x-kom hosting

Problem z internetem

Jackaal
utworzono
utworzono

Dzień dobry. Wszystko jak w temacie. Ponadto kontaktowałem się z firmą, która dostarcza mi internet i nie znaleźli żadnego problemu.

[log]OTL logfile created on: 2010-01-31 12:43:04 - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = D:\Programy\Single files
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15,00 Gb Total Space | 9,08 Gb Free Space | 60,56% Space Free | Partition Type: NTFS
Drive D: | 134,04 Gb Total Space | 108,65 Gb Free Space | 81,06% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOJE-BEJBE
Current User Name: Jackaal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-01-31 12:41:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- D:\Programy\Single files\OTL.exe
PRC - [2010-01-31 12:19:06 | 000,190,160 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2010-01-06 23:13:18 | 000,908,248 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox\firefox.exe
PRC - [2009-12-20 21:23:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-12-08 14:00:31 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009-12-03 16:14:02 | 000,276,816 | ---- | M] (Malwarebytes Corporation) -- D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2005-09-22 15:01:54 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-01-31 12:41:32 | 000,548,864 | ---- | M] (OldTimer Tools) -- D:\Programy\Single files\OTL.exe
MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 22:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 22:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 22:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 22:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-04-14 22:29:10 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-01-31 12:19:06 | 000,190,160 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009-12-20 21:23:40 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-12-08 14:00:31 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009-12-03 16:14:02 | 000,276,816 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programy\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009-06-10 08:28:50 | 000,168,004 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2008-04-14 22:50:36 | 000,163,185 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\xvejy.dll -- (vvckev)
SRV - [2005-09-22 15:01:54 | 000,053,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-01-31 12:19:23 | 000,139,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010-01-06 23:46:17 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010-01-06 23:46:17 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009-12-29 12:43:04 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-12-03 16:13:56 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009-06-10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008-04-13 22:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005-08-18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005-08-10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005-05-16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005-04-06 03:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005-04-06 03:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2002-09-23 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-1979792683-839522115-1004\S-1-5-21-602162358-1979792683-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Filmweb.pl"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Programy\Firefox\components [2010-01-06 23:13:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Programy\Firefox\plugins [2010-01-06 23:13:20 | 000,000,000 | ---D | M]

[2009-12-07 08:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\Mozilla\Extensions
[2010-01-30 12:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\Mozilla\Firefox\Profiles\n9vnxpxt.default\extensions
[2009-12-20 21:14:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Jackaal\Dane aplikacji\Mozilla\Firefox\Profiles\n9vnxpxt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-12-07 09:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\Mozilla\Firefox\Profiles\n9vnxpxt.default\extensions\battlefieldheroespatcher@ea.com
[2010-01-09 23:13:43 | 000,006,199 | ---- | M] () -- C:\Documents and Settings\Jackaal\Dane aplikacji\Mozilla\Firefox\Profiles\n9vnxpxt.default\searchplugins\filmwebpl.xml

O1 HOSTS File: ([2002-09-23 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Jackaal\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Programy\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-602162358-1979792683-839522115-1004..\Run: [DAEMON Tools Pro Agent] D:\Programy\DAEMON Tools Pro\DTProAgent.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1979792683-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.63.9 82.139.8.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-08-26 15:24:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4ee9785c-0b3b-11df-ab01-0019db6595e3}\Shell - "" = AutoRun
O33 - MountPoints2\{d7bd1e1f-e991-11de-aaa8-0019db6595e3}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-12-07 08:38:24 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: upbivpeta - File not found
NetSvcs: zttqpdp - File not found
NetSvcs: vvckev - C:\WINDOWS\system32\xvejy.dll ()

