Jackaal utworzono 31 stycznia 2010 utworzono 31 stycznia 2010 Dzień dobry. Wszystko jak w temacie. Ponadto kontaktowałem się z firmą, która dostarcza mi internet i nie znaleźli żadnego problemu. [log]OTL logfile created on: 2010-01-31 12:43:04 - Run 2 OTL by OldTimer - Version 3.1.27.1 Folder = D:\Programy\Single files Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15,00 Gb Total Space | 9,08 Gb Free Space | 60,56% Space Free | Partition Type: NTFS Drive D: | 134,04 Gb Total Space | 108,65 Gb Free Space | 81,06% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MOJE-BEJBE Current User Name: Jackaal Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-01-31 12:41:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- D:\Programy\Single files\OTL.exe PRC - [2010-01-31 12:19:06 | 000,190,160 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe PRC - [2010-01-06 23:13:18 | 000,908,248 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox\firefox.exe PRC - [2009-12-20 21:23:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-12-08 14:00:31 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-12-03 16:14:02 | 000,276,816 | ---- | M] (Malwarebytes Corporation) -- D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2005-09-22 15:01:54 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-01-31 12:41:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- D:\Programy\Single files\OTL.exe MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 22:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 22:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 22:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 22:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 22:29:10 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-01-31 12:19:06 | 000,190,160 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB) SRV - [2009-12-20 21:23:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-12-08 14:00:31 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA) SRV - [2009-12-03 16:14:02 | 000,276,816 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2009-06-10 08:28:50 | 000,168,004 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc) SRV - [2008-04-14 22:50:36 | 000,163,185 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\xvejy.dll -- (vvckev) SRV - [2005-09-22 15:01:54 | 000,053,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-01-31 12:19:23 | 000,139,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2010-01-06 23:46:17 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010-01-06 23:46:17 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2009-12-29 12:43:04 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-12-03 16:13:56 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009-06-10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2008-04-13 22:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2005-08-18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2005-08-10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005-05-16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005-04-06 03:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005-04-06 03:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2002-09-23 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-602162358-1979792683-839522115-1004\S-1-5-21-602162358-1979792683-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Filmweb.pl" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Programy\Firefox\components [2010-01-06 23:13:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Programy\Firefox\plugins [2010-01-06 23:13:20 | 000,000,000 | ---D | M] [2009-12-07 08:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\Mozilla\Extensions [2010-01-30 12:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\Mozilla\Firefox\Profiles\n9vnxpxt.default\extensions [2009-12-20 21:14:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jackaal\Dane aplikacji\Mozilla\Firefox\Profiles\n9vnxpxt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009-12-07 09:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\Mozilla\Firefox\Profiles\n9vnxpxt.default\extensions\battlefieldheroespatcher@ea.com [2010-01-09 23:13:43 | 000,006,199 | ---- | M] () -- C:\Documents and Settings\Jackaal\Dane aplikacji\Mozilla\Firefox\Profiles\n9vnxpxt.default\searchplugins\filmwebpl.xml O1 HOSTS File: ([2002-09-23 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Jackaal\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programy\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-602162358-1979792683-839522115-1004..