x-kom hosting

combofix proszę o sprawdzenie loga

dastin
utworzono
utworzono
d:\windows\system32\cwabskqv.inid:\windows\system32\dsmcqokc.inid:\windows\system32\hhwicsvv.inid:\windows\system32\ibtadeld.inid:\windows\system32\jbojokmd.inid:\windows\system32\jdassksm.inid:\windows\system32\jlwmltyf.inid:\windows\system32\kiudffmr.inid:\windows\system32\lcqjhojq.inid:\windows\system32\lggchosu.inid:\windows\system32\mmugubqx.inid:\windows\system32\pdeocxqr.inid:\windows\system32\pqmtiiuj.inid:\windows\system32\pvoinsqj.inid:\windows\system32\qgofxtag.inid:\windows\system32\qknlpafw.inid:\windows\system32\rehjuhrk.inid:\windows\system32\rhwytjoi.inid:\windows\system32\rmnmmlrr.inid:\windows\system32\sivnxqqn.inid:\windows\system32\tbntuenx.inid:\windows\system32\tkpewxwo.inid:\windows\system32\totofels.inid:\windows\system32\uekwynny.inid:\windows\system32\uflyechy.inid:\windows\system32\upuussft.inid:\windows\system32\vpftlded.inid:\windows\system32\vrmvhoks.inid:\windows\system32\vulrqikw.inid:\windows\system32\xjowfsks.inid:\windows\system32\xmegksus.inid:\windows\system32\xmmemrjw.ini.---- Previous Run -------.d:\program files\myglobalsearchd:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JARd:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFESTd:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JARd:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFESTd:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLLd:\program files\myglobalsearch\bar\Cache\[u]0[/u]0BECF0Bd:\program files\myglobalsearch\bar\Cache\[u]0[/u]0BED0D0d:\program files\myglobalsearch\bar\Cache\[u]0[/u]0BED219.bind:\program files\myglobalsearch\bar\Cache\[u]0[/u]0BED3ED.bind:\program files\myglobalsearch\bar\Cache\[u]0[/u]0BED535.bind:\program files\myglobalsearch\bar\Cache\files.inid:\program files\myglobalsearch\bar\History\searchd:\program files\myglobalsearch\bar\Settings\prevcfg.htmd:\windows\system32\bKQtvGgh.inid:\windows\system32\bKQtvGgh.ini2d:\windows\system32\jqsniovp.dlld:\windows\system32\kmaspokd.dlld:\windows\system32\mcrh.tmpd:\windows\system32\wcjxci.dll.(((((((((((((((((((((((((   Pliki utworzone od 2008-12-11 do 2009-01-11  ))))))))))))))))))))))))))))))).2009-01-10 17:20 . 1998-10-29 16:45	306,688	--a------	d:\windows\IsUninst.exe2009-01-04 15:02 . 2009-01-04 15:02	<DIR>	d--------	d:\program files\Bonjour2009-01-04 14:51 . 2009-01-04 14:51	<DIR>	d--------	d:\program files\Common Files\Macrovision Shared2008-12-28 17:07 . 2008-12-28 17:07	5,292,054	--a------	d:\windows\BricoPack Wallpaper.bmp2008-12-25 20:02 . 2008-12-26 00:24	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\BESTplayer2008-12-23 15:45 . 2008-12-23 17:08	786	--a------	d:\windows\eReg.dat2008-12-23 11:26 . 2008-12-23 11:26	<DIR>	d--------	d:\documents and settings\dastin\WINDOWS2008-12-23 11:26 . 1998-01-23 14:15	304,640	--a------	d:\windows\IsUn0415.exe2008-12-22 00:22 . 2008-12-22 00:22	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Toribash2008-12-16 20:12 . 2006-11-11 04:47	527,136	-ra------	d:\windows\system32\LVUI2RC.dll2008-12-16 20:12 . 2006-11-11 04:43	487,328	-ra------	d:\windows\system32\drivers\LV561AV.SYS2008-12-16 20:12 . 2003-02-21 13:42	348,160	-ra------	d:\windows\system\msvcr71.dll2008-12-16 20:12 . 2006-11-11 04:44	264,992	-ra------	d:\windows\system32\lvcodec2.dll2008-12-16 20:12 . 2006-11-11 04:47	211,744	-ra------	d:\windows\system32\LVUI2.dll2008-12-16 20:12 . 2006-11-11 04:45	121,632	-ra------	d:\windows\system32\lvcoinst.dll2008-12-16 20:12 . 2006-11-11 03:31	42,594	-ra------	d:\windows\system32\lvcoinst.ini2008-12-16 20:12 . 2006-11-11 04:48	40,352	-ra------	d:\windows\system32\drivers\LVUSBSta.sys2008-12-16 20:12 . 2006-11-11 03:30	7,734	-ra------	d:\windows\system32\Repository.reg2008-12-16 20:09 . 2008-12-16 20:09	118,784	-r-------	d:\windows\bwUnin-7.2.0.157-8876480SL.exe2008-12-16 20:04 . 2008-12-16 20:09	<DIR>	d--------	d:\program files\Logitech2008-12-16 20:04 . 2008-12-16 20:08	<DIR>	d--------	d:\program files\Common Files\Logitech2008-12-16 20:04 . 2008-12-16 20:04	<DIR>	d--------	d:\program files\Common Files\Logishrd2008-12-16 20:04 . 2008-12-16 20:04	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Logitech2008-12-11 20:37 . 2008-12-11 20:37	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-11 21:14	---------	d-----w	d:\program files\Mozilla Firefox 3.1 Beta 22009-01-11 13:47	---------	d--h--w	d:\program files\InstallShield Installation Information2009-01-04 14:04	---------	d-----w	d:\program files\Common Files\Adobe2008-12-24 22:20	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\skypePM2008-12-24 22:20	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Skype2008-12-23 20:55	219,648	----a-w	d:\windows\system32\uxtheme.dll2008-12-11 19:37	---------	d-----w	d:\program files\Kaspersky Lab2008-12-09 09:28	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-12-07 16:30	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Mikrotik2008-12-07 12:54	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\TuneUp Software2008-12-07 12:53	---------	d-sh--w	d:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}2008-12-07 12:53	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\TuneUp Software2008-12-06 11:24	60,416	----a-w	d:\windows\ALCFDRTM.EXE2008-12-05 20:51	---------	d-----w	d:\program files\QuickTime Alternative2008-12-05 20:51	---------	d-----w	d:\program files\K-Lite Codec Pack2008-12-05 20:51	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Apple Computer2008-12-04 17:30	---------	d-----w	d:\program files\Panasonic2008-12-04 17:27	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Panasonic2008-12-03 13:28	---------	d-----w	d:\program files\SAGEM WiFi manager2008-12-03 13:28	---------	d-----w	d:\program files\SAGEM2008-11-30 21:45	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Any Video Converter2008-11-29 12:44	---------	d-----w	d:\program files\Skype2008-11-29 12:44	---------	d-----w	d:\program files\Common Files\Skype2008-11-29 12:44	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Skype2008-11-24 14:32	57,344	----a-w	d:\windows\system32\ff_vfw.dll2008-11-14 16:09	---------	d-----w	d:\program files\DAEMON Tools Toolbar2008-11-14 16:08	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\DAEMON Tools2008-11-14 15:33	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Pro2008-11-14 15:30	717,296	----a-w	d:\windows\system32\drivers\sptd.sys2008-11-14 15:30	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\DAEMON