dastin utworzono 6 lutego 2010 utworzono 6 lutego 2010 [log]ComboFix 10-02-05.04 - dastin 2010-02-06 15:05:35.19.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1535.982 [GMT 1:00] Uruchomiony z: d:\documents and settings\dastin\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus for Windows Workstations *On-access scanning disabled* (Outdated) {816CD617-99F4-4B18-828E-80582E4B044D} . [i] ADS - svchost.exe: deleted 196 bytes in 1 streams. [/i] [i] ADS - explorer.exe: deleted 228 bytes in 1 streams. [/i] [i] ADS - netcfgx.dll: deleted 100 bytes in 1 streams. [/i] ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . d:\windows\system32\SIntf16.dll d:\windows\system32\twain_32.dll d:\windows\TEMP\gtkB.tmp . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KGOOTKIT -------\Service_KGootkit ((((((((((((((((((((((((( Pliki utworzone od 2010-01-06 do 2010-02-06 ))))))))))))))))))))))))))))))) . 2010-02-06 14:00 . 2010-02-06 14:00 395776 ----a-w- d:\windows\system32\CF10910.exe 2010-02-06 13:56 . 2010-02-06 13:56 395776 ----a-w- d:\windows\system32\CF23623.exe 2010-02-06 11:25 . 2010-02-06 11:25 -------- d-----w- d:\windows\system32\config\systemprofile\Dane aplikacji\AdobeUM 2010-02-02 16:15 . 2010-02-02 16:15 34304 ----a-w- d:\windows\system32\drivers\KGootkit.sys 2010-01-27 10:40 . 2010-01-27 10:40 -------- d-----w- d:\documents and settings\dastin\Dane aplikacji\bearsharemediabartb 2010-01-27 10:40 . 2010-01-27 10:41 -------- d-----w- d:\documents and settings\dastin\Ustawienia lokalne\Dane aplikacji\BearShare 2010-01-27 10:39 . 2010-01-27 10:40 -------- d-----w- d:\program files\BearShare Applications 2010-01-24 18:15 . 2010-01-25 20:57 -------- d-----w- d:\program files\Postal 10th Anniversary 2010-01-21 10:09 . 2010-01-24 18:15 -------- d-----w- d:\program files\Postal 2 STP 2010-01-21 08:32 . 2010-01-21 08:33 -------- d-----w- d:\program files\SkanerOnline 2010-01-15 09:15 . 2010-01-15 09:15 -------- d-----w- d:\program files\K-Lite Codec Pack 2010-01-15 08:43 . 1999-06-02 12:19 946448 ----a-w- d:\windows\system\SHDOCVW.DLL 2010-01-14 12:31 . 2010-01-14 12:31 -------- d-----w- d:\documents and settings\LocalService\Pulpit 2010-01-14 11:56 . 2009-12-02 13:19 64288 ----a-w- d:\windows\system32\drivers\Lbd(2).sys 2010-01-13 22:43 . 2010-01-13 22:43 86016 ----a-w- d:\documents and settings\dastin\User2.exe 2010-01-13 21:44 . 2010-01-13 21:44 -------- d-s---w- d:\documents and settings\dastin\UserData 2010-01-13 21:43 . 2010-01-13 21:43 106496 ----a-w- d:\documents and settings\dastin\User.exe 2010-01-13 20:52 . 2010-01-13 20:53 502350 ----a-w- d:\documents and settings\dastin\microsoft.exe 2010-01-12 12:58 . 2010-01-12 12:58 -------- d-----w- d:\program files\iPod 2010-01-12 12:58 . 2010-01-12 12:59 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\{755AC846-7372-4AC8-8550-C52491DAA8BD} . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-06 14:14 . 2008-11-29 12:45 -------- d-----w- d:\documents and settings\dastin\Dane aplikacji\Skype 2010-02-06 10:56 . 2008-11-29 12:47 -------- d-----w- d:\documents and settings\dastin\Dane aplikacji\skypePM 2010-01-29 22:40 . 2009-07-18 09:15 -------- d-----w- d:\documents and settings\dastin\Dane aplikacji\Apple Computer 2010-01-29 19:29 . 2008-12-25 19:02 -------- d-----w- d:\documents and settings\dastin\Dane aplikacji\BESTplayer 2010-01-25 23:29 . 2009-01-23 22:50 -------- d-----w- d:\documents and settings\dastin\Dane aplikacji\Nowe Gadu-Gadu 2010-01-18 21:13 . 2008-11-12 12:55 75512 ----a-w- d:\documents and settings\dastin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-01-16 13:33 . 2008-11-12 21:45 -------- d-----w- d:\program files\Kaspersky Lab 2010-01-16 13:26 . 2009-02-09 18:23 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\Lavasoft 2010-01-16 13:24 . 2008-11-12 21:44 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2010-01-15 08:46 . 2010-01-14 18:22 -------- d-----w- d:\program files\AskBarDis 2010-01-15 08:46 . 2009-01-04 14:02 -------- d-----w- d:\program files\Bonjour 2010-01-12 12:58 . 