Pierdyl utworzono 23 sierpnia 2009 utworzono 23 sierpnia 2009 Witam! Mam taki problem że nie mam dzwięku w kompie, po restarcie komputera pojawiał mi się błąd z servises.exe i zaczynało się odliczanie 1 minuta do restartu komputera. Winamp się nie włącza pojawiają się błędy. Kupiłem nawet nową kartę graficzną ale problem pozostał. Na komputerze nadal nie ma dzwięku. Tu jest log. Log do sprawdzenia ComboFix 09-08-22.06 - Pierdyl 2009-08-23 11:42.10.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3327.2910 [GMT 2:00] Uruchomiony z: c:\documents and settings\Pierdyl\Pulpit\ComboFix.exe AV: AVG Internet Security Network Edition *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Pierdyl\Dane aplikacji\wiaserva.log c:\documents and settings\Pierdyl\Menu Start\Programy\Autostart\ikowin32.exe c:\documents and settings\Pierdyl\Pulpit\[Torrentsworld.net] - Video Copilot - Action movie essentials.torrent c:\documents and settings\Pierdyl\Pulpit\[Torrentsworld.net] - Video Copilot - Action movie essentials.torrent c:\program files\AskSearch\bin\DefaultSearch.dll c:\windows\Fonts\img hearts.ttf c:\windows\Fonts\img travel.ttf c:\windows\Installer\90da4.msi c:\windows\system32\drivers\872fc0f.sys c:\windows\system32\drivers\d6540963.sys c:\windows\system32\kr_done1 . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_872fc0f -------\Service_d6540963 ((((((((((((((((((((((((( Pliki utworzone od 2009-07-23 do 2009-08-23 ))))))))))))))))))))))))))))))) . 2010-07-10 11:37 . 2010-07-10 11:37 -------- d-----w- c:\program files\ASIO4ALL v2 2010-07-10 11:37 . 2006-06-20 08:56 225280 ------w- c:\windows\system32\rewire.dll 2010-07-10 11:37 . 2009-03-30 16:38 -------- d-----w- c:\program files\Image-Line 2009-12-18 14:53 . 2009-12-18 14:53 -------- d-----w- c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\Rockstar Games 2009-12-18 12:56 . 2009-12-18 12:56 -------- d-----w- c:\program files\MSBuild 2009-12-18 12:55 . 2009-12-18 12:57 -------- d-----w- c:\windows\system32\XPSViewer 2009-12-18 12:54 . 2009-12-18 12:54 -------- d-----w- c:\program files\Reference Assemblies 2009-12-18 12:54 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-08-23 09:01 . 2003-10-14 08:58 376832 ----a-r- c:\windows\system32\Mam2Pan.exe 2009-08-23 09:01 . 2003-10-14 08:58 53248 ----a-r- c:\windows\system32\Mam2Asio.dll 2009-08-23 09:01 . 2008-04-14 17:21 23552 ----a-w- c:\windows\system32\wdmaud.drv 2009-08-23 09:01 . 2003-10-14 08:59 25648 ----a-r- c:\windows\system32\drivers\Mam2Wdm.sys 2009-08-23 09:01 . 2003-10-14 08:58 29968 ----a-r- c:\windows\system32\drivers\Mam2.sys 2009-08-23 09:01 . 2008-04-13 18:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys 2009-08-23 09:01 . 2008-04-13 17:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys 2009-08-23 09:01 . 2008-04-14 16:20 4096 ----a-w- c:\windows\system32\ksuser.dll 2009-08-23 09:01 . 2008-04-13 17:45 49408 ----a-w- c:\windows\system32\drivers\stream.sys 2009-08-14 22:07 . 2009-08-14 22:07 737280 ----a-w- c:\windows\iun6002.exe 2009-08-14 22:07 . 2009-08-14 22:07 -------- d-----w- c:\program files\Codec Pack - All In 1 2009-08-14 20:22 . 2009-08-14 20:22 -------- d-----w- c:\program files\MainConcept 2009-08-10 11:04 . 2009-08-10 11:04 -------- d-----w- c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\ArcSoft 2009-08-10 11:04 . 2009-08-10 12:53 -------- d-----w- c:\documents and settings\Pierdyl\Dane aplikacji\ArcSoft 2009-08-10 11:04 . 2009-08-13 20:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ArcSoft 2009-08-10 11:03 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys 2009-08-10 11:03 . 2005-04-27 14:36 245408 ----a-w- c:\windows\system32\unicows.dll 2009-08-10 11:03 . 2009-08-10 11:03 -------- d-----w- c:\program files\Common Files\ArcSoft 2009-08-10 11:03 . 2009-08-10 11:03 -------- d-----w- c:\program files\ArcSoft . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-19 19:51 . 2008-12-19 19:50 107888 ------w- c:\windows\system32\CmdLineExt.dll 2009-08-23 09:21 . 2002-09-28 23:00 87166 ----a-w- c:\windows\system32\perfc015.dat 2009-08-23 09:21 . 2002-09-28 23:00 493860 ----a-w- c:\windows\system32\perfh015.dat 2009-08-23 09:18 . 2003-11-03 14:27 1 ----a-w- c:\documents and settings\Pierdyl\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-08-22 12:05 . 2009-03-22 17:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater 2009-08-14 20:26 . 2006-06-02 12:09 -------- d-----w- c:\program files\ffdshow 2009-08-14 18:07 . 2009-05-12 18:24 -------- d-----w- c:\program files\HyperLobbyPro3 2009-08-13 19:45 . 2000-08-06 16:36 50312 ----a-w- c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-08-11 11:06 . 2003-07-09 15:00 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-16 14:40 . 2004-08-03 23:44 119808 ------w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2002-09-28 23:00 81920 ------w- c:\windows\system32\fontsub.dll 2009-06-03 19:11 . 2004-08-03 23:44 1294848 ------w- c:\windows\system32\quartz.dll 2009-06-02 16:11 . 2006-06-02 12:09 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-05-26 11:20 . 