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-01-29 11:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackaal\Dane aplikacji\fizzy
[2010-01-27 14:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackaal\Dane aplikacji\PhotoFiltre
[2010-01-24 11:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2010-01-24 11:26:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\1F8FB0FA6FF24B2FBE2F7266AFB0895D.TMP
[2010-01-14 18:09:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackaal\Dane aplikacji\OpenOffice.org
[2010-01-06 23:46:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010-01-06 23:10:29 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010-01-06 23:10:29 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010-01-06 11:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Adobe
[2010-01-06 11:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Adobe
[2010-01-06 11:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010-01-04 19:41:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackaal\Dane aplikacji\OpenOffice.ux.pl
[2010-01-02 01:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackaal\WapSter
[2010-01-01 23:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2009-09-16 06:46:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-08-27 11:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-08-26 15:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-08-26 15:24:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-01-31 12:19:23 | 000,139,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-01-31 12:19:06 | 000,190,160 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010-01-31 12:19:06 | 000,190,160 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010-01-31 12:16:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-31 12:16:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-31 12:15:55 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Jackaal\NTUSER.DAT
[2010-01-31 12:15:55 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Jackaal\ntuser.ini
[2010-01-31 12:15:51 | 005,845,270 | -H-- | M] () -- C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-01-30 23:52:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-30 08:04:46 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Jackaal\Moje dokumenty\spider.sav
[2010-01-28 13:16:29 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-25 11:55:29 | 000,568,006 | ---- | M] () -- C:\Documents and Settings\Jackaal\Pulpit\Ale urwał.mp3
[2010-01-24 11:27:33 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010-01-24 11:27:33 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2010-01-24 11:27:33 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2010-01-24 11:21:49 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2010-01-19 07:38:12 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-01-18 22:21:58 | 000,019,064 | ---- | M] () -- C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-01-18 21:19:54 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\Xpand Rally.lnk
[2010-01-17 11:19:54 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010-01-15 09:31:38 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-06 23:46:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-01-06 23:46:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010-01-06 23:46:23 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-01-06 23:46:17 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggsemc.sys
[2010-01-06 23:46:17 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\drivers\ggflt.sys
[2010-01-06 23:34:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010-01-06 23:34:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01005.Wdf
[2010-01-02 13:05:21 | 000,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010-01-02 13:05:21 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-01-25 11:55:26 | 000,568,006 | ---- | C] () -- C:\Documents and Settings\Jackaal\Pulpit\Ale urwał.mp3
[2010-01-24 20:25:17 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Jackaal\Moje dokumenty\spider.sav
[2010-01-24 11:21:49 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-01-18 21:19:54 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\Xpand Rally.lnk
[2010-01-17 11:19:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010-01-06 23:46:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-01-06 23:46:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010-01-06 23:34:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010-01-06 23:34:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01005.Wdf
[2010-01-06 22:27:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-03 01:27:17 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010-01-03 01:27:17 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010-01-03 01:27:17 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009-12-29 12:43:04 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-12-15 07:24:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-12-15 07:24:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-12-15 07:24:35 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-12-15 07:24:35 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-12-15 07:24:34 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-12-15 07:24:34 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-12-15 07:19:47 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Jackaal\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-12-12 23:28:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS53.DLL
[2009-12-08 14:01:16 | 000,139,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-12-07 09:23:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-12-07 09:21:11 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2002-09-23 13:00:00 | 000,163,185 | RHS- | C] () -- C:\WINDOWS\System32\xvejy.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009-11-27 15:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BioWare
[2009-08-31 09:50:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ
[2009-11-20 20:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
[2009-09-17 22:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DriverCure
[2009-11-01 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GoldWave
[2009-10-29 08:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonEU
[2009-10-28 06:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NexonUS
[2009-12-29 13:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Pro
[2009-12-16 12:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\GoldWave
[2010-01-30 16:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\BESTplayer
[2009-12-29 13:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\DAEMON Tools Pro
[2010-01-29 11:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\fizzy
[2009-12-07 08:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\Gadu-Gadu 10
[2009-12-16 01:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\GHISLER
[2010-01-14 18:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\OpenOffice.org
[2010-01-04 19:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\OpenOffice.ux.pl
[2010-01-27 14:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\PhotoFiltre
[2009-12-20 21:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackaal\Dane aplikacji\VitySoft

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-08-26 15:24:23 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-12-21 10:15:14 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2002-09-23 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-12-07 07:57:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-12-07 07:57:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-12-07 07:57:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-12-07 20:46:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-12-07 20:46:46 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-01-31 12:16:30 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
< End of report >[/log]

Psycholandia
komentarz
komentarz

Daj loga z Combofixa.