\Run: [DAEMON Tools Pro Agent] D:\Programy\DAEMON Tools Pro\DTProAgent.exe File not found O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-602162358-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.63.9 82.139.8.7 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-08-26 15:24:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{4ee9785c-0b3b-11df-ab01-0019db6595e3}\Shell - "" = AutoRun O33 - MountPoints2\{d7bd1e1f-e991-11de-aaa8-0019db6595e3}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-12-07 08:38:24 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: upbivpeta - File not found NetSvcs: zttqpdp - File not found NetSvcs: vvckev - C:\WINDOWS\system32\xvejy.dll () [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-01-29 11:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackaal\Dane aplikacji\fizzy [2010-01-27 14:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackaal\Dane aplikacji\PhotoFiltre [2010-01-24 11:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\directx [2010-01-24 11:26:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\1F8FB0FA6FF24B2FBE2F7266AFB0895D.TMP [2010-01-14 18:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackaal\Dane aplikacji\OpenOffice.org [2010-01-06 23:46:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2010-01-06 23:10:29 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys [2010-01-06 23:10:29 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys [2010-01-06 11:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Adobe [2010-01-06 11:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Adobe [2010-01-06 11:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010-01-04 19:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackaal\Dane aplikacji\OpenOffice.ux.pl [2010-01-02 01:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackaal\WapSter [2010-01-01 23:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2009-09-16 06:46:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2009-08-27 11:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-08-26 15:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-08-26 15:24:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-01-31 12:19:23 | 000,139,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-01-31 12:19:06 | 000,190,160 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010-01-31 12:19:06 | 000,190,160 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2010-01-31 12:16:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-01-31 12:16:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-01-31 12:15:55 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Jackaal\NTUSER.DAT [2010-01-31 12:15:55 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Jackaal\ntuser.ini [2010-01-31 12:15:51 | 005,845,270 | -H-- | M] () -- C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-01-30 23:52:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-01-30 08:04:46 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Jackaal\Moje dokumenty\spider.sav [2010-01-28 13:16:29 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-01-25 11:55:29 | 000,568,006 | ---- | M] () -- C:\Documents and Settings\Jackaal\Pulpit\Ale urwał.mp3 [2010-01-24 11:27:33 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll [2010-01-24 11:27:33 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll [2010-01-24 11:27:33 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll [2010-01-24 11:21:49 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat [2010-01-19 07:38:12 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-01-18 22:21:58 | 000,019,064 | ---- | M] () -- C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-01-18 21:19:54 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\Xpand Rally.lnk [2010-01-17 11:19:54 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-01-15 09:31:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-01-06 23:46:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010-01-06 23:46:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf [2010-01-06 23:46:23 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-01-06 23:46:17 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys [2010-01-06 23:46:17 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys [2010-01-06 23:34:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [2010-01-06 23:34:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01005.Wdf [2010-01-02 13:05:21 | 000,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll [2010-01-02 13:05:21 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-01-25 11:55:26 | 000,568,006 | ---- | C] () -- C:\Documents and Settings\Jackaal\Pulpit\Ale urwał.mp3 [2010-01-24 20:25:17 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Jackaal\Moje dokumenty\spider.sav [2010-01-24 11:21:49 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2010-01-18 21:19:54 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\Xpand Rally.lnk [2010-01-17 11:19:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-01-06 