x-kom hosting

Log z Combofix re

beedu
utworzono
utworzono (edytowane)
ComboFix 09-04-21.A8 - ppp 2009-04-27 14:36.4 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1023.515 [GMT 2:00]Uruchomiony z: c:\documents and settings\ppp\Pulpit\ComboFix.exeAV: ArcaVir *On-access scanning disabled* (Updated)AV: BitDefender Antivirus *On-access scanning disabled* (Updated)FW: ArcaFirewall 2007 *disabled*.(((((((((((((((((((((((((   Pliki utworzone od 2009-03-27 do 2009-04-27  ))))))))))))))))))))))))))))))).2009-04-26 20:09 . 2009-04-26 20:09    --------    d-----w    c:\documents and settings\ppp\Dane aplikacji\LEGO Company2009-04-21 14:47 . 2009-04-21 14:51    2    ----a-w    c:\windows\Twain001.Mtx2009-04-21 14:47 . 2009-04-21 14:51    156    ----a-w    c:\windows\Twunk001.MTX2009-04-21 14:47 . 2009-04-21 14:47    0    ----a-w    c:\windows\Twunk002.MTX2009-04-18 15:23 . 2009-04-18 15:23    --------    d-----w    c:\windows\Sun2009-04-18 15:22 . 2009-04-18 15:22    73728    ----a-w    c:\windows\system32\javacpl.cpl2009-04-18 15:22 . 2009-04-18 15:22    410984    ----a-w    c:\windows\system32\deploytk.dll2009-04-18 13:56 . 2009-04-18 13:56    --------    d-----w    c:\documents and settings\ppp\Dane aplikacji\OpenFM2009-04-18 13:45 . 2009-04-18 13:56    --------    d-----w    c:\documents and settings\ppp\Dane aplikacji\Nowe Gadu-Gadu2009-04-17 15:09 . 2008-10-09 14:31    192512    ----a-w    c:\windows\system32\txmlutil.dll2009-04-16 17:42 . 2009-02-06 10:10    227840    -c----w    c:\windows\system32\dllcache\wmiprvse.exe2009-04-16 17:42 . 2009-03-06 14:22    285696    -c----w    c:\windows\system32\dllcache\pdh.dll2009-04-16 17:42 . 2009-02-09 11:25    111104    -c----w    c:\windows\system32\dllcache\services.exe2009-04-16 17:42 . 2009-02-09 10:53    401408    -c----w    c:\windows\system32\dllcache\rpcss.dll2009-04-16 17:42 . 2009-02-09 10:53    686592    -c----w    c:\windows\system32\dllcache\advapi32.dll2009-04-16 17:42 . 2009-02-09 10:53    473600    -c----w    c:\windows\system32\dllcache\fastprox.dll2009-04-16 17:42 . 2009-02-06 10:39    35328    -c----w    c:\windows\system32\dllcache\sc.exe2009-04-16 17:42 . 2009-02-09 10:53    731136    -c----w    c:\windows\system32\dllcache\lsasrv.dll2009-04-16 17:42 . 2009-02-09 10:53    722944    -c----w    c:\windows\system32\dllcache\ntdll.dll2009-04-16 17:42 . 2009-02-09 10:53    453120    -c----w    c:\windows\system32\dllcache\wmiprvsd.dll2009-04-16 17:38 . 2009-03-27 06:58    1203922    -c----w    c:\windows\system32\dllcache\sysmain.sdb2009-04-16 17:38 . 2008-04-21 21:16    218112    -c----w    c:\windows\system32\dllcache\wordpad.exe2009-04-16 12:27 . 2009-04-16 12:27    4403    ----a-w    c:\windows\system32\BDUpdateV1.xml2009-04-12 14:57 . 2009-04-12 14:57    --------    d-----w    c:\documents and settings\ppp\Dane aplikacji\Bitdefender2009-04-12 14:47 . 2008-06-14 17:36    273024    -c----w    c:\windows\system32\dllcache\bthport.sys2009-04-12 14:47 . 2009-02-20 08:12    668672    -c----w    c:\windows\system32\dllcache\wininet.dll2009-04-12 14:47 . 2009-03-02 23:11    1499136    -c----w    c:\windows\system32\dllcache\shdocvw.dll2009-04-12 14:47 . 2009-02-20 08:12    619520    -c----w    c:\windows\system32\dllcache\urlmon.dll2009-04-12 14:43 . 2009-02-10 17:09    2067328    -c----w    c:\windows\system32\dllcache\ntkrnlpa.exe2009-04-12 14:43 . 2009-02-09 11:26    2025472    -c----w    c:\windows\system32\dllcache\ntkrpamp.exe2009-04-12 14:43 . 2009-02-09 11:26    2146816    -c----w    c:\windows\system32\dllcache\ntkrnlmp.exe2009-04-12 14:42 . 2009-02-09 11:26    2190336    -c----w    c:\windows\system32\dllcache\ntoskrnl.exe2009-04-12 14:42 . 2009-02-20 08:12    3089408    -c----w    c:\windows\system32\dllcache\mshtml.dll2009-04-12 14:41 . 2008-05-08 14:02    203136    -c----w    c:\windows\system32\dllcache\rmcast.sys2009-04-12 14:41 . 2008-10-24 11:21    455296    -c----w    c:\windows\system32\dllcache\mrxsmb.sys2009-04-12 14:40 . 2008-12-11 10:57    333952    -c----w    c:\windows\system32\dllcache\srv.sys2009-04-12 14:40 . 2008-05-01 14:37    331776    -c----w    c:\windows\system32\dllcache\msadce.dll2009-04-12 14:40 . 2008-04-11 19:06    691712    -c----w    c:\windows\system32\dllcache\inetcomm.dll2009-04-12 14:36 . 2008-10-03 10:04    247326    -c----w    c:\windows\system32\dllcache\strmdll.dll2009-04-12 14:36 . 2008-10-15 16:36    337408    -c----w    c:\windows\system32\dllcache\netapi32.dll2009-04-12 14:35 . 2008-09-04 17:17    1106944    -c----w    c:\windows\system32\dllcache\msxml3.dll2009-04-10 23:51 . 2009-04-12 14:54    121    ----a-w    c:\windows\bdagent.INI2009-04-10 20:12 . 2009-04-10 20:12    850    ----a-w    c:\windows\system32\ProductTweaks.xml2009-04-10 20:12 . 2009-04-10 20:12    385    ----a-w    c:\windows\system32\user_gensett.xml2009-04-10 20:10 . 2009-04-12 14:54    81984    ----a-w    c:\windows\system32\bdod.bin2009-04-10 19:57 . 2009-04-10 19:57    --------    d-----w    c:\documents and settings\All Users\Dane aplikacji\BitDefender2009-04-06 19:56 . 2009-04-06 19:56    28    ----a-w    C:\.prj2009-04-05 12:31 . 1999-12-17 08:13    86016    ----a-w    c:\windows\unvise32.exe2009-04-05 12:05 . 2009-04-05 12:18    --------    d-----w    c:\documents and settings\ppp\Dane aplikacji\PSpad2009-04-05 11:41 . 2009-04-05 11:41    19    ----a-w    c:\windows\cie12.ini.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-04-27 12:36 . 2008-09-22 16:03    --------    d-----w    c:\program files\Neostrada TP2009-04-27 10:50 . 2008-09-19 14:56    --------    d--h--w    c:\program files\InstallShield Installation Information2009-04-27 10:49 . 2001-10-26 18:15    83988    ----a-w    c:\windows\system32\perfc015.dat2009-04-27 10:49 . 2001-10-26 18:15    490808    ----a-w    c:\windows\system32\perfh015.dat2009-04-24 09:57 . 2008-11-30 13:54    43520    ----a-w    c:\windows\system32\CmdLineExt03.dll2009-04-21 14:50 . 2008-10-29 16:03    --------    d-----w    c:\documents and settings\ppp\Dane aplikacji\Image Zone Express2009-04-21 13:55 . 2009-02-09 15:00    59979    ----a-w    C:\MP4debug.log2009-04-21 13:29 . 2009-02-22 18:39    37440    ----a-w    c:\windows\system32\drivers\pssdklbf.drv2009-04-21 13:29 . 2009-02-22 18:39    30272    ----a-w    c:\windows\system32\drivers\pssdk31.drv2009-04-20 19:56 . 2008-11-29 12:23    --------    d-----w    c:\documents and settings\ppp\Dane aplikacji\Skype2009-04-20 19:50 . 2008-11-29 12:28    --------    d-----w    c:\documents and settings\ppp\Dane aplikacji\skypePM2009-04-18 15:22 . 2008-09-22 16:03    --------    d-----w    c:\program files\Java2009-04-17 15:15 . 2009-03-23 17:24    138168    ----a-w    c:\windows\system32\drivers\PnkBstrK.sys2009-04-17 15:14 . 2008-10-25 21:11    189472    ----a-w    c:\windows\system32\PnkBstrB.exe2009-04-17 15:10 . 