2009-07-18 09:11 -------- d-----w- d:\program files\Common Files\Apple 2010-01-12 12:56 . 2008-12-05 20:51 -------- d-----w- d:\program files\QuickTime Alternative 2010-01-12 12:38 . 2010-01-12 12:38 79144 ----a-w- d:\documents and settings\All Users\Dane aplikacji\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-12-28 18:10 . 2009-12-28 18:10 128512 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30\roting4.dll 2009-12-28 18:02 . 2009-12-28 18:02 169472 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30\wlan2.dll 2009-12-28 18:02 . 2009-12-28 18:02 91136 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30\secure.dll 2009-12-28 18:02 . 2009-12-28 18:02 10752 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30\system.dll 2009-12-28 18:02 . 2009-12-28 18:01 97280 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30\roting2.dll 2009-12-28 18:01 . 2009-12-28 18:01 109056 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30\ppp.dll 2009-12-28 18:01 . 2009-12-28 18:01 71168 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30\pim.dll 2009-12-28 18:01 . 2009-12-28 18:01 58368 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30\ntp.dll 2009-12-28 18:01 . 2009-12-28 18:01 79872 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30\hotspot.dll 2009-12-28 18:01 . 2009-12-28 18:01 69120 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30\dhcp.dll 2009-12-28 18:01 . 2009-12-28 18:01 69632 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30\advtool.dll 2009-12-28 18:01 . 2009-12-28 18:01 1495552 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30\roteros.dll 2009-12-28 18:00 . 2009-12-28 18:00 91136 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.13\secure.dll 2009-12-28 18:00 . 2009-12-28 18:00 10752 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.13\system.dll 2009-12-28 18:00 . 2009-12-28 18:00 95744 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.13\roting2.dll 2009-12-28 18:00 . 2009-12-28 18:00 81408 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.13\ppp.dll 2009-12-28 18:00 . 2009-12-28 18:00 65536 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.13\mpls.dll 2009-12-28 18:00 . 2009-12-28 18:00 69120 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.13\ipv6.dll 2009-12-28 18:00 . 2009-12-28 18:00 68096 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.13\dhcp.dll 2009-12-28 18:00 . 2009-12-28 18:00 68608 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.13\advtool.dll 2009-12-28 18:00 . 2009-12-28 17:59 1446912 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.13\roteros.dll 2009-12-28 17:58 . 2009-12-28 17:58 169472 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28\wlan2.dll 2009-12-28 17:58 . 2009-12-28 17:58 10752 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28\system.dll 2009-12-28 17:58 . 2009-12-28 17:58 91136 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28\secure.dll 2009-12-28 17:58 . 2009-12-28 17:58 97280 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28\roting2.dll 2009-12-28 17:58 . 2009-12-28 17:58 109056 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28\ppp.dll 2009-12-28 17:58 . 2009-12-28 17:58 58368 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28\ntp.dll 2009-12-28 17:58 . 2009-12-28 17:58 79872 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28\hotspot.dll 2009-12-28 17:58 . 2009-12-28 17:58 69120 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28\dhcp.dll 2009-12-28 17:58 . 2009-12-28 17:58 69632 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28\advtool.dll 2009-12-28 17:58 . 2009-12-28 17:58 1495040 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28\roteros.dll 2009-12-28 17:22 . 2009-12-28 17:22 169472 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30-1002800881\wlan2.dll 2009-12-28 17:22 . 2009-12-28 17:22 10752 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30-1002800881\system.dll 2009-12-28 17:22 . 2009-12-28 17:22 91136 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30-1002800881\secure.dll 2009-12-28 17:22 . 