2009-01-26 20:33 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 11:19 . 2009-01-26 20:33 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2006-06-01 08:49 . 2006-06-01 08:41 17665 ----a-w- c:\program files\uninstal.log 2003-11-03 15:07 . 2004-04-23 15:06 499712 ----a-w- c:\program files\msvcp71.dll 2003-11-03 15:07 . 2004-04-23 15:06 348160 ----a-w- c:\program files\msvcr71.dll 2003-05-30 07:22 . 2003-09-08 07:09 344064 ----a-r- c:\program files\msvcr70.dll 2002-01-05 01:40 . 2003-09-08 07:09 487424 ----a-w- c:\program files\msvcp70.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-04_22.23.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-23 09:48 . 2009-08-23 09:48 16384 c:\windows\Temp\Perflib_Perfdata_158.dat - 2006-06-02 12:09 . 2007-07-28 07:56 60273 c:\windows\system32\pthreadGC2.dll + 2006-06-02 12:09 . 2008-06-08 21:58 60273 c:\windows\system32\pthreadGC2.dll - 2002-09-28 23:00 . 2006-08-04 19:59 70066 c:\windows\system32\perfc009.dat + 2002-09-28 23:00 . 2009-08-23 09:21 70066 c:\windows\system32\perfc009.dat + 2005-10-14 09:56 . 2002-10-04 21:04 45056 c:\windows\system32\ogg.dll + 2005-10-14 09:56 . 2002-11-15 10:11 77824 c:\windows\system32\MMSwitch.dll + 2005-10-14 09:56 . 2002-11-18 13:02 40960 c:\windows\system32\MMAVILNG.exe + 2004-08-04 00:44 . 2008-04-14 16:21 23552 c:\windows\system32\dllcache\wdmaud.drv + 2004-08-03 23:08 . 2004-07-09 02:27 48512 c:\windows\system32\dllcache\stream.sys + 2003-07-09 15:00 . 2008-04-13 17:45 60160 c:\windows\system32\dllcache\drmk.sys - 2003-07-09 15:01 . 2006-08-01 13:02 49152 c:\windows\system32\ChCfg.exe + 2003-07-09 15:01 . 2006-08-01 07:02 49152 c:\windows\system32\ChCfg.exe + 2003-07-09 15:00 . 2006-07-21 08:14 86016 c:\windows\SoundMan.exe - 2003-07-09 15:00 . 2006-07-21 14:14 86016 c:\windows\SoundMan.exe + 2009-07-05 21:06 . 2009-07-05 21:06 22528 c:\windows\Installer\15d95eba.msi - 2006-08-04 19:23 . 2005-05-03 16:43 69632 c:\windows\Alcmtr.exe + 2006-08-11 15:38 . 2005-05-03 10:43 69632 c:\windows\Alcmtr.exe + 2003-07-09 15:00 . 2002-12-11 22:14 4096 c:\windows\system32\dllcache\ksuser.dll + 2006-01-19 01:29 . 2006-01-19 01:29 8704 c:\windows\Installer\155e55a.msp + 2005-10-14 09:56 . 2005-12-30 18:10 761856 c:\windows\system32\xvidcore.dll + 2005-10-14 09:56 . 2004-02-10 09:15 344064 c:\windows\system32\xvid.dll + 2005-10-14 09:56 . 2002-10-04 21:04 921600 c:\windows\system32\VorbisEnc.dll + 2005-10-14 09:56 . 2002-10-04 21:04 188416 c:\windows\system32\vorbis.dll + 2005-10-14 09:56 . 2003-04-29 08:13 155136 c:\windows\system32\unrar.dll + 2003-07-09 15:00 . 2007-03-07 06:59 131072 c:\windows\system32\RTCOM\RtlCPAPI.dll - 2003-07-09 15:00 . 2007-03-07 12:59 131072 c:\windows\system32\RTCOM\RtlCPAPI.dll - 2003-07-09 15:00 . 2007-03-15 12:39 262144 c:\windows\system32\RTCOM\RTCOMDLL.dll + 2003-07-09 15:00 . 2007-03-15 06:39 262144 c:\windows\system32\RTCOM\RTCOMDLL.dll + 2002-09-28 23:00 . 2009-08-23 09:21 435920 c:\windows\system32\perfh009.dat - 2002-09-28 23:00 . 2006-08-04 19:59 435920 c:\windows\system32\perfh009.dat + 2005-10-14 09:56 . 2002-10-06 16:42 237568 c:\windows\system32\OggDS.dll + 2004-03-16 08:58 . 2008-04-13 18:19 146048 c:\windows\system32\dllcache\portcls.sys + 2005-10-14 09:56 . 2005-11-23 03:00 778240 c:\windows\system32\DivXsm.exe + 2004-11-23 10:05 . 2004-11-23 10:05 394752 c:\windows\system32\DEMOMCDVD_32.DLL + 2006-10-31 09:10 . 2006-10-31 09:10 286208 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PL\WF_Langpack_x86.msi + 2006-10-30 03:04 . 2006-10-30 03:04 557056 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.msi + 2006-10-31 09:02 . 2006-10-31 09:02 475136 c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Polish Language Pack\vs_setup.msi + 2000-07-19 08:21 . 2000-07-19 08:21 331264 c:\windows\Installer\eee9793.msi + 2003-09-19 16:51 . 2003-09-19 16:51 216576 c:\windows\Installer\b46fbb.msi + 2000-08-05 18:11 . 2000-08-05 18:11 213504 c:\windows\Installer\863503.msi + 2006-07-27 14:27 . 2006-07-27 14:27 455680 c:\windows\Installer\70e80.msi + 2006-07-27 14:27 . 2006-07-27 14:27 335360 c:\windows\Installer\70e7a.msi + 2008-12-19 22:24 . 2008-12-19 22:24 827904 c:\windows\Installer\49c59b.msi + 2008-12-19 22:24 . 2008-12-19 22:24 850944 c:\windows\Installer\49c591.msi + 2005-05-11 17:26 . 2005-05-11 17:26 302592 c:\windows\Installer\48f9a7.msi + 2007-01-26 22:19 . 2007-01-26 22:19 432640 c:\windows\Installer\40f4de.msi + 2006-06-01 04:53 . 2006-06-01 04:53 370176 c:\windows\Installer\3f1b02c.msi + 2009-12-18 12:57 . 2009-12-18 12:57 407552 c:\windows\Installer\363fe5.msi + 2009-12-18 12:57 . 2009-12-18 12:57 672256 c:\windows\Installer\363fdf.msi + 2009-12-18 12:57 . 2009-12-18 12:57 117760 c:\windows\Installer\363fd9.msi + 2009-12-18 12:57 . 2009-12-18 12:57 408576 c:\windows\Installer\363fd3.msi + 2009-12-18 12:56 . 2009-12-18 12:56 454144 c:\windows\Installer\363fc7.msi + 2009-12-18 12:56 . 2009-12-18 12:56 472576 c:\windows\Installer\363fc1.msi + 2009-12-18 12:55 . 2009-12-18 12:55 525824 c:\windows\Installer\363fb5.msi + 2009-12-18 12:54 . 