Nagle spadki fps!
sztander - 2009-11-18, 20:21
Kod: Zaznacz całyComboFix 09-11-18.06 - Sztander 2009-11-18 21:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2047.1705 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Sztander\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Sztander\USTAWI~1\Temp\init.exe
c:\documents and settings\Sztander\Dane aplikacji\wiaserva.log
c:\documents and settings\Sztander\Moje dokumenty\cc_20091025_131654.reg
c:\documents and settings\Sztander\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Sztander\Ustawienia lokalne\Dane aplikacji\DoubleD
c:\documents and settings\Sztander\Ustawienia lokalne\Temp\init.exe
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.8.1.4690\adwpx.exe
c:\program files\Internet Saving Optimizer\3.8.1.4690\Data\config.md
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.8.1.4690\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\NPIEaddon.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\unins000.dat
c:\program files\Internet Saving Optimizer\3.8.1.4690\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\2.0.0.1050\Data\config.md
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome.manifest
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\2.0.0.1050\FF\install.rdf
c:\program files\Media Access Startup\2.0.0.1050\HPCommon.dll
c:\program files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll
c:\program files\Media Access Startup\2.0.0.1050\hppx.exe
c:\program files\Media Access Startup\2.0.0.1050\MAHelper.exe
c:\program files\Media Access Startup\2.0.0.1050\unins000.dat
c:\program files\Media Access Startup\2.0.0.1050\unins000.exe
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\0002260C.bin
c:\program files\myglobalsearch\bar\Cache\000227E1.bin
c:\program files\myglobalsearch\bar\Cache\00022929.bin
c:\program files\myglobalsearch\bar\Cache\001CF1CA
c:\program files\myglobalsearch\bar\Cache\004D3244.bin
c:\program files\myglobalsearch\bar\Cache\004D42A0.bin
c:\program files\myglobalsearch\bar\Cache\004D4520.bin
c:\program files\myglobalsearch\bar\Cache\008B6B58
c:\program files\myglobalsearch\bar\Cache\00EE9D53
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\windows\system32\bpk.dat
c:\windows\system32\ieuinit.inf
c:\windows\system32\inst.dat
c:\windows\system32\pk.bin
c:\windows\system32\web.dat
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSUPDATE
((((((((((((((((((((((((( Pliki utworzone od 2009-10-18 do 2009-11-18 )))))))))))))))))))))))))))))))
.
2009-11-18 20:03 . 2004-08-03 20:59 95360 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-18 20:03 . 2004-08-03 20:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-12 21:24 . 2009-11-12 21:24 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-06 02:14 . 2009-11-06 02:14 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-01 07:49 . 2009-11-12 21:55 -------- d-----w- c:\documents and settings\Sztander\Ustawienia lokalne\Dane aplikacji\Temp
2009-10-31 16:54 . 2005-01-02 03:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-10-31 16:53 . 2009-10-31 16:53 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-10-25 13:15 . 2009-10-25 13:15 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation
2009-10-25 13:15 . 2009-11-12 17:55 -------- d-----w- c:\program files\NVIDIA Corporation
2009-10-25 13:14 . 2009-10-25 13:14 -------- d-----w- C:\NVIDIA
2009-10-25 10:49 . 2009-10-25 10:49 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
2009-10-25 10:28 . 2009-10-25 10:28 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
2009-10-25 10:28 . 2009-10-25 10:28 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-25 10:16 . 2006-06-14 12:44 12288 ----a-r- c:\windows\system32\drivers\EIO_XP.sys
2009-10-25 10:13 . 2008-11-18 11:18 12416 ----a-w- c:\windows\system32\drivers\asusgsb.sys
2009-10-25 09:56 . 2009-10-25 09:56 -------- d-----w- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP
2009-10-25 09:56 . 2009-10-25 13:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 09:55 . 2009-10-25 09:58 -------- d-----w- c:\windows\NV39923996.TMP
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 19:48 . 2008-12-04 15:06 -------- d-----w- c:\documents and settings\Sztander\Dane aplikacji\Xfire