2009-12-28 17:22 97280 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30-1002800881\roting2.dll 2009-12-28 17:22 . 2009-12-28 17:22 109056 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30-1002800881\ppp.dll 2009-12-28 17:22 . 2009-12-28 17:22 79872 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30-1002800881\hotspot.dll 2009-12-28 17:22 . 2009-12-28 17:22 69120 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30-1002800881\dhcp.dll 2009-12-28 17:22 . 2009-12-28 17:22 69632 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30-1002800881\advtool.dll 2009-12-28 17:22 . 2009-12-28 17:21 1495552 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.30-1002800881\roteros.dll 2009-12-28 17:16 . 2009-12-28 17:16 169472 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28-2769631663\wlan2.dll 2009-12-28 17:16 . 2009-12-28 17:16 10752 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28-2769631663\system.dll 2009-12-28 17:16 . 2009-12-28 17:16 91136 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28-2769631663\secure.dll 2009-12-28 17:16 . 2009-12-28 17:16 97280 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28-2769631663\roting2.dll 2009-12-28 17:16 . 2009-12-28 17:16 109056 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28-2769631663\ppp.dll 2009-12-28 17:16 . 2009-12-28 17:16 58368 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28-2769631663\ntp.dll 2009-12-28 17:16 . 2009-12-28 17:16 79872 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28-2769631663\hotspot.dll 2009-12-28 17:16 . 2009-12-28 17:16 69120 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28-2769631663\dhcp.dll 2009-12-28 17:16 . 2009-12-28 17:16 69632 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28-2769631663\advtool.dll 2009-12-28 17:16 . 2009-12-28 17:16 1495040 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.28-2769631663\roteros.dll 2009-12-28 17:16 . 2009-12-28 17:16 65536 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.13-1073440822\mpls.dll 2009-12-28 17:16 . 2009-12-28 17:16 69120 ----a-w- d:\documents and settings\dastin\Dane aplikacji\Mikrotik\Winbox\3.13-1073440822\ipv6.dll 2009-12-27 11:44 . 2009-07-24 10:08 -------- d-----w- d:\program files\Google 2009-12-25 12:15 . 2009-12-25 12:14 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\Creative 2009-12-25 12:14 . 2009-12-25 12:14 -------- d-----w- d:\documents and settings\dastin\Dane aplikacji\Creative 2009-12-25 12:11 . 2008-11-12 13:04 -------- d--h--w- d:\program files\InstallShield Installation Information 2009-12-25 12:09 . 2009-12-24 23:19 -------- d-----w- d:\program files\Creative 2009-12-25 12:05 . 2009-12-25 12:05 -------- d-----w- d:\program files\Common Files\muvee Technologies 2009-12-25 12:03 . 2009-12-25 12:03 -------- d-----w- d:\documents and settings\All Users\Dane aplikacji\muvee Technologies 2009-12-25 12:02 . 2009-12-25 12:02 -------- d-----w- d:\program files\SightSpeed 2009-12-24 23:23 . 2009-12-24 23:23 -------- d-----w- d:\program files\Common Files\Creative 2009-08-10 16:36 . 2009-08-10 16:36 122880 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2009-03-12 17:57 . 2009-03-12 17:44 589856 --sha-w- d:\windows\system32\drivers\fidbox.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2009-12-27 13:30 504248 ----a-w- d:\program files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="d:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336] "Nowe Gadu-Gadu"="f:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "User2"="d:\documents and settings\dastin\User2.exe" [2010-01-13 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="d:\windows\system32\tscupgrd.exe" [2004-08-03 44544] [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^TVR Scheduler.lnk] backup=d:\windows\pss\TVR Scheduler.