2009-12-18 12:54 867840 c:\windows\Installer\363faf.msi + 2003-07-09 16:26 . 2003-07-09 16:26 297472 c:\windows\Installer\280465.msi + 2003-12-11 14:47 . 2003-12-11 14:47 723968 c:\windows\Installer\1c9a7a0.msi + 2009-05-30 14:00 . 2009-05-30 14:00 618496 c:\windows\Installer\155e566.msi + 2003-07-09 14:50 . 2003-07-09 14:50 265216 c:\windows\Installer\11b77.msi + 2008-09-09 19:34 . 2008-09-09 19:34 431104 c:\windows\Installer\1083897.msi + 2006-08-06 20:23 . 2006-08-06 20:23 471552 c:\windows\Applian FLV Player\uninstall.exe + 2004-07-17 10:35 . 2004-07-17 10:35 1356288 c:\windows\system32\webfldrs.msi + 2003-07-09 16:38 . 2009-08-13 20:58 1482752 c:\windows\system32\FNTCACHE.DAT + 2003-07-09 15:00 . 2007-03-26 11:21 4395008 c:\windows\system32\drivers\RtkHDAud.sys - 2003-07-09 15:00 . 2007-03-26 17:21 4395008 c:\windows\system32\drivers\RtkHDAud.sys - 2003-07-09 15:00 . 2007-03-16 13:06 1822720 c:\windows\SkyTel.exe + 2003-07-09 15:00 . 2007-03-16 07:06 1822720 c:\windows\SkyTel.exe + 2008-09-09 12:33 . 2004-07-17 10:35 1356288 c:\windows\ServicePackFiles\i386\webfldrs.msi - 2003-07-09 15:00 . 2007-01-16 08:39 1191936 c:\windows\RtlUpd.exe + 2003-07-09 15:00 . 2007-01-16 02:39 1191936 c:\windows\RtlUpd.exe - 2003-07-09 15:00 . 2007-03-23 17:19 9715200 c:\windows\RTLCPL.exe + 2003-07-09 15:00 . 2007-03-23 11:19 9715200 c:\windows\RTLCPL.exe + 2006-10-31 09:10 . 2006-10-31 09:10 1424896 c:\windows\Microsoft.NET\Framework\v3.0\WPF\pl\wpflangpack.msi + 2006-07-26 05:13 . 2006-07-26 05:13 2723840 c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\WF_3.0_x86.msi + 2009-12-18 12:54 . 2009-12-18 12:54 8044544 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\wcf.msi + 2009-12-18 12:57 . 2009-12-18 12:57 1130496 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation Language Pack - PLK\langpack.msi + 2009-12-18 12:57 . 2009-12-18 12:57 2082816 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PLK\langpack.msi + 2007-05-25 11:08 . 2007-05-25 11:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp - 2003-07-09 15:00 . 2006-10-11 15:42 2157568 c:\windows\MicCal.exe + 2003-07-09 15:00 . 2006-10-11 09:42 2157568 c:\windows\MicCal.exe + 2007-02-21 14:10 . 2007-02-21 14:10 9778688 c:\windows\Installer\f0a653.msi + 2007-02-21 14:08 . 2007-02-21 14:08 1383424 c:\windows\Installer\f09841.msi + 2006-05-22 14:34 . 2006-05-22 14:34 1013248 c:\windows\Installer\e5fc93e.msi + 2000-08-25 20:16 . 2000-08-25 20:16 3044864 c:\windows\Installer\e3dc78.msi + 2006-05-22 12:47 . 2006-05-22 12:47 1401344 c:\windows\Installer\dfd610e.msi + 2003-11-28 12:27 . 2003-11-28 12:27 6695936 c:\windows\Installer\da8563b.msi + 2006-06-02 11:21 . 2006-06-02 11:21 8992256 c:\windows\Installer\a0b072.msi + 2006-06-02 11:20 . 2006-06-02 11:20 1549312 c:\windows\Installer\a0b06e.msi + 2009-08-14 20:22 . 2009-08-14 20:22 1616896 c:\windows\Installer\65d9c.msi + 2000-09-09 04:43 . 2000-09-09 04:43 2109440 c:\windows\Installer\3ec591e.msi + 2003-12-09 06:12 . 2003-12-09 06:12 3443712 c:\windows\Installer\3998507.msi + 2009-12-18 12:57 . 2009-12-18 12:57 1115648 c:\windows\Installer\363fcd.msi + 2009-12-18 12:55 . 2009-12-18 12:55 1142784 c:\windows\Installer\363fbb.msi + 2007-02-10 19:39 . 2007-02-10 19:39 1499648 c:\windows\Installer\31c44.msi + 2006-03-07 22:15 . 2006-03-07 22:15 1100288 c:\windows\Installer\27bf3e7.msi + 2000-08-06 16:30 . 2000-08-06 16:30 2346496 c:\windows\Installer\250c9.msi + 2000-08-06 16:29 . 2000-08-06 16:29 1718272 c:\windows\Installer\250bb.msi + 2000-08-06 16:29 . 2000-08-06 16:29 1758720 c:\windows\Installer\250b5.msi + 2000-08-06 16:29 . 2000-08-06 16:29 1716736 c:\windows\Installer\250af.msi + 2000-08-06 16:29 . 2000-08-06 16:29 1954304 c:\windows\Installer\250a9.msi + 2000-08-06 16:28 . 2000-08-06 16:28 1826816 c:\windows\Installer\250a3.msi + 2000-08-06 16:28 . 2000-08-06 16:28 1726976 c:\windows\Installer\2509d.msi + 2000-08-06 16:28 . 2000-08-06 16:28 1730048 c:\windows\Installer\25097.msi + 2000-08-06 16:28 . 2000-08-06 16:28 1720832 c:\windows\Installer\25091.msi + 2000-08-06 16:28 . 2000-08-06 16:28 1761792 c:\windows\Installer\2508b.msi + 2000-08-06 16:27 . 2000-08-06 16:27 1735680 c:\windows\Installer\25085.msi + 2000-08-06 16:27 . 2000-08-06 16:27 1744384 c:\windows\Installer\2507f.msi + 2000-08-06 16:27 . 2000-08-06 16:27 1842688 c:\windows\Installer\25079.msi + 2000-08-06 16:27 . 2000-08-06 16:27 2159104 c:\windows\Installer\25072.msi + 2000-08-06 16:26 . 2000-08-06 16:26 1715712 c:\windows\Installer\2506c.msi + 2000-08-06 16:26 . 2000-08-06 16:26 1728000 c:\windows\Installer\25065.msi + 2000-08-06 16:26 . 2000-08-06 16:26 1718272 c:\windows\Installer\2505f.msi + 2000-08-06 16:26 . 2000-08-06 16:26 1761792 c:\windows\Installer\25059.msi + 2000-08-06 16:26 . 2000-08-06 16:26 1753088 c:\windows\Installer\25053.msi + 2000-08-06 16:25 . 2000-08-06 16:25 1720832 c:\windows\Installer\2504d.msi + 2000-08-06 16:25 . 2000-08-06 16:25 2595840 c:\windows\Installer\25047.msi + 2000-08-06 16:24 . 2000-08-06 16:24 1826304 c:\windows\Installer\25041.msi + 2000-08-06 16:24 . 