2009-11-18 19:15 . 2008-07-19 13:24 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-18 19:15 . 2008-07-19 13:23 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-15 10:49 . 2008-11-04 21:30 -------- d-----w- c:\documents and settings\Sztander\Dane aplikacji\mIRC
2009-11-14 13:55 . 2008-08-07 22:15 -------- d-----w- c:\program files\Google
2009-11-14 13:00 . 2009-04-24 21:32 -------- d-----w- c:\documents and settings\Sztander\Dane aplikacji\Samsung
2009-11-14 11:42 . 2009-10-25 10:14 -------- d-----w- c:\program files\ASUS
2009-11-12 18:04 . 2001-10-26 16:15 74450 ----a-w- c:\windows\system32\perfc015.dat
2009-11-12 18:04 . 2001-10-26 16:15 448348 ----a-w- c:\windows\system32\perfh015.dat
2009-11-10 13:18 . 2008-07-16 14:41 -------- d-----w- c:\documents and settings\Sztander\Dane aplikacji\teamspeak2
2009-10-31 16:38 . 2008-07-16 13:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-25 13:15 . 2009-10-05 15:41 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-09 22:21 . 2009-10-09 22:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Electronic Arts
2009-10-05 15:39 . 2009-10-05 15:39 -------- d-----w- c:\program files\My Company Name
2009-09-27 17:19 . 2009-09-27 17:19 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-27 15:12 . 2009-09-27 15:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 15:12 . 2009-09-27 15:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 15:12 . 2009-09-27 15:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 15:12 . 2008-12-25 16:08 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 15:12 . 2008-07-16 13:23 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 15:12 . 2007-06-28 16:43 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12 . 2007-06-28 16:43 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 15:12 . 2006-04-16 14:51 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 15:12 . 2006-04-16 14:51 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 15:12 . 2006-04-16 14:51 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 15:12 . 2006-04-16 14:51 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-26 11:29 . 2009-09-26 11:29 -------- d-----w- c:\documents and settings\Sztander\Dane aplikacji\Ahead
2009-09-26 11:27 . 2009-09-26 11:24 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-26 11:24 . 2009-09-26 11:24 -------- d-----w- c:\program files\Nero
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-24 08:24 . 2009-08-31 19:20 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-22 15:48 . 2009-09-22 15:48 -------- d-----w- c:\program files\Idoru
2009-09-07 19:59 . 2009-08-31 19:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-31 19:16 . 2009-08-31 19:16 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-25 16:04 . 2009-08-25 16:04 75264 ----a-w- c:\windows\system32\uc_holybeast_launching.dll
2009-06-28 07:29 . 2009-06-28 07:29 5771457 --sh--w- c:\windows\smss.cmd
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="f:\programy\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-09 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"DAEMON Tools Lite"="f:\programy\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"SpeedX"="f:\programy\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 46718]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_15\bin\jusched.exe" [2007-05-22 32881]
"Adobe Reader Speed Launcher"="f:\programy\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Systool"="c:\windows\smss.cmd" [2009-06-28 5771457]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"sestem32"="c:\windows\system32\sestem32.exe" [2008-09-17 438272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Sztander\Menu Start\Programy\Autostart\
lsass.exe [2008-12-8 126493]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Programy\\Xfire\\xfire.exe"=
"d:\\Program Files\\Valve\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Programy\\Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"f:\\Programy\\mIRC\\mirc.exe"=
"d:\\Program Files\\Valve\\hlds.exe"=
"d:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Documents and Settings\\Sztander\\Pulpit\\pes2009.exe"=
"f:\\Programy\\COD4CC\\pbucon.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
"10012:TCP"= 10012:TCP:BitComet 10012 TCP
"10012:UDP"= 10012:UDP:BitComet 10012 UDP
"58349:TCP"= 58349:TCP:Pando Media Booster
"58349:UDP"= 58349:UDP:Pando Media Booster
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
.