Jackaal
komentarz
komentarz

[log]ComboFix 10-02-02.08 - Jackaal 2010-02-03 17:37:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1757 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Jackaal\Pulpit\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1078081533-1708537768-839522115-1004
c:\windows\system32\ieuinit.inf
c:\windows\system32\SIntf16.dll
c:\windows\system32\xvejy.dll

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VVCKEV
-------\Service_vvckev


((((((((((((((((((((((((( Pliki utworzone od 2010-01-03 do 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-01 07:54 . 2010-02-01 07:54 -------- d-----w- c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Identities
2010-01-29 10:20 . 2010-01-29 10:20 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\fizzy
2010-01-28 10:58 . 2008-04-14 20:51 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-27 13:07 . 2010-01-27 13:07 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\PhotoFiltre
2010-01-24 10:26 . 2010-01-24 10:26 -------- d-----w- c:\program files\directx
2010-01-24 10:26 . 2010-01-24 10:26 -------- d-----w- c:\windows\1F8FB0FA6FF24B2FBE2F7266AFB0895D.TMP
2010-01-24 10:25 . 2010-01-24 10:25 22528 ----a-r- c:\documents and settings\Jackaal\Dane aplikacji\Microsoft\Installer\{1F8FB0FA-6FF2-4B2F-BE2F-7266AFB0895D}\IconC5EEDCDA.exe
2010-01-24 10:21 . 2010-01-24 10:21 4096 ----a-w- c:\windows\d3dx.dat
2010-01-17 10:19 . 2010-01-17 10:19 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-01-14 17:10 . 2010-02-03 11:55 1 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-14 17:09 . 2010-01-14 17:09 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.org
2010-01-06 22:46 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-01-06 22:46 . 2010-01-06 22:46 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-01-06 22:46 . 2010-01-06 22:46 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-06 22:10 . 2010-01-06 22:46 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-06 22:10 . 2010-01-06 22:46 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-01-06 22:10 . 2006-11-02 08:09 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2010-01-06 10:51 . 2010-01-06 11:00 -------- d-----w- c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Adobe
2010-01-06 10:50 . 2010-01-06 10:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-05 12:20 . 2010-01-05 12:20 249856 ------w- c:\windows\Setup1.exe
2010-01-05 12:20 . 2010-01-05 12:20 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-04 18:42 . 2010-01-04 18:42 1 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.ux.pl\3\user\uno_packages\cache\stamp.sys
2010-01-04 18:41 . 2010-01-04 18:41 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.ux.pl

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 13:18 . 2009-12-08 13:01 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-02 13:18 . 2009-12-08 13:00 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-30 15:23 . 2009-12-07 08:26 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\BESTplayer
2010-01-27 13:01 . 2010-01-01 22:29 -------- d-----w- c:\program files\Google
2010-01-24 10:27 . 2010-01-03 00:27 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-01-24 10:27 . 2010-01-03 00:27 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-01-19 19:16 . 2009-09-12 10:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-18 21:21 . 2009-12-07 19:54 19064 ----a-w- c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-01-18 20:07 . 2009-08-26 15:52 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-06 22:46 . 2010-01-06 22:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-06 22:46 . 2010-01-06 22:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-01-06 22:34 . 2010-01-06 22:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-06 22:34 . 2010-01-06 22:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2010-01-02 12:05 . 2009-12-29 12:46 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-02 12:05 . 2009-12-29 12:46 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-29 17:01 . 2009-12-29 17:01 -------- d--h--r- c:\documents and settings\Jackaal\Dane aplikacji\SecuROM
2009-12-29 17:01 . 2009-12-29 17:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-29 12:33 . 2009-11-27 06:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-29 12:27 . 2009-12-29 11:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Pro
2009-12-29 12:27 . 2009-12-29 11:24 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\DAEMON Tools Pro
2009-12-29 11:43 . 2009-12-29 11:43 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-21 13:47 . 2009-12-21 13:47 11776 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
2009-12-20 20:24 . 2009-12-20 20:24 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\VitySoft
2009-12-20 20:23 . 2009-12-20 20:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-20 20:23 . 2009-12-20 20:23 152576 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-20 20:21 . 2009-12-20 20:21 79488 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-16 18:58 . 2009-08-26 18:02 -------- d-----w- c:\program files\Common Files\LightScribe
2009-12-16 11:40 . 2009-12-16 11:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\GoldWave
2009-12-16 00:44 . 2002-09-23 12:00 83660 ----a-w- c:\windows\system32\perfc015.dat
2009-12-16 00:44 . 2002-09-23 12:00 490284 ----a-w- c:\windows\system32\perfh015.dat
2009-12-16 00:42 . 2009-12-16 00:42 4844296 ----a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-16 00:24 . 2009-12-16 00:24 -------- d-----w- c:\program files\MSBuild
2009-12-16 00:24 . 2009-12-16 00:24 -------- d-----w- c:\program files\Reference Assemblies
2009-12-16 00:15 . 2009-12-16 00:15 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\GHISLER
2009-12-15 21:43 . 2009-09-26 07:08 -------- d-----w- c:\program files\Realtek AC97
2009-12-14 22:56 . 2009-12-14 22:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\NVIDIA Corporation
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-10 21:02 . 2009-12-10 21:02 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\Winamp
2009-12-08 13:00 . 2009-12-08 13:00 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-07 20:20 . 2009-12-07 20:20 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\Malwarebytes
2009-12-02 17:52 . 2009-12-02 17:52 37376 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-09 18:00 . 2009-12-15 06:24 85504 ----a-w- c:\windows\system32\ff_vfw.dll
.