2009-04-10 19:47    --------    d-----w    c:\program files\Common Files\BitDefender2009-04-16 15:17 . 2009-03-25 17:15    --------    d-----w    c:\program files\Belt Generator2009-04-15 15:52 . 2009-04-15 15:52    --------    d-----w    c:\program files\MSXML 4.02009-04-11 18:51 . 2009-04-11 15:34    --------    d-----w    c:\program files\FlashGet2009-04-10 21:38 . 2009-02-06 16:13    --------    d-----w    c:\program files\RelevantKnowledge2009-04-10 19:57 . 2009-04-10 19:57    --------    d-----w    c:\program files\BitDefender2009-04-10 19:27 . 2008-10-04 22:05    --------    d-----w    c:\program files\SkanerOnline2009-04-10 19:26 . 2009-04-10 19:26    3794    ----a-w    C:\mksbasel.cpp.log2009-04-10 19:23 . 2009-04-10 19:23    --------    d-----w    c:\program files\Trend Micro2009-04-10 19:19 . 2009-04-10 19:19    --------    d-----w    c:\program files\Uniblue2009-04-07 14:36 . 2009-04-07 14:36    --------    d-----w    c:\program files\IrfanView2009-04-06 20:04 . 2009-04-06 20:04    --------    d-----w    c:\program files\Migajek Software2009-04-05 12:29 . 2009-04-05 12:29    --------    d-----w    c:\program files\Binboy2009-04-05 12:05 . 2009-04-05 12:05    --------    d-----w    c:\program files\PSPad editor2009-04-01 13:31 . 2009-04-01 13:31    --------    d-----w    c:\program files\Ortalion Entertainment2009-03-30 18:22 . 2008-09-29 14:51    --------    d-----w    c:\documents and settings\ppp\Dane aplikacji\gtk-2.02009-03-29 00:54 . 2008-10-08 17:47    --------    d---a-w    c:\documents and settings\All Users\Dane aplikacji\TEMP2009-03-26 08:42 . 2009-02-13 19:43    --------    d-----w    c:\program files\D-Bug2009-03-23 17:27 . 2009-03-22 16:12    139152    ----a-w    c:\documents and settings\ppp\Dane aplikacji\PnkBstrK.sys2009-03-23 17:26 . 2009-03-23 16:29    794408    ----a-w    c:\windows\system32\pbsvc.exe2009-03-23 17:24 . 2008-10-25 21:10    75064    ----a-w    c:\windows\system32\PnkBstrA.exe2009-03-23 14:55 . 2009-03-23 14:51    --------    d-----w    c:\program files\Eusing Free Registry Cleaner2009-03-23 14:51 . 2008-10-02 12:12    --------    d-----w    c:\program files\EA GAMES2009-03-23 14:50 . 2009-03-23 14:50    --------    d-----w    c:\documents and settings\ppp\Dane aplikacji\InstallShield Installation Information2009-03-06 14:22 . 2004-08-04 00:44    285696    ----a-w    c:\windows\system32\pdh.dll2009-02-28 15:00 . 2008-09-19 14:43    31264    ----a-w    c:\documents and settings\ppp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-02-28 14:48 . 2008-09-22 16:27    --------    d-----w    c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2009-02-28 14:46 . 2009-02-28 14:46    --------    d-----w    c:\program files\MSECache2009-02-28 14:46 . 2008-09-22 16:28    --------    d-----w    c:\program files\Microsoft Works2009-02-28 11:57 . 2009-02-28 11:57    --------    d-----w    c:\program files\Windows Media Connect 22009-02-28 11:33 . 2009-02-28 11:33    128160    ----a-w    c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-02-28 11:33 . 2009-02-28 11:33    --------    d-----w    c:\program files\MSBuild2009-02-28 11:33 . 2009-02-28 11:33    --------    d-----w    c:\program files\Reference Assemblies2009-02-28 10:55 . 2008-09-19 14:29    86327    ----a-w    c:\windows\pchealth\helpctr\OfflineCache\index.dat2009-02-28 10:49 . 2004-08-03 22:59    251152    --sha-r    C:\ntldr2009-02-26 18:31 . 2009-02-26 18:26    --------    d-----w    c:\program files\Bad Day LA2009-02-20 08:12 . 2006-06-23 11:16    668672    ----a-w    c:\windows\system32\wininet.dll2009-02-20 08:11 . 2004-08-04 00:44    81920    ----a-w    c:\windows\system32\ieencode.dll2009-02-14 08:42 . 2009-02-13 19:43    86016    ----a-w    c:\windows\system32\OpenAL32.dll2009-02-14 08:42 . 2009-02-13 19:43    413696    ----a-w    c:\windows\system32\wrap_oal.dll2009-02-10 17:09 . 2004-08-04 00:38    2067328    ----a-w    c:\windows\system32\ntkrnlpa.exe2009-02-09 14:07 . 2006-08-10 13:58    1847040    ----a-w    c:\windows\system32\win32k.sys2009-02-09 11:26 . 2006-08-10 13:50    2190336    ----a-w    c:\windows\system32\ntoskrnl.exe2009-02-09 11:25 . 2004-08-04 00:44    111104    ----a-w    c:\windows\system32\services.exe2009-02-09 10:53 . 2006-08-10 13:57    731136    ----a-w    c:\windows\system32\lsasrv.dll2009-02-09 10:53 . 2006-08-10 13:54    401408    ----a-w    c:\windows\system32\rpcss.dll2009-02-09 10:53 . 2004-08-04 00:43    686592    ----a-w    c:\windows\system32\advapi32.dll2009-02-09 10:53 . 2004-08-04 00:43    722944    ----a-w    c:\windows\system32\ntdll.dll2009-02-06 10:39 . 2001-10-26 19:30    35328    ----a-w    c:\windows\system32\sc.exe2009-02-03 19:58 . 2004-08-04 00:44    56832    ----a-w    c:\windows\system32\secur32.dll2008-10-21 13:42 . 2008-10-21 13:40    30    ----a-w    c:\documents and settings\ppp\jagex_runescape_preferences.dat2008-09-22 17:31 . 2008-09-22 17:23    9232    ----a-w    c:\documents and settings\ppp\mqdmmdfl.sys2008-09-22 17:31 . 2008-09-22 17:23    92064    ----a-w    c:\documents and settings\ppp\mqdmmdm.sys2008-09-22 17:31 . 2008-09-22 17:23    79328    ----a-w    c:\documents and settings\ppp\mqdmserd.sys2008-09-22 17:31 . 2008-09-22 17:23    66656    ----a-w    c:\documents and settings\ppp\mqdmbus.sys2008-09-22 17:31 . 2008-09-22 17:23    6208    ----a-w    c:\documents and settings\ppp\mqdmcmnt.sys2008-09-22 17:31 . 2008-09-22 17:23    5936    ----a-w    c:\documents and settings\ppp\mqdmwhnt.sys2008-09-22 17:31 . 2008-09-22 17:23    4048    ----a-w    c:\documents and settings\ppp\mqdmcr.sys2008-09-22 17:31 . 2008-09-22 17:23    25600    ----a-w    c:\documents and settings\ppp\usbsermptxp.sys2008-09-22 17:31 . 2008-09-22 17:23    22768    ----a-w    c:\documents and settings\ppp\usbsermpt.sys2009-03-05 16:2009-04-10 20:00        08:04 .    c:\program files\mozilla firefox\components\FFComm.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-09-29 1279216]"EdHTML"="c:\program files\Binboy\EdHTMLv5.0\EdHTML.exe" [2003-03-24 1443328][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AvMenu"="c:\program files\ArcaBit\ArcaVir\AVMenu.exe" [2008-01-29 481800]"ABRegmon"="c:\program files\ArcaBit\ArcaVir\ABregmon.exe" [2007-07-12 303104]"ArcaCheck"="c:\program files\ArcaBit\ArcaVir\ArcaCheck.exe" [2007-07-27 836912]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-26 77824][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TS_LogonListener]2007-01-12 14:41    101376    ----a-w    c:\windows\system32\TS_LogonListener.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute    REG_MULTI_SZ       autocheck autochk /r \??\c:\[u]0[/u]pdboot.exe\[u]0[/u]autocheck autochk *[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk]backup=c:\windows\pss\Kalendarz XP.