Tools Pro2008-11-13 21:44	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Ahead2008-11-13 16:35	---------	d-----w	d:\program files\BearShare2008-11-13 13:43	410,976	----a-w	d:\windows\system32\deploytk.dll2008-11-13 13:42	---------	d-----w	d:\program files\Java2008-11-12 21:44	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2008-11-12 17:30	---------	d-----w	d:\program files\Common Files\Ahead2008-11-12 17:28	---------	d-----w	d:\program files\Nero2008-11-12 17:28	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Nero2008-11-12 17:22	---------	d-----w	d:\program files\MSBuild2008-11-12 17:22	---------	d-----w	d:\program files\Microsoft Works2008-11-12 17:15	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Media Player Classic2008-11-12 14:16	---------	d-----w	d:\program files\Winamp2008-11-12 14:16	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Winamp2008-11-12 13:46	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Gadu-Gadu2008-11-12 13:30	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\INTERIAPL2008-11-12 13:15	---------	d-----w	d:\program files\INTERIAPL2008-11-12 13:09	---------	d-----w	d:\program files\honestech2008-11-12 13:09	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\InstallShield2008-11-12 13:07	---------	d-----w	d:\program files\PlayTV MPEG 2 Vista Update2008-11-12 13:04	---------	d-----w	d:\program files\Common Files\InstallShield2008-11-12 13:02	---------	d-----w	d:\program files\Gadu-Gadu2008-11-12 12:49	---------	d-----w	d:\program files\microsoft frontpage2008-11-12 12:48	---------	d-----w	d:\program files\Usługi online2008-10-28 22:35	684,032	----a-w	d:\windows\system32\divx.dll2008-10-16 13:13	202,776	----a-w	d:\windows\system32\wuweb.dll2008-10-16 13:13	1,809,944	----a-w	d:\windows\system32\wuaueng.dll2008-10-16 13:12	561,688	----a-w	d:\windows\system32\wuapi.dll2008-10-16 13:12	323,608	----a-w	d:\windows\system32\wucltui.dll2008-10-16 13:09	92,696	----a-w	d:\windows\system32\cdm.dll2008-10-16 13:09	51,224	----a-w	d:\windows\system32\wuauclt.exe2008-10-16 13:09	43,544	----a-w	d:\windows\system32\wups2.dll2008-10-16 13:08	34,328	----a-w	d:\windows\system32\wups.dll.(((((((((((((((((((((((((((((   snapshot@2008-12-21_18.32.25.93   ))))))))))))))))))))))))))))))))))))))))).+ 2007-04-20 17:16:00	1,117,184	----a-w	d:\windows\Resources\Themes\Inspirat2\Shell\AeroBlack\Shellstyle.dll+ 2007-04-20 17:16:00	1,117,184	----a-w	d:\windows\Resources\Themes\Inspirat2\Shell\AeroBlue\Shellstyle.dll+ 2007-04-21 09:07:00	894,464	----a-w	d:\windows\Resources\Themes\Inspirat2\Shell\ClassicXP\Shellstyle.dll+ 2007-04-20 17:16:00	1,117,184	----a-w	d:\windows\Resources\Themes\Inspirat2\Shell\NormalColor\Shellstyle.dll+ 2005-08-20 09:30:00	2,085,888	----a-w	d:\windows\Resources\Themes\Vista\Shell\NormalColor\shellstyle.dll+ 2005-08-20 11:48:00	1,201,664	----a-w	d:\windows\Resources\Themes\Vista\Shell\VISTA12\shellstyle.dll+ 2005-08-20 09:30:00	2,085,888	----a-w	d:\windows\Resources\Themes\Vista\Shell\VISTA2\shellstyle.dll+ 2005-08-20 11:48:00	1,201,664	----a-w	d:\windows\Resources\Themes\Vista\Shell\VISTA22\shellstyle.dll+ 2008-12-27 14:13:19	249,856	----a-w	d:\windows\system32\config\systemprofile\ntuser.dat+ 2004-08-03 23:44:18	101,376	-c--a-w	d:\windows\system32\dllcache\ahui(2).exe+ 2004-08-03 23:43:54	28,672	-c--a-w	d:\windows\system32\dllcache\batmeter(2).dll+ 2004-08-03 23:43:54	1,015,296	-c--a-w	d:\windows\system32\dllcache\browseui(2).dll+ 2004-08-03 23:43:54	82,944	-c--a-w	d:\windows\system32\dllcache\cabview(2).dll+ 2001-10-26 18:29:48	118,272	-c--a-w	d:\windows\system32\dllcache\calc(2).exe- 2004-08-03 23:43:54	66,560	-c--a-w	d:\windows\system32\dllcache\cdm.dll+ 2008-10-16 13:09:44	92,696	-c--a-w	d:\windows\system32\dllcache\cdm.dll+ 2004-08-03 23:44:18	109,056	-c--a-w	d:\windows\system32\dllcache\cleanmgr(2).exe+ 2004-08-03 23:44:18	422,400	-c--a-w	d:\windows\system32\dllcache\cmd(2).exe+ 2004-08-03 23:43:56	453,120	-c--a-w	d:\windows\system32\dllcache\cmdial32(2).dll+ 2001-10-26 18:29:28	69,632	-c--a-w	d:\windows\system32\dllcache\console(2).dll+ 2004-08-03 23:43:56	189,952	-c--a-w	d:\windows\system32\dllcache\credui(2).dll+ 2004-08-03 23:44:20	975,872	-c--a-w	d:\windows\system32\dllcache\explorer(2).exe+ 2004-08-03 23:43:58	394,240	-c--a-w	d:\windows\system32\dllcache\fontext(2).dll+ 2004-08-03 23:44:22	764,928	-c--a-w	d:\windows\system32\dllcache\helpctr(2).exe+ 2004-08-03 23:44:00	161,280	-c--a-w	d:\windows\system32\dllcache\hotplug(2).dll+ 2004-08-03 23:44:22	832,512	-c--a-w	d:\windows\system32\dllcache\iexplore(2).exe+ 2001-10-26 18:28:06	288,256	-c--a-w	d:\windows\system32\dllcache\inetcplc(2).dll+ 2004-08-03 23:44:02	404,480	-c--a-w	d:\windows\system32\dllcache\keymgr(2).dll+ 2004-08-03 23:44:30	3,128,320	-c--a-w	d:\windows\system32\dllcache\logon(2).scr+ 2004-08-03 23:44:22	5,650,944	-c--a-w	d:\windows\system32\dllcache\logonui(2).exe+ 2004-08-03 23:44:22	540,672	-c--a-w	d:\windows\system32\dllcache\migwiz(2).exe+ 2004-08-03 23:42:56	380,416	-c--a-w	d:\windows\system32\dllcache\moricons(2).dll+ 2004-08-03 23:44:24	3,676,160	-c--a-w	d:\windows\system32\dllcache\moviemk(2).exe+ 2004-08-03 23:44:06	1,105,920	-c--a-w	d:\windows\system32\dllcache\msgina(2).dll+ 2004-08-03 23:44:06	3,444,224	-c--a-w	d:\windows\system32\dllcache\mshtml(2).dll+ 2004-08-03 23:44:24	224,256	-c--a-w	d:\windows\system32\dllcache\msimn(2).exe+ 2004-08-03 23:43:08	2,512,384	-c--a-w	d:\windows\system32\dllcache\msoeres(2).dll+ 2004-08-03 23:44:26	442,368	-c--a-w	d:\windows\system32\dllcache\mspaint(2).exe+ 2004-08-03 23:44:06	325,120	-c--a-w	d:\windows\system32\dllcache\mstask(2).dll+ 2004-08-03 21:59:44	657,408	-c--a-w	d:\windows\system32\dllcache\mstscax(2).dll+ 2004-08-03 23:44:08	86,528	-c--a-w	d:\windows\system32\dllcache\mydocs(2).dll+ 2004-08-03 23:44:26	56,832	-c--a-w	d:\windows\system32\dllcache\narrator(2).exe+ 2004-08-03 23:44:08	149,504	-c--a-w	d:\windows\system32\dllcache\netid(2).dll+ 2004-08-03 23:44:08	2,130,432	-c--a-w	d:\windows\system32\dllcache\netshell(2).dll+ 2004-08-03 23:44:08	415,232	-c--a-w	d:\windows\system32\dllcache\newdev(2).dll+ 2004-08-03 23:44:26	156,160	-c--a-w	d:\windows\system32\dllcache\notepad(2).exe+ 2004-08-03 23:44:08	233,472	-c--a-w	d:\windows\system32\dllcache\ntshrui(2).dll+ 2004-08-03 23:44:08	147,456	-c--a-w	d:\windows\system32\dllcache\occache(2).dll+ 2004-08-03 23:44:10	749,056	-c--a-w	d:\windows\system32\dllcache\printui(2).dll+ 2004-08-03 23:44:10	1,247,232	-c--a-w	