23:46:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf [2010-01-06 23:46:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf [2010-01-06 23:34:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf [2010-01-06 23:34:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01005.Wdf [2010-01-06 22:27:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010-01-03 01:27:17 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010-01-03 01:27:17 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010-01-03 01:27:17 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2009-12-29 12:43:04 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-12-15 07:24:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-12-15 07:24:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-12-15 07:24:35 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-12-15 07:24:35 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-12-15 07:24:34 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-12-15 07:24:34 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-12-15 07:19:47 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-12-12 23:28:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS53.DLL [2009-12-08 14:01:16 | 000,139,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-12-07 09:23:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-12-07 09:21:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2002-09-23 13:00:00 | 000,163,185 | RHS- | C] () -- C:\WINDOWS\System32\xvejy.dll [color=#E56717]========== LOP Check ==========[/color] [2009-11-27 15:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BioWare [2009-08-31 09:50:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ [2009-11-20 20:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro [2009-09-17 22:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DriverCure [2009-11-01 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GoldWave [2009-10-29 08:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU [2009-10-28 06:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS [2009-12-29 13:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Pro [2009-12-16 12:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\GoldWave [2010-01-30 16:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\BESTplayer [2009-12-29 13:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\DAEMON Tools Pro [2010-01-29 11:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\fizzy [2009-12-07 08:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\Gadu-Gadu 10 [2009-12-16 01:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\GHISLER [2010-01-14 18:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\OpenOffice.org [2010-01-04 19:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\OpenOffice.ux.pl [2010-01-27 14:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\PhotoFiltre [2009-12-20 21:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\VitySoft [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-08-26 15:24:23 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009-12-21 10:15:14 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2002-09-23 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-12-07 07:57:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-12-07 07:57:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-12-07 07:57:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009-12-07 20:46:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-12-07 20:46:46 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-01-31 12:16:30 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys < End of report >[/log]
Jackaal komentarz 3 lutego 2010 Autor komentarz 3 lutego 2010 [log]ComboFix 10-02-02.08 - Jackaal 2010-02-03 17:37:24.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1757 [GMT 1:00] Uruchomiony z: c:\documents and settings\Jackaal\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1078081533-1708537768-839522115-1004 c:\windows\system32\ieuinit.inf c:\windows\system32\SIntf16.dll c:\windows\system32\xvejy.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_VVCKEV -------\Service_vvckev ((((((((((((((((((((((((( Pliki utworzone od 2010-01-03 do 2010-02-03 ))))))))))))))))))))))))))))))) . 2010-02-01 07:54 . 2010-02-01 07:54 -------- d-----w- c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Identities 2010-01-29 10:20 . 2010-01-29 10:20 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\fizzy 2010-01-28 10:58 . 2008-04-14 20:51 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-01-27 13:07 . 2010-01-27 13:07 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\PhotoFiltre 2010-01-24 10:26 . 2010-01-24 10:26 -------- d-----w- c:\program files\directx 2010-01-24 10:26 . 2010-01-24 10:26 -------- d-----w- c:\windows\1F8FB0FA6FF24B2FBE2F7266AFB0895D.TMP 2010-01-24 10:25 . 