x-kom hosting

Nie jest poprawna aplikacja systemu win32

pawelziom93
utworzono
utworzono (edytowane)

Witam,

Podczas uruchamiania instalacji wyskoczył mi taki błąd:

[img]http://zapodaj.net/images/8a465b965579.jpg[/img]

logi z combofix-a:


[log]AV: avast! antivirus 4.8.1229 [VPS 100130-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
AV: System Antywirusowy NOD32 2.51 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Panda Internet Security 2008 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchAssistant.dll
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\ToolBarBHO.dll
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\Thumbs.db
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\Thumbs.db
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\program files\SGPSA\SearchAssistant.dll
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\Ijl11.dll
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDRIVER


((((((((((((((((((((((((( Pliki utworzone od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-30 09:31 . 2010-01-30 09:31 -------- d--h--w- c:\windows\PIF
2010-01-29 19:05 . 2010-01-29 19:12 -------- d-----w- c:\program files\MiniRacingOnline
2010-01-29 11:50 . 2010-01-29 11:56 -------- d-----w- C:\flexlm
2010-01-25 14:15 . 2003-04-16 00:10 110592 ----a-w- c:\windows\system32\tsccvid.dll
2010-01-25 14:13 . 2007-07-09 12:00 11136 ----a-w- c:\windows\system32\drivers\SOFTLOK.SYS
2010-01-25 14:13 . 2004-09-28 17:53 69632 ----a-w- c:\windows\system32\wdrvr.dll
2010-01-25 14:13 . 2003-12-01 02:01 110592 ----a-w- c:\windows\system32\drivers\tsccvid.dll
2010-01-25 14:13 . 2003-11-24 14:30 79260 ----a-w- c:\windows\system32\drivers\windrvr.sys
2010-01-25 14:13 . 1998-10-27 11:08 317952 ----a-w- c:\windows\system32\ROBOEX32.DLL
2010-01-25 14:13 . 1995-10-05 14:53 22528 ----a-w- c:\windows\system32\RHMMPLAY.DLL
2010-01-21 20:26 . 2010-01-21 20:26 -------- d-----w- C:\xfoil6.96
2010-01-18 15:20 . 2010-01-18 15:20 -------- d-----w- c:\documents and settings\Fijoˆek Robert
2010-01-18 14:36 . 2010-01-18 14:36 194 ----a-w- c:\windows\system32\RBDELDRV.BAT
2010-01-18 13:53 . 2002-12-17 04:41 26120 ----a-r- c:\windows\system32\drivers\SNTNLUSB.SYS
2010-01-18 13:53 . 2010-01-18 14:36 -------- d-----w- c:\windows\system32\RNBOSENT
2010-01-18 13:53 . 2010-01-18 13:53 -------- d-----w- c:\program files\Macrovision
2010-01-16 15:46 . 2010-01-16 15:46 -------- d-----w- c:\program files\Artisteer 2
2010-01-15 11:52 . 2010-01-15 11:52 -------- d-----w- c:\program files\Bradbury
2010-01-15 11:47 . 2010-01-15 11:47 -------- d-----w- c:\program files\CSS-BuMa
2010-01-15 11:43 . 2010-01-16 12:02 -------- d-----w- c:\program files\Cascade DTP V4
2010-01-09 17:17 . 2010-01-10 09:10 -------- d-----w- C:\WebSite3
2010-01-09 17:14 . 2010-01-09 17:14 -------- d-----w- C:\WebSite2
2010-01-09 15:22 . 2010-01-09 15:22 -------- d-----w- C:\WebSite1
2010-01-06 11:00 . 2010-01-06 16:52 -------- d-----w- c:\program files\KONAMI
2010-01-05 00:12 . 2010-01-30 11:24 5152 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2010-01-02 09:51 . 2010-01-02 09:51 -------- d-----w- c:\program files\VS Online

