pablxox utworzono 4 maja 2009 utworzono 4 maja 2009 Oto mój log Dzięki za sprawdzenie ComboFix 09-05-03.6 - _~PaBlOooO~_ 2009-05-04 18:58.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1279.771 [GMT 2:00]Uruchomiony z: c:\documents and settings\_~PaBlOooO~_\Pulpit\ComboFix.exeAV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).H:\Autorun.inf.((((((((((((((((((((((((( Pliki utworzone od 2009-04-04 do 2009-05-04 ))))))))))))))))))))))))))))))).2009-05-04 16:44 . 2009-05-04 16:46 319 ----a-w C:\drmHeader.bin2009-05-01 12:57 . 2009-05-01 13:50 -------- d-----w c:\windows\system32\Adobe2009-04-17 19:43 . 2009-04-17 19:43 -------- d-----w c:\windows\speech2009-04-16 20:11 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe2009-04-16 20:11 . 2009-03-06 14:22 285696 -c----w c:\windows\system32\dllcache\pdh.dll2009-04-16 20:11 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe2009-04-16 20:11 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll2009-04-16 20:11 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll2009-04-16 20:11 . 2009-02-09 10:53 686592 -c----w c:\windows\system32\dllcache\advapi32.dll2009-04-16 20:11 . 2009-02-09 10:53 731136 -c----w c:\windows\system32\dllcache\lsasrv.dll2009-04-16 20:11 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll2009-04-16 20:11 . 2009-02-09 10:53 722944 -c----w c:\windows\system32\dllcache\ntdll.dll2009-04-16 20:11 . 2008-04-21 21:16 218112 -c----w c:\windows\system32\dllcache\wordpad.exe2009-04-06 20:38 . 2009-04-06 20:38 -------- d-----w c:\program files\AC3Filter.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-04 16:45 . 2008-03-14 00:30 -------- d-----w c:\program files\DC++2009-04-23 13:24 . 2008-11-02 21:35 -------- d-----w c:\program files\Nowe Gadu-Gadu2009-04-19 17:32 . 2006-03-02 12:00 76208 ----a-w c:\windows\system32\perfc015.dat2009-04-19 17:32 . 2006-03-02 12:00 454178 ----a-w c:\windows\system32\perfh015.dat2009-04-15 20:32 . 2008-05-18 19:37 -------- d-----w c:\program files\Ganymede2009-03-31 07:26 . 2009-04-01 19:26 44 ---h--w c:\program files\94045cd2.tmp2009-03-25 19:26 . 2009-04-14 18:38 328334 ----a-w c:\windows\system32\ff_kernelDeint.dll2009-03-12 19:31 . 2008-03-13 23:02 -------- d--h--w c:\program files\Creative Installation Information2009-03-12 19:30 . 2008-03-13 23:01 -------- d-----w c:\program files\Creative2009-03-12 19:29 . 2008-03-13 22:53 -------- d--h--w c:\program files\InstallShield Installation Information2009-03-06 14:22 . 2006-03-02 12:00 285696 ----a-w c:\windows\system32\pdh.dll2009-03-03 00:10 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll2009-03-02 15:19 . 2009-04-14 18:38 183296 ----a-w c:\windows\system32\ff_samplerate.dll2009-03-02 15:19 . 2009-04-14 18:38 178688 ----a-w c:\windows\system32\ff_libmad.dll2009-03-02 15:19 . 2009-04-14 18:38 113152 ----a-w c:\windows\system32\ff_unrar.dll2009-03-02 15:18 . 2009-04-14 18:38 146944 ----a-w c:\windows\system32\ff_tremor.dll2009-03-02 15:18 . 2009-04-14 18:38 257024 ----a-w c:\windows\system32\ff_libdts.dll2009-03-02 15:18 . 2009-04-14 18:38 142848 ----a-w c:\windows\system32\ff_liba52.dll2009-03-02 15:18 . 2009-04-14 18:38 486400 ----a-w c:\windows\system32\ff_libfaad2.dll2009-02-20 17:13 . 2006-03-02 12:00 78336 ----a-w c:\windows\system32\ieencode.dll2009-02-11 09:19 . 2009-01-11 21:12 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys2009-02-11 09:19 . 2009-01-11 21:12 15504 ----a-w c:\windows\system32\drivers\mbam.sys2009-02-09 14:07 . 2006-03-02 12:00 1847040 ----a-w c:\windows\system32\win32k.sys2009-02-09 11:26 . 2004-08-04 00:39 2025472 ----a-w c:\windows\system32\ntkrnlpa.exe2009-02-09 11:26 . 2006-03-02 12:00 2146816 ----a-w c:\windows\system32\ntoskrnl.exe2009-02-09 11:25 . 2006-03-02 12:00 111104 ----a-w c:\windows\system32\services.exe2009-02-09 10:53 . 2006-03-02 12:00 731136 ----a-w c:\windows\system32\lsasrv.dll2009-02-09 10:53 . 2006-03-02 12:00 686592 ----a-w c:\windows\system32\advapi32.dll2009-02-09 10:53 . 2006-03-02 12:00 401408 ----a-w c:\windows\system32\rpcss.dll2009-02-09 10:53 . 