d:\windows\system32\dllcache\rasdlg(2).dll+ 2004-08-03 23:44:28	227,328	-c--a-w	d:\windows\system32\dllcache\regedit(2).exe+ 2004-08-03 23:43:20	680,448	-c--a-w	d:\windows\system32\dllcache\shdoclc(2).dll+ 2004-08-03 23:44:10	1,762,816	-c--a-w	d:\windows\system32\dllcache\shdocvw(2).dll+ 2004-08-03 23:44:10	12,826,624	-c--a-w	d:\windows\system32\dllcache\shell32(2).dll+ 2004-08-03 23:44:12	1,789,440	-c--a-w	d:\windows\system32\dllcache\shimgvw(2).dll+ 2004-08-03 23:44:12	498,176	-c--a-w	d:\windows\system32\dllcache\shlwapi(2).dll+ 2004-08-03 23:44:28	181,248	-c--a-w	d:\windows\system32\dllcache\sndrec32(2).exe+ 2001-10-26 18:30:02	152,576	-c--a-w	d:\windows\system32\dllcache\sndvol32(2).exe+ 2004-08-03 23:44:12	147,968	-c--a-w	d:\windows\system32\dllcache\stobject(2).dll+ 2004-08-03 23:44:28	182,784	-c--a-w	d:\windows\system32\dllcache\sysocmgr(2).exe+ 2004-08-03 23:44:14	1,248,256	-c--a-w	d:\windows\system32\dllcache\syssetup(2).dll+ 2004-08-03 23:44:28	185,856	-c--a-w	d:\windows\system32\dllcache\taskmgr(2).exe+ 2004-08-03 23:44:14	391,168	-c--a-w	d:\windows\system32\dllcache\themeui(2).dll+ 2004-08-03 23:44:14	59,392	-c--a-w	d:\windows\system32\dllcache\url(2).dll+ 2004-08-03 23:44:14	675,840	-c--a-w	d:\windows\system32\dllcache\urlmon(2).dll- 2004-08-03 23:44:14	219,648	-c--a-w	d:\windows\system32\dllcache\uxtheme.dll+ 2008-12-23 20:55:19	219,648	-c--a-w	d:\windows\system32\dllcache\uxtheme.dll+ 2004-08-03 23:44:14	440,832	-c--a-w	d:\windows\system32\dllcache\webcheck(2).dll+ 2004-08-03 23:44:30	887,808	-c--a-w	d:\windows\system32\dllcache\wiaacmgr(2).exe+ 2004-08-03 23:44:16	773,120	-c--a-w	d:\windows\system32\dllcache\wiashext(2).dll+ 2004-08-03 23:44:16	693,248	-c--a-w	d:\windows\system32\dllcache\wininet(2).dll+ 2004-08-03 23:43:42	1,466,368	-c--a-w	d:\windows\system32\dllcache\winntbbu(2).dll+ 2004-08-03 23:44:16	292,352	-c--a-w	d:\windows\system32\dllcache\winsrv(2).dll- 2004-08-03 23:44:16	431,616	-c--a-w	d:\windows\system32\dllcache\wuapi.dll+ 2008-10-16 13:12:20	561,688	-c--a-w	d:\windows\system32\dllcache\wuapi.dll+ 2008-10-16 13:09:44	66,584	-c--a-w	d:\windows\system32\dllcache\wuauclt(2).exe- 2004-08-03 23:44:30	112,128	-c--a-w	d:\windows\system32\dllcache\wuauclt.exe+ 2008-10-16 13:09:44	51,224	-c--a-w	d:\windows\system32\dllcache\wuauclt.exe+ 2004-08-03 23:44:30	288,768	-c--a-w	d:\windows\system32\dllcache\wuauclt1(2).exe- 2004-08-03 23:44:16	1,134,592	-c--a-w	d:\windows\system32\dllcache\wuaueng.dll+ 2008-10-16 13:13:40	1,809,944	-c--a-w	d:\windows\system32\dllcache\wuaueng.dll- 2004-08-03 23:44:16	113,664	-c--a-w	d:\windows\system32\dllcache\wucltui.dll+ 2008-10-16 13:12:22	323,608	-c--a-w	d:\windows\system32\dllcache\wucltui.dll- 2004-08-03 23:44:16	36,864	-c--a-w	d:\windows\system32\dllcache\wups.dll+ 2008-10-16 13:08:58	34,328	-c--a-w	d:\windows\system32\dllcache\wups.dll- 2004-08-03 23:44:16	120,320	-c--a-w	d:\windows\system32\dllcache\wuweb.dll+ 2008-10-16 13:13:40	202,776	-c--a-w	d:\windows\system32\dllcache\wuweb.dll+ 2004-08-03 23:44:18	906,240	-c--a-w	d:\windows\system32\dllcache\zipfldr(2).dll+ 2006-02-28 11:41:34	61,440	----a-w	d:\windows\system32\dns-sd.exe+ 2006-02-28 11:41:22	53,248	----a-w	d:\windows\system32\dnssd.dll- 2008-12-10 13:56:47	268,600	----a-w	d:\windows\system32\FNTCACHE.DAT+ 2009-01-05 13:30:15	1,562,936	----a-w	d:\windows\system32\FNTCACHE.DAT+ 2008-12-28 16:41:42	6,926,344	----a-w	d:\windows\system32\Restore\rstrlog.dat+ 2008-10-16 13:08:58	34,328	----a-w	d:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll+ 2007-11-01 03:45:32	77,312	----a-w	d:\windows\system32\TWAIN_32.DLL+ 2007-11-01 03:45:32	48,560	----a-w	d:\windows\system32\TWUNK_16.EXE+ 2007-11-01 03:45:32	69,632	----a-w	d:\windows\system32\TWUNK_32.EXE+ 2009-01-11 11:50:04	16,384	----atw	d:\windows\Temp\Perflib_Perfdata_750.dat+ 2006-06-05 13:14:28	479,232	----a-w	d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll+ 2006-06-05 13:14:28	548,864	----a-w	d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll+ 2006-06-05 13:14:28	626,688	----a-w	d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll.-- Migawka wyzerowana --.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Stefan"="f:\program files\INTERIAPL\Stefan\Stefan.exe" [2008-07-17 685568]"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UserFaultCheck"="d:\windows\system32\dumprep 0 -u" [X]d:\documents and settings\dastin\Menu Start\Programy\Autostart\Kaspersky Anti-Virus.lnk - d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe [2006-07-12 98407][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=wcjxci.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2006-01-12 15:40 155648 d:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-09-12 17:45 36352 d:\program files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]--a------ 2005-07-26 09:16 77824 d:\windows\SOUNDMAN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"kavsvc"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="d:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"="d:\\WINDOWS\\system32\\java.exe"="d:\\Program Files\\BearShare\\BearShare.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="d:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Program Files\\Bonjour\\mDNSResponder.exe"=R1 klmc;Sterownik KLMC;d:\windows\system32\drivers\klmc.sys [2006-07-12 14803]R3 CXTuner;Conexant TVTuner;d:\windows\system32\drivers\CXTuner.sys [2006-05-23 23168]R3 CXVideo;Conexant Capture;d:\windows\system32\drivers\CXVCap.sys [2006-05-22 57216]R3 CXXBar;Conexant Crossbar;d:\windows\system32\drivers\CXXBar.sys [2006-04-25 9600]S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;d:\windows\system32\drivers\WlanBZXP.sys [2008-12-03 450560]S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\d:\windows\system32\ZDCndis5.SYS --> d:\windows\system32\ZDCndis5.SYS [?][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f7-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - G:\setup.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f9-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - I:\USBNB.exe.- - - - USUNIĘTO PUSTE WPISY - - - -ShellExecuteHooks-{47080957-7903-41FC-B655-CEBA0A65E64A} - (no file).------- Skan uzupełniający -------.uInternet Settings,ProxyOverride = *.localFF - ProfilePath - d:\documents and settings\dastin\Dane aplikacji\Mozilla\Firefox\Profiles\k8q933k3.default\FF - prefs.js: browser.startup.homepage - www.onet.plFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