------- Skan uzupełniający -------
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
FF - ProfilePath - c:\documents and settings\Sztander\Dane aplikacji\Mozilla\Firefox\Profiles\zjk0gagq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|www.google.pl
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJPI142_15.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPOJI610.dll
FF - plugin: f:\programy\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: f:\programy\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: f:\programy\DivX\DivX Web Player\npdivx32.dll
FF - plugin: f:\programy\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: f:\programy\Mozilla Firefox\plugins\NPSOCCER.dll
FF - plugin: f:\programy\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: f:\programy\Real Alternative\browser\plugins\nprpjplug.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-BitComet - f:\programy\BitComet\BitComet.exe
HKCU-Run-EA Core - f:\programy\Electronic Arts\EADM\Core.exe
HKLM-Run-BearShare - f:\programy\BearShare\BearShare.exe
HKLM-Run-sXe Injected - f:\programy\sXe Injected\sXe Injected.exe
HKLM-Run-NWEReboot - (no file)
AddRemove-SPEEDX - f:\programy\MyPortal\Speed-X\uninstall.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\2.0.0.1050\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 21:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x89B5D1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80fcfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e66cb8
\Driver\atapi -> sfsync02.sys @ 0xb80c98b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7d05ba0
PacketIndicateHandler -> NDIS.sys @ 0xb7d12b21
SendHandler -> NDIS.sys @ 0xb7cf087b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-606747145-1844237615-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-11-18 21:09 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-11-18 20:09
Przed: 70Â 168Â 420Â 352 bajtów wolnych
Po: 70Â 146Â 478Â 080 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - E0C278A6830C0100FA34AE056F8DF9D7
Eth3r - 2009-11-18, 21:45
Rozpisałeś się,nie ma co. A spadki były poruszane już sporo razy, zapewne wina PB.
r4m1k* - 2009-11-19, 05:42
Rozpisałeś się,nie ma co. A spadki były poruszane już sporo razy, zapewne wina PB.
W tym przypadku wystarczy log z combo żeby znaleźć przyczynę.
Brak jakiejkolwiek zapory ogniowej oraz antyvirka.
System totalnie zaśmiecony.
W systemie znajdują się niebezpieczne obiekty.
Co niektóre jak widać w logu combo się pozbyło, ale resztę trzeba po skanować kaspeskim. Ze strony producenta pobierzesz darmowa 30-sto dniową wersję.zanotowane.pl doc.pisz.pl pdf.pisz.pl ilemaszlat.htw.pl
sztander - 2009-11-18, 20:21
Kod: Zaznacz całyComboFix 09-11-18.06 - Sztander 2009-11-18 21:03.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2047.1705 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Sztander\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Sztander\USTAWI~1\Temp\init.exe
c:\documents and settings\Sztander\Dane aplikacji\wiaserva.log
c:\documents and settings\Sztander\Moje dokumenty\cc_20091025_131654.reg
c:\documents and settings\Sztander\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Sztander\Ustawienia lokalne\Dane aplikacji\DoubleD
c:\documents and settings\Sztander\Ustawienia lokalne\Temp\init.exe
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.8.1.4690\adwpx.exe
c:\program files\Internet Saving Optimizer\3.8.1.4690\Data\config.md
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.8.1.4690\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.8.1.4690\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\NPIEaddon.dll
c:\program files\Internet Saving Optimizer\3.8.1.4690\unins000.dat
c:\program files\Internet Saving Optimizer\3.8.1.4690\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\2.0.0.1050\Data\config.md
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome.manifest
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\2.0.0.1050\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\2.0.0.1050\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\2.0.0.1050\FF\install.rdf
c:\program files\Media Access Startup\2.0.0.1050\HPCommon.dll
c:\program files\Media Access Startup\2.0.0.1050\HPIEAddOn.dll
c:\program files\Media Access Startup\2.0.0.1050\hppx.exe
c:\program files\Media Access Startup\2.0.0.1050\MAHelper.exe
c:\program files\Media Access Startup\2.0.0.1050\unins000.dat
c:\program files\Media Access Startup\2.0.0.1050\unins000.exe
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\0002260C.bin
c:\program files\myglobalsearch\bar\Cache\000227E1.bin
c:\program files\myglobalsearch\bar\Cache\00022929.bin
c:\program files\myglobalsearch\bar\Cache\001CF1CA
c:\program files\myglobalsearch\bar\Cache\004D3244.bin
c:\program files\myglobalsearch\bar\Cache\004D42A0.bin
c:\program files\myglobalsearch\bar\Cache\004D4520.bin
c:\program files\myglobalsearch\bar\Cache\008B6B58
c:\program files\myglobalsearch\bar\Cache\00EE9D53
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\windows\system32\bpk.dat
c:\windows\system32\ieuinit.inf
c:\windows\system32\inst.dat
c:\windows\system32\pk.bin
c:\windows\system32\web.dat
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSUPDATE
((((((((((((((((((((((((( Pliki utworzone od 2009-10-18 do 2009-11-18 )))))))))))))))))))))))))))))))
.