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSS User [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager] 2007-06-07 13:01 155648 ----a-w- f:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-04-23 13:51 691656 ----a-w- d:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] 2009-03-28 21:11 3325952 ----a-w- d:\program files\Electronic Arts\EADM\Core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-08-10 16:36 30192 ----a-w- d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-11-12 15:33 141600 ----a-w- f:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New Application] 2006-07-12 18:18 98407 ----a-w- d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- d:\program files\QuickTime Alternative\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SamsungPCSuiteTrayApplication] 2008-08-06 23:10 278016 ----a-w- f:\program files\Samsung\Samsung PC Studio 7\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-07-24 10:09 39408 ----a-w- d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0410Mon.exe] 2007-06-07 01:00 32768 ----a-r- d:\windows\V0410Mon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ServiceLayer"=3 (0x3) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SamsungPCSuiteTrayApplication"=f:\program files\Samsung\Samsung PC Studio 7\LaunchApplication.exe -startup "V0410Mon.exe"=d:\windows\V0410Mon.exe "DataMngr"=d:\program files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= "d:\\WINDOWS\\system32\\java.exe"= "d:\\Program Files\\BearShare\\BearShare.exe"= "d:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "f:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"= "f:\\Program Files\\Gadu-Gadu\\gg.exe"= "f:\\Program Files\\BitComet\\BitComet.exe"= "d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "d:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "d:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\Program Files\\Java\\jre6\\bin\\java.exe"= "d:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"= "f:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "f:\\Program Files\\Cain\\Cain.exe"= "d:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "f:\\Program Files\\iTunes\\iTunes.exe"= "f:\\Program Files\\Dude\\dude.exe"= "d:\\Program Files\\Postal 2 STP\\System\\Postal2.exe"= "d:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [2008-11-14 721904] R3 CXTuner;Conexant TVTuner;d:\windows\system32\drivers\CXTuner.sys [2006-05-23 23168] R3 CXVideo;Conexant Capture;d:\windows\system32\drivers\CXVCap.sys [2006-05-22 57216] R3 CXXBar;Conexant Crossbar;d:\windows\system32\drivers\CXXBar.sys [2006-04-25 9600] R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;d:\windows\system32\drivers\livecamv.sys [2009-12-25 31616] S2 gupdate1ca0c47c7b57610;Usługa Google Update (gupdate1ca0c47c7b57610);d:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 133104] S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;d:\windows\system32\drivers\c6501.sys [2009-05-17 1419968] S3 GoogleDesktopManager-060409-093314;Menedżer Google Desktop 5.9.906.4286;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-08-10 30192] S3 Netaapl;Apple Mobile Device Ethernet Service;d:\windows\system32\drivers\netaapl.sys [2009-07-18 17408] S3 nmwcdsa;Samsung USB Phone Parent;d:\windows\system32\drivers\nmwcdsa.sys [2009-06-03 135680] S3 nmwcdsac;Samsung USB Generic;d:\windows\system32\drivers\nmwcdsac.sys [2009-06-03 8320] S3 nmwcdsacj;Samsung USB Port;d:\windows\system32\drivers\nmwcdsacj.sys [2009-06-03 12288] S3 nmwcdsacm;Samsung USB Modem;d:\windows\system32\drivers\nmwcdsacm.sys [2009-06-03 12288] S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2008-12-23 50704] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;d:\windows\system32\drivers\WlanBZXP.sys [2008-12-03 450560] S3 V0410Afx;Creative Camera VF0410 Audio Effects Driver;d:\windows\system32\drivers\V0410AFX.sys [2009-12-25 142656] S3 V0410Aud;Creative Camera VF0410 Noise Cancellation APO;d:\windows\system32\drivers\V0410Aud.sys [2009-12-25 94720] S3 V0410Dev;Creative Camera VF0410 Driver;d:\windows\system32\drivers\V0410Dev.sys [2009-12-25 244672] S3 V0410Vfx;Creative Camera VF0410 Video VFX Driver;d:\windows\system32\drivers\V0410Vfx.sys [2009-12-25 7168] . Zawartość folderu 'Zaplanowane zadania' 2010-01-26 d:\windows\Tasks\AppleSoftwareUpdate.job - d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-02-06 d:\windows\Tasks\GlaryInitialize.job - f:\program files\Glary Utilities\initialize.exe [2009-05-17 09:08] 2010-02-06 d:\windows\Tasks\Google Software Updater.job - d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-24 10:08] 2010-02-06 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job - d:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 10:16] 2010-02-06 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job - d:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 10:16] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.bearshare.