cezarpiotr utworzono 10 lipca 2009 utworzono 10 lipca 2009 (edytowane) Oto on: ComboFix 09-07-09.08 - cezarpiotr 2009-07-10 14:25.1.2 - NTFSx86Microsoft? Windows Vista? Home Premium 6.0.6001.1.1250.48.1045.18.3070.2060 [GMT 2:00]Uruchomiony z: c:\users\cezarpiotr\Desktop\ComboFix.exeAV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\$recycle.bin\S-1-5-21-1182786750-1517702924-562719952-500c:\$recycle.bin\S-1-5-21-3436689332-3668058748-298049157-500c:\windows\Installer\81077.msic:\windows\PGMONITOR.EXEc:\windows\system32\acovcnt.exec:\windows\system32\setup.ini.((((((((((((((((((((((((( Pliki utworzone od 2009-06-10 do 2009-07-10 ))))))))))))))))))))))))))))))).2009-07-10 12:28 . 2009-07-10 12:29 -------- d-----w- c:\users\cezarpiotr\AppData\Local\temp2009-06-27 07:55 . 2009-06-27 07:55 -------- d-----w- c:\windows\Options2009-06-25 11:51 . 2007-12-06 16:12 196400 ----a-w- c:\windows\system32\drivers\SynTP.sys2009-06-25 11:51 . 2007-12-06 16:12 110592 ----a-w- c:\windows\system32\SynTPCo4.dll2009-06-25 11:51 . 2007-12-06 15:20 147456 ----a-w- c:\windows\system32\SynTPAPI.dll2009-06-25 11:51 . 2007-12-06 15:09 196608 ----a-w- c:\windows\system32\SynCtrl.dll2009-06-25 11:51 . 2007-12-06 15:08 163840 ----a-w- c:\windows\system32\SynCOM.dll2009-06-25 11:51 . 2006-03-09 07:58 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll2009-06-22 09:23 . 2009-06-22 09:23 -------- d-----w- c:\users\cezarpiotr\AppData\Local\Ascaron Entertainment2009-06-22 09:20 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll2009-06-22 09:20 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll2009-06-22 09:20 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll2009-06-22 09:20 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll2009-06-13 16:40 . 2008-05-30 12:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll2009-06-13 16:38 . 2009-06-13 16:38 22328 ----a-w- c:\users\cezarpiotr\AppData\Roaming\PnkBstrK.sys2009-06-12 09:28 . 2009-07-09 18:39 -------- d-----w- c:\users\cezarpiotr\AppData\Local\Corel2009-06-12 09:28 . 2009-07-09 14:37 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys2009-06-12 09:28 . 2009-07-09 14:37 88 --sh--r- c:\windows\system32\290071F6DD.sys2009-06-12 09:28 . 2009-06-12 09:28 -------- d-----w- c:\users\cezarpiotr\AppData\Roaming\Corel2009-06-12 09:28 . 2009-06-12 09:28 -------- d-----w- c:\programdata\Corel2009-06-12 09:26 . 2009-06-12 09:27 -------- d-----w- c:\program files\Common Files\Corel.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-10 11:13 . 2009-07-02 17:27 12 ----a-w- c:\windows\bthservsdp.dat2009-07-10 11:11 . 2009-07-10 11:11 -------- d-----w- c:\program files\ESET2009-07-10 08:30 . 2009-07-09 17:04 -------- d-----w- c:\program files\temp2009-07-10 07:22 . 2009-06-20 10:02 680 ----a-w- c:\users\cezarpiotr\AppData\Local\d3d9caps.dat2009-07-09 18:42 . 2008-04-18 00:01 665404 ----a-w- c:\windows\system32\perfh015.dat2009-07-09 18:42 . 2008-04-18 00:01 128164 ----a-w- c:\windows\system32\perfc015.dat2009-07-09 18:28 . 2009-05-25 15:35 -------- d-----w- c:\users\cezarpiotr\AppData\Roaming\uTorrent2009-07-09 14:42 . 2009-07-09 13:20 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files2009-07-09 14:25 . 2009-07-09 14:21 2988 ----a-w- c:\windows\desctemp.dat2009-07-02 17:50 . 2009-07-02 17:48 -------- d-----w- c:\programdata\Bluetooth2009-07-02 17:45 . 2009-07-02 17:45 -------- d-----w- c:\program files\IVT Corporation2009-06-30 09:44 . 2009-05-22 23:47 -------- d--h--w- c:\program files\InstallShield Installation Information2009-06-30 09:42 . 2009-05-22 17:32 -------- d-----w- c:\program files\CyberLink2009-06-26 09:36 . 2009-05-23 00:34 -------- d-----w- c:\program files\Common Files\Adobe2009-06-24 18:45 . 