pawelziom93 utworzono 30 stycznia 2010 utworzono 30 stycznia 2010 (edytowane) Witam, Podczas uruchamiania instalacji wyskoczył mi taki błąd: [img]http://zapodaj.net/images/8a465b965579.jpg[/img] logi z combofix-a: [log]AV: avast! antivirus 4.8.1229 [VPS 100130-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0} AV: System Antywirusowy NOD32 2.51 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Panda Internet Security 2008 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} . ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AskSearch\bin\DefaultSearch.dll c:\program files\Fast Browser Search c:\program files\Fast Browser Search\IE\1.bat c:\program files\Fast Browser Search\IE\about.html c:\program files\Fast Browser Search\IE\affid.dat c:\program files\Fast Browser Search\IE\basis.xml c:\program files\Fast Browser Search\IE\basis_br.xml c:\program files\Fast Browser Search\IE\basis_de.xml c:\program files\Fast Browser Search\IE\basis_en.xml c:\program files\Fast Browser Search\IE\basis_es.xml c:\program files\Fast Browser Search\IE\basis_fr.xml c:\program files\Fast Browser Search\IE\basis_it.xml c:\program files\Fast Browser Search\IE\basis_nr.xml c:\program files\Fast Browser Search\IE\basis_pt.xml c:\program files\Fast Browser Search\IE\basis_ru.xml c:\program files\Fast Browser Search\IE\basis_tr.xml c:\program files\Fast Browser Search\IE\BHO.dll c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe c:\program files\Fast Browser Search\IE\error.html c:\program files\Fast Browser Search\IE\FBSPlugin.dll c:\program files\Fast Browser Search\IE\fbsProtection.xml c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe c:\program files\Fast Browser Search\IE\FBStoolbar.dll c:\program files\Fast Browser Search\IE\fbstoolbar.jar c:\program files\Fast Browser Search\IE\fbstoolbar.manifest c:\program files\Fast Browser Search\IE\icons.bmp c:\program files\Fast Browser Search\IE\info.txt c:\program files\Fast Browser Search\IE\local.xml c:\program files\Fast Browser Search\IE\logobg.bmp c:\program files\Fast Browser Search\IE\MTWBtoolbar.html c:\program files\Fast Browser Search\IE\search.bmp c:\program files\Fast Browser Search\IE\search_br.bmp c:\program files\Fast Browser Search\IE\search_de.bmp c:\program files\Fast Browser Search\IE\search_es.bmp c:\program files\Fast Browser Search\IE\search_fr.bmp c:\program files\Fast Browser Search\IE\search_it.bmp c:\program files\Fast Browser Search\IE\search_pt.bmp c:\program files\Fast Browser Search\IE\search_ru.bmp c:\program files\Fast Browser Search\IE\SearchAssistant.dll c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico c:\program files\Fast Browser Search\IE\SGPU.ico c:\program files\Fast Browser Search\IE\sgpUpdater.exe c:\program files\Fast Browser Search\IE\sgpUpdater.xml c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe c:\program files\Fast Browser Search\IE\tbhelper.dll c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js c:\program files\Fast Browser Search\IE\Toolbar Help.htm c:\program files\Fast Browser Search\IE\ToolBarBHO.dll c:\program files\Fast Browser Search\IE\uninstall.exe c:\program files\Fast Browser Search\IE\uninstalSGP.exe c:\program files\Fast Browser Search\IE\uninstalSGPU.exe c:\program files\Fast Browser Search\IE\update.exe c:\program files\Fast Browser Search\IE\version.txt c:\program files\FlashGet Network c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat c:\program files\FlashGet Network\FlashGet universal\transaction.log c:\program files\Search Guard Plus c:\program files\Search Guard Plus\fbsProtection.xml c:\program files\Search Guard Plus\fbsSearchProvider.xml c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe c:\program files\Search Guard Plus\SearchGuardPlus.exe c:\program files\Search Guard Plus\SearchGuardPlus.ico c:\program files\Search Guard Plus\Thumbs.db c:\program files\Search Guard Plus\uninstalSGP.exe c:\program files\Search Guard PlusU c:\program files\Search Guard PlusU\SGPU.ico c:\program files\Search Guard PlusU\sgpUpdater.exe c:\program files\Search Guard PlusU\sgpUpdater.xml c:\program files\Search Guard PlusU\sgpUpdaters.exe c:\program files\Search Guard PlusU\Thumbs.db c:\program files\Search Guard PlusU\uninstalSGPU.exe c:\program files\SGPSA c:\program files\SGPSA\BHO.dll c:\program files\SGPSA\SearchAssistant.dll c:\windows\Fonts\MyriadPro-Regular.otf c:\windows\system32\Ijl11.dll c:\windows\system32\SHELLLNK.TLB c:\windows\system32\twain_32.