2000-08-06 16:24 1716736 c:\windows\Installer\2503b.msi + 2000-08-06 16:24 . 2000-08-06 16:24 1886208 c:\windows\Installer\25035.msi + 2000-08-06 16:23 . 2000-08-06 16:23 1774592 c:\windows\Installer\2502e.msi + 2003-12-11 15:33 . 2003-12-11 15:33 1598976 c:\windows\Installer\1f3a8cd.msi + 2009-05-30 14:02 . 2009-05-30 14:02 1472000 c:\windows\Installer\155e57e.msi + 2009-05-30 14:01 . 2009-05-30 14:01 4669952 c:\windows\Installer\155e578.msi + 2009-05-30 14:01 . 2009-05-30 14:01 3094016 c:\windows\Installer\155e571.msi + 2009-05-30 14:00 . 2009-05-30 14:00 3862016 c:\windows\Installer\155e560.msi + 2006-06-01 04:53 . 2006-06-01 04:53 1941504 c:\windows\Downloaded Installations\{CF4BB2B6-19F4-488A-8DE4-39EF20850E2D}\AlgolithAESetup.msi + 2003-07-09 15:00 . 2006-05-04 08:26 2808832 c:\windows\alcwzrd.exe - 2003-07-09 15:00 . 2006-05-04 14:26 2808832 c:\windows\alcwzrd.exe - 2003-07-09 15:00 . 2007-03-21 12:49 16126464 c:\windows\RTHDCPL.exe + 2003-07-09 15:00 . 2007-03-21 06:49 16126464 c:\windows\RTHDCPL.exe + 2006-10-21 04:58 . 2006-10-21 04:58 11390464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpf.msi + 2005-09-23 05:48 . 2005-09-23 05:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi + 2003-10-02 20:30 . 2003-10-02 20:30 31099392 c:\windows\Installer\d66f4c.msi + 2000-07-23 07:54 . 2000-07-23 07:54 16405504 c:\windows\Installer\bc9cd88.msi + 2009-01-30 12:00 . 2009-01-30 12:00 15256576 c:\windows\Installer\87cd88.msp + 2007-01-26 22:20 . 2007-01-26 22:20 19210240 c:\windows\Installer\40f525.msp + 2006-07-16 06:54 . 2006-07-16 06:54 23847424 c:\windows\Installer\22475f4.msi + 2009-05-30 13:59 . 2009-05-30 13:59 14827520 c:\windows\Installer\155e559.msi + 2006-03-03 14:40 . 2006-03-03 14:40 105034240 c:\windows\Installer\f176a.msi . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2006-02-22 4608] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-19 39408] "Google Update"="c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2006-04-14 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2003-12-11 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2000-08-28 1235736] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480] "WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248] "WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-21 198160] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464] "Mam2Pan"="Mam2Pan.Exe" - c:\windows\system32\Mam2Pan.exe [2003-10-14 376832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2000-08-28 07:52 10520 ------w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Pierdyl^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=c:\documents and settings\Pierdyl\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Pierdyl^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Pierdyl\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\j2re1.4.0_03\\bin\\javaw.exe"= "d:\\GRY\\Supreme Commander FA\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"= "d:\\PROGRAMY\\uTorrent.exe"= "d:\\GRY\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "d:\\GRY\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= "d:\\Games\\NORMAL\\Dead Space\\Dead Space.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "d:\\GRY\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "d:\\GRY\\Grand Theft Auto IV\\GTAIV.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2000-08-28 12936] R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-02-13 143360] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2000-08-28 97928] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2000-08-28 76040] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2000-08-28 875288] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2000-08-28 231704] R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2003-07-09 38656] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2003-10-31 33792] R3 mam2_01;Service for Maya44 MKII 1;c:\windows\system32\drivers\Mam2Wdm.sys [2009-08-23 25648] R3 mam2_aa;Service for Maya44 MKII Audio Driver (EWDM);c:\windows\system32\drivers\Mam2.sys [2009-08-23 29968] S2 gupdate1c9ab159ef0bb6;Usługa Google Update (gupdate1c9ab159ef0bb6);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 133104] S2 Kmm4xNT;Kmm4xNT;c:\windows\system32\drivers\KMM4XNT.SYS [2003-09-23 95484] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2003-11-11 27904] S3 WinRing0_1_0_1;WinRing0_1_0_1;\??\c:\docume~1\Pierdyl\USTAWI~1\Temp\Rar$EX00.344\WinRing0.sys --> c:\docume~1\Pierdyl\USTAWI~1\Temp\Rar$EX00.344\WinRing0.sys [?] . Zawartość folderu 'Zaplanowane zadania' 2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-08-23 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-19 17:36] 2009-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 17:38] 2009-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 17:38] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003Core.job - c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2006-04-14 13:11] 2009-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003UA.job - c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2006-04-14 13:11] . . ------- Skan uzupełniający ------- . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.ask.com/?o=13166&l=dis uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: { - c:\program files\Messenger\msmsgs.exe FF - ProfilePath - c:\documents and settings\Pierdyl\Dane aplikacji\Mozilla\Firefox\Profiles\d5k2xrtr.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - http:/google.pl FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= FF - component: c:\documents and settings\Pierdyl\Dane aplikacji\Mozilla\Firefox\Profiles\d5k2xrtr.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-23 11:49 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1614895754-115176313-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f9,88,cd,21,9f,e7,3e,bf,57,ee,58,15,5f,3d,bf,e2,d5,79,0c,d3,3a,6c,65, 1e,b0,46,93,c8,02,a8,4a,dc,4b,14,43,67,f0,1b,15,bd,ca,84,2f,19,c5,39,25,ba,\ "??"=hex:70,38,3b,8c,39,45,1b,1c,3a,6c,68,2e,5d,3d,84,6c [HKEY_USERS\S-1-5-21-1614895754-115176313-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:49,a8,68,c0,0d,c6,57,af,c6,40,b5,a0,f5,61,2d,ef,9b,0b,99,b9,b9, e5,0d,f5,c3,05,73,d0,a9,f8,f1,3b,fe,05,18,2d,20,4c,7c,42,a2,f9,64,90,c3,a7,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,68,bf,21,0e,91, b9,08,da,e2,63,26,f1,3f,c8,ff,68,76,86,81,47,ad,31,34,ed,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,d7,3b,27,1c,49, 24,7b,e3,6a,9c,d6,61,af,45,84,18,40,15,6a,9c,3a,52,3c,e1,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,2d,c2,58,b0,da, b9,24,c8,ff,7c,85,e0,43,d4,0e,fe,16,c9,ce,7a,bc,bc,bf,a8,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,d8,69,cf,ba,61, a8,e9,aa,86,8c,21,01,be,91,eb,e7,91,2d,12,e7,51,33,33,11,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,01,11,13,60,37, b2,3a,a3,f5,1d,4d,73,a8,13,5c,05,b4,f8,c0,bc,f2,f6,25,68,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,0b,2b,bd,4e,65, 4d,85,d3,df,20,58,62,78,6b,cf,c8,4d,eb,36,17,0c,68,36,b1,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,14,2c,d8,1f,0d, b9,ec,fb,fb,a7,78,e6,12,2f,9a,ea,6d,e7,5b,1d,17,92,5b,18,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,0a,43,b1,0d,62, 30,f8,60,01,3a,48,fc,e8,04,4a,f1,0b,4c,c4,22,77,65,aa,98,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,40,8c,06,cb,e5, 84,4d,35,f6,0f,4e,58,98,5b,89,c9,c5,5a,1b,3b,40,a8,82,c5,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4d,42,3d,a6,79, 21,72,86,3d,ce,ea,26,2d,45,aa,78,14,26,43,4b,59,ba,d3,2d,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c2,4b,c4,23,eb, a3,ee,a0,2a,b7,cc,b5,b9,7f,41,e7,42,21,2e,af,d4,f2,ff,21,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a9,9c,26,f2,52, 8e,b6,61,6c,43,2d,1e,aa,22,2f,9c,f3,52,e6,7e,7f,cb,19,85,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*] @DACL= "CTE_32 Name"="895283:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}" [HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*] @DACL= "DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs] @DACL= "CTE_32 Name"="2454987:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{2D03E2CD-10A4-7215-FD7C-8619F42029AA}\Version 1.1] @DACL= "dat"="806585365:{3720885C-9240-7EDC-D54A-F7510B4C2BD6}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}] @DACL= "DefaultSettings"="2455008:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{FF93A7D1-4DBF-3309-FB43-58464DF18852}*\Install*Loc\xga-1\dat] @DACL= "default"="516232579:{4923F408-F18F-199F-DEA5-0D19EA586BE4}" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{2D03E2CD-10A4-7215-FD7C-8619F42029AA}\Version 3.x] @DACL= "dat"="1767914624:{462458B6-8979-51D2-4251-DF2661CE6039}" [HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver] @DACL= "KnownSvcs"="923714428:{30F351F5-F861-82D3-DA2F-101B711C5A1C}" [HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{5FABA3E6-C505-258B-9241-CD560A1EE864}\xga-1\Install*Loc] @DACL= "{19620715-0001-1211-574574-30001}"="234521256:{BCD676ED-F590-3A95-DFD3-113C94797376}" [HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}] @DACL= "CTE_32 Name"="9:{19C42D30-D844-8A07-12A4-E783E7D228F7}" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(772) c:\windows\system32\avgrsstx.dll - - - - - - - > 'explorer.exe'(2344) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\progra~1\AVG\AVG8\avgrsx.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\GoogleCrashHandler.exe c:\program files\Neostrada TP\NeostradaTP.exe c:\program files\Neostrada TP\ComComp.exe . ************************************************************************** . Czas ukończenia: 2009-08-23 11:53 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-08-23 09:53 ComboFix2.txt 2009-08-04 22:26 ComboFix3.txt 2006-06-06 12:56 Przed: 14 568 673 280 bajtów wolnych Po: 14 522 621 952 bajtów wolnych 480 --- E O F --- 2009-07-18 00:17