2010-01-24 10:25 22528 ----a-r- c:\documents and settings\Jackaal\Dane aplikacji\Microsoft\Installer\{1F8FB0FA-6FF2-4B2F-BE2F-7266AFB0895D}\IconC5EEDCDA.exe 2010-01-24 10:21 . 2010-01-24 10:21 4096 ----a-w- c:\windows\d3dx.dat 2010-01-17 10:19 . 2010-01-17 10:19 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-01-14 17:10 . 2010-02-03 11:55 1 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-14 17:09 . 2010-01-14 17:09 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.org 2010-01-06 22:46 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-01-06 22:46 . 2010-01-06 22:46 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2010-01-06 22:46 . 2010-01-06 22:46 -------- dc----w- c:\windows\system32\DRVSTORE 2010-01-06 22:10 . 2010-01-06 22:46 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2010-01-06 22:10 . 2010-01-06 22:46 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys 2010-01-06 22:10 . 2006-11-02 08:09 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll 2010-01-06 10:51 . 2010-01-06 11:00 -------- d-----w- c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Adobe 2010-01-06 10:50 . 2010-01-06 10:50 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-05 12:20 . 2010-01-05 12:20 249856 ------w- c:\windows\Setup1.exe 2010-01-05 12:20 . 2010-01-05 12:20 73216 ----a-w- c:\windows\ST6UNST.EXE 2010-01-04 18:42 . 2010-01-04 18:42 1 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.ux.pl\3\user\uno_packages\cache\stamp.sys 2010-01-04 18:41 . 2010-01-04 18:41 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.ux.pl . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-02 13:18 . 2009-12-08 13:01 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-02-02 13:18 . 2009-12-08 13:00 190160 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-01-30 15:23 . 2009-12-07 08:26 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\BESTplayer 2010-01-27 13:01 . 2010-01-01 22:29 -------- d-----w- c:\program files\Google 2010-01-24 10:27 . 2010-01-03 00:27 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-01-24 10:27 . 2010-01-03 00:27 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-01-19 19:16 . 2009-09-12 10:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-18 21:21 . 2009-12-07 19:54 19064 ----a-w- c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-01-18 20:07 . 2009-08-26 15:52 -------- d-----w- c:\program files\Common Files\InstallShield 2010-01-06 22:46 . 2010-01-06 22:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-01-06 22:46 . 2010-01-06 22:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf 2010-01-06 22:34 . 2010-01-06 22:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-01-06 22:34 . 2010-01-06 22:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2010-01-02 12:05 . 2009-12-29 12:46 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2010-01-02 12:05 . 2009-12-29 12:46 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2009-12-29 17:01 . 2009-12-29 17:01 -------- d--h--r- c:\documents and settings\Jackaal\Dane aplikacji\SecuROM 2009-12-29 17:01 . 2009-12-29 17:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-12-29 12:33 . 2009-11-27 06:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-29 12:27 . 2009-12-29 11:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Pro 2009-12-29 12:27 . 2009-12-29 11:24 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\DAEMON Tools Pro 2009-12-29 11:43 . 2009-12-29 11:43 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-12-21 13:47 . 2009-12-21 13:47 11776 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll 2009-12-20 20:24 . 2009-12-20 20:24 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\VitySoft 2009-12-20 20:23 . 2009-12-20 20:23 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-20 20:23 . 2009-12-20 20:23 152576 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-20 20:21 . 2009-12-20 20:21 79488 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-16 18:58 . 2009-08-26 18:02 -------- d-----w- c:\program files\Common Files\LightScribe 2009-12-16 11:40 . 2009-12-16 11:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\GoldWave 2009-12-16 00:44 . 2002-09-23 12:00 83660 ----a-w- c:\windows\system32\perfc015.dat 2009-12-16 00:44 . 2002-09-23 12:00 490284 ----a-w- c:\windows\system32\perfh015.dat 2009-12-16 00:42 . 2009-12-16 00:42 4844296 ----a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-16 00:24 . 2009-12-16 00:24 -------- d-----w- c:\program files\MSBuild 2009-12-16 00:24 . 2009-12-16 00:24 -------- d-----w- c:\program files\Reference Assemblies 2009-12-16 00:15 . 2009-12-16 00:15 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\GHISLER 2009-12-15 21:43 . 2009-09-26 07:08 -------- d-----w- c:\program files\Realtek AC97 2009-12-14 22:56 . 