Mateusz J.
komentarz
komentarz

Do notatnika wklej:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=-"AppInit_DLLs"=""

Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG

Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer.

Usuń folder c:\QooBox

Przesaknuj komputer programem Malwarebytes, raport pokaż na forum.

  • 3 tygodnie później...
dastin
komentarz
komentarz

to jest mój nowy log z combo fix

2009-01-23 23:50 . 2009-01-23 23:53	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Nowe Gadu-Gadu2009-01-20 11:05 . 2009-01-20 11:05	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\UDL2009-01-20 11:00 . 2009-01-20 11:00	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\EPSON2009-01-20 11:00 . 2006-12-08 03:04	76,800	--a------	d:\windows\system32\E_FLBCAE.DLL2009-01-20 11:00 . 2006-04-19 03:00	62,976	--a------	d:\windows\system32\E_FD4BCAE.DLL2009-01-20 11:00 . 2004-09-10 21:12	49,152	--a------	d:\windows\system32\E_DCINST.DLL2009-01-20 11:00 . 2004-08-03 22:58	15,104	--a------	d:\windows\system32\drivers\usbscan.sys2009-01-20 11:00 . 2004-08-03 22:58	15,104	--a--c---	d:\windows\system32\dllcache\usbscan.sys2009-01-20 10:57 . 2009-01-20 11:04	<DIR>	d--------	d:\program files\epson2009-01-20 10:57 . 2006-12-28 00:00	208,896	--a------	d:\windows\system32\esint7e.dll2009-01-20 10:57 . 2006-12-28 00:00	66,560	--a------	d:\windows\system32\eswia7e.dll2009-01-20 10:57 . 2006-03-10 00:00	3,584	--a------	d:\windows\system32\eswiaml.dll2009-01-20 10:56 . 2004-08-03 23:01	25,856	--a------	d:\windows\system32\drivers\usbprint.sys2009-01-20 10:56 . 2004-08-03 23:01	25,856	--a--c---	d:\windows\system32\dllcache\usbprint.sys2009-01-20 10:56 . 2009-01-20 10:56	26	--a------	d:\windows\CDE DX4400DEFGIPS.ini2009-01-19 18:27 . 2008-10-27 18:37	192,307	--a------	D:\wubildr2009-01-19 18:27 . 2008-10-27 18:37	8,192	--a------	D:\wubildr.mbr2009-01-19 15:33 . 2009-01-23 17:06	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Azureus2009-01-19 15:33 . 2009-01-19 15:33	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Azureus2009-01-14 17:43 . 2009-01-14 17:43	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\AdobeUM2009-01-10 17:20 . 1998-10-29 16:45	306,688	--a------	d:\windows\IsUninst.exe2009-01-04 15:02 . 2009-01-04 15:02	<DIR>	d--------	d:\program files\Bonjour2009-01-04 14:51 . 2009-01-04 14:51	<DIR>	d--------	d:\program files\Common Files\Macrovision Shared2008-12-28 17:07 . 2008-12-28 17:07	5,292,054	--a------	d:\windows\BricoPack Wallpaper.bmp.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-27 13:06	---------	d-----w	d:\program files\Mozilla Firefox 3.1 Beta 22009-01-20 10:08	---------	d--h--w	d:\program files\InstallShield Installation Information2009-01-20 10:07	---------	d-----w	d:\program files\Common Files\InstallShield2009-01-04 14:04	---------	d-----w	d:\program files\Common Files\Adobe2008-12-25 23:24	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\BESTplayer2008-12-24 22:20	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\skypePM2008-12-24 22:20	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Skype2008-12-23 20:55	219,648	----a-w	d:\windows\system32\uxtheme.dll2008-12-21 23:22	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Toribash2008-12-16 19:09	118,784	------r	d:\windows\bwUnin-7.2.0.157-8876480SL.exe2008-12-16 19:09	---------	d-----w	d:\program files\Logitech2008-12-16 19:08	---------	d-----w	d:\program files\Common Files\Logitech2008-12-16 19:04	---------	d-----w	d:\program files\Common Files\Logishrd2008-12-16 19:04	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Logitech2008-12-11 19:37	---------	d-----w	d:\program files\Kaspersky Lab2008-12-11 19:37	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations2008-12-09 09:28	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-12-07 16:30	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Mikrotik2008-12-07 12:54	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\TuneUp Software2008-12-07 12:53	---------	d-sh--w	d:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}2008-12-07 12:53	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\TuneUp Software2008-12-06 11:24	60,416	----a-w	d:\windows\ALCFDRTM.EXE2008-12-05 20:51	---------	d-----w	d:\program files\QuickTime Alternative2008-12-05 20:51	---------	d-----w	d:\program files\K-Lite Codec Pack2008-12-05 20:51	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Apple Computer2008-12-04 17:30	---------	d-----w	d:\program files\Panasonic2008-12-04 17:27	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Panasonic2008-12-03 13:28	---------	d-----w	d:\program files\SAGEM WiFi manager2008-12-03 13:28	---------	d-----w	d:\program files\SAGEM2008-11-30 21:45	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Any Video Converter2008-11-29 12:44	---------	d-----w	d:\program files\Skype2008-11-29 12:44	---------	d-----w	d:\program files\Common Files\Skype2008-11-29 12:44	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Skype2008-11-24 14:32	57,344	----a-w	d:\windows\system32\ff_vfw.dll2008-11-13 13:43	410,976	----a-w	d:\windows\system32\deploytk.dll2008-10-28 22:35	684,032	----a-w	d:\windows\system32\divx.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Stefan"="f:\program files\INTERIAPL\Stefan\Stefan.exe" [2008-07-17 685568]"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]"EPSON Stylus DX4400 Series"="d:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-01-25 179200][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UserFaultCheck"="d:\windows\system32\dumprep 0 -u" [X]d:\documents and settings\dastin\Menu Start\Programy\Autostart\Kaspersky Anti-Virus.lnk - d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe [2006-07-12 98407][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=wcjxci.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2006-01-12 15:40 155648 d:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-09-12 17:45 36352 d:\program files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]--a------ 2005-07-26 09:16 77824 d:\windows\SOUNDMAN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"kavsvc"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="d:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"="d:\\WINDOWS\\system32\\java.exe"="d:\\Program Files\\BearShare\\BearShare.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="d:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Program Files\\Bonjour\\mDNSResponder.exe"="f:\\Program Files\\Vuze\\Azureus.exe"=R1 klmc;Sterownik KLMC;d:\windows\system32\drivers\klmc.sys [2006-07-12 14803]R3 CXTuner;Conexant TVTuner;d:\windows\system32\drivers\CXTuner.sys [2006-05-23 23168]R3 CXVideo;Conexant Capture;d:\windows\system32\drivers\CXVCap.sys [2006-05-22 57216]R3 CXXBar;Conexant Crossbar;d:\windows\system32\drivers\CXXBar.sys [2006-04-25 9600]S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;d:\windows\system32\drivers\WlanBZXP.sys [2008-12-03 450560]S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\d:\windows\system32\ZDCndis5.SYS --> d:\windows\system32\ZDCndis5.SYS [?][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f7-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - G:\setup.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f9-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - I:\USBNB.exe..------- Skan uzupełniający -------.uStart Page = hxxp://onet.pl/uInternet Settings,ProxyOverride = *.localFF - ProfilePath - d:\documents and settings\dastin\Dane aplikacji\Mozilla\Firefox\Profiles\k8q933k3.default\FF - prefs.js: browser.startup.homepage - www.onet.plFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

a jak się skończy skanowanie to pokaże raport tutaj z Malwarebytes ale to jeszcze trochę potrwa

Mateusz J.
komentarz
komentarz

W poprzednim fixie był błąd, do notatnika miałeś wkleić:

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=-"AppInit_DLLs"=" "

Po co ponowny log z ComboFix? Jest on tak czy tak ucięty.

dastin
komentarz
komentarz

tak ale nie bardzo trochę rozumiem jak mam to że mam wpisać do notatnika to rozumiem a jak już wkleje to gdzie ja go mam umieścić że w sensie na którym dysku itp ...

sory za głupie pytania ale takimi rzeczami się 1 raz bawie

c88f94c86813a0c4m.jpg to jest zdjęcie jak to wygląda po pewnym pomęcie nagle pojawa się 90 operacji i nie da sie tego wyłączyć nie wiem co z tym zrobić proszę o pomoc

Psycholandia
komentarz
komentarz

Ściągnij: http://www.sendspace.com/file/iibooi kliknij 2 razy na plik i dodaj do rejestru. To jest to co wyżej kolega prosił zrobić.

dastin
komentarz
komentarz

ok zrobiłem jak myślicie teraz powinno być ok?? czy nadal będę miał problemy i coś będę musiał jeszcze zrobić??

wiem wróżkami nie jesteście ale jak myślicie albo wam sie wydaje :D

dragonps
komentarz
komentarz

Witam zrobiłem ja było opisane w instrukcji z combofixi, poniżej jest combofix.txt, co teraz musze zrobić prosze o pomoc bo jestem w tym zielony.Z góry wielkie dzięki.