------- Sigcheck -------

Błąd usług kryptograficznych !!
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"="MSIEXEC" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Adobe Reader Speed Launcher"="d:\programy\Adobe Reader\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 15:14 1394000 ----a-w- d:\programy\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2009-12-03 15:14 429392 ----a-w- d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-10 07:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-10 07:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 07:29 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor]
2007-08-14 11:38 2256896 ----a-w- d:\programy\RegDoctor\RegDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-20 20:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nvsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9053:TCP"= 9053:TCP:iipzevbg

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-29 721904]
R2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-07 276816]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-07 19160]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Jackaal\USTAWI~1\Temp\ALSysIO.sys --> c:\docume~1\Jackaal\USTAWI~1\Temp\ALSysIO.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-01-06 13224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
upbivpeta
zttqpdp
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = hxxp://zedge.net/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-DAEMON Tools Pro Agent - d:\programy\DAEMON Tools Pro\DTProAgent.exe
MSConfigStartUp-Google Update - c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 17:40
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89DCF1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e65cb8
\Driver\atapi -> atapi.sys @ 0xb7e20b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d1fa21
SendHandler -> NDIS.sys @ 0xb7cfd87b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-602162358-1979792683-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-602162358-1979792683-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:32,93,0a,80,2b,34,b9,ef,52,d0,3b,29,b3,ab,c0,b4,2c,f3,99,de,5e,
4a,55,ba,0f,17,48,ce,02,56,90,fe,bf,9c,2d,ab,1b,10,66,27,1c,08,46,32,70,20,\
"rkeysecu"=hex:4e,49,77,3b,ef,07,98,08,40,33,f8,7a,6f,51,db,5b
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Czas ukończenia: 2010-02-03 17:41:46 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-02-03 16:41

Przed: 9 680 699 392 bajtów wolnych
Po: 9 674 739 712 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - A7ABE8E5592C2A8750A59D5137500DB9[/log]

Gość
komentarz
komentarz

Jeden CONFICKER - usunął go ComboFix, zostały dwa.

Wklep do Notatnika to co jest na tej stronce:
http://wklej.org/id/273579/

[b]>>Plik>>Zapisz jako... >>> [color="red"]CFScript[/color][/b]
Przeciągnij i upuść plik [color="red"][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b]
[b][color="blue"]-------->[/color][/b] [img]http://img167.imageshack.us/img167/7180/cfscript10gm1.gif[/img]
Ma się rozpocząć kopiowanie. (i powstanie log).

