 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\skypePM2009-04-18 15:22 . 2008-09-22 16:03 -------- d-----w c:\program files\Java2009-04-17 15:15 . 2009-03-23 17:24 138168 ----a-w c:\windows\system32\drivers\PnkBstrK.sys2009-04-17 15:14 . 2008-10-25 21:11 189472 ----a-w c:\windows\system32\PnkBstrB.exe2009-04-17 15:10 . 2009-04-10 19:47 -------- d-----w c:\program files\Common Files\BitDefender2009-04-16 15:17 . 2009-03-25 17:15 -------- d-----w c:\program files\Belt Generator2009-04-15 15:52 . 2009-04-15 15:52 -------- d-----w c:\program files\MSXML 4.02009-04-11 18:51 . 2009-04-11 15:34 -------- d-----w c:\program files\FlashGet2009-04-10 19:57 . 2009-04-10 19:57 -------- d-----w c:\program files\BitDefender2009-04-10 19:27 . 2008-10-04 22:05 -------- d-----w c:\program files\SkanerOnline2009-04-10 19:26 . 2009-04-10 19:26 3794 ----a-w C:\mksbasel.cpp.log2009-04-10 19:23 . 2009-04-10 19:23 -------- d-----w c:\program files\Trend Micro2009-04-10 19:19 . 2009-04-10 19:19 -------- d-----w c:\program files\Uniblue2009-04-07 14:36 . 2009-04-07 14:36 -------- d-----w c:\program files\IrfanView2009-04-06 20:04 . 2009-04-06 20:04 -------- d-----w c:\program files\Migajek Software2009-04-05 12:29 . 2009-04-05 12:29 -------- d-----w c:\program files\Binboy2009-04-05 12:05 . 2009-04-05 12:05 -------- d-----w c:\program files\PSPad editor2009-04-01 13:31 . 2009-04-01 13:31 -------- d-----w c:\program files\Ortalion Entertainment2009-03-30 18:22 . 2008-09-29 14:51 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\gtk-2.02009-03-29 00:54 . 2008-10-08 17:47 -------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP2009-03-26 08:42 . 2009-02-13 19:43 -------- d-----w c:\program files\D-Bug2009-03-23 17:27 . 2009-03-22 16:12 139152 ----a-w c:\documents and settings\ppp\Dane aplikacji\PnkBstrK.sys2009-03-23 17:26 . 2009-03-23 16:29 794408 ----a-w c:\windows\system32\pbsvc.exe2009-03-23 17:24 . 2008-10-25 21:10 75064 ----a-w c:\windows\system32\PnkBstrA.exe2009-03-23 14:55 . 2009-03-23 14:51 -------- d-----w c:\program files\Eusing Free Registry Cleaner2009-03-23 14:51 . 2008-10-02 12:12 -------- d-----w c:\program files\EA GAMES2009-03-23 14:50 . 2009-03-23 14:50 -------- d-----w c:\documents and settings\ppp\Dane aplikacji\InstallShield Installation Information2009-03-06 14:22 . 2004-08-04 00:44 285696 ----a-w c:\windows\system32\pdh.dll2009-02-28 15:00 . 2008-09-19 14:43 31264 ----a-w c:\documents and settings\ppp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-02-28 14:48 . 2008-09-22 16:27 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2009-02-28 14:46 . 2009-02-28 14:46 -------- d-----w c:\program files\MSECache2009-02-28 14:46 . 2008-09-22 16:28 -------- d-----w c:\program files\Microsoft Works2009-02-28 11:57 . 2009-02-28 11:57 -------- d-----w c:\program files\Windows Media Connect 22009-02-28 11:33 . 2009-02-28 11:33 128160 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-02-28 11:33 . 2009-02-28 11:33 -------- d-----w c:\program files\MSBuild2009-02-28 11:33 . 2009-02-28 11:33 -------- d-----w c:\program files\Reference Assemblies2009-02-28 10:55 . 2008-09-19 14:29 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat2009-02-28 10:49 . 2004-08-03 22:59 251152 --sha-r C:\ntldr2009-02-26 18:31 . 2009-02-26 18:26 -------- d-----w c:\program files\Bad Day LA2009-02-20 08:12 . 2006-06-23 11:16 668672 ----a-w c:\windows\system32\wininet.dll2009-02-20 08:11 . 2004-08-04 00:44 81920 ----a-w c:\windows\system32\ieencode.dll2009-02-14 08:42 . 