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="e:\\Instalki\\Steam\\steamapps\\albadar\\zombie panic! source\\hl2.exe"="e:\\Instalki\\Steam\\steamapps\\albadar\\diprip warm up\\hl2.exe"="e:\\Instalki\\Steam\\steamapps\\albadar\\team fortress 2\\hl2.exe"="c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="e:\\Instalki\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="e:\\Instalki\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="e:\\Instalki\\Counter-Strike 1.6\\hl.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="e:\\Nowe Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;c:\program files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2007-01-11 237568]R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]R3 PD91Engine;PD91Engine;e:\perfectdisk2008\PD91Engine.exe [2008-01-16 894216]R3 PsSdk31;PsSdk31;c:\windows\system32\Drivers\pssdk31.drv [2009-04-21 30272]R3 PsSdkLBF;PsSdkLBF;c:\windows\system32\Drivers\pssdklbf.drv [2009-04-21 37440]S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-11-06 39472]S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]S0 ulsata2;ulsata2; [x]S1 ABTDI;ABTDI;c:\program files\ArcaBit\ArcaVir\ABTDI.sys [2007-05-08 44032]S2 ABFileMon;ArcaBit FileMonitor;c:\program files\ArcaBit\ArcaVir\FileMonSV.exe [2008-12-16 158216]S2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;c:\program files\ArcaBit\Common\TaskScheduler.exe [2007-01-12 270336]S2 AVUpdate;ArcaBit Update Service;c:\program files\ArcaBit\ArcaUpdate\update.exe [2007-02-26 167936]S2 CrypticDisk;CrypticDisk;c:\windows\system32\Drivers\CrypticDisk.sys [2006-11-25 66688]S2 PD91Agent;PD91Agent;e:\perfectdisk2008\PD91Agent.exe [2008-01-16 664840]S3 ABFLT;ArcaBit File Monitor Driver;c:\progra~1\ArcaBit\ArcaVir\ABFLT.sys [2007-09-12 30208]S3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;c:\program files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2007-01-11 200704][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx    REG_MULTI_SZ       scan[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{264b7505-2c1f-11de-8747-000e50c76529}]\Shell\AutoRun\command - F:\m9ma.exe\Shell\explore\Command - F:\m9ma.exe\Shell\open\Command - F:\m9ma.exe.Zawartość folderu 'Zaplanowane zadania'2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]..------- Skan uzupełniający -------.uStart Page = hxxp://www.neostrada.pluInternet Connection Wizard,ShellNext = iexploreIE: Download All by FlashGetIE: Download using FlashGetIE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000IE: { - c:\program files\Messenger\msmsgs.exeDPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocxDPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\documents and settings\ppp\Dane aplikacji\Mozilla\Firefox\Profiles\y5p4m22p.default\FF - prefs.js: browser.search.selectedEngine - DAEMON SearchFF - component: c:\program files\Mozilla Firefox\components\FFComm.dllFF - plugin: e:\instalki\Real Alternative\browser\plugins\nppl3260.dllFF - plugin: e:\instalki\Real Alternative\browser\plugins\nprpjplug.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-04-27 14:38Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdk31]"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdkLBF]"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv".--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-117609710-2147232141-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F08F3C1-337E-6007-0702-26711210B35A}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"mabiklepghibcbopllojmmljnm"=hex:64,61,63,6e,68,61,63,6c,00,00"labiklepegicikkkohigboep"=hex:64,61,63,6e,69,61,6b,6c,00,00"nabiklepkfebkbmfejkbbdoikgfp"=hex:64,61,63,6e,68,61,70,6b,00,00"iaihemjcoijdcjofaf"=hex:62,61,6b,6d,00,00"laihglcmoffegoflblpbmchb"=hex:62,61,6a,6d,00,00"oahdlepagadjbabjemahmgbjejhghk"=hex:62,61,6b,6d,00,00"oahdlepagadjbabjemahmfjlgdecgl"=hex:62,61,6a,6d,00,00"bbhdlepagadjbabjemahoeejecliebekmgjg"=hex:62,61,6a,6d,00,00"paihalhdoplpngeoiodoihncbjfpbida"=hex:62,61,6b,6d,00,00"oaihalhdoplpngnmechjeombldaibf"=hex:62,61,6a,6d,00,00"dbihalhdoplpngdnfkhhhgfmgjafcdoijpdapdda"=hex:62,61,6a,6d,00,00"jaihemjakpjhnlgjfndh"=hex:62,61,6a,6d,00,00"kaihemjaaahidbcaagngbp"=hex:62,61,6a,6d,00,00"maihemjaopnialaobhgamhjeik"=hex:62,61,6a,6d,00,00"oaihemjafbmbliaoojnldpcheeoebi"=hex:62,61,6b,6d,00,00"haihemjacbdcbipa"=hex:62,61,6b,6d,00,00"nabidohaaialocdigeigkmcoidjn"=hex:63,61,6d,6d,63,61,00,00"kbhdbdbelbjgmhofbkjcmoadjmlmkbmbikjnlmmbhacpaodkmobckd"=hex:62,61,6b,6d,00,61"iagkaipapppjbbeceo"=hex:68,61,6e,6a,6b,69,6d,65,6b,62,6c,67,6c,6e,6a,65,00,b9"haikkdjajafbampj"=hex:6f,61,70,6b,66,67,6c,6e,65,66,65,65,6e,62,63,69,6e,6f,   6c,6f,64,69,68,6f,68,70,66,62,64,63,00,00"jahdhdleplaccigcdfgk"=hex:64,62,6e,6a,6a,67,68,69,70,6e,67,6e,69,6a,62,62,6d,   63,63,68,68,68,6c,68,6d,6c,6d,62,62,6b,68,62,6f,70,62,61,6b,64,68,65,00,05"jafknhiopnogagfglgmf"=hex:62,61,6b,6d,00,00"bacj"=hex:67,61,66,6d,6f,6f,65,6e,6d,68,67,6f,67,6e,00,00"babj"=hex:67,61,66,6d,6f,6f,65,6e,6d,68,67,6f,67,6e,00,00"cahiij"=hex:64,61,6a,6d,70,62,64,69,00,68"cahijj"=hex:63,61,68,6e,63,6f,00,69"iahjdfmbhhmldnibco"=hex:65,61,6a,6d,6a,70,68,61,67,6a,00,6f"iahjdfmbhhmldnibbo"=hex:64,61,6c,6d,6f,70,66,63,00,6a"gbihemjcoijdbjepicnbcalpahkihfcffidlgkjbcjodcd"=hex:62,61,6a,6d,00,a6"kbjjnkndnldcmcmdkibjofokflhkldmmcboadldpdlbakeefdgnlld"=hex:6e,61,6a,68,6f,6e,   63,61,65,6c,69,6f,6e,6b,6e,68,6e,6d,64,6d,66,69,6c,64,6f,65,65,6b,00,00[HKEY_USERS\S-1-5-21-117609710-2147232141-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:f4,ed,57,b2,e3,c6,b3,bf,21,41,26,7f,85,68,8a,86,ea,8d,76,54,26,7f,c4,   4a,fb,23,ef,d9,c4,3b,68,43,12,fa,22,14,7f,70,c8,45,5a,15,e7,a8,fe,fe,4a,8f,\"??"=hex:44,1e,df,1e,8f,9f,74,57,37,eb,04,8a,39,5b,97,6d[HKEY_USERS\S-1-5-21-117609710-2147232141-839522115-1003\Software\SecuROM\License information*]"datasecu"=hex:57,76,a2,36,11,c2,c6,ae,9a,eb,db,65,47,60,bf,08,92,41,82,ca,e8,   09,1a,72,e4,0c,d7,3b,bc,56,7d,e4,3d,6e,4b,96,51,ea,e4,81,6c,d1,0a,9a,e2,e3,\"rkeysecu"=hex:37,45,8b,59,3e,15,ab,88,3f,a0,a0,2b,16,24,3c,18.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(684)c:\windows\system32\TS_LogonListener.dll- - - - - - - > 'explorer.exe'(1416)c:\windows\system32\nview.dllc:\windows\system32\NVWRSPL.DLLc:\windows\system32\msi.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\program files\WinRAR\rarext.dllc:\program files\BitDefender\BitDefender 2009\bdshelxt.dllc:\windows\system32\txmlutil.dllc:\program files\BitDefender\BitDefender 2009\txmlx.dllc:\program files\BitDefender\BitDefender 2009\ENU\bdshelxt.uic:\progra~1\PSPADE~1\PSPADS~1.DLLc:\progra~1\Creative\SHARED~1\CtCmeCtx.dllc:\program files\ArcaBit\arcavir\avshell.dll.Czas ukończenia: 2009-04-27 14:39ComboFix-quarantined-files.txt  2009-04-27 12:39ComboFix2.txt  2009-04-21 18:54Przed: 25 974 587 392 bajtów wolnychPo: 25 982 353 408 bajtów wolnychCurrent=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4335    --- E O F ---    2009-04-26 12:24