Gość komentarz 23 sierpnia 2009 komentarz 23 sierpnia 2009 Wklej do Notatnika: File:: c:\windows\system32\rewire.dll c:\windows\Tasks\AppleSoftwareUpdate.job c:\windows\Tasks\Google Software Updater.job c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003Core. job c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003UA.job Driver:: gupdate1c9ab159ef0bb6 WinRing0_1_0_1 Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"=- [-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"=- "MSMSGS"=- "swg"=- "Google Update"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedTouch USB Diagnostics"=- "SunJavaUpdateSched"=- "NvCplDaemon"=- "NvMediaCenter"=- "QuickTime Task"=- "TkBellExe"=- d>>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox. .
Pierdyl komentarz 23 sierpnia 2009 Autor komentarz 23 sierpnia 2009 Log do sprawdzenia ComboFix 09-08-22.06 - Pierdyl 2009-08-23 17:25.11.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3327.2844 [GMT 2:00]Uruchomiony z: c:\documents and settings\Pierdyl\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\Pierdyl\Pulpit\CFScript.txtAV: AVG Internet Security Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FILE ::"c:\windows\system32\rewire.dll""c:\windows\Tasks\AppleSoftwareUpdate.job""c:\windows\Tasks\Google Software Updater.job""c:\windows\Tasks\GoogleUpdateTaskMachineCore.job""c:\windows\Tasks\GoogleUpdateTaskMachineUA.job""c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003Core. job""c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003UA.job".((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\rewire.dllc:\windows\Tasks\AppleSoftwareUpdate.jobc:\windows\Tasks\Google Software Updater.jobc:\windows\Tasks\GoogleUpdateTaskMachineCore.jobc:\windows\Tasks\GoogleUpdateTaskMachineUA.jobc:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003UA.job.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_GUPDATE1C9AB159EF0BB6-------\Legacy_WINRING0_1_0_1-------\Service_gupdate1c9ab159ef0bb6-------\Service_WinRing0_1_0_1((((((((((((((((((((((((( Pliki utworzone od 2009-07-23 do 2009-08-23 ))))))))))))))))))))))))))))))).2010-07-10 11:37 . 2010-07-10 11:37 -------- d-----w- c:\program files\ASIO4ALL v22010-07-10 11:37 . 2009-03-30 16:38 -------- d-----w- c:\program files\Image-Line2009-12-18 14:53 . 2009-12-18 14:53 -------- d-----w- c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\Rockstar Games2009-12-18 12:56 . 2009-12-18 12:56 -------- d-----w- c:\program files\MSBuild2009-12-18 12:55 . 2009-12-18 12:57 -------- d-----w- c:\windows\system32\XPSViewer2009-12-18 12:54 . 2009-12-18 12:54 -------- d-----w- c:\program files\Reference Assemblies2009-12-18 12:54 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll2009-08-23 09:01 . 2003-10-14 08:58 376832 ----a-r- c:\windows\system32\Mam2Pan.exe2009-08-23 09:01 . 2003-10-14 08:58 53248 ----a-r- c:\windows\system32\Mam2Asio.dll2009-08-23 09:01 . 2008-04-14 17:21 23552 ----a-w- c:\windows\system32\wdmaud.drv2009-08-23 09:01 . 2003-10-14 08:59 25648 ----a-r- c:\windows\system32\drivers\Mam2Wdm.sys2009-08-23 09:01 . 2003-10-14 08:58 29968 ----a-r- c:\windows\system32\drivers\Mam2.sys2009-08-23 09:01 . 2008-04-13 18:19 146048 ----a-w- c:\windows\system32\drivers\portcls.sys2009-08-23 09:01 . 2008-04-13 17:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys2009-08-23 09:01 . 2008-04-14 16:20 4096 ----a-w- c:\windows\system32\ksuser.dll2009-08-23 09:01 . 2008-04-13 17:45 49408 ----a-w- c:\windows\system32\drivers\stream.sys2009-08-14 22:07 . 2009-08-14 22:07 737280 ----a-w- c:\windows\iun6002.exe2009-08-14 22:07 . 2009-08-14 22:07 -------- d-----w- c:\program files\Codec Pack - All In 12009-08-14 20:22 . 2009-08-14 20:22 -------- d-----w- c:\program files\MainConcept2009-08-10 11:04 . 2009-08-10 11:04 -------- d-----w- c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\ArcSoft2009-08-10 11:04 . 2009-08-10 12:53 -------- d-----w- c:\documents and settings\Pierdyl\Dane aplikacji\ArcSoft2009-08-10 11:04 . 2009-08-13 20:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ArcSoft2009-08-10 11:03 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys2009-08-10 11:03 . 2005-04-27 14:36 245408 ----a-w- c:\windows\system32\unicows.dll2009-08-10 11:03 . 2009-08-10 11:03 -------- d-----w- c:\program files\Common Files\ArcSoft2009-08-10 11:03 . 2009-08-10 11:03 -------- d-----w- c:\program files\ArcSoft.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-12-19 19:51 . 2008-12-19 19:50 107888 ------w- c:\windows\system32\CmdLineExt.dll2009-08-23 15:31 . 2009-03-22 17:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater2009-08-23 15:25 . 2003-07-09 15:12 -------- d-----w- c:\program files\Neostrada TP2009-08-23 10:01 . 2003-12-11 15:40 -------- d-----w- c:\program files\Winamp2009-08-14 20:26 . 2006-06-02 12:09 -------- d-----w- c:\program files\ffdshow2009-08-14 18:07 . 2009-05-12 18:24 -------- d-----w- c:\program files\HyperLobbyPro32009-08-13 19:45 . 2000-08-06 16:36 50312 ----a-w- c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-08-11 11:06 . 2003-07-09 15:00 -------- d--h--w- c:\program files\InstallShield Installation Information2009-06-16 14:40 . 2004-08-03 23:44 119808 ------w- c:\windows\system32\t2embed.dll2009-06-16 14:40 . 2002-09-28 23:00 81920 ------w- c:\windows\system32\fontsub.dll2009-06-03 19:11 . 