2009-12-14 22:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\NVIDIA Corporation 2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr 2009-12-10 21:02 . 2009-12-10 21:02 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\Winamp 2009-12-08 13:00 . 2009-12-08 13:00 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-12-07 20:20 . 2009-12-07 20:20 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\Malwarebytes 2009-12-02 17:52 . 2009-12-02 17:52 37376 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll 2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll 2009-11-09 18:00 . 2009-12-15 06:24 85504 ----a-w- c:\windows\system32\ff_vfw.dll . ------- Sigcheck ------- Błąd usług kryptograficznych !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WiseStubReboot"="MSIEXEC" [X] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "Adobe Reader Speed Launcher"="d:\programy\Adobe Reader\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2009-12-03 15:14 1394000 ----a-w- d:\programy\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2009-12-03 15:14 429392 ----a-w- d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-06-10 07:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-06-10 07:28 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-06-10 07:29 1657376 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor] 2007-08-14 11:38 2256896 ----a-w- d:\programy\RegDoctor\RegDoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-12-20 20:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "nvsvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9053:TCP"= 9053:TCP:iipzevbg R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-29 721904] R2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-07 276816] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-07 19160] S3 ALSysIO;ALSysIO;\??\c:\docume~1\Jackaal\USTAWI~1\Temp\ALSysIO.sys --> c:\docume~1\Jackaal\USTAWI~1\Temp\ALSysIO.sys [?] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-01-06 13224] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs upbivpeta zttqpdp . . ------- Skan uzupełniający ------- . uInternet Connection Wizard,ShellNext = hxxp://zedge.net/ DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-DAEMON Tools Pro Agent - d:\programy\DAEMON Tools Pro\DTProAgent.exe MSConfigStartUp-Google Update - c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-03 17:40 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89DCF1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28 \Driver\ACPI -> ACPI.sys @ 0xb7e65cb8 \Driver\atapi -> atapi.sys @ 0xb7e20b40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7d12bb0 PacketIndicateHandler -> NDIS.sys @ 0xb7d1fa21 SendHandler -> NDIS.sys @ 0xb7cfd87b user & kernel MBR OK ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-602162358-1979792683-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-602162358-1979792683-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:32,93,0a,80,2b,34,b9,ef,52,d0,3b,29,b3,ab,c0,b4,2c,f3,99,de,5e, 4a,55,ba,0f,17,48,ce,02,56,90,fe,bf,9c,2d,ab,1b,10,66,27,1c,08,46,32,70,20,\ "rkeysecu"=hex:4e,49,77,3b,ef,07,98,08,40,33,f8,7a,6f,51,db,5b . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\windows\system32\wscntfy.exe c:\windows\system32\imapi.exe . ************************************************************************** . Czas ukończenia: 2010-02-03 17:41:46 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-03 16:41 Przed: 9 680 699 392 bajtów wolnych Po: 9 674 739 712 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - A7ABE8E5592C2A8750A59D5137500DB9[/log]
Gość komentarz 3 lutego 2010 komentarz 3 lutego 2010 Jeden CONFICKER - usunął go ComboFix, zostały dwa. Wklep do Notatnika to co jest na tej stronce: http://wklej.org/id/273579/ [b]>>Plik>>Zapisz jako... >>> [color="red"]CFScript[/color][/b] Przeciągnij i upuść plik [color="red"][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b] [b][color="blue"]-------->[/color][/b] [img]http://img167.imageshack.us/img167/7180/cfscript10gm1.gif[/img] Ma się rozpocząć kopiowanie. (i powstanie log).
Jackaal komentarz 7 lutego 2010 Autor komentarz 7 lutego 2010 (edytowane) [log]ComboFix 10-02-03.04 - Jackaal 2010-02-03 23:51:10.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1765 [GMT 1:00] Uruchomiony z: c:\documents and settings\Jackaal\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Jackaal\Pulpit\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\jgaw400.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ALSYSIO -------\Legacy_UPBIVPETA -------\Legacy_ZTTQPDP -------\Service_ALSysIO ((((((((((((((((((((((((( Pliki utworzone od 2010-01-03 do 2010-02-03 ))))))))))))))))))))))))))))))) . 2010-02-01 07:54 . 2010-02-01 07:54 -------- d-----w- c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Identities 2010-01-29 10:20 . 