Ponawiam prośbe o sprawdzenie loga z tematu-> http://www.forumpc.pl/index.php?showtopic=...15335Skanowanie nic nie dało-> auto restart->błąd botowania-> restart-> i dopiero botujeNie wiem czy to totalne olewactwo czy może nikt teraz nie ma czasu czy ja coś źle robie...sprawdziłby to ktoś

//Nie piszemy z włączonym capslockiem!

//Usuwam caps, następnym razem będzie warn!

//Michał Paluch

Gość
komentarz
komentarz

Proszę zainstalaować i przeskanować tym --> MBAM, (pełne skanowanie, po znalezieniu proszę zaznaczyć "Usuń zaznaczone".)

.

beedu
komentarz
komentarz
Malwarebytes' Anti-Malware 1.36Wersja bazy definicji: 2047Windows 5.1.2600 Dodatek Service Pack 32009-04-27 15:51:52mbam-log-2009-04-27 (15-51-48).txtTyp skanowania: Pełne skanowanie (C:\|E:\|G:\|)Przeskanowane obiekty: 201860Upłynęło: 33 minute(s), 49 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 0Zainfekowane wartości rejestru: 0Zainfekowane pliki rejestru: 2Zainfekowane foldery: 1Zainfekowane pliki: 3Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:(Nie wykryto groźnych plików)Zainfekowane wartości rejestru:(Nie wykryto groźnych plików)Zainfekowane pliki rejestru:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.Zainfekowane foldery:C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> No action taken.Zainfekowane pliki:C:\Program Files\RelevantKnowledge\rlservice.exe (Adware.RelevantKnowledge) -> No action taken.C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.Marketscore) -> No action taken.C:\WINDOWS\system32\syssetub.dll (Trojan.Agent) -> No action taken.