2004-08-03 23:44 1294848 ------w- c:\windows\system32\quartz.dll2009-06-02 16:11 . 2006-06-02 12:09 85504 ----a-w- c:\windows\system32\ff_vfw.dll2009-05-26 11:20 . 2009-01-26 20:33 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-05-26 11:19 . 2009-01-26 20:33 19096 ----a-w- c:\windows\system32\drivers\mbam.sys2006-06-01 08:49 . 2006-06-01 08:41 17665 ----a-w- c:\program files\uninstal.log2003-11-03 15:07 . 2004-04-23 15:06 499712 ----a-w- c:\program files\msvcp71.dll2003-11-03 15:07 . 2004-04-23 15:06 348160 ----a-w- c:\program files\msvcr71.dll2003-05-30 07:22 . 2003-09-08 07:09 344064 ----a-r- c:\program files\msvcr70.dll2002-01-05 01:40 . 2003-09-08 07:09 487424 ----a-w- c:\program files\msvcp70.dll.((((((((((((((((((((((((((((( SnapShot_2009-08-23_09.49.10 ))))))))))))))))))))))))))))))))))))))))).+ 2009-08-23 15:31 . 2009-08-23 15:31 16384 c:\windows\Temp\Perflib_Perfdata_744.dat- 2002-09-28 23:00 . 2009-08-23 09:21 87166 c:\windows\system32\perfc015.dat+ 2002-09-28 23:00 . 2006-08-23 14:42 87166 c:\windows\system32\perfc015.dat- 2002-09-28 23:00 . 2009-08-23 09:21 70066 c:\windows\system32\perfc009.dat+ 2002-09-28 23:00 . 2006-08-23 14:42 70066 c:\windows\system32\perfc009.dat+ 2002-09-28 23:00 . 2006-08-23 14:42 493860 c:\windows\system32\perfh015.dat- 2002-09-28 23:00 . 2009-08-23 09:21 493860 c:\windows\system32\perfh015.dat- 2002-09-28 23:00 . 2009-08-23 09:21 435920 c:\windows\system32\perfh009.dat+ 2002-09-28 23:00 . 2006-08-23 14:42 435920 c:\windows\system32\perfh009.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2000-08-28 1235736]"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="c:\progra~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]"WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-03-21 16126464]"Mam2Pan"="Mam2Pan.Exe" - c:\windows\system32\Mam2Pan.exe [2003-10-14 376832][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2000-08-28 07:52 10520 ------w- c:\windows\system32\avgrsstx.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnkbackup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Pierdyl^Menu Start^Programy^Autostart^Adobe Gamma.lnk]path=c:\documents and settings\Pierdyl\Menu Start\Programy\Autostart\Adobe Gamma.lnkbackup=c:\windows\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Pierdyl^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk]path=c:\documents and settings\Pierdyl\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnkbackup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Java\\j2re1.4.0_03\\bin\\javaw.exe"="d:\\GRY\\Supreme Commander FA\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"="d:\\PROGRAMY\\uTorrent.exe"="d:\\GRY\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"="d:\\GRY\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"="d:\\Games\\NORMAL\\Dead Space\\Dead Space.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"="c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="d:\\GRY\\Grand Theft Auto IV\\LaunchGTAIV.exe"="d:\\GRY\\Grand Theft Auto IV\\GTAIV.exe"=R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2000-08-28 12936]R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-02-13 143360]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2000-08-28 97928]R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2000-08-28 76040]R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2000-08-28 875288]R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2000-08-28 231704]R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2003-07-09 38656]R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2003-10-31 33792]R3 mam2_01;Service for Maya44 MKII 1;c:\windows\system32\drivers\Mam2Wdm.sys [2009-08-23 25648]R3 mam2_aa;Service for Maya44 MKII Audio Driver (EWDM);c:\windows\system32\drivers\Mam2.sys [2009-08-23 29968]S2 Kmm4xNT;Kmm4xNT;c:\windows\system32\drivers\KMM4XNT.SYS [2003-09-23 95484]S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2003-11-11 27904].Zawartość folderu 'Zaplanowane zadania'2009-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-115176313-839522115-1003Core.job- c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2006-04-14 13:11]..------- Skan uzupełniający -------.uStart Page = hxxp://www.ask.com/?o=13166&l=disuDefault_Search_URL = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: { - c:\program files\Messenger\msmsgs.exeFF - ProfilePath - c:\documents and settings\Pierdyl\Dane aplikacji\Mozilla\Firefox\Profiles\d5k2xrtr.default\FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - http:/google.plFF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=FF - component: c:\documents and settings\Pierdyl\Dane aplikacji\Mozilla\Firefox\Profiles\d5k2xrtr.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dllFF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dllFF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dllFF - plugin: c:\documents and settings\Pierdyl\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-08-23 17:31Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1614895754-115176313-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:f9,88,cd,21,9f,e7,3e,bf,57,ee,58,15,5f,3d,bf,e2,d5,79,0c,d3,3a,6c,65, 1e,b0,46,93,c8,02,a8,4a,dc,4b,14,43,67,f0,1b,15,bd,ca,84,2f,19,c5,39,25,ba,\"??"