2009-05-23 15:07 -------- d-----w- c:\users\cezarpiotr\AppData\Roaming\HP2009-06-24 18:45 . 2009-05-23 14:51 -------- d-----w- c:\programdata\HP2009-06-24 11:18 . 2009-05-22 17:14 99864 ----a-w- c:\users\cezarpiotr\AppData\Local\GDIPFONTCACHEV1.DAT2009-06-22 09:20 . 2009-06-13 16:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll2009-06-22 09:19 . 2009-06-22 09:19 413696 ----a-w- c:\windows\system32\wrap_oal.dll2009-06-22 09:19 . 2009-06-22 09:19 110592 ----a-w- c:\windows\system32\OpenAL32.dll2009-06-19 17:16 . 2009-06-19 17:13 -------- d-----w- c:\users\cezarpiotr\AppData\Roaming\Mount&Blade2009-06-13 16:42 . 2009-06-13 16:42 -------- d--h--r- c:\users\cezarpiotr\AppData\Roaming\SecuROM2009-06-10 13:57 . 2009-05-23 10:05 -------- d-----w- c:\programdata\Microsoft Help2009-06-08 16:51 . 2009-05-23 10:52 -------- d-----w- c:\users\cezarpiotr\AppData\Roaming\Winamp2009-06-08 16:51 . 2009-05-23 00:23 -------- d-----w- c:\programdata\P4G2009-06-08 15:38 . 2009-05-22 23:58 -------- d-----w- c:\program files\Common Files\InstallShield2009-06-08 13:38 . 2009-05-23 15:37 -------- d-----w- c:\programdata\OpenFM2009-06-04 14:09 . 2009-06-04 14:09 -------- d-----w- c:\program files\BearShare Applications2009-05-30 20:22 . 2009-05-23 00:22 -------- d-----w- c:\programdata\ASUS2009-05-28 10:24 . 2009-05-22 21:17 -------- d-----w- c:\program files\Gadu-Gadu2009-05-28 09:23 . 2009-05-28 09:23 42088 ----a-w- c:\users\cezarpiotr\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll2009-05-27 19:24 . 2009-05-27 19:24 -------- d-----w- c:\program files\VistaCodecPack2009-05-27 19:24 . 2009-05-27 19:24 -------- d-----w- c:\programdata\VistaCodecs2009-05-26 14:42 . 2009-05-22 17:34 -------- d-----w- c:\programdata\CyberLink2009-05-25 15:44 . 2009-05-25 15:44 -------- d-----w- c:\program files\NAPI-PROJEKT2009-05-25 14:09 . 2009-05-25 13:19 -------- d-----w- c:\users\cezarpiotr\AppData\Roaming\DAEMON Tools Lite2009-05-25 13:28 . 2009-05-25 13:28 -------- d-----w- c:\programdata\DAEMON Tools Lite2009-05-25 13:28 . 2009-05-25 13:28 -------- d-----w- c:\program files\DAEMON Tools Toolbar2009-05-25 13:19 . 2009-05-25 13:19 721904 ----a-w- c:\windows\system32\drivers\sptd.sys2009-05-24 19:30 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat2009-05-24 16:53 . 2009-05-24 16:53 -------- d-----w- c:\program files\MSXML 4.02009-05-24 16:26 . 2009-05-24 16:26 410984 ----a-w- c:\windows\system32\deploytk.dll2009-05-24 16:26 . 2009-05-24 16:26 -------- d-----w- c:\program files\Java2009-05-23 15:36 . 2009-05-23 15:36 -------- d-----w- c:\users\cezarpiotr\AppData\Roaming\OpenFM2009-05-23 15:07 . 2009-05-23 15:07 -------- d-----w- c:\programdata\WEBREG2009-05-23 15:06 . 2009-05-23 14:51 178218 ----a-w- c:\windows\hpoins28.dat2009-05-23 15:05 . 2009-05-23 15:05 -------- d-----w- c:\programdata\Hewlett-Packard2009-05-23 15:02 . 2009-05-23 14:54 -------- d-----w- c:\program files\HP2009-05-23 14:59 . 2009-05-23 14:59 -------- d-----w- c:\programdata\HP Product Assistant2009-05-23 14:58 . 2009-05-23 14:58 -------- d-----w- c:\program files\Common Files\HP2009-05-23 14:58 . 2009-05-23 14:58 -------- d-----w- c:\program files\Hewlett-Packard2009-05-23 14:57 . 2009-05-23 14:57 -------- d-----w- c:\program files\Common Files\Hewlett-Packard2009-05-23 14:50 . 2009-05-23 00:12 -------- d-----w- c:\program files\ASUS2009-05-23 10:52 . 2009-05-23 10:52 -------- d-----w- c:\program files\Winamp2009-05-23 10:52 . 2009-05-23 10:52 -------- d-----w- c:\program files\Common Files\PX Storage Engine2009-05-23 10:10 . 2009-05-23 10:10 -------- d-----w- c:\program files\Microsoft Works2009-05-23 10:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild2009-05-23 10:08 . 