2009-02-13 19:43 86016 ----a-w c:\windows\system32\OpenAL32.dll2009-02-14 08:42 . 2009-02-13 19:43 413696 ----a-w c:\windows\system32\wrap_oal.dll2009-02-10 17:09 . 2004-08-04 00:38 2067328 ----a-w c:\windows\system32\ntkrnlpa.exe2009-02-09 14:07 . 2006-08-10 13:58 1847040 ----a-w c:\windows\system32\win32k.sys2009-02-09 11:26 . 2006-08-10 13:50 2190336 ----a-w c:\windows\system32\ntoskrnl.exe2009-02-09 11:25 . 2004-08-04 00:44 111104 ----a-w c:\windows\system32\services.exe2009-02-09 10:53 . 2006-08-10 13:57 731136 ----a-w c:\windows\system32\lsasrv.dll2009-02-09 10:53 . 2006-08-10 13:54 401408 ----a-w c:\windows\system32\rpcss.dll2009-02-09 10:53 . 2004-08-04 00:43 686592 ----a-w c:\windows\system32\advapi32.dll2009-02-09 10:53 . 2004-08-04 00:43 722944 ----a-w c:\windows\system32\ntdll.dll2009-02-06 10:39 . 2001-10-26 19:30 35328 ----a-w c:\windows\system32\sc.exe2009-02-03 19:58 . 2004-08-04 00:44 56832 ----a-w c:\windows\system32\secur32.dll2008-10-21 13:42 . 2008-10-21 13:40 30 ----a-w c:\documents and settings\ppp\jagex_runescape_preferences.dat2008-09-22 17:31 . 2008-09-22 17:23 9232 ----a-w c:\documents and settings\ppp\mqdmmdfl.sys2008-09-22 17:31 . 2008-09-22 17:23 92064 ----a-w c:\documents and settings\ppp\mqdmmdm.sys2008-09-22 17:31 . 2008-09-22 17:23 79328 ----a-w c:\documents and settings\ppp\mqdmserd.sys2008-09-22 17:31 . 2008-09-22 17:23 66656 ----a-w c:\documents and settings\ppp\mqdmbus.sys2008-09-22 17:31 . 2008-09-22 17:23 6208 ----a-w c:\documents and settings\ppp\mqdmcmnt.sys2008-09-22 17:31 . 2008-09-22 17:23 5936 ----a-w c:\documents and settings\ppp\mqdmwhnt.sys2008-09-22 17:31 . 2008-09-22 17:23 4048 ----a-w c:\documents and settings\ppp\mqdmcr.sys2008-09-22 17:31 . 2008-09-22 17:23 25600 ----a-w c:\documents and settings\ppp\usbsermptxp.sys2008-09-22 17:31 . 2008-09-22 17:23 22768 ----a-w c:\documents and settings\ppp\usbsermpt.sys2009-03-05 16:2009-04-10 20:00 08:04 . c:\program files\mozilla firefox\components\FFComm.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-09-29 1279216]"EdHTML"="c:\program files\Binboy\EdHTMLv5.0\EdHTML.exe" [2003-03-24 1443328][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AvMenu"="c:\program files\ArcaBit\ArcaVir\AVMenu.exe" [2008-01-29 481800]"ABRegmon"="c:\program files\ArcaBit\ArcaVir\ABregmon.exe" [2007-07-12 303104]"ArcaCheck"="c:\program files\ArcaBit\ArcaVir\ArcaCheck.exe" [2007-07-27 836912]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-26 77824][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TS_LogonListener]2007-01-12 14:41 101376 ----a-w c:\windows\system32\TS_LogonListener.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk /r \??\c:\[u]0[/u]pdboot.exe\[u]0[/u]autocheck autochk *[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk]backup=c:\windows\pss\Kalendarz XP.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="e:\\Instalki\\Steam\\steamapps\\albadar\\zombie panic! source\\hl2.exe"="e:\\Instalki\\Steam\\steamapps\\albadar\\diprip warm up\\hl2.exe"="e:\\Instalki\\Steam\\steamapps\\albadar\\team fortress 2\\hl2.exe"="c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="e:\\Instalki\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="e:\\Instalki\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="e:\\Instalki\\Counter-Strike 1.6\\hl.