Log z m'ki

Gość
komentarz
komentarz (edytowane)

Miałeś to usunąć...

.

beedu
komentarz
komentarz (edytowane)

Bo usunąłem :P tylko dałem loga sprzed usuwania...umiem czytać :D

Gość
komentarz
komentarz

Pokaż new log z ComboFixa.

.

beedu
komentarz
komentarz
ComboFix 09-04-21.A8 - ppp 2009-04-27 18:27.6 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1023.546 [GMT 2:00]Uruchomiony z: c:\documents and settings\ppp\Pulpit\ComboFix.exeAV: ArcaVir *On-access scanning disabled* (Updated)AV: BitDefender Antivirus *On-access scanning disabled* (Updated)FW: ArcaFirewall 2007 *disabled*.(((((((((((((((((((((((((   Pliki utworzone od 2009-03-27 do 2009-04-27  ))))))))))))))))))))))))))))))).2009-04-27 13:11 . 2009-04-27 13:11	--------	d-----w	c:\documents and settings\ppp\Dane aplikacji\Malwarebytes2009-04-27 13:11 . 2009-04-06 13:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys2009-04-27 13:11 . 2009-04-06 13:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys2009-04-27 13:11 . 2009-04-27 13:11	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-04-26 20:09 . 2009-04-26 20:09	--------	d-----w	c:\documents and settings\ppp\Dane aplikacji\LEGO Company2009-04-21 14:47 . 2009-04-21 14:51	2	----a-w	c:\windows\Twain001.Mtx2009-04-21 14:47 . 2009-04-21 14:51	156	----a-w	c:\windows\Twunk001.MTX2009-04-21 14:47 . 2009-04-21 14:47	0	----a-w	c:\windows\Twunk002.MTX2009-04-18 15:23 . 2009-04-18 15:23	--------	d-----w	c:\windows\Sun2009-04-18 15:22 . 2009-04-18 15:22	73728	----a-w	c:\windows\system32\javacpl.cpl2009-04-18 15:22 . 2009-04-18 15:22	410984	----a-w	c:\windows\system32\deploytk.dll2009-04-18 13:56 . 2009-04-18 13:56	--------	d-----w	c:\documents and settings\ppp\Dane aplikacji\OpenFM2009-04-18 13:45 . 2009-04-18 13:56	--------	d-----w	c:\documents and settings\ppp\Dane aplikacji\Nowe Gadu-Gadu2009-04-17 15:09 . 2008-10-09 14:31	192512	----a-w	c:\windows\system32\txmlutil.dll2009-04-16 17:42 . 2009-02-06 10:10	227840	-c----w	c:\windows\system32\dllcache\wmiprvse.exe2009-04-16 17:42 . 2009-03-06 14:22	285696	-c----w	c:\windows\system32\dllcache\pdh.dll2009-04-16 17:42 . 2009-02-09 11:25	111104	-c----w	c:\windows\system32\dllcache\services.exe2009-04-16 17:42 . 2009-02-09 10:53	401408	-c----w	c:\windows\system32\dllcache\rpcss.dll2009-04-16 17:42 . 2009-02-09 10:53	686592	-c----w	c:\windows\system32\dllcache\advapi32.dll2009-04-16 17:42 . 2009-02-09 10:53	473600	-c----w	c:\windows\system32\dllcache\fastprox.dll2009-04-16 17:42 . 2009-02-06 10:39	35328	-c----w	c:\windows\system32\dllcache\sc.exe2009-04-16 17:42 . 2009-02-09 10:53	731136	-c----w	c:\windows\system32\dllcache\lsasrv.dll2009-04-16 17:42 . 2009-02-09 10:53	722944	-c----w	c:\windows\system32\dllcache\ntdll.dll2009-04-16 17:42 . 2009-02-09 10:53	453120	-c----w	c:\windows\system32\dllcache\wmiprvsd.dll2009-04-16 17:38 . 2009-03-27 06:58	1203922	-c----w	c:\windows\system32\dllcache\sysmain.sdb2009-04-16 17:38 . 2008-04-21 21:16	218112	-c----w	c:\windows\system32\dllcache\wordpad.exe2009-04-16 12:27 . 2009-04-16 12:27	4403	----a-w	c:\windows\system32\BDUpdateV1.xml2009-04-12 14:57 . 2009-04-12 14:57	--------	d-----w	c:\documents and settings\ppp\Dane aplikacji\Bitdefender2009-04-12 14:47 . 2008-06-14 17:36	273024	-c----w	c:\windows\system32\dllcache\bthport.sys2009-04-12 14:47 . 2009-02-20 08:12	668672	-c----w	c:\windows\system32\dllcache\wininet.dll2009-04-12 14:47 . 2009-03-02 23:11	1499136	-c----w	c:\windows\system32\dllcache\shdocvw.dll2009-04-12 14:47 . 2009-02-20 08:12	619520	-c----w	c:\windows\system32\dllcache\urlmon.dll2009-04-12 14:43 . 2009-02-10 17:09	2067328	-c----w	c:\windows\system32\dllcache\ntkrnlpa.exe2009-04-12 14:43 . 2009-02-09 11:26	2025472	-c----w	c:\windows\system32\dllcache\ntkrpamp.exe2009-04-12 14:43 . 2009-02-09 11:26	2146816	-c----w	c:\windows\system32\dllcache\ntkrnlmp.exe2009-04-12 14:42 . 2009-02-09 11:26	2190336	-c----w	c:\windows\system32\dllcache\ntoskrnl.exe2009-04-12 14:42 . 2009-02-20 08:12	3089408	-c----w	c:\windows\system32\dllcache\mshtml.dll2009-04-12 14:41 . 2008-05-08 14:02	203136	-c----w	c:\windows\system32\dllcache\rmcast.sys2009-04-12 14:41 . 2008-10-24 11:21	455296	-c----w	c:\windows\system32\dllcache\mrxsmb.sys2009-04-12 14:40 . 2008-12-11 10:57	333952	-c----w	c:\windows\system32\dllcache\srv.sys2009-04-12 14:40 . 2008-05-01 14:37	331776	-c----w	c:\windows\system32\dllcache\msadce.dll2009-04-12 14:40 . 2008-04-11 19:06	691712	-c----w	c:\windows\system32\dllcache\inetcomm.dll2009-04-12 14:36 . 2008-10-03 10:04	247326	-c----w	c:\windows\system32\dllcache\strmdll.dll2009-04-12 14:36 . 2008-10-15 16:36	337408	-c----w	c:\windows\system32\dllcache\netapi32.dll2009-04-12 14:35 . 2008-09-04 17:17	1106944	-c----w	c:\windows\system32\dllcache\msxml3.dll2009-04-10 23:51 . 2009-04-12 14:54	121	----a-w	c:\windows\bdagent.INI2009-04-10 20:12 . 2009-04-10 20:12	850	----a-w	c:\windows\system32\ProductTweaks.xml2009-04-10 20:12 . 2009-04-10 20:12	385	----a-w	c:\windows\system32\user_gensett.xml2009-04-10 20:10 . 2009-04-12 14:54	81984	----a-w	c:\windows\system32\bdod.bin2009-04-10 19:57 . 2009-04-10 19:57	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\BitDefender2009-04-06 19:56 . 2009-04-06 19:56	28	----a-w	C:\.prj2009-04-05 12:31 . 1999-12-17 08:13	86016	----a-w	c:\windows\unvise32.exe2009-04-05 12:05 . 2009-04-05 12:18	--------	d-----w	c:\documents and settings\ppp\Dane aplikacji\PSpad2009-04-05 11:41 . 2009-04-05 11:41	19	----a-w	c:\windows\cie12.ini.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-04-27 16:27 . 2008-09-22 16:03	--------	d-----w	c:\program files\Neostrada TP2009-04-27 15:35 . 2001-10-26 18:15	83988	----a-w	c:\windows\system32\perfc015.dat2009-04-27 15:35 . 2001-10-26 18:15	490808	----a-w	c:\windows\system32\perfh015.dat2009-04-27 13:11 . 2009-04-27 13:11	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware2009-04-27 10:50 . 2008-09-19 14:56	--------	d--h--w	c:\program files\InstallShield Installation Information2009-04-24 09:57 . 2008-11-30 13:54	43520	----a-w	c:\windows\system32\CmdLineExt03.dll2009-04-21 14:50 . 2008-10-29 16:03	--------	d-----w	c:\documents and settings\ppp\Dane aplikacji\Image Zone Express2009-04-21 13:55 . 2009-02-09 15:00	59979	----a-w	C:\MP4debug.log2009-04-21 13:29 . 2009-02-22 18:39	37440	----a-w	c:\windows\system32\drivers\pssdklbf.drv2009-04-21 13:29 . 2009-02-22 18:39	30272	----a-w	c:\windows\system32\drivers\pssdk31.drv2009-04-20 19:56 . 2008-11-29 12:23	--------	d-----w	c:\documents and settings\ppp\Dane aplikacji\Skype2009-04-20 19:50 . 2008-11-29 12:28	--------	d-----w	c:\documents and settings\ppp\Dane aplikacji\skypePM2009-04-18 15:22 . 