2009-05-23 10:08 -------- d-----w- c:\program files\Microsoft.NET2009-05-23 10:06 . 2009-05-23 10:06 -------- d-----w- c:\program files\Microsoft Visual Studio 82009-05-23 00:41 . 2009-05-23 00:41 0 ----a-w- c:\windows\system32\drivers\1043_ASUSTeK_F5SR.alu2009-05-23 00:25 . 2009-05-23 00:25 33136 ----a-w- c:\windows\ASScrPro.exe2009-05-23 00:25 . 2009-05-23 00:25 4814371 ----a-w- c:\windows\ASUS Camera ScreenSaver.exe2009-05-23 00:25 . 2009-05-23 00:25 47672 ----a-w- c:\windows\AsScrProlog.exe2009-05-23 00:25 . 2009-05-23 00:25 281144 ----a-w- c:\windows\ASUS Camera ScreenSaver Uninstaller.exe2009-05-23 00:25 . 2009-05-23 00:25 520192 ----a-w- c:\windows\system32\Asus_Camera_ScreenSaver.scr2009-05-23 00:23 . 2009-05-23 00:23 -------- d-----w- c:\program files\P4G2009-05-23 00:17 . 2009-05-23 00:17 -------- d-----w- c:\program files\ATKGFNEX2009-05-23 00:16 . 2009-05-23 00:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf2009-05-23 00:15 . 2009-05-23 00:15 -------- d-----w- c:\program files\Synaptics2009-05-23 00:09 . 2009-05-23 00:09 -------- d-----w- c:\program files\Atheros2009-05-23 00:09 . 2009-05-23 00:09 -------- d-----w- c:\program files\Cisco2009-05-23 00:09 . 2009-05-23 00:09 -------- d-----w- c:\programdata\Atheros2009-05-22 23:58 . 2009-05-22 23:58 319456 ----a-w- c:\windows\DIFxAPI.dll2009-05-22 23:58 . 2009-05-22 23:58 -------- d-----w- c:\program files\Realtek2009-05-22 23:58 . 2009-05-22 23:58 315392 ----a-w- c:\windows\HideWin.exe2009-05-22 23:48 . 2009-05-22 23:48 -------- d-----w- c:\program files\ATKOSD22009-05-22 23:47 . 2009-05-22 23:47 -------- d-----w- c:\program files\ATK Hotkey2009-05-22 23:44 . 2009-05-22 23:44 0 ----a-w- c:\windows\ativpsrm.bin2009-05-22 23:41 . 2009-05-22 23:41 -------- d-----w- c:\programdata\ATI2009-05-22 23:40 . 2009-05-22 23:40 -------- d-----w- c:\program files\ATK2009-05-22 23:30 . 2009-05-22 23:29 -------- d-----w- c:\program files\ATI Technologies2009-05-22 23:29 . 2009-05-22 23:29 -------- d-----w- c:\program files\ATI2009-05-22 21:20 . 2009-05-22 21:17 -------- d-----w- c:\users\cezarpiotr\AppData\Roaming\Nowe Gadu-Gadu2009-05-22 20:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail2009-05-22 19:15 . 2009-05-22 19:15 -------- d-----w- c:\users\cezarpiotr\AppData\Roaming\CyberLink2009-05-22 17:33 . 2009-05-22 17:33 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe2009-05-22 17:33 . 2009-05-22 17:33 -------- d-----w- c:\program files\Common Files\LightScribe2009-05-22 17:31 . 2009-05-22 17:32 53319 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe2009-05-22 17:28 . 2009-05-22 17:28 -------- d-----w- c:\program files\ZTE ZXDSL 8522009-05-22 17:23 . 2009-05-22 23:49 -------- d-----w- c:\program files\Common Files\Symantec Shared2009-05-22 17:22 . 2009-05-22 23:49 -------- d-----w- c:\program files\Symantec2009-05-22 17:22 . 2009-05-22 23:49 -------- d-----w- c:\programdata\Symantec2009-05-22 17:16 . 2009-05-22 17:16 -------- d-----w- c:\users\cezarpiotr\AppData\Roaming\ATI2009-05-22 17:16 . 2009-05-22 17:16 -------- d-----w- c:\users\cezarpiotr\AppData\Roaming\Symantec2009-05-02 18:20 . 2009-05-02 18:20 85504 ----a-w- c:\windows\system32\ff_vfw.dll2009-05-02 18:20 . 2009-05-02 18:20 60273 ----a-w- c:\windows\system32\pthreadGC2.dll2009-04-30 12:37 . 2009-06-14 09:14 293376 ----a-w- c:\windows\system32\psisdecd.dll2009-04-30 12:37 . 2009-06-14 09:14 428544 ----a-w- c:\windows\system32\EncDec.dll2009-04-24 16:05 . 2009-06-10 12:21 827904 ----a-w- c:\windows\system32\wininet.dll2009-04-24 16:02 . 2009-06-10 12:21 78336 ----a-w- c:\windows\system32\ieencode.