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINDRIVER ((((((((((((((((((((((((( Pliki utworzone od 2009-12-28 do 2010-01-30 ))))))))))))))))))))))))))))))) . 2010-01-30 09:31 . 2010-01-30 09:31 -------- d--h--w- c:\windows\PIF 2010-01-29 19:05 . 2010-01-29 19:12 -------- d-----w- c:\program files\MiniRacingOnline 2010-01-29 11:50 . 2010-01-29 11:56 -------- d-----w- C:\flexlm 2010-01-25 14:15 . 2003-04-16 00:10 110592 ----a-w- c:\windows\system32\tsccvid.dll 2010-01-25 14:13 . 2007-07-09 12:00 11136 ----a-w- c:\windows\system32\drivers\SOFTLOK.SYS 2010-01-25 14:13 . 2004-09-28 17:53 69632 ----a-w- c:\windows\system32\wdrvr.dll 2010-01-25 14:13 . 2003-12-01 02:01 110592 ----a-w- c:\windows\system32\drivers\tsccvid.dll 2010-01-25 14:13 . 2003-11-24 14:30 79260 ----a-w- c:\windows\system32\drivers\windrvr.sys 2010-01-25 14:13 . 1998-10-27 11:08 317952 ----a-w- c:\windows\system32\ROBOEX32.DLL 2010-01-25 14:13 . 1995-10-05 14:53 22528 ----a-w- c:\windows\system32\RHMMPLAY.DLL 2010-01-21 20:26 . 2010-01-21 20:26 -------- d-----w- C:\xfoil6.96 2010-01-18 15:20 . 2010-01-18 15:20 -------- d-----w- c:\documents and settings\Fijoˆek Robert 2010-01-18 14:36 . 2010-01-18 14:36 194 ----a-w- c:\windows\system32\RBDELDRV.BAT 2010-01-18 13:53 . 2002-12-17 04:41 26120 ----a-r- c:\windows\system32\drivers\SNTNLUSB.SYS 2010-01-18 13:53 . 2010-01-18 14:36 -------- d-----w- c:\windows\system32\RNBOSENT 2010-01-18 13:53 . 2010-01-18 13:53 -------- d-----w- c:\program files\Macrovision 2010-01-16 15:46 . 2010-01-16 15:46 -------- d-----w- c:\program files\Artisteer 2 2010-01-15 11:52 . 2010-01-15 11:52 -------- d-----w- c:\program files\Bradbury 2010-01-15 11:47 . 2010-01-15 11:47 -------- d-----w- c:\program files\CSS-BuMa 2010-01-15 11:43 . 2010-01-16 12:02 -------- d-----w- c:\program files\Cascade DTP V4 2010-01-09 17:17 . 2010-01-10 09:10 -------- d-----w- C:\WebSite3 2010-01-09 17:14 . 2010-01-09 17:14 -------- d-----w- C:\WebSite2 2010-01-09 15:22 . 2010-01-09 15:22 -------- d-----w- C:\WebSite1 2010-01-06 11:00 . 2010-01-06 16:52 -------- d-----w- c:\program files\KONAMI 2010-01-05 00:12 . 2010-01-30 11:24 5152 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2010-01-02 09:51 . 2010-01-02 09:51 -------- d-----w- c:\program files\VS Online . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-30 10:10 . 2010-01-30 09:31 2855 ----a-w- c:\windows\PIF\setup.PIF 2010-01-29 19:07 . 2009-11-21 19:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2010-01-29 12:25 . 2008-07-22 14:27 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-24 16:29 . 2008-11-17 13:16 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-01-20 21:10 . 2009-09-19 14:41 -------- d-----w- c:\program files\LG PC Suite II 2010-01-19 19:07 . 2008-07-24 09:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2010-01-18 14:13 . 2008-07-22 16:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Macrovision 2010-01-16 17:35 . 2009-09-18 15:11 -------- d-----w- c:\program files\WonderWebWare CSS Menu Generator 2010-01-13 19:52 . 2009-06-13 16:24 -------- d-----w- c:\program files\Ganymede 2010-01-09 21:27 . 2009-10-25 09:55 -------- d-----w- c:\program files\Selteco 2010-01-02 10:15 . 2001-10-26 18:15 567678 ----a-w- c:\windows\system32\perfh015.dat 2010-01-02 10:15 . 2001-10-26 18:15 115690 ----a-w- c:\windows\system32\perfc015.dat 2009-12-24 06:54 . 2009-11-03 11:27 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-12-22 18:57 . 