C:\Autorun.infc:\documents and settings\Przemo\Dane aplikacji\Microsoft\dtscc:\documents and settings\Przemo\Dane aplikacji\Microsoft\dtsc\idc:\program files\Mozilla Firefox\components\iamfamous.dllc:\program files\Mozilla Firefox\plugins\NPMyGlSh.dllc:\program files\myglobalsearchc:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JARc:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFESTc:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JARc:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFESTc:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLLc:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLLc:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLLc:\program files\myglobalsearch\bar\Cache\[u]0[/u]0024EF1c:\program files\myglobalsearch\bar\Cache\[u]0[/u]00251DFc:\program files\myglobalsearch\bar\Cache\[u]0[/u]0025394.binc:\program files\myglobalsearch\bar\Cache\[u]0[/u]00254FC.binc:\program files\myglobalsearch\bar\Cache\[u]0[/u]00256FF.binc:\program files\myglobalsearch\bar\Cache\files.inic:\program files\myglobalsearch\bar\History\searchc:\program files\myglobalsearch\bar\Settings\prevcfg.htmC:\resycledc:\windows\BM5b97dce5.txtc:\windows\BM5b97dce5.xmlc:\windows\mainms.vpic:\windows\megavid.cdtc:\windows\muotr.soc:\windows\rundll32.vbec:\windows\system32\amsmxeqv.ini2c:\windows\system32\amsmxeqv.tmpc:\windows\system32\AutoRun.infc:\windows\system32\dNVxacfe.ini2c:\windows\system32\gaopdxdlmlqgoe.dllc:\windows\system32\hljwugsf.binc:\windows\system32\pac.txtD:\Autorun.infD:\resycledE:\Autorun.infE:\resycledF:\Autorun.infF:\resycledG:\Autorun.infG:\resycled.(((((((((((((((((((((((((   Pliki utworzone od 2008-12-28 do 2009-01-28  ))))))))))))))))))))))))))))))).2009-01-27 23:07 . 2008-10-16 14:06	208,744	--a------	c:\windows\system32\muweb.dll2009-01-27 20:54 . 2009-01-27 20:54	<DIR>	d--------	c:\program files\Trend Micro2009-01-27 20:40 . 2009-01-27 20:40	<DIR>	d--------	c:\program files\Alwil Software2009-01-26 19:57 . 2008-06-19 17:24	28,544	--a------	c:\windows\system32\drivers\pavboot.sys2009-01-26 19:41 . 2009-01-26 19:41	<DIR>	d--------	c:\program files\Panda Security2009-01-26 19:15 . 2009-01-26 19:15	<DIR>	d--------	C:\$WIN_NT$.~BT2009-01-26 19:15 . 2006-03-02 12:00	469,053	-ra------	C:\txtsetup.sif2009-01-26 19:15 . 2006-03-02 12:00	262,400	-ra------	C:\$LDR$2009-01-26 19:09 . 2009-01-27 23:56	<DIR>	d--h-----	c:\documents and settings\Administrator.PRZEMEK-EE3286B\Ustawienia lokalne2009-01-26 19:09 . 2007-12-14 21:16	<DIR>	d--------	c:\documents and settings\Administrator.PRZEMEK-EE3286B\Ulubione2009-01-26 19:09 . 2007-12-14 20:24	<DIR>	d--h-----	c:\documents and settings\Administrator.PRZEMEK-EE3286B\Szablony2009-01-26 19:09 . 2007-12-14 21:16	<DIR>	d--------	c:\documents and settings\Administrator.PRZEMEK-EE3286B\Pulpit2009-01-26 19:09 . 2007-12-14 21:16	<DIR>	d--------	c:\documents and settings\Administrator.PRZEMEK-EE3286B\Moje dokumenty2009-01-26 19:09 . 2007-12-14 21:16	<DIR>	dr-------	c:\documents and settings\Administrator.PRZEMEK-EE3286B\Menu Start2009-01-26 19:09 . 2008-11-22 16:34	<DIR>	dr-h-----	c:\documents and settings\Administrator.PRZEMEK-EE3286B\Dane aplikacji2009-01-26 19:09 . 2009-01-26 19:09	<DIR>	d--------	c:\documents and settings\Administrator.PRZEMEK-EE3286B2009-01-26 19:02 . 2007-12-14 21:16	<DIR>	d--h-----	c:\documents and settings\Administrator\Ustawienia lokalne2009-01-26 19:02 . 2007-12-14 21:16	<DIR>	d--------	c:\documents and settings\Administrator\Ulubione2009-01-26 19:02 . 2007-12-14 20:24	<DIR>	d--h-----	c:\documents and settings\Administrator\Szablony2009-01-26 19:02 . 2007-12-14 21:16	<DIR>	d--------	c:\documents and settings\Administrator\Pulpit2009-01-26 19:02 . 2007-12-14 21:16	<DIR>	d--------	c:\documents and settings\Administrator\Moje dokumenty2009-01-26 19:02 . 2007-12-14 21:16	<DIR>	dr-------	c:\documents and settings\Administrator\Menu Start2009-01-26 19:02 . 2008-11-22 16:34	<DIR>	dr-h-----	c:\documents and settings\Administrator\Dane aplikacji2009-01-26 19:02 . 2009-01-26 19:02	<DIR>	d--------	c:\documents and settings\Administrator2009-01-26 15:45 . 2009-01-26 15:45	21	--a------	C:\ADTARC.dat2009-01-26 15:39 . 2009-01-26 15:39	<DIR>	d--------	c:\program files\Common Files\Autodata Limited Shared2009-01-26 15:39 . 2006-01-01 17:47	<DIR>	d--------	C:\ADCDA22009-01-26 15:38 . 2009-01-26 15:38	<DIR>	d--------	C:\ADCDTEMP2009-01-18 15:15 . 2009-01-18 15:15	<DIR>	d--------	c:\documents and settings\Przemo\WINDOWS2009-01-18 15:15 . 1996-11-05 16:13	299,008	--a------	c:\windows\uninst.exe2009-01-10 19:11 . 2009-01-26 15:08	<DIR>	d--------	c:\program files\ALLPlayer2009-01-10 14:09 . 2009-01-26 15:08	<DIR>	d--------	c:\program files\NAPI-PROJEKT2009-01-10 13:51 . 2009-01-10 13:51	<DIR>	d--------	c:\program files\SystemRequirementsLab.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-28 00:01	---------	d-----w	c:\program files\Kalendarz XP2009-01-27 23:58	70,964	--sha-w	c:\windows\system32\drivers\fidbox2.idx2009-01-27 23:58	678,688	--sha-w	c:\windows\system32\drivers\fidbox2.dat2009-01-27 23:58	304,400	--sha-w	c:\windows\system32\drivers\fidbox.idx2009-01-27 23:58	21,634,848	--sha-w	c:\windows\system32\drivers\fidbox.dat2009-01-27 23:06	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab2009-01-27 21:02	---------	d-----w	c:\program files\StumbleUpon2009-01-26 15:10	196,608	----a-w	c:\windows\system32\drivers\nStandard.bin2009-01-18 15:23	---------	d--h--w	c:\program files\InstallShield Installation Information2009-01-18 15:13	---------	d-----w	c:\program files\Google2009-01-10 18:48	---------	d-----w	c:\program files\Opera2009-01-08 19:55	---------	d-----w	c:\program files\Kaspersky Lab2009-01-08 19:53	---------	d-----w	c:\program files\Spybot - Search & Destroy2009-01-08 19:52	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-01-08 19:51	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-01-07 21:59	---------	d-----w	c:\program files\uTorrent2009-01-07 19:06	---------	d-----w	c:\program files\eMule2009-01-03 14:53	---------	d-----w	c:\program files\Java2008-12-19 21:16	---------	d-----w	c:\program files\Sony2008-12-19 20:07	---------	d-----w	c:\program files\Sony Corporation2008-12-19 20:07	---------	d-----w	c:\program files\Common Files\Sony Shared2008-12-19 19:52	---------	d-----w	c:\documents and settings\Przemo\Dane aplikacji\Sony Corporation2008-12-19 19:15	---------	d-----w	c:\program files\Spik2008-12-13 18:24	---------	d-----w	c:\documents and settings\Przemo\Dane aplikacji\Skype2008-12-13 17:24	---------	d-----w	c:\documents and settings\Przemo\Dane aplikacji\skypePM2008-12-11 10:57	333,952	----a-w	c:\windows\system32\drivers\srv.sys2008-12-07 17:49	---------	d-----w	c:\program files\BearShare2008-11-28 23:04	---------	d-----w	c:\program files\Picasa22007-12-14 22:22	32	----a-w	c:\documents and settings\All Users\Dane aplikacji\ezsid.dat2008-06-05 21:53	32,768	--sha-w	c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008060520080606\index.dat.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-16 36864]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-07 68856]"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-08-03 529968]"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-08-03 244520]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2007-12-14 882176]Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-16 196608]Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-16 671744][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm"vidc.asv2"= asusasv2.dll"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ComproRemote.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\ComproRemote.lnkbackup=c:\windows\pss\ComproRemote.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ComproScheduler.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\ComproScheduler.lnkbackup=c:\windows\pss\ComproScheduler.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^TweakYC.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\TweakYC.lnkbackup=c:\windows\pss\TweakYC.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Przemo^Menu Start^Programy^Autostart^Adobe Gamma.lnk]path=c:\documents and settings\Przemo\Menu Start\Programy\Autostart\Adobe Gamma.lnkbackup=c:\windows\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Przemo^Menu Start^Programy^Autostart^Picture Motion Browser Media Check Tool.lnk]path=c:\documents and settings\Przemo\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnkbackup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]--a------ 2008-02-22 15:58 217544 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]--a------ 2007-03-28 01:29 1110016 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]--a------ 2006-06-01 13:32 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]--a------ 2007-09-06 13:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]--a------ 2006-11-01 13:50 2154496 c:\program files\GameFace Messenger\GameFace.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]--a------ 2006-11-13 12:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]--a------ 2008-06-17 15:00 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]--a------ 2006-11-28 01:12 2658304 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]--a------ 2008-08-11 07:31 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2007-12-21 20:42 98304 c:\windows\system32\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]-ra------ 2007-12-07 14:08 21686568 c:\program files\Skype\Phone\Skype.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]--a------ 2008-12-09 13:15 103912 c:\program files\Spik\Spik.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]--a------ 2008-01-07 18:26 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2006-06-21 17:14 35328 c:\program files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]--a------ 2006-07-19 12:03 94208 c:\windows\KHALMNPR.Exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]--a------ 2008-09-17 23:55 1657376 c:\windows\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]--a------ 2006-05-16 17:04 2879488 c:\windows\SkyTel.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\eMule\\emule.exe"="c:\\Program Files\\Spik\\Spik.exe"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\Polish\\setup.exe"="c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\Program Files\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]R1 CXAVSAUD;Compro VideoMate X series Audio Capture;c:\windows\system32\drivers\cxavsaud.sys [2007-12-15 9472]R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [2008-01-18 4256]R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-12-16 3712]S0 pxark;pxark;c:\windows\system32\drivers\pxark.sys --> c:\windows\system32\drivers\pxark.sys [?]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-07-20 138112]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-07-20 8320][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27568b24-a1f1-11dd-9f81-00138faa9a77}]\Shell\AutoRun\command - N:\Autorun.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fbc75551-a2a0-11dd-9f84-00138faa9a77}]\Shell\AutoRun\command - O:\Autorun.exe.- - - - USUNIĘTO PUSTE WPISY - - - -MSConfigStartUp-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exeMSConfigStartUp-SpeedTouch USB Diagnostics - c:\program files\Thomson\SpeedTouch USB\Dragdiag.exeMSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.wp.pl/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimageHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllHandler: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - c:\program files\Spik\url_wpmsg.dllFF - ProfilePath - c:\documents and settings\Przemo\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]z1bo7po.default\FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dllFF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npwpk.dllFF - plugin: c:\program files\Opera\program\plugins\npwpk.dllFF - plugin: c:\program files\Spik\mozilla\npwpk.dll.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-28 00:01:18Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\ATKKBService.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\nvsvc32.exec:\windows\system32\PnkBstrA.exec:\windows\system32\rundll32.exec:\windows\system32\rundll32.exec:\progra~1\MICROS~3\rapimgr.exec:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exec:\windows\system32\wscntfy.exe.**************************************************************************.Czas ukończenia: 2009-01-28  0:04:11 - komputer został uruchomiony ponownie [Przemo]ComboFix-quarantined-files.txt  2009-01-28 00:04:07Przed: 9 950 101 504 bajtów wolnychPo: 12,456,652,800 bajtów wolnych300	--- E O F ---	2009-01-15 18:03:49
Mateusz J.
komentarz
komentarz

Log czysty. ComboFix usunął całą infekcję.