2008-09-22 16:03	--------	d-----w	c:\program files\Java2009-04-17 15:15 . 2009-03-23 17:24	138168	----a-w	c:\windows\system32\drivers\PnkBstrK.sys2009-04-17 15:14 . 2008-10-25 21:11	189472	----a-w	c:\windows\system32\PnkBstrB.exe2009-04-17 15:10 . 2009-04-10 19:47	--------	d-----w	c:\program files\Common Files\BitDefender2009-04-16 15:17 . 2009-03-25 17:15	--------	d-----w	c:\program files\Belt Generator2009-04-15 15:52 . 2009-04-15 15:52	--------	d-----w	c:\program files\MSXML 4.02009-04-11 18:51 . 2009-04-11 15:34	--------	d-----w	c:\program files\FlashGet2009-04-10 19:57 . 2009-04-10 19:57	--------	d-----w	c:\program files\BitDefender2009-04-10 19:27 . 2008-10-04 22:05	--------	d-----w	c:\program files\SkanerOnline2009-04-10 19:26 . 2009-04-10 19:26	3794	----a-w	C:\mksbasel.cpp.log2009-04-10 19:23 . 2009-04-10 19:23	--------	d-----w	c:\program files\Trend Micro2009-04-10 19:19 . 2009-04-10 19:19	--------	d-----w	c:\program files\Uniblue2009-04-07 14:36 . 2009-04-07 14:36	--------	d-----w	c:\program files\IrfanView2009-04-06 20:04 . 2009-04-06 20:04	--------	d-----w	c:\program files\Migajek Software2009-04-05 12:29 . 2009-04-05 12:29	--------	d-----w	c:\program files\Binboy2009-04-05 12:05 . 2009-04-05 12:05	--------	d-----w	c:\program files\PSPad editor2009-04-01 13:31 . 2009-04-01 13:31	--------	d-----w	c:\program files\Ortalion Entertainment2009-03-30 18:22 . 2008-09-29 14:51	--------	d-----w	c:\documents and settings\ppp\Dane aplikacji\gtk-2.02009-03-29 00:54 . 2008-10-08 17:47	--------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP2009-03-26 08:42 . 2009-02-13 19:43	--------	d-----w	c:\program files\D-Bug2009-03-23 17:27 . 2009-03-22 16:12	139152	----a-w	c:\documents and settings\ppp\Dane aplikacji\PnkBstrK.sys2009-03-23 17:26 . 2009-03-23 16:29	794408	----a-w	c:\windows\system32\pbsvc.exe2009-03-23 17:24 . 2008-10-25 21:10	75064	----a-w	c:\windows\system32\PnkBstrA.exe2009-03-23 14:55 . 2009-03-23 14:51	--------	d-----w	c:\program files\Eusing Free Registry Cleaner2009-03-23 14:51 . 2008-10-02 12:12	--------	d-----w	c:\program files\EA GAMES2009-03-23 14:50 . 2009-03-23 14:50	--------	d-----w	c:\documents and settings\ppp\Dane aplikacji\InstallShield Installation Information2009-03-06 14:22 . 2004-08-04 00:44	285696	----a-w	c:\windows\system32\pdh.dll2009-02-28 15:00 . 2008-09-19 14:43	31264	----a-w	c:\documents and settings\ppp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-02-28 14:48 . 2008-09-22 16:27	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2009-02-28 14:46 . 2009-02-28 14:46	--------	d-----w	c:\program files\MSECache2009-02-28 14:46 . 2008-09-22 16:28	--------	d-----w	c:\program files\Microsoft Works2009-02-28 11:57 . 2009-02-28 11:57	--------	d-----w	c:\program files\Windows Media Connect 22009-02-28 11:33 . 2009-02-28 11:33	128160	----a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-02-28 11:33 . 2009-02-28 11:33	--------	d-----w	c:\program files\MSBuild2009-02-28 11:33 . 2009-02-28 11:33	--------	d-----w	c:\program files\Reference Assemblies2009-02-28 10:55 . 2008-09-19 14:29	86327	----a-w	c:\windows\pchealth\helpctr\OfflineCache\index.dat2009-02-28 10:49 . 2004-08-03 22:59	251152	--sha-r	C:\ntldr2009-02-26 18:31 . 2009-02-26 18:26	--------	d-----w	c:\program files\Bad Day LA2009-02-20 08:12 . 2006-06-23 11:16	668672	----a-w	c:\windows\system32\wininet.dll2009-02-20 08:11 . 2004-08-04 00:44	81920	----a-w	c:\windows\system32\ieencode.dll2009-02-14 08:42 . 2009-02-13 19:43	86016	----a-w	c:\windows\system32\OpenAL32.dll2009-02-14 08:42 . 2009-02-13 19:43	413696	----a-w	c:\windows\system32\wrap_oal.dll2009-02-10 17:09 . 2004-08-04 00:38	2067328	----a-w	c:\windows\system32\ntkrnlpa.exe2009-02-09 14:07 . 2006-08-10 13:58	1847040	----a-w	c:\windows\system32\win32k.sys2009-02-09 11:26 . 2006-08-10 13:50	2190336	----a-w	c:\windows\system32\ntoskrnl.exe2009-02-09 11:25 . 2004-08-04 00:44	111104	----a-w	c:\windows\system32\services.exe2009-02-09 10:53 . 2006-08-10 13:57	731136	----a-w	c:\windows\system32\lsasrv.dll2009-02-09 10:53 . 2006-08-10 13:54	401408	----a-w	c:\windows\system32\rpcss.dll2009-02-09 10:53 . 2004-08-04 00:43	686592	----a-w	c:\windows\system32\advapi32.dll2009-02-09 10:53 . 2004-08-04 00:43	722944	----a-w	c:\windows\system32\ntdll.dll2009-02-06 10:39 . 2001-10-26 19:30	35328	----a-w	c:\windows\system32\sc.exe2009-02-03 19:58 . 2004-08-04 00:44	56832	----a-w	c:\windows\system32\secur32.dll2008-10-21 13:42 . 2008-10-21 13:40	30	----a-w	c:\documents and settings\ppp\jagex_runescape_preferences.dat2008-09-22 17:31 . 2008-09-22 17:23	9232	----a-w	c:\documents and settings\ppp\mqdmmdfl.sys2008-09-22 17:31 . 2008-09-22 17:23	92064	----a-w	c:\documents and settings\ppp\mqdmmdm.sys2008-09-22 17:31 . 2008-09-22 17:23	79328	----a-w	c:\documents and settings\ppp\mqdmserd.sys2008-09-22 17:31 . 2008-09-22 17:23	66656	----a-w	c:\documents and settings\ppp\mqdmbus.sys2008-09-22 17:31 . 2008-09-22 17:23	6208	----a-w	c:\documents and settings\ppp\mqdmcmnt.sys2008-09-22 17:31 . 2008-09-22 17:23	5936	----a-w	c:\documents and settings\ppp\mqdmwhnt.sys2008-09-22 17:31 . 2008-09-22 17:23	4048	----a-w	c:\documents and settings\ppp\mqdmcr.sys2008-09-22 17:31 . 2008-09-22 17:23	25600	----a-w	c:\documents and settings\ppp\usbsermptxp.sys2008-09-22 17:31 . 2008-09-22 17:23	22768	----a-w	c:\documents and settings\ppp\usbsermpt.sys2009-03-05 16:2009-04-10 20:00		08:04 .	c:\program files\mozilla firefox\components\FFComm.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-09-29 1279216]"EdHTML"="c:\program files\Binboy\EdHTMLv5.0\EdHTML.exe" [2003-03-24 1443328][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AvMenu"="c:\program files\ArcaBit\ArcaVir\AVMenu.exe" [2008-01-29 481800]"ABRegmon"="c:\program files\ArcaBit\ArcaVir\ABregmon.exe" [2007-07-12 303104]"ArcaCheck"="c:\program files\ArcaBit\ArcaVir\ArcaCheck.exe" [2007-07-27 836912]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 819712]"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 176128]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-18 148888]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-26 77824][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TS_LogonListener]2007-01-12 14:41	101376	----a-w	c:\windows\system32\TS_LogonListener.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\c:\[u]0[/u]pdboot.exe\[u]0[/u]autocheck autochk *[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Kalendarz XP.lnk]backup=c:\windows\pss\Kalendarz XP.