Jackaal
komentarz
komentarz (edytowane)

[log]ComboFix 10-02-03.04 - Jackaal 2010-02-03 23:51:10.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2047.1765 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Jackaal\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Jackaal\Pulpit\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\jgaw400.dll

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALSYSIO
-------\Legacy_UPBIVPETA
-------\Legacy_ZTTQPDP
-------\Service_ALSysIO


((((((((((((((((((((((((( Pliki utworzone od 2010-01-03 do 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-01 07:54 . 2010-02-01 07:54 -------- d-----w- c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Identities
2010-01-29 10:20 . 2010-01-29 10:20 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\fizzy
2010-01-28 10:58 . 2008-04-14 20:51 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-27 13:07 . 2010-01-27 13:07 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\PhotoFiltre
2010-01-24 10:26 . 2010-01-24 10:26 -------- d-----w- c:\program files\directx
2010-01-24 10:26 . 2010-01-24 10:26 -------- d-----w- c:\windows\1F8FB0FA6FF24B2FBE2F7266AFB0895D.TMP
2010-01-24 10:25 . 2010-01-24 10:25 22528 ----a-r- c:\documents and settings\Jackaal\Dane aplikacji\Microsoft\Installer\{1F8FB0FA-6FF2-4B2F-BE2F-7266AFB0895D}\IconC5EEDCDA.exe
2010-01-24 10:21 . 2010-01-24 10:21 4096 ----a-w- c:\windows\d3dx.dat
2010-01-17 10:19 . 2010-01-17 10:19 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-01-14 17:10 . 2010-02-03 17:28 1 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-14 17:09 . 2010-01-14 17:09 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.org
2010-01-06 22:46 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-01-06 22:46 . 2010-01-06 22:46 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-01-06 22:46 . 2010-01-06 22:46 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-06 22:10 . 2010-01-06 22:46 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-06 22:10 . 2010-01-06 22:46 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-01-06 22:10 . 2006-11-02 08:09 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2010-01-06 10:51 . 2010-01-06 11:00 -------- d-----w- c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\Adobe
2010-01-06 10:50 . 2010-01-06 10:50 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-05 12:20 . 2010-01-05 12:20 249856 ------w- c:\windows\Setup1.exe
2010-01-05 12:20 . 2010-01-05 12:20 73216 ----a-w- c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 16:45 . 2002-09-23 12:00 83660 ----a-w- c:\windows\system32\perfc015.dat
2010-02-03 16:45 . 2002-09-23 12:00 490284 ----a-w- c:\windows\system32\perfh015.dat
2010-02-02 13:18 . 2009-12-08 13:01 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-02 13:18 . 2009-12-08 13:00 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-30 15:23 . 2009-12-07 08:26 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\BESTplayer
2010-01-27 13:01 . 2010-01-01 22:29 -------- d-----w- c:\program files\Google
2010-01-24 10:27 . 2010-01-03 00:27 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-01-24 10:27 . 2010-01-03 00:27 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-01-19 19:16 . 2009-09-12 10:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-18 21:21 . 2009-12-07 19:54 19064 ----a-w- c:\documents and settings\Jackaal\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-01-18 20:07 . 2009-08-26 15:52 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-06 22:46 . 2010-01-06 22:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-06 22:46 . 2010-01-06 22:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-01-06 22:34 . 2010-01-06 22:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-06 22:34 . 2010-01-06 22:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2010-01-04 18:42 . 2010-01-04 18:42 1 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.ux.pl\3\user\uno_packages\cache\stamp.sys
2010-01-04 18:41 . 2010-01-04 18:41 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\OpenOffice.ux.pl
2010-01-02 12:05 . 2009-12-29 12:46 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-02 12:05 . 2009-12-29 12:46 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-29 17:01 . 2009-12-29 17:01 -------- d--h--r- c:\documents and settings\Jackaal\Dane aplikacji\SecuROM
2009-12-29 17:01 . 2009-12-29 17:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-29 12:33 . 2009-11-27 06:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-29 12:27 . 2009-12-29 11:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\DAEMON Tools Pro
2009-12-29 12:27 . 2009-12-29 11:24 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\DAEMON Tools Pro
2009-12-29 11:43 . 2009-12-29 11:43 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-21 13:47 . 2009-12-21 13:47 11776 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
2009-12-20 20:24 . 2009-12-20 20:24 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\VitySoft
2009-12-20 20:23 . 2009-12-20 20:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-20 20:23 . 2009-12-20 20:23 152576 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-20 20:21 . 2009-12-20 20:21 79488 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-16 18:58 . 2009-08-26 18:02 -------- d-----w- c:\program files\Common Files\LightScribe
2009-12-16 11:40 . 2009-12-16 11:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\GoldWave
2009-12-16 00:42 . 2009-12-16 00:42 4844296 ----a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-16 00:24 . 2009-12-16 00:24 -------- d-----w- c:\program files\MSBuild
2009-12-16 00:24 . 2009-12-16 00:24 -------- d-----w- c:\program files\Reference Assemblies
2009-12-16 00:15 . 2009-12-16 00:15 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\GHISLER
2009-12-15 21:43 . 2009-09-26 07:08 -------- d-----w- c:\program files\Realtek AC97
2009-12-14 22:56 . 2009-12-14 22:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\NVIDIA Corporation
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-10 21:02 . 2009-12-10 21:02 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\Winamp
2009-12-08 13:00 . 2009-12-08 13:00 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-07 20:20 . 2009-12-07 20:20 -------- d-----w- c:\documents and settings\Jackaal\Dane aplikacji\Malwarebytes
2009-12-02 17:52 . 2009-12-02 17:52 37376 ----a-w- c:\documents and settings\Jackaal\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-09 18:00 . 2009-12-15 06:24 85504 ----a-w- c:\windows\system32\ff_vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-03_16.40.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-03 22:54 . 2010-02-03 22:54 16384 c:\windows\temp\Perflib_Perfdata_784.dat
+ 2002-09-23 12:00 . 2010-02-03 16:45 67312 c:\windows\system32\perfc009.dat
- 2002-09-23 12:00 . 2009-12-16 00:44 67312 c:\windows\system32\perfc009.dat
+ 2002-09-23 12:00 . 2010-02-03 16:45 432356 c:\windows\system32\perfh009.dat
- 2002-09-23 12:00 . 2009-12-16 00:44 432356 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- d:\programy\Adobe Reader\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 15:14 1394000 ----a-w- d:\programy\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2009-12-03 15:14 429392 ----a-w- d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-10 07:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-10 07:28 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 07:29 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor]
2007-08-14 11:38 2256896 ----a-w- d:\programy\RegDoctor\RegDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-20 20:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"nvsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"MBAMService"=2 (0x2)
"idsvc"=3 (0x3)