2010-01-29 10:20 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\fizzy 2010-01-28 10:58 . 2008-04-14 20:51 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-01-27 13:07 . 2010-01-27 13:07 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\PhotoFiltre 2010-01-24 10:26 . 2010-01-24 10:26 -------- d-----w- c:\program files\directx 2010-01-24 10:26 . 2010-01-24 10:26 -------- d-----w- c:\windows\1F8FB0FA6FF24B2FBE2F7266AFB0895D.TMP 2010-01-24 10:25 . 2010-01-24 10:25 22528 ----a-r- c:\documents and settings\Jackaal\Dane aplikacji\Microsoft\Installer\{1F8FB0FA-6FF2-4B2F-BE2F-7266AFB0895D}\IconC5EEDCDA.exe 2010-01-24 10:21 . 2010-01-24 10:21 4096 ----a-w- c:\windows\d3dx.dat 2010-01-17 10:19 . 2010-01-17 10:19 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-01-14 17:10 . 2010-02-03 17:28 1 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-01-14 17:09 . 2010-01-14 17:09 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.org 2010-01-06 22:46 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-01-06 22:46 . 2010-01-06 22:46 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2010-01-06 22:46 . 2010-01-06 22:46 -------- dc----w- c:\windows\system32\DRVSTORE 2010-01-06 22:10 . 2010-01-06 22:46 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2010-01-06 22:10 . 2010-01-06 22:46 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys 2010-01-06 22:10 . 2006-11-02 08:09 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll 2010-01-06 10:51 . 2010-01-06 11:00 -------- d-----w- c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Adobe 2010-01-06 10:50 . 2010-01-06 10:50 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-05 12:20 . 2010-01-05 12:20 249856 ------w- c:\windows\Setup1.exe 2010-01-05 12:20 . 2010-01-05 12:20 73216 ----a-w- c:\windows\ST6UNST.EXE . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-03 16:45 . 2002-09-23 12:00 83660 ----a-w- c:\windows\system32\perfc015.dat 2010-02-03 16:45 . 2002-09-23 12:00 490284 ----a-w- c:\windows\system32\perfh015.dat 2010-02-02 13:18 . 2009-12-08 13:01 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-02-02 13:18 . 2009-12-08 13:00 190160 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-01-30 15:23 . 2009-12-07 08:26 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\BESTplayer 2010-01-27 13:01 . 2010-01-01 22:29 -------- d-----w- c:\program files\Google 2010-01-24 10:27 . 2010-01-03 00:27 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-01-24 10:27 . 2010-01-03 00:27 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-01-19 19:16 . 2009-09-12 10:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-18 21:21 . 2009-12-07 19:54 19064 ----a-w- c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-01-18 20:07 . 2009-08-26 15:52 -------- d-----w- c:\program files\Common Files\InstallShield 2010-01-06 22:46 . 2010-01-06 22:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-01-06 22:46 . 2010-01-06 22:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf 2010-01-06 22:34 . 2010-01-06 22:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-01-06 22:34 . 2010-01-06 22:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2010-01-04 18:42 . 2010-01-04 18:42 1 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.ux.pl\3\user\uno_packages\cache\stamp.sys 2010-01-04 18:41 . 2010-01-04 18:41 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.ux.pl 2010-01-02 12:05 . 2009-12-29 12:46 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2010-01-02 12:05 . 2009-12-29 12:46 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2009-12-29 17:01 . 2009-12-29 17:01 -------- d--h--r- c:\documents and settings\Jackaal\Dane aplikacji\SecuROM 2009-12-29 17:01 . 2009-12-29 17:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-12-29 12:33 . 2009-11-27 06:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-29 12:27 . 2009-12-29 11:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Pro 2009-12-29 12:27 . 2009-12-29 11:24 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\DAEMON Tools Pro 2009-12-29 11:43 . 2009-12-29 11:43 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-12-21 13:47 . 2009-12-21 13:47 11776 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll 2009-12-20 20:24 . 2009-12-20 20:24 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\VitySoft 2009-12-20 20:23 . 2009-12-20 20:23 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-20 20:23 . 2009-12-20 20:23 152576 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-20 20:21 . 2009-12-20 20:21 79488 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-16 18:58 . 2009-08-26 18:02 -------- d-----w- c:\program files\Common Files\LightScribe 2009-12-16 11:40 . 2009-12-16 11:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\GoldWave 2009-12-16 00:42 . 