Usuń folder c:\QooBox.

dastin
komentarz
komentarz

a ja ma problem bo ten wpis do rejestru pomógł na chwile i problem znowu powrócił co mogę jeszcze zrobić?? :)

Mateusz J.
komentarz
komentarz

Pokaż ponownie loga z ComboFix z podpiętym pendrive.

Sformatuj pendrive lub przeczyść go flashdisinfectorem.

dastin
komentarz
komentarz
(((((((((((((((((((((((((   Pliki utworzone od 2008-12-28 do 2009-01-31  ))))))))))))))))))))))))))))))).2009-01-27 17:14 . 2009-01-27 17:14	<DIR>	d--------	D:\KAV2009-01-27 17:14 . 2009-01-27 17:14	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations2009-01-27 14:54 . 2009-01-27 14:54	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Malwarebytes2009-01-27 14:54 . 2009-01-27 14:54	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-01-27 14:54 . 2009-01-14 16:11	38,496	--a------	d:\windows\system32\drivers\mbamswissarmy.sys2009-01-27 14:54 . 2009-01-14 16:11	15,504	--a------	d:\windows\system32\drivers\mbam.sys2009-01-23 23:50 . 2009-01-23 23:53	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Nowe Gadu-Gadu2009-01-20 11:05 . 2009-01-20 11:05	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\UDL2009-01-20 11:00 . 2009-01-20 11:00	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\EPSON2009-01-20 11:00 . 2006-12-08 03:04	76,800	--a------	d:\windows\system32\E_FLBCAE.DLL2009-01-20 11:00 . 2006-04-19 03:00	62,976	--a------	d:\windows\system32\E_FD4BCAE.DLL2009-01-20 11:00 . 2004-09-10 21:12	49,152	--a------	d:\windows\system32\E_DCINST.DLL2009-01-20 11:00 . 2004-08-03 22:58	15,104	--a------	d:\windows\system32\drivers\usbscan.sys2009-01-20 10:57 . 2009-01-20 11:04	<DIR>	d--------	d:\program files\epson2009-01-20 10:57 . 2006-12-28 00:00	208,896	--a------	d:\windows\system32\esint7e.dll2009-01-20 10:57 . 2006-12-28 00:00	66,560	--a------	d:\windows\system32\eswia7e.dll2009-01-20 10:57 . 2006-03-10 00:00	3,584	--a------	d:\windows\system32\eswiaml.dll2009-01-20 10:56 . 2004-08-03 23:01	25,856	--a------	d:\windows\system32\drivers\usbprint.sys2009-01-20 10:56 . 2009-01-20 10:56	26	--a------	d:\windows\CDE DX4400DEFGIPS.ini2009-01-19 15:33 . 2009-01-23 17:06	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Azureus2009-01-19 15:33 . 2009-01-19 15:33	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Azureus2009-01-14 17:43 . 2009-01-14 17:43	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\AdobeUM2009-01-10 17:20 . 1998-10-29 16:45	306,688	--a------	d:\windows\IsUninst.exe2009-01-04 15:02 . 2009-01-04 15:02	<DIR>	d--------	d:\program files\Bonjour2009-01-04 14:51 . 2009-01-04 14:51	<DIR>	d--------	d:\program files\Common Files\Macrovision Shared2008-12-28 17:07 . 2008-12-28 17:07	5,292,054	--a------	d:\windows\BricoPack Wallpaper.bmp2008-12-25 20:02 . 2008-12-26 00:24	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\BESTplayer2008-12-23 15:45 . 2008-12-23 17:08	786	--a------	d:\windows\eReg.dat2008-12-23 11:26 . 2008-12-23 11:26	<DIR>	d--------	d:\documents and settings\dastin\WINDOWS2008-12-23 11:26 . 1998-01-23 14:15	304,640	--a------	d:\windows\IsUn0415.exe2008-12-22 00:22 . 2008-12-22 00:22	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Toribash2008-12-16 20:12 . 2006-11-11 04:47	527,136	-ra------	d:\windows\system32\LVUI2RC.dll2008-12-16 20:12 . 2006-11-11 04:43	487,328	-ra------	d:\windows\system32\drivers\LV561AV.SYS2008-12-16 20:12 . 2003-02-21 13:42	348,160	-ra------	d:\windows\system\msvcr71.dll2008-12-16 20:12 . 2006-11-11 04:44	264,992	-ra------	d:\windows\system32\lvcodec2.dll2008-12-16 20:12 . 2006-11-11 04:47	211,744	-ra------	d:\windows\system32\LVUI2.dll2008-12-16 20:12 . 2006-11-11 04:45	121,632	-ra------	d:\windows\system32\lvcoinst.dll2008-12-16 20:12 . 2006-11-11 03:31	42,594	-ra------	d:\windows\system32\lvcoinst.ini2008-12-16 20:12 . 2006-11-11 04:48	40,352	-ra------	d:\windows\system32\drivers\LVUSBSta.sys2008-12-16 20:12 . 2006-11-11 03:30	7,734	-ra------	d:\windows\system32\Repository.reg2008-12-16 20:09 . 2008-12-16 20:09	118,784	-r-------	d:\windows\bwUnin-7.2.0.157-8876480SL.exe2008-12-16 20:04 . 2008-12-16 20:09	<DIR>	d--------	d:\program files\Logitech2008-12-16 20:04 . 2008-12-16 20:08	<DIR>	d--------	d:\program files\Common Files\Logitech2008-12-16 20:04 . 2008-12-16 20:04	<DIR>	d--------	d:\program files\Common Files\Logishrd2008-12-16 20:04 . 2008-12-16 20:04	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Logitech2008-12-09 17:25 . 2009-01-31 21:30	<DIR>	d--------	d:\program files\Mozilla Firefox 3.1 Beta 22008-12-07 17:30 . 2008-12-07 17:30	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Mikrotik2008-12-07 13:54 . 2008-12-07 13:54	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\TuneUp Software2008-12-07 13:53 . 2008-12-07 13:53	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\TuneUp Software2008-12-07 13:53 . 2008-12-07 13:53	<DIR>	d--hs----	d:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}2008-12-07 13:48 . 2008-12-07 14:20	1,144	--a------	d:\windows\wincmd.ini2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\UC.PIF2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\RAR.PIF2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\PKZIP.PIF2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\PKUNZIP.PIF2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\NOCLOSE.PIF2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\LHA.PIF2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\ARJ.PIF2008-12-06 12:24 . 2008-12-06 12:24	940,794	--a------	d:\windows\system32\LoopyMusic.wav2008-12-06 12:24 . 2008-12-06 12:24	146,650	--a------	d:\windows\system32\BuzzingBee.wav2008-12-06 12:24 . 2008-12-07 11:54	60,416	--a------	d:\windows\ALCFDRTM.VER2008-12-06 12:24 . 2008-12-06 12:24	60,416	--a------	d:\windows\ALCFDRTM.EXE2008-12-06 12:19 . 2008-12-06 12:19	<DIR>	d--------	d:\windows\system32\Lang2008-12-05 22:07 . 2005-11-06 01:13	1,060,864	--a-s----	d:\windows\system32\mfc71.dll2008-12-05 22:07 . 2005-11-06 01:10	860,211	--a-s----	d:\windows\system32\XSIFtk-3.6.2.1.dll2008-12-05 22:07 . 2005-07-28 08:18	685,056	--a------	d:\windows\system32\drivers\hardlock.sys2008-12-05 22:07 . 2005-11-06 01:13	499,712	--a-s----	d:\windows\system32\msvcp71.dll2008-12-05 22:07 . 2009-01-31 19:40	0	--a------	d:\windows\TempFile2008-12-05 21:51 . 2008-12-05 21:51	<DIR>	d--------	d:\program files\QuickTime Alternative2008-12-05 21:51 . 2008-12-05 21:51	<DIR>	d--------	d:\program files\K-Lite Codec Pack2008-12-05 21:51 . 2008-12-05 21:51	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Apple Computer2008-12-04 18:31 . 2009-01-04 15:04	<DIR>	d--------	d:\program files\Common Files\Adobe2008-12-04 18:27 . 2008-12-04 18:27	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Panasonic2008-12-04 18:26 . 2008-12-04 18:30	<DIR>	d--------	d:\program files\Panasonic2008-12-04 18:26 . 2007-06-22 00:10	501,912	--a------	d:\windows\system32\PICSDK2.dll2008-12-03 14:28 . 2008-12-03 14:28	<DIR>	d--------	d:\program files\SAGEM WiFi manager2008-12-03 14:28 . 2008-12-03 14:28	<DIR>	d--------	d:\program files\SAGEM2008-12-03 14:28 . 2007-01-16 13:52	20,608	--a------	d:\windows\system32\drivers\BRGSp50.sys2008-12-03 14:28 . 2007-01-16 13:52	17,664	--a------	d:\windows\system32\drivers\ZDPSp50.sys2008-12-03 14:26 . 2007-01-10 10:14	450,560	--a------	d:\windows\system32\drivers\WlanBZXP.sys2008-12-03 14:26 . 2005-06-17 10:26	114,688	--a------	d:\windows\system32\WLANUTL.dll2008-12-03 14:26 . 2005-06-17 10:26	61,440	--a------	d:\windows\system32\W32N50.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-27 16:14	---------	d-----w	d:\program files\Kaspersky Lab2009-01-20 10:08	---------	d--h--w	d:\program files\InstallShield Installation Information2009-01-20 10:07	---------	d-----w	d:\program files\Common Files\InstallShield2008-12-24 22:20	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\skypePM2008-12-24 22:20	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Skype2008-12-23 20:55	219,648	----a-w	d:\windows\system32\uxtheme.dll2008-12-09 09:28	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-11-30 21:45	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Any Video Converter2008-11-29 12:44	---------	d-----w	d:\program files\Skype2008-11-29 12:44	---------	d-----w	d:\program files\Common Files\Skype2008-11-29 12:44	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Skype2008-11-24 14:32	57,344	----a-w	d:\windows\system32\ff_vfw.dll2008-11-13 13:43	410,976	----a-w	d:\windows\system32\deploytk.dll2008-10-28 22:35	684,032	----a-w	d:\windows\system32\divx.dll2008-10-16 13:13	202,776	----a-w	d:\windows\system32\wuweb.dll2008-10-16 13:13	1,809,944	----a-w	d:\windows\system32\wuaueng.dll2008-10-16 13:12	561,688	----a-w	d:\windows\system32\wuapi.dll2008-10-16 13:12	323,608	----a-w	d:\windows\system32\wucltui.dll2008-10-16 13:09	92,696	----a-w	d:\windows\system32\cdm.dll2008-10-16 13:09	51,224	----a-w	d:\windows\system32\wuauclt.exe2008-10-16 13:09	43,544	----a-w	d:\windows\system32\wups2.dll2008-10-16 13:08	34,328	----a-w	d:\windows\system32\wups.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Stefan"="f:\program files\INTERIAPL\Stefan\Stefan.exe" [2008-07-17 685568]"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]"EPSON Stylus DX4400 Series"="d:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-01-25 179200][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UserFaultCheck"="d:\windows\system32\dumprep 0 -u" [X]"KAVWks50"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 98407][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2006-01-12 15:40 155648 d:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-09-12 17:45 36352 d:\program files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]--a------ 2005-07-26 09:16 77824 d:\windows\SOUNDMAN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"kavsvc"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="d:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"="d:\\WINDOWS\\system32\\java.exe"="d:\\Program Files\\BearShare\\BearShare.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="d:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Program Files\\Bonjour\\mDNSResponder.exe"="f:\\Program Files\\Vuze\\Azureus.exe"=R1 klmc;Sterownik KLMC;d:\windows\system32\drivers\klmc.sys [2006-07-12 14803]R3 CXTuner;Conexant TVTuner;d:\windows\system32\drivers\CXTuner.sys [2006-05-23 23168]R3 CXVideo;Conexant Capture;d:\windows\system32\drivers\CXVCap.sys [2006-05-22 57216]R3 CXXBar;Conexant Crossbar;d:\windows\system32\drivers\CXXBar.sys [2006-04-25 9600]S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;d:\windows\system32\drivers\WlanBZXP.sys [2008-12-03 450560]S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\d:\windows\system32\ZDCndis5.SYS --> d:\windows\system32\ZDCndis5.SYS [?][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f7-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - G:\setup.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f9-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - I:\USBNB.exe..------- Skan uzupełniający -------.uStart Page = hxxp://onet.pl/uInternet Settings,ProxyOverride = *.localFF - ProfilePath - d:\documents and settings\dastin\Dane aplikacji\Mozilla\Firefox\Profiles\k8q933k3.default\FF - prefs.js: browser.startup.homepage - www.onet.plFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-31 22:06:29Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1482476501-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DDFAB07-700E-32E4-DC00-A05C26A90585}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).Czas ukończenia: 2009-01-31 22:07:35ComboFix-quarantined-files.txt  2009-01-31 21:07:33ComboFix2.txt  2009-01-27 13:49:59Przed: 63 850 741 760 bajtów wolnychPo: 63,857,516,544 bajtów wolnych195
Mateusz J.
komentarz
komentarz

