yomisiekyo utworzono 24 maja 2009 utworzono 24 maja 2009 ComboFix 09-05-23.04 - Michał 2009-05-24 12:21.3 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1577 [GMT 2:00]Uruchomiony z: c:\documents and settings\Michał.OEM-00DF11F45B7\Pulpit\ComboFix.exeAV: Ashampoo AntiVirus *On-access scanning disabled* (Outdated) {87430BA8-187A-42D6-A8FE-8E00DF291089} * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\AVSredirect.dll.((((((((((((((((((((((((( Pliki utworzone od 2009-04-24 do 2009-05-24 ))))))))))))))))))))))))))))))).Nie utworzono żadnych nowych plików w tym okresie.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-24 10:19 . 2008-07-07 16:55 0 ----a-w C:\log.tmp2009-05-13 18:06 . 2008-04-10 11:20 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help2009-05-09 07:02 . 2009-05-09 07:02 -------- d-----w c:\program files\Winamp Toolbar2009-05-09 07:02 . 2009-05-09 07:02 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar2009-05-03 11:16 . 2002-12-31 12:00 74450 ----a-w c:\windows\system32\perfc015.dat2009-05-03 11:16 . 2002-12-31 12:00 448348 ----a-w c:\windows\system32\perfh015.dat2009-04-23 17:05 . 2008-11-22 19:28 -------- d-----w c:\program files\Opiekun2009-04-08 14:23 . 2009-04-08 14:23 716272 ----a-w c:\windows\system32\drivers\sptd.sys2009-03-21 10:58 . 2009-01-22 14:28 138184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys2009-03-21 10:58 . 2009-01-22 14:27 183112 ----a-w c:\windows\system32\PnkBstrB.exe2009-03-11 08:03 . 2008-08-25 12:46 98304 ----a-w c:\windows\system32\CmdLineExt.dll2009-03-06 14:22 . 2002-12-31 12:00 285696 ----a-w c:\windows\system32\pdh.dll2006-05-03 10:06 . 2009-03-20 14:20 163328 --sh--r c:\windows\system32\flvDX.dll2007-02-21 11:47 . 2009-03-20 14:20 31232 --sh--r c:\windows\system32\msfDX.dll2008-03-16 13:30 . 2009-03-20 14:20 216064 --sh--r c:\windows\system32\nbDX.dll2008-07-07 17:12 . 2008-07-05 17:44 1967648 --sha-w c:\windows\system32\drivers\fidbox.dat2008-07-07 17:12 . 2008-07-05 17:44 26656 --sha-w c:\windows\system32\drivers\fidbox2.dat.((((((((((((((((((((((((((((( SnapShot@2009-04-25_18.55.59 ))))))))))))))))))))))))))))))))))))))))).+ 2009-05-24 10:07 . 2009-05-24 10:07 16384 c:\windows\Temp\Perflib_Perfdata_744.dat+ 2009-05-09 07:02 . 2008-08-20 17:59 96752 c:\windows\system32\vxblock.dll+ 2009-05-09 07:02 . 2008-08-20 17:58 66032 c:\windows\system32\pxinsa64.exe+ 2009-05-09 07:02 . 2008-08-20 17:58 72176 c:\windows\system32\pxhpinst.exe+ 2009-05-09 07:02 . 2008-08-20 17:58 66544 c:\windows\system32\pxcpya64.exe- 2002-12-31 12:00 . 2009-02-20 16:34 58732 c:\windows\system32\perfc009.dat+ 2002-12-31 12:00 . 2009-05-03 11:16 58732 c:\windows\system32\perfc009.dat+ 2009-05-09 07:02 . 2008-08-20 17:58 44944 c:\windows\system32\drivers\PxHelp20.sys+ 2008-04-10 11:22 . 2009-05-13 18:06 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe- 2008-04-10 11:22 . 2009-04-16 18:02 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe+ 2008-04-10 11:22 . 2009-05-13 18:06 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe- 2008-04-10 11:22 . 2009-04-16 18:02 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe+ 2008-04-10 11:22 . 2009-05-13 18:06 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe- 2008-04-10 11:22 . 2009-04-16 18:02 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe+ 2009-05-04 16:25 . 1998-05-12 18:36 5632 c:\windows\system32\pndx5032.dll+ 2009-05-04 16:25 . 1998-03-26 02:57 6656 c:\windows\system32\pndx5016.dll+ 2009-05-09 07:02 . 2008-08-20 17:58 9200 c:\windows\system32\drivers\cdralw2k.sys+ 2009-05-09 07:02 . 2008-08-20 17:58 9072 c:\windows\system32\drivers\cdr4_xp.sys+ 2009-05-04 16:25 . 2008-09-10 19:56 185920 c:\windows\system32\rmoc3260.dll+ 2009-05-09 07:02 . 2008-08-20 17:59 436720 c:\windows\system32\pxwave.dll+ 2009-05-09 07:02 . 2008-08-20 17:58 219632 c:\windows\system32\pxmas.dll+ 2009-05-09 07:02 . 2008-08-20 17:58 551408 c:\windows\system32\pxdrv.dll+ 2009-05-09 07:02 . 2008-08-20 17:58 129520 c:\windows\system32\pxafs.dll+ 2009-05-09 07:02 . 2008-08-20 17:58 670192 c:\windows\system32\px.dll+ 2009-05-04 16:25 . 2001-06-22 23:31 278528 c:\windows\system32\pncrt.dll+ 2002-12-31 12:00 . 2009-05-03 11:16 392432 c:\windows\system32\perfh009.dat- 2002-12-31 12:00 . 2009-02-20 16:34 392432 c:\windows\system32\perfh009.dat+ 2008-04-10 11:22 . 2009-05-13 18:06 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe- 2008-04-10 11:22 . 2009-04-16 18:02 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe- 2008-04-10 11:22 . 2009-04-16 18:02 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe+ 2008-04-10 11:22 . 2009-05-13 18:06 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe- 2008-04-10 11:22 . 2009-04-16 18:02 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe+ 2008-04-10 11:22 . 2009-05-13 18:06 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe- 2008-04-10 11:22 . 