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="e:\\Instalki\\Steam\\steamapps\\albadar\\zombie panic! source\\hl2.exe"="e:\\Instalki\\Steam\\steamapps\\albadar\\diprip warm up\\hl2.exe"="e:\\Instalki\\Steam\\steamapps\\albadar\\team fortress 2\\hl2.exe"="c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="e:\\Instalki\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="e:\\Instalki\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="e:\\Instalki\\Counter-Strike 1.6\\hl.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="e:\\Nowe Gadu-Gadu\\gg.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;c:\program files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2007-01-11 237568]R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]R3 PD91Engine;PD91Engine;e:\perfectdisk2008\PD91Engine.exe [2008-01-16 894216]R3 PsSdk31;PsSdk31;c:\windows\system32\Drivers\pssdk31.drv [2009-04-21 30272]R3 PsSdkLBF;PsSdkLBF;c:\windows\system32\Drivers\pssdklbf.drv [2009-04-21 37440]S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-11-06 39472]S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]S0 ulsata2;ulsata2; [x]S1 ABTDI;ABTDI;c:\program files\ArcaBit\ArcaVir\ABTDI.sys [2007-05-08 44032]S2 ABFileMon;ArcaBit FileMonitor;c:\program files\ArcaBit\ArcaVir\FileMonSV.exe [2008-12-16 158216]S2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;c:\program files\ArcaBit\Common\TaskScheduler.exe [2007-01-12 270336]S2 AVUpdate;ArcaBit Update Service;c:\program files\ArcaBit\ArcaUpdate\update.exe [2007-02-26 167936]S2 CrypticDisk;CrypticDisk;c:\windows\system32\Drivers\CrypticDisk.sys [2006-11-25 66688]S2 PD91Agent;PD91Agent;e:\perfectdisk2008\PD91Agent.exe [2008-01-16 664840]S3 ABFLT;ArcaBit File Monitor Driver;c:\progra~1\ArcaBit\ArcaVir\ABFLT.sys [2007-09-12 30208]S3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;c:\program files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2007-01-11 200704][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bdx	REG_MULTI_SZ   	scan[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{264b7505-2c1f-11de-8747-000e50c76529}]\Shell\AutoRun\command - F:\m9ma.exe\Shell\explore\Command - F:\m9ma.exe\Shell\open\Command - F:\m9ma.exe.Zawartość folderu 'Zaplanowane zadania'2009-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]..------- Skan uzupełniający -------.uStart Page = hxxp://www.neostrada.pluInternet Connection Wizard,ShellNext = iexploreIE: Download All by FlashGetIE: Download using FlashGetIE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000IE: { - c:\program files\Messenger\msmsgs.exeDPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocxDPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\documents and settings\ppp\Dane aplikacji\Mozilla\Firefox\Profiles\y5p4m22p.default\FF - prefs.js: browser.search.selectedEngine - DAEMON SearchFF - component: c:\program files\Mozilla Firefox\components\FFComm.dllFF - plugin: e:\instalki\Real Alternative\browser\plugins\nppl3260.dllFF - plugin: e:\instalki\Real Alternative\browser\plugins\nprpjplug.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-04-27 18:28Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdk31]"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdkLBF]"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv".--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-117609710-2147232141-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F08F3C1-337E-6007-0702-26711210B35A}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"mabiklepghibcbopllojmmljnm"=hex:64,61,63,6e,68,61,63,6c,00,00"labiklepegicikkkohigboep"=hex:64,61,63,6e,69,61,6b,6c,00,00"nabiklepkfebkbmfejkbbdoikgfp"=hex:64,61,63,6e,68,61,70,6b,00,00"iaihemjcoijdcjofaf"=hex:62,61,6b,6d,00,00"laihglcmoffegoflblpbmchb"=hex:62,61,6a,6d,00,00"oahdlepagadjbabjemahmgbjejhghk"=hex:62,61,6b,6d,00,00"oahdlepagadjbabjemahmfjlgdecgl"=hex:62,61,6a,6d,00,00"bbhdlepagadjbabjemahoeejecliebekmgjg"=hex:62,61,6a,6d,00,00"paihalhdoplpngeoiodoihncbjfpbida"=hex:62,61,6b,6d,00,00"oaihalhdoplpngnmechjeombldaibf"=hex:62,61,6a,6d,00,00"dbihalhdoplpngdnfkhhhgfmgjafcdoijpdapdda"=hex:62,61,6a,6d,00,00"jaihemjakpjhnlgjfndh"=hex:62,61,6a,6d,00,00"kaihemjaaahidbcaagngbp"=hex:62,61,6a,6d,00,00"maihemjaopnialaobhgamhjeik"=hex:62,61,6a,6d,00,00"oaihemjafbmbliaoojnldpcheeoebi"=hex:62,61,6b,6d,00,00"haihemjacbdcbipa"=hex:62,61,6b,6d,00,00"nabidohaaialocdigeigkmcoidjn"=hex:63,61,6d,6d,63,61,00,00"kbhdbdbelbjgmhofbkjcmoadjmlmkbmbikjnlmmbhacpaodkmobckd"=hex:62,61,6b,6d,00,61"iagkaipapppjbbeceo"=hex:68,61,6e,6a,6b,69,6d,65,6b,62,6c,67,6c,6e,6a,65,00,b9"haikkdjajafbampj"=hex:6f,61,70,6b,66,67,6c,6e,65,66,65,65,6e,62,63,69,6e,6f,   6c,6f,64,69,68,6f,68,70,66,62,64,63,00,00"jahdhdleplaccigcdfgk"=hex:64,62,6e,6a,6a,67,68,69,70,6e,67,6e,69,6a,62,62,6d,   63,63,68,68,68,6c,68,6d,6c,6d,62,62,6b,68,62,6f,70,62,61,6b,64,68,65,00,05"jafknhiopnogagfglgmf"=hex:62,61,6b,6d,00,00"bacj"=hex:67,61,66,6d,6f,6f,65,6e,6d,68,67,6f,67,6e,00,00"babj"=hex:67,61,66,6d,6f,6f,65,6e,6d,68,67,6f,67,6e,00,00"cahiij"=hex:64,61,6a,6d,70,62,64,69,00,68"cahijj"=hex:63,61,68,6e,63,6f,00,69"iahjdfmbhhmldnibco"=hex:65,61,6a,6d,6a,70,68,61,67,6a,00,6f"iahjdfmbhhmldnibbo"=hex:64,61,6c,6d,6f,70,66,63,00,6a"gbihemjcoijdbjepicnbcalpahkihfcffidlgkjbcjodcd"=hex:62,61,6a,6d,00,a6"kbjjnkndnldcmcmdkibjofokflhkldmmcboadldpdlbakeefdgnlld"=hex:6e,61,6a,68,6f,6e,   63,61,65,6c,69,6f,6e,6b,6e,68,6e,6d,64,6d,66,69,6c,64,6f,65,65,6b,00,00[HKEY_USERS\S-1-5-21-117609710-2147232141-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:f4,ed,57,b2,e3,c6,b3,bf,21,41,26,7f,85,68,8a,86,ea,8d,76,54,26,7f,c4,   4a,fb,23,ef,d9,c4,3b,68,43,12,fa,22,14,7f,70,c8,45,5a,15,e7,a8,fe,fe,4a,8f,\"??"=hex:44,1e,df,1e,8f,9f,74,57,37,eb,04,8a,39,5b,97,6d[HKEY_USERS\S-1-5-21-117609710-2147232141-839522115-1003\Software\SecuROM\License information*]"datasecu"=hex:57,76,a2,36,11,c2,c6,ae,9a,eb,db,65,47,60,bf,08,92,41,82,ca,e8,   09,1a,72,e4,0c,d7,3b,bc,56,7d,e4,3d,6e,4b,96,51,ea,e4,81,6c,d1,0a,9a,e2,e3,\"rkeysecu"=hex:37,45,8b,59,3e,15,ab,88,3f,a0,a0,2b,16,24,3c,18.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(696)c:\windows\system32\TS_LogonListener.dll- - - - - - - > 'explorer.exe'(1868)c:\windows\system32\nview.dllc:\windows\system32\NVWRSPL.DLLc:\windows\system32\msi.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Czas ukończenia: 2009-04-27 18:29ComboFix-quarantined-files.txt  2009-04-27 16:29ComboFix2.txt  2009-04-27 14:32Przed: 26 494 205 952 bajtów wolnychPo: 26 478 514 176 bajtów wolnychCurrent=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4330	--- E O F ---	2009-04-26 12:24
Gość
komentarz
komentarz