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q=%s FF - ProfilePath - d:\documents and settings\dastin\Dane aplikacji\Mozilla\Firefox\Profiles\k8q933k3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - onet.pl FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q= FF - plugin: d:\documents and settings\dastin\Dane aplikacji\Mozilla\Firefox\Profiles\k8q933k3.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: d:\documents and settings\dastin\Dane aplikacji\Mozilla\plugins\np-mswmp.dll FF - plugin: d:\documents and settings\dastin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: d:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: d:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: f:\program files\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: f:\program files\Real Alternative\browser\plugins\nppl3260.dll FF - plugin: f:\program files\Real Alternative\browser\plugins\nprpjplug.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - USUNIĘTO PUSTE WPISY - - - - AddRemove-Stefan - h:\stefan\odinstaluj.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-06 15:12 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync04.sys sfsync02.sys nvatabus.sys spwg.sys >>UNKNOWN [0x89A8C938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3 \Driver\ACPI -> ACPI.sys @ 0xba665cb8 \Driver\atapi -> 0x89a6b1f8 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44 ParseProcedure -> ntkrnlpa.exe @ 0x80576964 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44 ParseProcedure -> ntkrnlpa.exe @ 0x80576964 NDIS: NVIDIA nForce Networking Controller #2 -> SendCompleteHandler -> NDIS.sys @ 0xba4cbba0 PacketIndicateHandler -> NDIS.sys @ 0xba4d8b21 SendHandler -> NDIS.sys @ 0xba4b687b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1482476501-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DDFAB07-700E-32E4-DC00-A05C26A90585}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(5512) d:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll d:\windows\system32\msi.dll d:\windows\system32\WPDShServiceObj.dll f:\program files\Samsung\Samsung PC Studio 7\PhoneBrowser.dll f:\program files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll f:\program files\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_eng.nlr f:\program files\Samsung\Samsung PC Studio 7\Resource\PhoneBrowser_Samsung.ngr d:\windows\system32\PortableDeviceTypes.dll d:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe d:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe d:\program files\Bonjour\mDNSResponder.exe d:\program files\Java\jre6\bin\jqs.exe d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\klswd.exe f:\program files\Nowe Gadu-Gadu\spellchecker_gg.exe d:\windows\system32\wscntfy.exe d:\windows\system32\wbem\wmiapsrv.exe d:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Czas ukończenia: 2010-02-06 15:16:58 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-06 14:16 Przed: 4 396 130 304 bajtów wolnych Po: 4 362 358 784 bajtów wolnych - - End Of File - - 9DD29560F3FE713CE5F9361BADCEE91E[/log] Proszę o sprawdzenie loga bo pojawiają mi się błędy w systemie że nie ma różnych plików programy różniego rodzaju mi się nie chcą włączać... z góry dziękuje
Psycholandia komentarz 13 lutego 2010 komentarz 13 lutego 2010 [color="#FF0000"]2. Nie używaj bez potrzeby programu ComboFix (jeżeli nie dostaniesz wyraźnego polecenia). To potężne narzędzie o mocnej sile rażenia i nie właściwie stosowane może przynieść nieoczekiwane skutki.[/color] Daj loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.