2009-12-16 00:42 4844296 ----a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-16 00:24 . 2009-12-16 00:24 -------- d-----w- c:\program files\MSBuild 2009-12-16 00:24 . 2009-12-16 00:24 -------- d-----w- c:\program files\Reference Assemblies 2009-12-16 00:15 . 2009-12-16 00:15 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\GHISLER 2009-12-15 21:43 . 2009-09-26 07:08 -------- d-----w- c:\program files\Realtek AC97 2009-12-14 22:56 . 2009-12-14 22:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\NVIDIA Corporation 2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr 2009-12-10 21:02 . 2009-12-10 21:02 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\Winamp 2009-12-08 13:00 . 2009-12-08 13:00 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-12-07 20:20 . 2009-12-07 20:20 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\Malwarebytes 2009-12-02 17:52 . 2009-12-02 17:52 37376 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll 2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll 2009-11-09 18:00 . 2009-12-15 06:24 85504 ----a-w- c:\windows\system32\ff_vfw.dll . ((((((((((((((((((((((((((((( SnapShot@2010-02-03_16.40.05 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-03 22:54 . 2010-02-03 22:54 16384 c:\windows\temp\Perflib_Perfdata_784.dat + 2002-09-23 12:00 . 2010-02-03 16:45 67312 c:\windows\system32\perfc009.dat - 2002-09-23 12:00 . 2009-12-16 00:44 67312 c:\windows\system32\perfc009.dat + 2002-09-23 12:00 . 2010-02-03 16:45 432356 c:\windows\system32\perfh009.dat - 2002-09-23 12:00 . 2009-12-16 00:44 432356 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] c:\windows\system32\dumprep 0 -u [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 03:08 35696 ----a-w- d:\programy\Adobe Reader\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2009-12-03 15:14 1394000 ----a-w- d:\programy\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2009-12-03 15:14 429392 ----a-w- d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-06-10 07:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2009-06-10 07:28 86016 ----a-w- c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2009-06-10 07:29 1657376 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor] 2007-08-14 11:38 2256896 ----a-w- d:\programy\RegDoctor\RegDoctor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-12-20 20:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "nvsvc"=2 (0x2) "wuauserv"=2 (0x2) "wscsvc"=2 (0x2) "MBAMService"=2 (0x2) "idsvc"=3 (0x3) R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-29 721904] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-01-06 13224] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-07 19160] S4 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-07 276816] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc FastUserSwitchingCompatibility HidServ LanmanServer LanmanWorkstation Messenger Nla NWCWorkstation Schedule Seclogon SRService Themes TrkWks W32Time Wmi WmdmPmSp winmgmt TermService wuauserv BITS ShellHWDetection helpsvc napagent hkmsvc xmlprov wscsvc . . ------- Skan uzupełniający ------- . uInternet Connection Wizard,ShellNext = hxxp://zedge.net/ DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-03 23:55 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89DCF1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28 \Driver\ACPI -> ACPI.sys @ 0xb7e65cb8 \Driver\atapi -> atapi.sys @ 0xb7e20b40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7d12bb0 PacketIndicateHandler -> NDIS.sys @ 0xb7d1fa21 SendHandler -> NDIS.sys @ 0xb7cfd87b user & kernel MBR OK ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-602162358-1979792683-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-602162358-1979792683-839522115-1004\Software\SecuROM\License information*] "datasecu"=hex:32,93,0a,80,2b,34,b9,ef,52,d0,3b,29,b3,ab,c0,b4,2c,f3,99,de,5e, 4a,55,ba,0f,17,48,ce,02,56,90,fe,bf,9c,2d,ab,1b,10,66,27,1c,08,46,32,70,20,\ "rkeysecu"=hex:4e,49,77,3b,ef,07,98,08,40,33,f8,7a,6f,51,db,5b . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe . ************************************************************************** . Czas ukończenia: 2010-02-03 23:56:39 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-03 22:56 ComboFix2.txt 2010-02-03 16:41 Przed: 9 669 390 336 bajtów wolnych Po: 9 639 284 736 bajtów wolnych - - End Of File - - 974549BFF5C6D8DF772FDCF5C754F75E [/log] No i teraz po combofixie nie mam dźwięku Jak odpalam winamp to wyskakuje "[i]Bad DirectSound driver. Please install proper drivers or select another device in configuration. Error code: 88780078[/i]". Nie pomaga wymiana sterowników dźwiękowych ani instalacja nowszego(?) directxa.Jest dźwięk. Net nadal nie działa jak powinien.Czy log jest czysty?
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.