REKLAMA

log.txt

Problem z otwieraniem stron, ff sie wywala, ie w miare chodz

Logi daje się w załączniku, a nie w treści postu


Pobierz plik - link do postu

ComboFix 10-03-09.06 - :) 2010-03-10 16:53:51.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.767.433 [GMT 1:00]
Uruchomiony z: C:\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100304-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\:)\Moje dokumenty\cc_20090403_065831.reg

.
((((((((((((((((((((((((( Pliki utworzone od 2010-02-10 do 2010-03-10 )))))))))))))))))))))))))))))))
.

2010-03-10 15:45 . 2010-03-10 15:46 -------- d-----w- C:\32788R22FWJFW
2010-03-10 15:42 . 2010-03-10 15:45 3885368 ----a-r- C:\ComboFix.exe
2010-03-03 16:01 . 2010-03-03 16:01 -------- d-----w- c:\program files\Notepad++
2010-03-02 17:19 . 2010-03-02 17:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-11 18:55 . 2010-02-11 18:59 -------- d-----w- c:\program files\eXibition Software
2010-02-11 18:55 . 2010-02-11 18:55 -------- d-----w- c:\windows\Downloaded Installations
2010-02-08 18:11 . 2010-02-08 18:11 -------- d-----w- c:\program files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-10 06:02 . 2009-05-26 18:07 -------- d-----w- c:\program files\LogMeIn
2010-03-04 19:34 . 2009-04-03 04:56 237568 ----a-w- c:\documents and settings\NetworkService\NTUSER.DAT.tmp
2010-03-04 19:34 . 2009-04-03 04:56 237568 ----a-w- c:\documents and settings\LocalService\NTUSER.DAT.tmp
2010-02-23 18:20 . 2010-01-20 11:04 -------- d-----w- c:\program files\NPCC3
2010-02-12 07:11 . 2009-08-06 17:36 -------- d-----w- c:\program files\Xfire
2010-02-09 17:21 . 2009-04-14 15:13 900 ----a-w- c:\windows\system32\KGyGaAvL.sys
2010-02-08 18:12 . 2009-05-28 15:32 -------- d-----w- c:\program files\QuickTime
2010-02-08 18:12 . 2009-06-10 06:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-11 19:04 . 2010-01-11 19:04 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-12-24 12:18 . 2009-12-24 12:18 4 ----a-w- C:\timeStmp.tmp
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" AQQ " = " c:\progra~1\WapSter\WAPSTE~1\AQQ.exe " [2009-11-17 6807552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" avast! " = " c:\progra~1\ALWILS~1\Avast4\ashDisp.exe " [2009-11-24 81000]
" NvCplDaemon " = " c:\windows\system32\NvCpl.dll " [2008-05-03 13529088]
" nwiz " = " nwiz.exe " [2008-05-03 1630208]
" NvMediaCenter " = " c:\windows\system32\NvMcTray.dll " [2008-05-03 86016]
" LogMeIn GUI " = " c:\program files\LogMeIn\x86\LogMeInSystray.exe " [2008-07-24 63048]
" iKeyWorks " = " c:\progra~1\A4Tech\Keyboard\Ikeymain.exe " [2006-09-07 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\System32\CTFMON.EXE " [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 05:12 87352 ------w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
" LoadAppInit_DLLs " =1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= " Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe " =
" c:\\Program Files\\uTorrent\\uTorrent.exe " =
" c:\\Program Files\\Bonjour\\mDNSResponder.exe " =
" d:\\totalcmd\\TOTALCMD.EXE " =
" c:\\Program Files\\Java\\jre1.5.0_06\\launch4j-tmp\\JDownloader.exe " =
" c:\\Program Files\\Mozilla Firefox\\firefox.exe " =
" d:\\Gry\\Quake3\\quake3.exe " =
" c:\\Program Files\\Xfire\\Xfire.exe " =
" c:\\Program Files\\Skype\\Phone\\Skype.exe " =

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-02 20560]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-05-26 47640]
R3 uscsc108;uscsc108;c:\windows\system32\drivers\uscsc108.sys [2003-03-09 102336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2009-06-03 83496]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [2009-09-14 392444]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-16 691696]
.
Zawartość folderu 'Zaplanowane zadania'

2010-03-10 c:\windows\Tasks\User_Feed_Synchronization-{FF7D7C02-550C-41C8-A5C1-7C9F331C5234}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E & ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/pi/components/bph/SignActivX.cab
FF - ProfilePath - c:\documents and settings\:)\Dane aplikacji\Mozilla\Firefox\Profiles\9g0e1wzk.default\
FF - prefs.js: browser.startup.homepage - google.pl
FF - component: c:\documents and settings\:)\Dane aplikacji\Mozilla\Firefox\Profiles\9g0e1wzk.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -

AddRemove-Motocross Stunt Racer - c:\program files\Digital Concepts\Motocross Stunt Racer\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 17:04
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll & gt; & gt; UNKNOWN [0x83A40D20] & lt; & lt;
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk - & gt; CLASSPNP.SYS @ 0xf7703fc3
\Driver\ACPI - & gt; ACPI.sys @ 0xf7665cb8
\Driver\atapi - & gt; atapi.sys @ 0xf75f77b4
IoDeviceObjectType - & gt; DeleteProcedure - & gt; ntoskrnl.exe @ 0x805a1afe
ParseProcedure - & gt; ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 - & gt; DeleteProcedure - & gt; ntoskrnl.exe @ 0x805a1afe
ParseProcedure - & gt; ntoskrnl.exe @ 0x80570a6e
NDIS: NVIDIA nForce MCP Networking Controller - & gt; SendCompleteHandler - & gt; NDIS.sys @ 0xf74ecba0
PacketIndicateHandler - & gt; NDIS.sys @ 0xf74f9b21
SendHandler - & gt; NDIS.sys @ 0xf74d787b
user & kernel MBR OK

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - & gt; 'winlogon.exe'(832)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - & gt; 'explorer.exe'(3500)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2010-03-10 17:08:08 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-03-10 16:08

Przed: 190 881 792 bajtów wolnych
Po: 211 312 640 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= " Microsoft Windows Recovery Console " /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= " Microsoft Windows XP Professional " /fastdetect /NoExecute=OptIn

- - End Of File - - 926DE7DCABD6153B0AD6688CD164BB77