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="e:\\Nowe Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;c:\program files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2007-01-11 237568]R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]R3 PD91Engine;PD91Engine;e:\perfectdisk2008\PD91Engine.exe [2008-01-16 894216]R3 PsSdk31;PsSdk31;c:\windows\system32\Drivers\pssdk31.drv [2009-04-21 30272]R3 PsSdkLBF;PsSdkLBF;c:\windows\system32\Drivers\pssdklbf.drv [2009-04-21 37440]S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-11-06 39472]S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]S0 ulsata2;ulsata2; [x]S1 ABTDI;ABTDI;c:\program files\ArcaBit\ArcaVir\ABTDI.sys [2007-05-08 44032]S2 ABFileMon;ArcaBit FileMonitor;c:\program files\ArcaBit\ArcaVir\FileMonSV.exe [2008-12-16 158216]S2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;c:\program files\ArcaBit\Common\TaskScheduler.exe [2007-01-12 270336]S2 AVUpdate;ArcaBit Update Service;c:\program files\ArcaBit\ArcaUpdate\update.exe [2007-02-26 167936]S2 CrypticDisk;CrypticDisk;c:\windows\system32\Drivers\CrypticDisk.sys [2006-11-25 66688]S2 PD91Agent;PD91Agent;e:\perfectdisk2008\PD91Agent.exe [2008-01-16 664840]S3 ABFLT;ArcaBit File Monitor Driver;c:\progra~1\ArcaBit\ArcaVir\ABFLT.sys [2007-09-12 30208]S3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;c:\program files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2007-01-11 200704][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx REG_MULTI_SZ scan[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{264b7505-2c1f-11de-8747-000e50c76529}]\Shell\AutoRun\command - F:\m9ma.exe\Shell\explore\Command - F:\m9ma.exe\Shell\open\Command - F:\m9ma.exe.Zawartość folderu 'Zaplanowane zadania'2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]..------- Skan uzupełniający -------.uStart Page = hxxp://www.neostrada.pluInternet Connection Wizard,ShellNext = iexploreIE: Download All by FlashGetIE: Download using FlashGetIE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000IE: { - c:\program files\Messenger\msmsgs.exeDPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocxDPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\documents and settings\ppp\Dane aplikacji\Mozilla\Firefox\Profiles\y5p4m22p.default\FF - prefs.js: browser.search.selectedEngine - DAEMON SearchFF - component: c:\program files\Mozilla Firefox\components\FFComm.dllFF - plugin: e:\instalki\Real Alternative\browser\plugins\nppl3260.dllFF - plugin: e:\instalki\Real Alternative\browser\plugins\nprpjplug.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-04-27 18:28Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdk31]"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdkLBF]"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv".--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-117609710-2147232141-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F08F3C1-337E-6007-0702-26711210B35A}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"mabiklepghibcbopllojmmljnm"=hex:64,61,63,6e,68,61,63,6c,00,00"labiklepegicikkkohigboep"=hex:64,61,63,6e,69,61,6b,6c,00,00"nabiklepkfebkbmfejkbbdoikgfp"=hex:64,61,63,6e,68,61,70,6b,00,00"iaihemjcoijdcjofaf"=hex:62,61,6b,6d,00,00"laihglcmoffegoflblpbmchb"=hex:62,61,6a,6d,00,00"oahdlepagadjbabjemahmgbjejhghk"=hex:62,61,6b,6d,00,00"oahdlepagadjbabjemahmfjlgdecgl"=hex:62,61,6a,6d,00,00"bbhdlepagadjbabjemahoeejecliebekmgjg"=hex:62,61,6a,6d,00,00"paihalhdoplpngeoiodoihncbjfpbida"=hex:62,61,6b,6d,00,00"oaihalhdoplpngnmechjeombldaibf"=hex:62,61,6a,6d,00,00"dbihalhdoplpngdnfkhhhgfmgjafcdoijpdapdda"=hex:62,61,6a,6d,00,00"jaihemjakpjhnlgjfndh"=hex:62,61,6a,6d,00,00"kaihemjaaahidbcaagngbp"=hex:62,61,6a,6d,00,00"maihemjaopnialaobhgamhjeik"=hex:62,61,6a,6d,00,00"oaihemjafbmbliaoojnldpcheeoebi"=hex:62,61,6b,6d,00,00"haihemjacbdcbipa"=hex:62,61,6b,6d,00,00"nabidohaaialocdigeigkmcoidjn"=hex:63,61,6d,6d,63,61,00,00"kbhdbdbelbjgmhofbkjcmoadjmlmkbmbikjnlmmbhacpaodkmobckd"=hex:62,61,6b,6d,00,61"iagkaipapppjbbeceo"=hex:68,61,6e,6a,6b,69,6d,65,6b,62,6c,67,6c,6e,6a,65,00,b9"haikkdjajafbampj"=hex:6f,61,70,6b,66,67,6c,6e,65,66,65,65,6e,62,63,69,6e,6f, 