Wg mnie - w porządku.

Do Notantika wklej:

Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{264b7505-2c1f-11de-8747-000e50c76529}][-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdk31][-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsSdkLBF]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG>>>

plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru).

Zrestartuj komputer.

Start>>>Uruchom>>>cmd>>>Wklep to:

SC DELETE ulsata2

ENTER.

Przeskanuj tym: Dr.WEB CureIt!.

.

beedu
komentarz
komentarz

Skanowałem ostatnio curem, zaznaczam wszystkie infekcje->usuń->auto reset tak ma być?

Gość
komentarz
komentarz

Tak....

.

beedu
komentarz
komentarz (edytowane)

W takim razie zrobie scana combofixem,mbam i curem potem wrzuce logi.

EDIT: To jednak nie jest normalne, zaznaczam wszystkie do usunięcia->pojawia się okienko tak,nie i coś tam jeszcze na jakąś sekunde->restart,nawet nie da się nic zaznaczyć(podobnie było z kasprem online,pisałem już o tym).

Daje loga po skanowaniu:

Log po skanowaniu

Gość
komentarz
komentarz

Ja bym na Twoim miejscu sformatował dysk.

.

beedu
komentarz
komentarz (edytowane)

Temat do zamknięcia razem z tym podanym w linku wyżej.

Dzieki za pomoc

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.