=hex:70,38,3b,8c,39,45,1b,1c,3a,6c,68,2e,5d,3d,84,6c[HKEY_USERS\S-1-5-21-1614895754-115176313-839522115-1003\Software\SecuROM\License information*]"datasecu"=hex:49,a8,68,c0,0d,c6,57,af,c6,40,b5,a0,f5,61,2d,ef,9b,0b,99,b9,b9, e5,0d,f5,c3,05,73,d0,a9,f8,f1,3b,fe,05,18,2d,20,4c,7c,42,a2,f9,64,90,c3,a7,\"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,68,bf,21,0e,91, b9,08,da,e2,63,26,f1,3f,c8,ff,68,76,86,81,47,ad,31,34,ed,e2,63,26,f1,3f,c8,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,d7,3b,27,1c,49, 24,7b,e3,6a,9c,d6,61,af,45,84,18,40,15,6a,9c,3a,52,3c,e1,6a,9c,d6,61,af,45,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,2d,c2,58,b0,da, b9,24,c8,ff,7c,85,e0,43,d4,0e,fe,16,c9,ce,7a,bc,bc,bf,a8,ff,7c,85,e0,43,d4,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,d8,69,cf,ba,61, a8,e9,aa,86,8c,21,01,be,91,eb,e7,91,2d,12,e7,51,33,33,11,86,8c,21,01,be,91,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,01,11,13,60,37, b2,3a,a3,f5,1d,4d,73,a8,13,5c,05,b4,f8,c0,bc,f2,f6,25,68,f5,1d,4d,73,a8,13,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,0b,2b,bd,4e,65, 4d,85,d3,df,20,58,62,78,6b,cf,c8,4d,eb,36,17,0c,68,36,b1,df,20,58,62,78,6b,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,14,2c,d8,1f,0d, b9,ec,fb,fb,a7,78,e6,12,2f,9a,ea,6d,e7,5b,1d,17,92,5b,18,fb,a7,78,e6,12,2f,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,0a,43,b1,0d,62, 30,f8,60,01,3a,48,fc,e8,04,4a,f1,0b,4c,c4,22,77,65,aa,98,01,3a,48,fc,e8,04,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,40,8c,06,cb,e5, 84,4d,35,f6,0f,4e,58,98,5b,89,c9,c5,5a,1b,3b,40,a8,82,c5,f6,0f,4e,58,98,5b,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,4d,42,3d,a6,79, 21,72,86,3d,ce,ea,26,2d,45,aa,78,14,26,43,4b,59,ba,d3,2d,3d,ce,ea,26,2d,45,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c2,4b,c4,23,eb, a3,ee,a0,2a,b7,cc,b5,b9,7f,41,e7,42,21,2e,af,d4,f2,ff,21,2a,b7,cc,b5,b9,7f,\[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]"ThreadingModel"="Apartment"@="c:\\WINDOWS\\system32\\OLE32.DLL""8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a9,9c,26,f2,52, 8e,b6,61,6c,43,2d,1e,aa,22,2f,9c,f3,52,e6,7e,7f,cb,19,85,6c,43,2d,1e,aa,22,\[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]@DACL="CTE_32 Name"="895283:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]@DACL="DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]@DACL="CTE_32 Name"="2454987:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{2D03E2CD-10A4-7215-FD7C-8619F42029AA}\Version 1.1]@DACL="dat"="806585365:{3720885C-9240-7EDC-D54A-F7510B4C2BD6}"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]@DACL="DefaultSettings"="2455008:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{FF93A7D1-4DBF-3309-FB43-58464DF18852}*\Install*Loc\xga-1\dat]@DACL="default"="516232579:{4923F408-F18F-199F-DEA5-0D19EA586BE4}"[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{2D03E2CD-10A4-7215-FD7C-8619F42029AA}\Version 3.x]@DACL="dat"="1767914624:{462458B6-8979-51D2-4251-DF2661CE6039}"[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\xga-1\ver]@DACL="KnownSvcs"="923714428:{30F351F5-F861-82D3-DA2F-101B711C5A1C}"[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{5FABA3E6-C505-258B-9241-CD560A1EE864}\xga-1\Install*Loc]@DACL="{19620715-0001-1211-574574-30001}"="234521256:{BCD676ED-F590-3A95-DFD3-113C94797376}"[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]@DACL="CTE_32 Name"="9:{19C42D30-D844-8A07-12A4-E783E7D228F7}".--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(772)c:\windows\system32\avgrsstx.dll- - - - - - - > 'explorer.exe'(3516)c:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll- - - - - - - > 'explorer.exe'(2664)c:\progra~1\SPYBOT~1\SDHelper.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\progra~1\AVG\AVG8\avgrsx.exec:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\nvsvc32.exec:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exec:\windows\system32\wscntfy.exec:\program files\Neostrada TP\NeostradaTP.exec:\program files\Neostrada TP\ComComp.exe.**************************************************************************.Czas ukończenia: 2009-08-23 17:35 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-08-23 15:35ComboFix2.txt 2009-08-23 09:53ComboFix3.txt 2009-08-04 22:26ComboFix4.txt 2006-06-06 12:56Przed: 14 501 642 240 bajtów wolnychPo: 14 442 045 440 bajtów wolnych318 --- E O F --- 2009-07-18 00:17
Gość komentarz 23 sierpnia 2009 komentarz 23 sierpnia 2009 Log jest OK. 1. Zamknij robaczywe porty przy pomocy --> Windows Worms Doors Cleaner. Ustaw znaczki na zielono, Netbios może być na żółto. Po użyciu narzędzia wymagany jest restart komputera.! 2. Usuń szczątki ComboFixa programem OTC. 3. Z folderu "System Volume Information" usuniesz kopie "wirusów" poprzez chwilowe wyłączenie "Przywracania Systemu": >Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka). 4. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.