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-05-23 47672]"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-05-23 33136]"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-24 148888]"Corel File Shell Monitor"="d:\program filest\Corel Paint ShopPro\CorelIOMonitor.exe" [2008-01-15 16200]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-07 4853760]"AdslTaskBar"="stmctrl.dll" - c:\windows\System32\stmctrl.dll [2007-03-21 167936][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"TCP Query User{92690226-4C6F-4052-85EA-4B8F828EFF4F}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Nowe Gadu-Gadu"UDP Query User{F77DB33F-3CC1-4287-83E1-99FD3C11A78C}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Nowe Gadu-Gadu"{1270573F-8984-46DE-89CB-35695FDC3A75}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{C3567E3D-7A71-461F-9C6A-DE3A2F323954}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{784FEDE9-7BF7-4771-954B-3400BA3BB226}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{BB9ACF6C-0B25-46DC-A342-197FA1891A15}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{21178EAF-73AB-4FAE-A9BD-7E7D02DD6D6F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{D19A8D7A-C455-4835-AE60-A798FB91D6B7}"= UDP:c:\program files\Winamp\winamp.exe:Winamp"{06928C0B-5828-4339-9E3A-29D45D75F729}"= TCP:c:\program files\Winamp\winamp.exe:Winamp"{6AD86B09-5B2B-4943-A6AF-8D78B85A7E0E}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe"{2D7DC88B-BC18-470B-8EAF-F49531F3FB01}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe"{CD497C33-9608-4F44-AEA6-57822D9AF5AA}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe"{4A02F306-C59C-441C-A0D6-956CE0A06288}"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe"{6224A899-3DDB-4A21-BCDD-FD5AFB241F4F}"= c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe"{2CD42BE9-B753-4216-B117-A3A371AD7396}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe"{EB1D5F57-89DB-4E47-BEAD-A523BFD5860D}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe"{0CEC5693-9139-4C52-B55D-2EB6D5A37CDE}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe"{BD668F5D-F1F2-4690-B0AD-FC9C73A2ABAD}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe"{B3D00879-4751-48D2-8D81-FAAF381C8B0C}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe"{4CD6BBE1-FF6C-443C-9CC7-189EC2E05C3F}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe"{57C45CA8-A5EF-4658-8627-D6ACC0DBF1A0}"= UDP:d:\program filest\uTorrent.exe:?Torrent (TCP-In)"{4B17E1A1-78E9-4CE3-B358-3CD9650984DE}"= TCP:d:\program filest\uTorrent.exe:?Torrent (UDP-In)"TCP Query User{6F2E8C3B-004A-4843-8B1C-FAA91396FDD9}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare"UDP Query User{EF0AD38C-48D7-4D07-99B3-1284FFD16029}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare"{0CF6497D-6971-4115-9BEB-884ADAD7B239}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA"{D5850A7E-A245-4368-8DDA-307BD0515871}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA"{B32C2C0A-743F-48D2-AE8E-D6049C005E3F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB"{77B68B01-7C86-448C-8918-9ED0936F9BF7}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB"TCP Query User{35C7D68F-3BD3-4DA9-BAD8-ADA336BD40CF}d:\\gry\\counter-strike 1.6\\hl.exe"= UDP:d:\gry\counter-strike 1.6\hl.exe:Half-Life Launcher"UDP Query User{CC77C9D2-2881-431E-A4D0-696AA33BBD1A}d:\\gry\\counter-strike 1.6\\hl.exe"= TCP:d:\gry\counter-strike 1.6\hl.exe:Half-Life Launcher"TCP Query User{84C4701E-680D-4C3D-BCEA-2879A81FE5AD}c:\\users\\cezarpiotr\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\cezarpiotr\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe"UDP Query