2008-07-24 09:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-12-20 10:41 . 2009-09-14 17:16 -------- d-----w- c:\program files\JestemHardcorem 2009-12-18 18:18 . 2008-12-25 10:54 -------- d-----w- c:\program files\PHP 2009-12-18 17:22 . 2009-06-22 12:03 -------- d-----w- c:\program files\Multi Milionerek v2 2008 2009-12-18 17:21 . 2009-08-21 19:54 -------- d-----w- c:\program files\scourtoolbar 2009-12-18 17:21 . 2009-05-30 20:17 -------- d-----w- c:\program files\SWiSH Max2 2009-12-18 17:21 . 2009-07-10 21:19 -------- d-----w- c:\program files\Real Alternative 2009-12-18 17:21 . 2000-07-30 17:56 -------- d-----w- c:\program files\QuickTime Alternative 2009-12-18 17:21 . 2009-02-07 12:19 -------- d-----w- c:\program files\MixSense 2009-12-18 17:21 . 2009-10-04 18:29 -------- d-----w- c:\program files\Type98 2009-12-18 17:21 . 2009-02-07 17:31 -------- d-----w- c:\program files\TVUPlayer 2009-12-18 17:21 . 2009-02-03 18:10 -------- d-----w- c:\program files\FileView7 2009-12-14 05:55 . 2009-11-03 11:26 -------- d-----w- c:\program files\ipla 2009-11-11 10:04 . 2009-11-11 10:04 550 ----a-w- c:\windows\eReg.dat 2009-09-02 18:05 . 2009-09-02 18:05 16384 ----a-w- c:\program files\uik.dat 2009-09-02 18:04 . 2009-09-02 18:04 4 ----a-w- c:\program files\is.dat 2000-02-01 05:40 . 2010-01-25 14:12 557328 ----a-w- c:\program files\Common Files\DAO360.DLL 2000-07-30 14:55 . 2000-07-30 14:55 56 --sh--r- c:\windows\system32\EF167AB1BF.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] "{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-11-22 2166296] "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2009-11-23 2166296] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}] [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-12 21:37 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] 2009-11-23 17:07 2166296 ----a-w- c:\program files\Free_Lunch_Design\tbFre0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9A9E-3AF287E2699B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}] 2009-11-22 20:35 2166296 ----a-w- c:\program files\Mininova\tbMin0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-11-22 2166296] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192] "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2009-11-23 2166296] [HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{F592709F-FF4A-4862-B659-4AFABDA56312}"= "c:\program files\Mininova\tbMin0.dll" [2009-11-22 2166296] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-12 333192] "{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFre0.dll" [2009-11-23 2166296] [HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "RGSC"="d:\gry\GTA 4\Rockstar Games Social Club\RGSCLauncher.exe" [2010-01-02 306088] "DLD.EXE"="c:\program files\Download Direct\DLD.exe" [2007-09-06 1343488] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-07-15 931248] "VS Online"="c:\program files\VS Online\VSOnline.exe" [2009-08-05 1098752] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-06 21:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] 2006-09-28 20:02 43520 ----a-w- c:\program files\BitTorrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 20:51 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-11-12 14:27 133104 ----atw- c:\documents and settings\Fijołek Robert\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] 2008-07-15 07:39 931248 ----a-w- c:\program files\Internet Download Manager\IDMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!] 2009-12-23 16:14 14100888 ----a-w- c:\program files\ipla\ipla.