Log jest ucięty.

Wklej cały.

dastin
komentarz
komentarz
ComboFix 09-01-31.01 - dastin 2009-01-31 22:04:55.4 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1535.1071 [GMT 1:00]Uruchomiony z: d:\documents and settings\dastin\Pulpit\ComboFix.exeAV: Kaspersky Anti-Virus for Windows Workstations *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania.(((((((((((((((((((((((((   Pliki utworzone od 2008-12-28 do 2009-01-31  ))))))))))))))))))))))))))))))).2009-01-27 17:14 . 2009-01-27 17:14	<DIR>	d--------	D:\KAV2009-01-27 17:14 . 2009-01-27 17:14	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus for Windows Workstations2009-01-27 14:54 . 2009-01-27 14:54	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Malwarebytes2009-01-27 14:54 . 2009-01-27 14:54	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-01-27 14:54 . 2009-01-14 16:11	38,496	--a------	d:\windows\system32\drivers\mbamswissarmy.sys2009-01-27 14:54 . 2009-01-14 16:11	15,504	--a------	d:\windows\system32\drivers\mbam.sys2009-01-23 23:50 . 2009-01-23 23:53	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Nowe Gadu-Gadu2009-01-20 11:05 . 2009-01-20 11:05	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\UDL2009-01-20 11:00 . 2009-01-20 11:00	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\EPSON2009-01-20 11:00 . 2006-12-08 03:04	76,800	--a------	d:\windows\system32\E_FLBCAE.DLL2009-01-20 11:00 . 2006-04-19 03:00	62,976	--a------	d:\windows\system32\E_FD4BCAE.DLL2009-01-20 11:00 . 2004-09-10 21:12	49,152	--a------	d:\windows\system32\E_DCINST.DLL2009-01-20 11:00 . 2004-08-03 22:58	15,104	--a------	d:\windows\system32\drivers\usbscan.sys2009-01-20 10:57 . 2009-01-20 11:04	<DIR>	d--------	d:\program files\epson2009-01-20 10:57 . 2006-12-28 00:00	208,896	--a------	d:\windows\system32\esint7e.dll2009-01-20 10:57 . 2006-12-28 00:00	66,560	--a------	d:\windows\system32\eswia7e.dll2009-01-20 10:57 . 2006-03-10 00:00	3,584	--a------	d:\windows\system32\eswiaml.dll2009-01-20 10:56 . 2004-08-03 23:01	25,856	--a------	d:\windows\system32\drivers\usbprint.sys2009-01-20 10:56 . 2009-01-20 10:56	26	--a------	d:\windows\CDE DX4400DEFGIPS.ini2009-01-19 15:33 . 2009-01-23 17:06	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Azureus2009-01-19 15:33 . 2009-01-19 15:33	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Azureus2009-01-14 17:43 . 2009-01-14 17:43	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\AdobeUM2009-01-10 17:20 . 1998-10-29 16:45	306,688	--a------	d:\windows\IsUninst.exe2009-01-04 15:02 . 2009-01-04 15:02	<DIR>	d--------	d:\program files\Bonjour2009-01-04 14:51 . 2009-01-04 14:51	<DIR>	d--------	d:\program files\Common Files\Macrovision Shared2008-12-28 17:07 . 2008-12-28 17:07	5,292,054	--a------	d:\windows\BricoPack Wallpaper.bmp2008-12-25 20:02 . 2008-12-26 00:24	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\BESTplayer2008-12-23 15:45 . 2008-12-23 17:08	786	--a------	d:\windows\eReg.dat2008-12-23 11:26 . 2008-12-23 11:26	<DIR>	d--------	d:\documents and settings\dastin\WINDOWS2008-12-23 11:26 . 1998-01-23 14:15	304,640	--a------	d:\windows\IsUn0415.exe2008-12-22 00:22 . 2008-12-22 00:22	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Toribash2008-12-16 20:12 . 2006-11-11 04:47	527,136	-ra------	d:\windows\system32\LVUI2RC.dll2008-12-16 20:12 . 2006-11-11 04:43	487,328	-ra------	d:\windows\system32\drivers\LV561AV.SYS2008-12-16 20:12 . 2003-02-21 13:42	348,160	-ra------	d:\windows\system\msvcr71.dll2008-12-16 20:12 . 2006-11-11 04:44	264,992	-ra------	d:\windows\system32\lvcodec2.dll2008-12-16 20:12 . 2006-11-11 04:47	211,744	-ra------	d:\windows\system32\LVUI2.dll2008-12-16 20:12 . 2006-11-11 04:45	121,632	-ra------	d:\windows\system32\lvcoinst.dll2008-12-16 20:12 . 2006-11-11 03:31	42,594	-ra------	d:\windows\system32\lvcoinst.ini2008-12-16 20:12 . 2006-11-11 04:48	40,352	-ra------	d:\windows\system32\drivers\LVUSBSta.sys2008-12-16 20:12 . 2006-11-11 03:30	7,734	-ra------	d:\windows\system32\Repository.reg2008-12-16 20:09 . 2008-12-16 20:09	118,784	-r-------	d:\windows\bwUnin-7.2.0.157-8876480SL.exe2008-12-16 20:04 . 2008-12-16 20:09	<DIR>	d--------	d:\program files\Logitech2008-12-16 20:04 . 2008-12-16 20:08	<DIR>	d--------	d:\program files\Common Files\Logitech2008-12-16 20:04 . 2008-12-16 20:04	<DIR>	d--------	d:\program files\Common Files\Logishrd2008-12-16 20:04 . 2008-12-16 20:04	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Logitech2008-12-09 17:25 . 2009-01-31 21:30	<DIR>	d--------	d:\program files\Mozilla Firefox 3.1 Beta 22008-12-07 17:30 . 2008-12-07 17:30	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Mikrotik2008-12-07 13:54 . 2008-12-07 13:54	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\TuneUp Software2008-12-07 13:53 . 2008-12-07 13:53	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\TuneUp Software2008-12-07 13:53 . 2008-12-07 13:53	<DIR>	d--hs----	d:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}2008-12-07 13:48 . 2008-12-07 14:20	1,144	--a------	d:\windows\wincmd.ini2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\UC.PIF2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\RAR.PIF2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\PKZIP.PIF2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\PKUNZIP.PIF2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\NOCLOSE.PIF2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\LHA.PIF2008-12-07 13:48 . 2008-07-29 07:04	545	--a------	d:\windows\ARJ.PIF2008-12-06 12:24 . 2008-12-06 12:24	940,794	--a------	d:\windows\system32\LoopyMusic.wav2008-12-06 12:24 . 2008-12-06 12:24	146,650	--a------	d:\windows\system32\BuzzingBee.wav2008-12-06 12:24 . 2008-12-07 11:54	60,416	--a------	d:\windows\ALCFDRTM.VER2008-12-06 12:24 . 2008-12-06 12:24	60,416	--a------	d:\windows\ALCFDRTM.EXE2008-12-06 12:19 . 2008-12-06 12:19	<DIR>	d--------	d:\windows\system32\Lang2008-12-05 22:07 . 2005-11-06 01:13	1,060,864	--a-s----	d:\windows\system32\mfc71.dll2008-12-05 22:07 . 2005-11-06 01:10	860,211	--a-s----	d:\windows\system32\XSIFtk-3.6.2.1.dll2008-12-05 22:07 . 2005-07-28 08:18	685,056	--a------	d:\windows\system32\drivers\hardlock.sys2008-12-05 22:07 . 