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 10:10 . 2010-01-30 09:31 2855 ----a-w- c:\windows\PIF\setup.PIF
2010-01-29 19:07 . 2009-11-21 19:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2010-01-29 12:25 . 2008-07-22 14:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-24 16:29 . 2008-11-17 13:16 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-01-20 21:10 . 2009-09-19 14:41 -------- d-----w- c:\program files\LG PC Suite II
2010-01-19 19:07 . 2008-07-24 09:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-01-18 14:13 . 2008-07-22 16:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Macrovision
2010-01-16 17:35 . 2009-09-18 15:11 -------- d-----w- c:\program files\WonderWebWare CSS Menu Generator
2010-01-13 19:52 . 2009-06-13 16:24 -------- d-----w- c:\program files\Ganymede
2010-01-09 21:27 . 2009-10-25 09:55 -------- d-----w- c:\program files\Selteco
2010-01-02 10:15 . 2001-10-26 18:15 567678 ----a-w- c:\windows\system32\perfh015.dat
2010-01-02 10:15 . 2001-10-26 18:15 115690 ----a-w- c:\windows\system32\perfc015.dat
2009-12-24 06:54 . 2009-11-03 11:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla
2009-12-22 18:57 . 2008-07-24 09:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-20 10:41 . 2009-09-14 17:16 -------- d-----w- c:\program files\JestemHardcorem
2009-12-18 18:18 . 2008-12-25 10:54 -------- d-----w- c:\program files\PHP
2009-12-18 17:22 . 2009-06-22 12:03 -------- d-----w- c:\program files\Multi Milionerek v2 2008
2009-12-18 17:21 . 2009-08-21 19:54 -------- d-----w- c:\program files\scourtoolbar
2009-12-18 17:21 . 2009-05-30 20:17 -------- d-----w- c:\program files\SWiSH Max2
2009-12-18 17:21 . 2009-07-10 21:19 -------- d-----w- c:\program files\Real Alternative
2009-12-18 17:21 . 2000-07-30 17:56 -------- d-----w- c:\program files\QuickTime Alternative
2009-12-18 17:21 . 2009-02-07 12:19 -------- d-----w- c:\program files\MixSense
2009-12-18 17:21 . 2009-10-04 18:29 -------- d-----w- c:\program files\Type98
2009-12-18 17:21 . 2009-02-07 17:31 -------- d-----w- c:\program files\TVUPlayer
2009-12-18 17:21 . 2009-02-03 18:10 -------- d-----w- c:\program files\FileView7
2009-12-14 05:55 . 2009-11-03 11:26 -------- d-----w- c:\program files\ipla
2009-11-11 10:04 . 2009-11-11 10:04 550 ----a-w- c:\windows\eReg.dat
2009-09-02 18:05 . 2009-09-02 18:05 16384 ----a-w- c:\program files\uik.dat
2009-09-02 18:04 . 2009-09-02 18:04 4 ----a-w- c:\program files\is.dat
2000-02-01 05:40 . 2010-01-25 14:12 557328 ----a-w- c:\program files\Common Files\DAO360.DLL
2000-07-30 14:55 . 2000-07-30 14:55 56 --sh--r- c:\windows\system32\EF167AB1BF.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-11-22 2166296]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2009-11-23 2166296]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-12 21:37 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2009-11-23 17:07 2166296 ----a-w- c:\program files\Free_Lunch_Design\tbFre0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9A9E-3AF287E2699B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
2009-11-22 20:35 2166296 ----a-w- c:\program files\Mininova\tbMin0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-11-22 2166296]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2009-11-23 2166296]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-11-22 2166296]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192]
"{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2009-11-23 2166296]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"RGSC"="d:\gry\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe" [2010-01-02 306088]
"DLD.EXE"="c:\program files\Download Direct\DLD.exe" [2007-09-06 1343488]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-07-15 931248]
"VS Online"="c:\program files\VS Online\VSOnline.exe" [2009-08-05 1098752]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 21:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2006-09-28 20:02 43520 ----a-w- c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 20:51 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-12 14:27 133104 ----atw- c:\documents and settings\Fijołek Robert\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2008-07-15 07:39 931248 ----a-w- c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2009-12-23 16:14 14100888 ----a-w- c:\program files\ipla\ipla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGMobileSyncLauncher]
2009-02-11 08:48 4337664 ----a-w- c:\program files\LG PC Suite II\LG_MobileSync_Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:51 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2006-11-23 23:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile3\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
2005-03-24 12:52 94770 ----a-w- c:\program files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-17 18:09 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-21 12:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\CNAC4RPK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"d:\\GRY\\PES 2009\\pes2009.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\PPMate\\ppmate.exe"=
"c:\\Program Files\\PPMate\\ppamnet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\GRY\\Pes 10\\pes2010.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\GRY\\GTA 4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\GRY\\GTA 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\MiniRacingOnline\\MiniRacingOnLine.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2000-07-27 685816]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-10-12 17920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-06 78416]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-06 20560]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2008-10-12 12672]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-12-06 4096]
S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-02-09 6016]
S3 96EW;96EW Filter;c:\windows\system32\drivers\96EW.sys [2009-06-23 20480]
S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys --> c:\windows\system32\DRIVERS\netimflt.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\mssql$autodeskvault\Binn\sqlagent.EXE -i AUTODESKVAULT --> c:\mssql$autodeskvault\Binn\sqlagent.EXE -i AUTODESKVAULT [?]
.
Zawartość folderu 'Zaplanowane zadania'