6c,6f,64,69,68,6f,68,70,66,62,64,63,00,00"jahdhdleplaccigcdfgk"=hex:64,62,6e,6a,6a,67,68,69,70,6e,67,6e,69,6a,62,62,6d, 63,63,68,68,68,6c,68,6d,6c,6d,62,62,6b,68,62,6f,70,62,61,6b,64,68,65,00,05"jafknhiopnogagfglgmf"=hex:62,61,6b,6d,00,00"bacj"=hex:67,61,66,6d,6f,6f,65,6e,6d,68,67,6f,67,6e,00,00"babj"=hex:67,61,66,6d,6f,6f,65,6e,6d,68,67,6f,67,6e,00,00"cahiij"=hex:64,61,6a,6d,70,62,64,69,00,68"cahijj"=hex:63,61,68,6e,63,6f,00,69"iahjdfmbhhmldnibco"=hex:65,61,6a,6d,6a,70,68,61,67,6a,00,6f"iahjdfmbhhmldnibbo"=hex:64,61,6c,6d,6f,70,66,63,00,6a"gbihemjcoijdbjepicnbcalpahkihfcffidlgkjbcjodcd"=hex:62,61,6a,6d,00,a6"kbjjnkndnldcmcmdkibjofokflhkldmmcboadldpdlbakeefdgnlld"=hex:6e,61,6a,68,6f,6e, 63,61,65,6c,69,6f,6e,6b,6e,68,6e,6d,64,6d,66,69,6c,64,6f,65,65,6b,00,00[HKEY_USERS\S-1-5-21-117609710-2147232141-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:f4,ed,57,b2,e3,c6,b3,bf,21,41,26,7f,85,68,8a,86,ea,8d,76,54,26,7f,c4, 4a,fb,23,ef,d9,c4,3b,68,43,12,fa,22,14,7f,70,c8,45,5a,15,e7,a8,fe,fe,4a,8f,\"??"=hex:44,1e,df,1e,8f,9f,74,57,37,eb,04,8a,39,5b,97,6d[HKEY_USERS\S-1-5-21-117609710-2147232141-839522115-1003\Software\SecuROM\License information*]"datasecu"=hex:57,76,a2,36,11,c2,c6,ae,9a,eb,db,65,47,60,bf,08,92,41,82,ca,e8, 09,1a,72,e4,0c,d7,3b,bc,56,7d,e4,3d,6e,4b,96,51,ea,e4,81,6c,d1,0a,9a,e2,e3,\"rkeysecu"=hex:37,45,8b,59,3e,15,ab,88,3f,a0,a0,2b,16,24,3c,18.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(696)c:\windows\system32\TS_LogonListener.dll- - - - - - - > 'explorer.exe'(1868)c:\windows\system32\nview.dllc:\windows\system32\NVWRSPL.DLLc:\windows\system32\msi.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Czas ukończenia: 2009-04-27 18:29ComboFix-quarantined-files.txt 2009-04-27 16:29ComboFix2.txt 2009-04-27 14:32Przed: 26 494 205 952 bajtów wolnychPo: 26 478 514 176 bajtów wolnychCurrent=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4330 --- E O F --- 2009-04-26 12:24
Gość komentarz 28 kwietnia 2009 komentarz 28 kwietnia 2009 Wg mnie - w porządku. Do Notantika wklej: Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{264b7505-2c1f-11de-8747-000e50c76529}][-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdk31][-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdkLBF] Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG>>> plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru). Zrestartuj komputer. Start>>>Uruchom>>>cmd>>>Wklep to: SC DELETE ulsata2 ENTER. Przeskanuj tym: Dr.WEB CureIt!. .
beedu komentarz 2 maja 2009 Autor komentarz 2 maja 2009 Skanowałem ostatnio curem, zaznaczam wszystkie infekcje->usuń->auto reset tak ma być?
beedu komentarz 2 maja 2009 Autor komentarz 2 maja 2009 (edytowane) W takim razie zrobie scana combofixem,mbam i curem potem wrzuce logi. EDIT: To jednak nie jest normalne, zaznaczam wszystkie do usunięcia->pojawia się okienko tak,nie i coś tam jeszcze na jakąś sekunde->restart,nawet nie da się nic zaznaczyć(podobnie było z kasprem online,pisałem już o tym). Daje loga po skanowaniu: Log po skanowaniu
beedu komentarz 2 maja 2009 Autor komentarz 2 maja 2009 (edytowane) Temat do zamknięcia razem z tym podanym w linku wyżej. Dzieki za pomoc
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.