2005-11-06 01:13	499,712	--a-s----	d:\windows\system32\msvcp71.dll2008-12-05 22:07 . 2009-01-31 19:40	0	--a------	d:\windows\TempFile2008-12-05 21:51 . 2008-12-05 21:51	<DIR>	d--------	d:\program files\QuickTime Alternative2008-12-05 21:51 . 2008-12-05 21:51	<DIR>	d--------	d:\program files\K-Lite Codec Pack2008-12-05 21:51 . 2008-12-05 21:51	<DIR>	d--------	d:\documents and settings\All Users\Dane aplikacji\Apple Computer2008-12-04 18:31 . 2009-01-04 15:04	<DIR>	d--------	d:\program files\Common Files\Adobe2008-12-04 18:27 . 2008-12-04 18:27	<DIR>	d--------	d:\documents and settings\dastin\Dane aplikacji\Panasonic2008-12-04 18:26 . 2008-12-04 18:30	<DIR>	d--------	d:\program files\Panasonic2008-12-04 18:26 . 2007-06-22 00:10	501,912	--a------	d:\windows\system32\PICSDK2.dll2008-12-03 14:28 . 2008-12-03 14:28	<DIR>	d--------	d:\program files\SAGEM WiFi manager2008-12-03 14:28 . 2008-12-03 14:28	<DIR>	d--------	d:\program files\SAGEM2008-12-03 14:28 . 2007-01-16 13:52	20,608	--a------	d:\windows\system32\drivers\BRGSp50.sys2008-12-03 14:28 . 2007-01-16 13:52	17,664	--a------	d:\windows\system32\drivers\ZDPSp50.sys2008-12-03 14:26 . 2007-01-10 10:14	450,560	--a------	d:\windows\system32\drivers\WlanBZXP.sys2008-12-03 14:26 . 2005-06-17 10:26	114,688	--a------	d:\windows\system32\WLANUTL.dll2008-12-03 14:26 . 2005-06-17 10:26	61,440	--a------	d:\windows\system32\W32N50.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-27 16:14	---------	d-----w	d:\program files\Kaspersky Lab2009-01-20 10:08	---------	d--h--w	d:\program files\InstallShield Installation Information2009-01-20 10:07	---------	d-----w	d:\program files\Common Files\InstallShield2008-12-24 22:20	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\skypePM2008-12-24 22:20	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Skype2008-12-23 20:55	219,648	----a-w	d:\windows\system32\uxtheme.dll2008-12-09 09:28	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Microsoft Help2008-11-30 21:45	---------	d-----w	d:\documents and settings\dastin\Dane aplikacji\Any Video Converter2008-11-29 12:44	---------	d-----w	d:\program files\Skype2008-11-29 12:44	---------	d-----w	d:\program files\Common Files\Skype2008-11-29 12:44	---------	d-----w	d:\documents and settings\All Users\Dane aplikacji\Skype2008-11-24 14:32	57,344	----a-w	d:\windows\system32\ff_vfw.dll2008-11-13 13:43	410,976	----a-w	d:\windows\system32\deploytk.dll2008-10-28 22:35	684,032	----a-w	d:\windows\system32\divx.dll2008-10-16 13:13	202,776	----a-w	d:\windows\system32\wuweb.dll2008-10-16 13:13	1,809,944	----a-w	d:\windows\system32\wuaueng.dll2008-10-16 13:12	561,688	----a-w	d:\windows\system32\wuapi.dll2008-10-16 13:12	323,608	----a-w	d:\windows\system32\wucltui.dll2008-10-16 13:09	92,696	----a-w	d:\windows\system32\cdm.dll2008-10-16 13:09	51,224	----a-w	d:\windows\system32\wuauclt.exe2008-10-16 13:09	43,544	----a-w	d:\windows\system32\wups2.dll2008-10-16 13:08	34,328	----a-w	d:\windows\system32\wups.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Stefan"="f:\program files\INTERIAPL\Stefan\Stefan.exe" [2008-07-17 685568]"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]"EPSON Stylus DX4400 Series"="d:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-01-25 179200][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UserFaultCheck"="d:\windows\system32\dumprep 0 -u" [X]"KAVWks50"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 98407][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2006-01-12 15:40 155648 d:\program files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-09-12 17:45 36352 d:\program files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]--a------ 2005-07-26 09:16 77824 d:\windows\SOUNDMAN.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"kavsvc"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="d:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"="d:\\WINDOWS\\system32\\java.exe"="d:\\Program Files\\BearShare\\BearShare.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="d:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Program Files\\Bonjour\\mDNSResponder.exe"="f:\\Program Files\\Vuze\\Azureus.exe"=R1 klmc;Sterownik KLMC;d:\windows\system32\drivers\klmc.sys [2006-07-12 14803]R3 CXTuner;Conexant TVTuner;d:\windows\system32\drivers\CXTuner.sys [2006-05-23 23168]R3 CXVideo;Conexant Capture;d:\windows\system32\drivers\CXVCap.sys [2006-05-22 57216]R3 CXXBar;Conexant Crossbar;d:\windows\system32\drivers\CXXBar.sys [2006-04-25 9600]S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;d:\windows\system32\drivers\WlanBZXP.sys [2008-12-03 450560]S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\d:\windows\system32\ZDCndis5.SYS --> d:\windows\system32\ZDCndis5.SYS [?][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f7-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - G:\setup.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f3e0f9-b0b1-11dd-a3b0-806d6172696f}]\Shell\AutoRun\command - I:\USBNB.exe..------- Skan uzupełniający -------.uStart Page = hxxp://onet.pl/uInternet Settings,ProxyOverride = *.localFF - ProfilePath - d:\documents and settings\dastin\Dane aplikacji\Mozilla\Firefox\Profiles\k8q933k3.default\FF - prefs.js: browser.startup.homepage - www.onet.plFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-31 22:06:29Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1482476501-1958367476-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3DDFAB07-700E-32E4-DC00-A05C26A90585}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).Czas ukończenia: 2009-01-31 22:07:35ComboFix-quarantined-files.txt  2009-01-31 21:07:33ComboFix2.txt  2009-01-27 13:49:59Przed: 63 850 741 760 bajtów wolnychPo: 63,857,516,544 bajtów wolnych195
Mateusz J.
komentarz
komentarz

Przeskanuj komputer malwarebytes. Raport pokaż na forum.

Log wygląda na czysty.

dastin
komentarz
komentarz

w raporcie wygląda wsztstko ok program nie znalazł żadnego niebezpiecznego pliku...

nadal mam ten sam problem, po pewnym czasie znowu mi sie pojawiają takie okna... i sie wyłącza wszystko

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.