2009-11-18 20:03 . 2004-08-03 20:59 95360 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-18 20:03 . 2004-08-03 20:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-12 21:24 . 2009-11-12 21:24 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-06 02:14 . 2009-11-06 02:14 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-01 07:49 . 2009-11-12 21:55 -------- d-----w- c:\documents and settings\Sztander\Ustawienia lokalne\Dane aplikacji\Temp
2009-10-31 16:54 . 2005-01-02 03:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-10-31 16:53 . 2009-10-31 16:53 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-10-25 13:15 . 2009-10-25 13:15 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation
2009-10-25 13:15 . 2009-11-12 17:55 -------- d-----w- c:\program files\NVIDIA Corporation
2009-10-25 13:14 . 2009-10-25 13:14 -------- d-----w- C:\NVIDIA
2009-10-25 10:49 . 2009-10-25 10:49 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
2009-10-25 10:28 . 2009-10-25 10:28 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
2009-10-25 10:28 . 2009-10-25 10:28 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-25 10:16 . 2006-06-14 12:44 12288 ----a-r- c:\windows\system32\drivers\EIO_XP.sys
2009-10-25 10:13 . 2008-11-18 11:18 12416 ----a-w- c:\windows\system32\drivers\asusgsb.sys
2009-10-25 09:56 . 2009-10-25 09:56 -------- d-----w- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP
2009-10-25 09:56 . 2009-10-25 13:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 09:55 . 2009-10-25 09:58 -------- d-----w- c:\windows\NV39923996.TMP
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 19:48 . 2008-12-04 15:06 -------- d-----w- c:\documents and settings\Sztander\Dane aplikacji\Xfire
2009-11-18 19:15 . 2008-07-19 13:24 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-18 19:15 . 2008-07-19 13:23 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-15 10:49 . 2008-11-04 21:30 -------- d-----w- c:\documents and settings\Sztander\Dane aplikacji\mIRC
2009-11-14 13:55 . 2008-08-07 22:15 -------- d-----w- c:\program files\Google
2009-11-14 13:00 . 2009-04-24 21:32 -------- d-----w- c:\documents and settings\Sztander\Dane aplikacji\Samsung
2009-11-14 11:42 . 2009-10-25 10:14 -------- d-----w- c:\program files\ASUS
2009-11-12 18:04 . 2001-10-26 16:15 74450 ----a-w- c:\windows\system32\perfc015.dat
2009-11-12 18:04 . 2001-10-26 16:15 448348 ----a-w- c:\windows\system32\perfh015.dat
2009-11-10 13:18 . 2008-07-16 14:41 -------- d-----w- c:\documents and settings\Sztander\Dane aplikacji\teamspeak2
2009-10-31 16:38 . 2008-07-16 13:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-25 13:15 . 2009-10-05 15:41 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-09 22:21 . 2009-10-09 22:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Electronic Arts
2009-10-05 15:39 . 2009-10-05 15:39 -------- d-----w- c:\program files\My Company Name
2009-09-27 17:19 . 2009-09-27 17:19 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-27 15:12 . 2009-09-27 15:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 15:12 . 2009-09-27 15:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 15:12 . 2009-09-27 15:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 15:12 . 2008-12-25 16:08 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 15:12 . 2008-07-16 13:23 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 15:12 . 2007-06-28 16:43 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12 . 2007-06-28 16:43 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 15:12 . 2006-04-16 14:51 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 15:12 . 2006-04-16 14:51 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 15:12 . 2006-04-16 14:51 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 15:12 . 2006-04-16 14:51 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-26 11:29 . 2009-09-26 11:29 -------- d-----w- c:\documents and settings\Sztander\Dane aplikacji\Ahead
2009-09-26 11:27 . 2009-09-26 11:24 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-26 11:24 . 2009-09-26 11:24 -------- d-----w- c:\program files\Nero
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-24 08:24 . 2009-08-31 19:20 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-22 15:48 . 2009-09-22 15:48 -------- d-----w- c:\program files\Idoru