User{FE5A9291-B546-4170-9413-A889BC9925BC}c:\\users\\cezarpiotr\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:c:\users\cezarpiotr\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe"{00A9BE5A-13FD-48CE-8715-3C2EBDE4D069}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:BlueSoleil"{5BBC6D7D-D9DF-4806-848E-BD4C8E9006C2}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil_.exe:BlueSoleil"TCP Query User{E03ACB9E-0648-498A-A973-5E4AA77104BA}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java Platform SE binary"UDP Query User{AD8F86FD-B284-4E36-9EBE-05792353AE5D}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java Platform SE binary[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]"EnableFirewall"= 0 (0x0)R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-07-01 468224]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2009-05-23 47616]R3 Stmatm;ATM/ADSL miniport;c:\windows\System32\drivers\stmatm.sys [2009-05-22 60533]R3 TaurusUsb;ADSL Modem USB Service;c:\windows\System32\drivers\torususb.sys [2009-05-22 688864]S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [2006-11-02 9216]S3 w900bus;Sony Ericsson 900i driver (WDM);c:\windows\System32\drivers\w900bus.sys [2009-06-08 58256][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcbthsvcs REG_MULTI_SZ BthServ[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"c:\program files\Common Files\LightScribe\LSRunOnce.exe".- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-EPSoft - c:\program files\temp\diagnostic.exeHKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET.------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-10 14:29Windows 6.0.6001 Service Pack 1 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1182786750-1517702924-562719952-1000\Software\SecuROM\License information*]"datasecu"=hex:a8,a0,06,1d,b3,4f,30,67,27,08,98,89,5d,fb,2e,a1,b3,03,ae,f6,39, 09,9b,cc,e9,d2,10,83,39,be,b2,0e,db,5d,29,3d,e5,5c,ea,45,89,14,54,8a,7e,d6,\"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Czas ukończenia: 2009-07-10 14:30ComboFix-quarantined-files.txt 2009-07-10 12:30Przed: 92 933 332 992 bajtów wolnychPo: 100 475 990 016 bajtów wolnych281 --- E O F --- 2009-07-10 08:12 ---------------------- Wstawiam loga po raz pierwszy więc proszę o dalsze instrukcje, co mam dalej zrobić... Podzrawiam i z góry thanks..
Gość komentarz 10 lipca 2009 komentarz 10 lipca 2009 Log jest czysty. 1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt. 2. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. 3. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum. .
cezarpiotr komentarz 10 lipca 2009 Autor komentarz 10 lipca 2009 (edytowane) Oto log z Malwarebytes' Anti-Malware : Malwarebytes' Anti-Malware 1.38Wersja bazy definicji: 2403Windows 6.0.6001 Service Pack 12009-07-10 17:11:41mbam-log-2009-07-10 (17-11-41).txtTyp skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|G:\|)Przeskanowane obiekty: 185967Upłynęło: 38 minute(s), 40 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 0Zainfekowane wartości rejestru: 1Zainfekowane pliki rejestru: 0Zainfekowane foldery: 0Zainfekowane pliki: 0Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:(Nie wykryto groźnych plików)Zainfekowane wartości rejestru:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adsltaskbar (Trojan.Agent) -> Quarantined and deleted successfully.Zainfekowane pliki rejestru:(Nie wykryto groźnych plików)Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:(Nie wykryto groźnych plików) hehe...wykrył Trojana, którego usunąłem... teraz jeszcze ten Kaspersky.. EDIT: na kaspersky online mi nie pójdzie, próbowałem chyba ze 6 razy...:/ Mija 2,5 h a jest dopiero 20% .....:/
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.