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-08-11 14:30 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGMobileSyncLauncher] 2009-02-11 08:48 4337664 ----a-w- c:\program files\LG PC Suite II\LG_MobileSync_Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 20:51 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2003-10-31 17:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2006-11-23 23:06 487424 ----a-r- c:\program files\Sony Ericsson\Mobile3\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper] 2005-03-24 12:52 94770 ----a-w- c:\program files\Ringz Studio\Storm Codec\StormSet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-11-17 18:09 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-12-21 12:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\CNAC4RPK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "d:\\GRY\\PES 2009\\pes2009.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\PPMate\\ppmate.exe"= "c:\\Program Files\\PPMate\\ppamnet.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\GRY\\Pes 10\\pes2010.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\GRY\\GTA 4\\Rockstar Games Social Club\\RGSCLauncher.exe"= "d:\\GRY\\GTA 4\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\Program Files\\MiniRacingOnline\\MiniRacingOnLine.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2000-07-27 685816] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-10-12 17920] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-06 78416] R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-06 20560] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2008-10-12 12672] R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-12-06 4096] S2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-02-09 6016] S3 96EW;96EW Filter;c:\windows\system32\drivers\96EW.sys [2009-06-23 20480] S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys --> c:\windows\system32\DRIVERS\netimflt.sys [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;c:\mssql$autodeskvault\Binn\sqlagent.EXE -i AUTODESKVAULT --> c:\mssql$autodeskvault\Binn\sqlagent.EXE -i AUTODESKVAULT [?] . Zawartość folderu 'Zaplanowane zadania' 2010-01-30 c:\windows\Tasks\User_Feed_Synchronization-{44927E81-EB1C-4252-8766-EB7FB32E426A}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.tattoodle.com?tid={3D1743BE-B6FC-4ce3-A768-8D07C003AB52} uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=PwOkQ0FKOL5_qj2CRYvdTg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local>;*.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - [url="http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000"]http://edits.mywebse...html?p=ZRfox000[/url] IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Ściągnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Ściągnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Ściągnij zawartość wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm TCP: {5CDA8B3F-8D6E-40AC-824E-602355EDE539} = 82.160.1.1,213.199.225.14 FF - ProfilePath - c:\documents and settings\Fijołek Robert\Dane aplikacji\Mozilla\Firefox\Profiles\o867gjje.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - [spam].com FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={FF2EE799-C345-DF65-9961-4C15B38583AD}&q= FF - component: c:\documents and settings\Fijołek Robert\Dane aplikacji\IDM\idmmzcc2\components\idmmzcc.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDARTS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAKAOV2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPROULETTE.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSLOTS90.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWORDS.dll . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - c:\program files\SGPSA\SearchAssistant.dll BHO-{F0626A63-410B-45E2-99A1-3F2475B2D695} - c:\program files\SGPSA\BHO.dll MSConfigStartUp-AdobeUpdater6 - c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe MSConfigStartUp-Anti Mosquito - c:\documents and settings\Fijołek Robert\Moje dokumenty\Downloads\Programs\Anti_Mosquito.exe MSConfigStartUp-FBSearch - c:\program files\Search Guard Plus\SearchGuardPlus.exe MSConfigStartUp-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe MSConfigStartUp-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe AddRemove-Lekarz domowy_is1 - c:\program files\Lekarz domowy\unins000.exe