2009-09-07 19:59 . 2009-08-31 19:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-31 19:16 . 2009-08-31 19:16 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-25 16:04 . 2009-08-25 16:04 75264 ----a-w- c:\windows\system32\uc_holybeast_launching.dll
2009-06-28 07:29 . 2009-06-28 07:29 5771457 --sh--w- c:\windows\smss.cmd
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="f:\programy\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-09 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"DAEMON Tools Lite"="f:\programy\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"SpeedX"="f:\programy\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 46718]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_15\bin\jusched.exe" [2007-05-22 32881]
"Adobe Reader Speed Launcher"="f:\programy\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Systool"="c:\windows\smss.cmd" [2009-06-28 5771457]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"sestem32"="c:\windows\system32\sestem32.exe" [2008-09-17 438272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Sztander\Menu Start\Programy\Autostart\
lsass.exe [2008-12-8 126493]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Programy\\Xfire\\xfire.exe"=
"d:\\Program Files\\Valve\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"f:\\Programy\\Gadu-Gadu\\gg.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"f:\\Programy\\mIRC\\mirc.exe"=
"d:\\Program Files\\Valve\\hlds.exe"=
"d:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonUS\\NGM\\NGM.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Documents and Settings\\Sztander\\Pulpit\\pes2009.exe"=
"f:\\Programy\\COD4CC\\pbucon.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
"10012:TCP"= 10012:TCP:BitComet 10012 TCP
"10012:UDP"= 10012:UDP:BitComet 10012 UDP
"58349:TCP"= 58349:TCP:Pando Media Booster
"58349:UDP"= 58349:UDP:Pando Media Booster
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
.
------- Skan uzupełniający -------
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
FF - ProfilePath - c:\documents and settings\Sztander\Dane aplikacji\Mozilla\Firefox\Profiles\zjk0gagq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|www.google.pl
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPJPI142_15.dll
FF - plugin: c:\program files\Java\j2re1.4.2_15\bin\NPOJI610.dll
FF - plugin: f:\programy\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: f:\programy\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: f:\programy\DivX\DivX Web Player\npdivx32.dll
FF - plugin: f:\programy\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: f:\programy\Mozilla Firefox\plugins\NPSOCCER.dll
FF - plugin: f:\programy\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: f:\programy\Real Alternative\browser\plugins\nprpjplug.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-BitComet - f:\programy\BitComet\BitComet.exe
HKCU-Run-EA Core - f:\programy\Electronic Arts\EADM\Core.exe
HKLM-Run-BearShare - f:\programy\BearShare\BearShare.exe
HKLM-Run-sXe Injected - f:\programy\sXe Injected\sXe Injected.exe
HKLM-Run-NWEReboot - (no file)
AddRemove-SPEEDX - f:\programy\MyPortal\Speed-X\uninstall.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\2.0.0.1050\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 21:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x89B5D1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80fcfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e66cb8
\Driver\atapi -> sfsync02.sys @ 0xb80c98b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7d05ba0
PacketIndicateHandler -> NDIS.sys @ 0xb7d12b21
SendHandler -> NDIS.sys @ 0xb7cf087b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-606747145-1844237615-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-11-18 21:09 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-11-18 20:09
Przed: 70Â 168Â 420Â 352 bajtów wolnych
Po: 70Â 146Â 478Â 080 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - E0C278A6830C0100FA34AE056F8DF9D7
Eth3r - 2009-11-18, 21:45
Rozpisałeś się,nie ma co. A spadki były poruszane już sporo razy, zapewne wina PB.
r4m1k* - 2009-11-19, 05:42
Rozpisałeś się,nie ma co. A spadki były poruszane już sporo razy, zapewne wina PB.
W tym przypadku wystarczy log z combo żeby znaleźć przyczynę.
Brak jakiejkolwiek zapory ogniowej oraz antyvirka.
System totalnie zaśmiecony.
W systemie znajdują się niebezpieczne obiekty.
Co niektóre jak widać w logu combo się pozbyło, ale resztę trzeba po skanować kaspeskim. Ze strony producenta pobierzesz darmowa 30-sto dniową wersję.