2009-04-16 18:02 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe+ 2008-04-10 11:22 . 2009-05-13 18:06 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe+ 2009-05-09 07:02 . 2008-08-20 17:58 1858032 c:\windows\system32\pxsfs.dll- 2008-04-10 11:22 . 2009-04-16 18:02 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe+ 2008-04-10 11:22 . 2009-05-13 18:06 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe+ 2008-06-21 19:44 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-09-07 94208]"WinampAgent"="d:\program files\Winamp\winampa.exe" [2009-04-10 37888]c:\documents and settings\All Users\Menu Start\Programy\Autostart\GuardGui.lnk - d:\program files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe [2008-7-7 669008]Logitech Desktop Messenger.lnk - d:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-6-19 67128]Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-20 805392][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]2008-05-02 00:42 72208 ----a-w c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]@=""[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="c:\\Program Files\\SimpleCenter\\Home Media Server.exe"="c:\\WINDOWS\\system32\\usmt\\migwiz.exe"="d:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"="d:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"="d:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="d:\\Left4Dead\\hl2.exe"="c:\\WINDOWS\\system32\\mmc.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="d:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="d:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="d:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="d:\\Program Files\\Counter-Strike 1.6\\hl.exe"="d:\\Program Files\\Counter-Strike 1.6\\hlds.exe"="d:\\Program Files\\EA SPORTS\\F-1 Mania 2008\\F1 Challenge 2008.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR2 avGuard;avGuard Service;d:\program files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe [2008-07-07 566608]R2 OpSrv;Opiekun;c:\windows\system32\OpSrv.exe [2008-11-22 816128]R3 AshAvScan;AshAvScan;c:\windows\system32\drivers\AshAvScan.sys [2008-07-07 9344]R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-07-17 4096]S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2008-06-17 16269].Zawartość folderu 'Zaplanowane zadania'2009-05-24 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20].- - - - USUNIĘTO PUSTE WPISY - - - -SafeBoot-procexp90.Sys.------- Skan uzupełniający -------.uStart Page = hxxp://www.daemon-search.com/startpageuInternet Connection Wizard,ShellNext = hxxp://google.pl/IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlIE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htmIE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllFF - ProfilePath - c:\documents and settings\Michał.OEM-00DF11F45B7\Dane aplikacji\Mozilla\Firefox\Profiles\o90c0nno.default\FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - onet.plFF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=FF - component: c:\documents and settings\Michał.OEM-00DF11F45B7\Dane aplikacji\Mozilla\Firefox\Profiles\o90c0nno.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dllFF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dllFF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dllFF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: d:\program files\Mozilla Firefox\plugins\NPBILLARDT.dllFF - plugin: d:\program files\Mozilla Firefox\plugins\npCortona.dllFF - plugin: d:\program files\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: d:\program files\Mozilla Firefox\plugins\NPSNOOKER.dllFF - plugin: d:\program files\Real Alternative\browser\plugins\nppl3260.dllFF - plugin: d:\program files\Real Alternative\browser\plugins\nprpjplug.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-24 12:22Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OpSrv]"ImagePath"="c:\windows\system32\opsrv.exe /startedbyscm:BB66DA22-40E2A281-OpiekunService".--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1135098389-249725642-3923926417-1009\Software\SecuROM\License information*]"datasecu"=hex:97,7a,c6,4d,07,73,d4,4d,fa,5f,f3,5e,7a,79,bc,d6,36,38,aa,81,0c, 89,5c,11,fc,35,f1,ca,3e,cc,fd,5f,3a,46,9a,6f,47,1e,c6,0a,43,a5,74,ec,63,63,\"rkeysecu"=hex:b2,50,d5,99,02,97,9c,b1,b2,de,fe,22,dd,28,07,95.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(872)c:\program files\common files\logitech\bluetooth\LBTWlgn.dllc:\program files\common files\logitech\bluetooth\LBTServ.dll.Czas ukończenia: 2009-05-24 12:22ComboFix-quarantined-files.txt 2009-05-24 10:22ComboFix2.txt 2009-04-25 18:56ComboFix3.txt 2009-03-06 08:02Przed: 17 858 314 240 bajtów wolnychPo: 17 896 693 760 bajtów wolnych201 --- E O F --- 2009-05-13 18:06
Gość komentarz 24 maja 2009 komentarz 24 maja 2009 Użyj programu Malwarebytes' Anti-Malware i daj z niego raport. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.