2006-03-02 12:00 722944 ----a-w c:\windows\system32\ntdll.dll2009-02-06 10:39 . 2006-03-02 12:00 35328 ----a-w c:\windows\system32\sc.exe2009-02-03 19:58 . 2006-03-02 12:00 56832 ----a-w c:\windows\system32\secur32.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"Creative Detector"="c:\program files\Creative\MediaSource5\Detector\CTDetect.exe" [2004-12-02 102400][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"V0220Mon.exe"="c:\windows\V0220Mon.exe" [2006-06-28 32768]"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]"avgnt"="d:\programy\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk - d:\programy\mouse\SetPoint\SetPoint.exe [2009-2-18 809488][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2008-11-07 15:41 72208 ----a-w c:\program files\common files\logishrd\bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKLM\~\startupfolder\C:^Documents and Settings^_~PaBlOooO~_^Menu Start^Programy^Autostart^TransBar.lnk]path=c:\documents and settings\_~PaBlOooO~_\Menu Start\Programy\Autostart\TransBar.lnkbackup=c:\windows\pss\TransBar.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^_~PaBlOooO~_^Menu Start^Programy^Autostart^UberIcon.lnk]path=c:\documents and settings\_~PaBlOooO~_\Menu Start\Programy\Autostart\UberIcon.lnkbackup=c:\windows\pss\UberIcon.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"ATI Smart"=2 (0x2)"Ati HotKey Poller"=2 (0x2)"TapiSrv"=3 (0x3)"NBService"=3 (0x3)"BthServ"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\PROGRAMY\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\DC++\\DCPlusPlus.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="h:\\NBA 06\\nbalive06.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-05-14 13352]R4 AutoSyncService;Memeo AutoSync;c:\program files\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768]S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2008-09-26 10384]S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\DRIVERS\V0220Dev.sys [2006-06-29 146112]S3 V0220Vfx;V0220Vfx;c:\windows\system32\DRIVERS\V0220Vfx.sys [2006-06-08 6272][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]\Shell\AutoRun\command - setup.exe.- - - - USUNIĘTO PUSTE WPISY - - - -HKU-Default-Run-Picasa Media Detector - c:\documents and settings\_~PaBlOooO~_\Pulpit\Picasa2\PicasaMediaDetector.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.o2.pl/uInternet Connection Wizard,ShellNext = iexploreIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: {{84536FE2-ABCD-3586-DCAB-40E286323737} - c:\program files\WINnerTweak3\PopUp Blocker.exeDPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\documents and settings\_~PaBlOooO~_\Dane aplikacji\Mozilla\Firefox\Profiles\nrjhar0t.default\FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/FF - plugin: c:\program files\Opera\program\plugins\npganymedenet.dllFF - plugin: c:\program files\Opera\program\plugins\nppl3260.dllFF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dllFF - plugin: d:\programy\mozilla\plugins\NPCARDS.dllFF - plugin: d:\programy\mozilla\plugins\npganymedenet.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-04 19:00Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1801674531-884357618-2147161785-1004\Software\SecuROM\License information*]"datasecu"=hex:f0,2c,ae,2e,c1,52,37,a1,37,80,a0,25,3e,7b,a4,ce,20,89,f3,81,78, 09,2e,bc,92,42,81,5d,53,71,e5,70,6f,b0,56,fa,8d,d8,11,d5,e9,a3,92,3f,93,11,\"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(572)c:\windows\system32\Ati2evxx.dllc:\program files\common files\logishrd\bluetooth\LBTWlgn.dllc:\program files\common files\logishrd\bluetooth\LBTServ.dll.Czas ukończenia: 2009-05-04 19:01ComboFix-quarantined-files.txt 2009-05-04 17:01Przed: 432 533 504 bajtów wolnychPo: 675 835 904 bajtów wolnychWindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect169 --- E O F --- 2009-04-19 17:35
Gość komentarz 4 maja 2009 komentarz 4 maja 2009 Log jest czysty. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.