2010-01-30 c:\windows\Tasks\User_Feed_Synchronization-{44927E81-EB1C-4252-8766-EB7FB32E426A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.tattoodle.com?tid={3D1743BE-B6FC-4ce3-A768-8D07C003AB52}
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=PwOkQ0FKOL5_qj2CRYvdTg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - [url="http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000"]http://edits.mywebse...html?p=ZRfox000[/url]
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
TCP: {5CDA8B3F-8D6E-40AC-824E-602355EDE539} = 82.160.1.1,213.199.225.14
FF - ProfilePath - c:\documents and settings\Fijołek Robert\Dane aplikacji\Mozilla\Firefox\Profiles\o867gjje.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [spam].com
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={FF2EE799-C345-DF65-9961-4C15B38583AD}&q=
FF - component: c:\documents and settings\Fijołek Robert\Dane aplikacji\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDARTS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPROULETTE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSLOTS90.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWORDS.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - c:\program files\SGPSA\SearchAssistant.dll
BHO-{F0626A63-410B-45E2-99A1-3F2475B2D695} - c:\program files\SGPSA\BHO.dll
MSConfigStartUp-AdobeUpdater6 - c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe
MSConfigStartUp-Anti Mosquito - c:\documents and settings\Fijołek Robert\Moje dokumenty\Downloads\Programs\Anti_Mosquito.exe
MSConfigStartUp-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe
MSConfigStartUp-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
AddRemove-Lekarz domowy_is1 - c:\program files\Lekarz domowy\unins000.exe
AddRemove-Logomocja-Imagine Demo_is1 - c:\program files\Logomocja Demo\unins000.exe
AddRemove-F-1 Mania 2008 - d:\gry\f1 mania 2008 PRO\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2010-01-30 12:44
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x86F868AC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75a5f28
\Driver\ACPI -> ACPI.sys @ 0xf7316cb8
\Driver\atapi -> atapi.sys @ 0xf72abb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf71b4bb0
PacketIndicateHandler -> NDIS.sys @ 0xf71c1a21
SendHandler -> NDIS.sys @ 0xf719f87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="c:\usr/MYSQL/bin/mysqld.exe"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1035525444-839522115-1006\Software\SecuROM\License information*]
"datasecu"=hex:c9,b9,0f,e6,01,63,95,c9,6f,d0,c6,73,53,57,f6,5f,87,8e,aa,87,43,
f3,d7,c5,84,44,51,57,60,98,9f,77,ab,d0,06,3c,7a,8c,06,99,c9,9d,76,f3,14,1a,\
"rkeysecu"=hex:bb,48,d0,9f,2e,ff,c4,b9,37,18,14,34,cd,87,7b,29

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{187551b6-92dc-4877-8c37-81d1c1b92a9d}]
@Denied: (Full) (Everyone)
"Model"=dword:0000007c
"Therad"=dword:0000000f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a4,0a,bb,68,fa,b9,60,9b,20,83,88,95,8a,07,5a,1c,34,af,bb,a5,be,
5e,66,83,8b,19,da,b7,f9,50,d4,02,bb,c2,7d,fc,5a,cc,5b,bd,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):62,fc,e0,e1,d1,82,b7,42,73,2e,b5,91,2e,00,87,dc,67,3c,55,44,49,
e4,db,19,fb,37,11,0e,bd,cd,ba,72,51,e4,69,62,c5,e7,49,2c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a55dc99c-44f1-4637-a19f-d03bef39c97b}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015b
"Therad"=dword:00000030
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1516)
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Internet Download Manager\IDMIECC.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
d:\instalowane\Program inventor\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\windows\RTHDCPL.EXE
d:\instalowane\Program inventor\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\mssql$autodeskvault\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\usr\MYSQL\bin\mysqld.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\system32\CNAC4RPK.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Nowe Gadu-Gadu\spellchecker_gg.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Czas ukończenia: 2010-01-30 12:53:04 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-01-30 11:52
ComboFix2.txt 2009-04-13 19:42
ComboFix3.txt 2009-01-10 06:52
ComboFix4.txt 2008-12-11 12:23
ComboFix5.txt 2010-01-30 11:27

Przed: 4 075 298 816 bajtów wolnych
Po: 9 101 119 488 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

 - - End Of File - - 7D474BB6A9BA8B9B579E4366954CD90B[/log]

nikt nie wiem? proszę o pomoc ;(

nitro07
komentarz
komentarz

1. napisz, co to za instalka

2. prawdopodobnie plik jest uszkodzony, instalujesz z oryginalnego nośnika ?

pawelziom93
komentarz
komentarz (edytowane)

[quote name='nitro07' date='30 styczeń 2010 - 18:05' timestamp='1264871142' post='963013']
1. napisz, co to za instalka

2. prawdopodobnie plik jest uszkodzony, instalujesz z oryginalnego nośnika ?
[/quote]

instalka vancouver 2010.

jasne, ze tak, to nie wina tego.

XP SP3

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.