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-29 721904]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-01-06 13224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-07 19160]
S4 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-07 276816]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
napagent
hkmsvc
xmlprov
wscsvc
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = hxxp://zedge.net/
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 23:55
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89DCF1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e65cb8
\Driver\atapi -> atapi.sys @ 0xb7e20b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7d12bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7d1fa21
SendHandler -> NDIS.sys @ 0xb7cfd87b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-602162358-1979792683-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-602162358-1979792683-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:32,93,0a,80,2b,34,b9,ef,52,d0,3b,29,b3,ab,c0,b4,2c,f3,99,de,5e,
4a,55,ba,0f,17,48,ce,02,56,90,fe,bf,9c,2d,ab,1b,10,66,27,1c,08,46,32,70,20,\
"rkeysecu"=hex:4e,49,77,3b,ef,07,98,08,40,33,f8,7a,6f,51,db,5b
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
.
**************************************************************************
.
Czas ukończenia: 2010-02-03 23:56:39 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-02-03 22:56
ComboFix2.txt 2010-02-03 16:41

Przed: 9 669 390 336 bajtów wolnych
Po: 9 639 284 736 bajtów wolnych

- - End Of File - - 974549BFF5C6D8DF772FDCF5C754F75E
[/log]

No i teraz po combofixie nie mam dźwięku :pff: Jak odpalam winamp to wyskakuje "[i]Bad DirectSound driver. Please install proper drivers or select another device in configuration. Error code: 88780078[/i]". Nie pomaga wymiana sterowników dźwiękowych ani instalacja nowszego(?) directxa.

Jest dźwięk. Net nadal nie działa jak powinien.

Czy log jest czysty? :pff:

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.