AddRemove-Logomocja-Imagine Demo_is1 - c:\program files\Logomocja Demo\unins000.exe AddRemove-F-1 Mania 2008 - d:\gry\f1 mania 2008 PRO\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-01-30 12:44 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x86F868AC]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf75a5f28 \Driver\ACPI -> ACPI.sys @ 0xf7316cb8 \Driver\atapi -> atapi.sys @ 0xf72abb40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022 ParseProcedure -> ntkrnlpa.exe @ 0x80577c84 NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf71b4bb0 PacketIndicateHandler -> NDIS.sys @ 0xf71c1a21 SendHandler -> NDIS.sys @ 0xf719f87b user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql] "ImagePath"="c:\usr/MYSQL/bin/mysqld.exe" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1004336348-1035525444-839522115-1006\Software\SecuROM\License information*] "datasecu"=hex:c9,b9,0f,e6,01,63,95,c9,6f,d0,c6,73,53,57,f6,5f,87,8e,aa,87,43, f3,d7,c5,84,44,51,57,60,98,9f,77,ab,d0,06,3c,7a,8c,06,99,c9,9d,76,f3,14,1a,\ "rkeysecu"=hex:bb,48,d0,9f,2e,ff,c4,b9,37,18,14,34,cd,87,7b,29 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{187551b6-92dc-4877-8c37-81d1c1b92a9d}] @Denied: (Full) (Everyone) "Model"=dword:0000007c "Therad"=dword:0000000f [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):a4,0a,bb,68,fa,b9,60,9b,20,83,88,95,8a,07,5a,1c,34,af,bb,a5,be, 5e,66,83,8b,19,da,b7,f9,50,d4,02,bb,c2,7d,fc,5a,cc,5b,bd,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):62,fc,e0,e1,d1,82,b7,42,73,2e,b5,91,2e,00,87,dc,67,3c,55,44,49, e4,db,19,fb,37,11,0e,bd,cd,ba,72,51,e4,69,62,c5,e7,49,2c,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a55dc99c-44f1-4637-a19f-d03bef39c97b}] @Denied: (Full) (Everyone) "Model"=dword:0000015b "Therad"=dword:00000030 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(972) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1516) c:\program files\Internet Download Manager\idmmkb.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll c:\program files\Internet Download Manager\IDMIECC.dll c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll c:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe d:\instalowane\Program inventor\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe c:\windows\RTHDCPL.EXE d:\instalowane\Program inventor\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\mssql$autodeskvault\Binn\sqlservr.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\usr\MYSQL\bin\mysqld.exe c:\program files\Eset\nod32krn.exe c:\windows\system32\PnkBstrA.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\windows\system32\CNAC4RPK.EXE c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\system32\wscntfy.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Nowe Gadu-Gadu\spellchecker_gg.exe c:\program files\Internet Download Manager\IEMonitor.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe . ************************************************************************** . Czas ukończenia: 2010-01-30 12:53:04 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-01-30 11:52 ComboFix2.txt 2009-04-13 19:42 ComboFix3.txt 2009-01-10 06:52 ComboFix4.txt 2008-12-11 12:23 ComboFix5.txt 2010-01-30 11:27 Przed: 4 075 298 816 bajtów wolnych Po: 9 101 119 488 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - 7D474BB6A9BA8B9B579E4366954CD90B[/log] nikt nie wiem? proszę o pomoc ;(
nitro07 komentarz 30 stycznia 2010 komentarz 30 stycznia 2010 1. napisz, co to za instalka 2. prawdopodobnie plik jest uszkodzony, instalujesz z oryginalnego nośnika ?
pawelziom93 komentarz 30 stycznia 2010 Autor komentarz 30 stycznia 2010 (edytowane) [quote name='nitro07' date='30 styczeń 2010 - 18:05' timestamp='1264871142' post='963013'] 1. napisz, co to za instalka 2. prawdopodobnie plik jest uszkodzony, instalujesz z oryginalnego nośnika ? [/quote] instalka vancouver 2010. jasne, ze tak, to nie wina tego. XP SP3
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.