Od jakiegos czasu ,przy starcie systemu windows wpojawia mi się uciazliwy błąd : exception processing message c0000013 parameters 75b3bf7c 4 75b3bf7c 75b3bf7c .Nie potrafie sobie z tym poradzic.
Oto logi:
COMBOFIX:
- Kod: Zaznacz wszystko
ComboFix 10-05-20.A0 - PAWEŁ 2010-05-21 17:44:50.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.640 [GMT 2:00]
Uruchomiony z: c:\documents and settings\PAWEŁ\Moje dokumenty\Pobieranie\ComboFix.exe
* Rezydentny antywirus jest aktywny
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
((((((((((((((((((((((((( Pliki utworzone od 2010-04-21 do 2010-05-21 )))))))))))))))))))))))))))))))
.
2010-05-21 09:50 . 2010-05-21 09:50 -------- d-----w- C:\9c1cbe73d66dafd73a22bce5f6
2010-05-21 09:50 . 2010-05-21 09:50 -------- d-----w- C:\12c32cd02f8917b0068a2c
2010-05-21 07:04 . 2010-05-21 07:04 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\ESET
2010-05-21 06:53 . 2010-05-21 06:53 -------- d-----w- c:\program files\ESET
2010-05-21 06:53 . 2010-05-21 06:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET
2010-05-21 04:50 . 2010-05-21 04:50 -------- d-----w- c:\program files\MSXML 4.0
2010-05-20 20:17 . 2010-05-20 20:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ACD Systems
2010-05-20 20:17 . 2010-05-20 20:17 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-05-20 20:17 . 2010-05-20 20:17 -------- d-----w- c:\program files\ACD Systems
2010-05-20 20:16 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-05-20 20:16 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-05-20 20:16 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-05-20 20:16 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-05-20 20:16 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-05-20 20:16 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-05-20 20:16 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-05-20 20:16 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-05-20 20:16 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-05-20 20:16 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-20 20:15 . 2010-05-21 07:27 -------- d-----w- C:\w`1ww
2010-05-20 20:02 . 2010-05-20 20:02 -------- d-----w- c:\program files\MSBuild
2010-05-20 20:02 . 2010-05-20 20:02 58552 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2010-05-20 20:00 . 2010-05-20 20:03 -------- d-----w- c:\windows\system32\XPSViewer
2010-05-20 19:59 . 2010-05-20 19:59 -------- d-----w- c:\program files\Reference Assemblies
2010-05-20 19:59 . 2006-10-14 14:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-05-20 19:59 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-05-20 19:57 . 2008-03-05 13:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-05-20 19:57 . 2008-03-05 13:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-05-20 19:57 . 2008-02-05 21:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-05-20 19:57 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-05-20 19:57 . 2010-05-20 19:57 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-05-20 19:57 . 2010-05-20 19:57 -------- d-----w- c:\windows\system32\xlive
2010-05-20 19:56 . 2010-05-21 07:19 -------- d-----w- C:\R5
2010-05-20 11:39 . 2010-05-20 11:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LightScribe
2010-05-20 10:57 . 2010-05-20 10:57 -------- d-----w- c:\program files\Windows Sidebar
2010-05-20 10:50 . 2010-05-20 10:58 -------- d-----w- c:\program files\Nero
2010-05-20 10:50 . 2010-05-20 11:06 -------- d-----w- c:\program files\Common Files\Nero
2010-05-20 10:50 . 2010-05-20 10:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero
2010-05-20 10:50 . 2010-05-21 07:09 -------- d-----w- c:\program files\Common Files\LightScribe
2010-05-20 07:33 . 2010-05-20 07:33 -------- d-----w- c:\program files\Alcohol Soft
2010-05-20 07:22 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-05-20 07:21 . 2009-11-21 16:03 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-05-20 07:20 . 2009-10-15 16:33 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-05-20 07:20 . 2009-10-15 16:33 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-05-20 07:20 . 2009-06-21 21:48 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-05-20 07:17 . 2009-05-07 15:34 347648 ------w- c:\windows\system32\dllcache\localspl.dll
2010-05-20 07:17 . 2008-05-01 14:37 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-05-20 07:13 . 2009-08-05 09:01 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2010-05-20 07:12 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-05-20 07:12 . 2009-08-13 15:24 512000 ------w- c:\windows\system32\dllcache\jscript.dll
2010-05-19 21:33 . 2008-07-09 07:57 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-05-19 17:00 . 2008-08-14 10:34 138496 ------w- c:\windows\system32\dllcache\afd.sys
2010-05-19 16:57 . 2010-01-29 15:01 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-05-19 16:53 . 2010-05-20 07:32 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-19 16:22 . 2008-05-09 10:56 90112 ------w- c:\windows\system32\dllcache\wshext.dll
2010-05-19 16:22 . 2008-05-09 10:56 180224 ------w- c:\windows\system32\dllcache\scrobj.dll
2010-05-19 16:22 . 2008-05-09 10:56 172032 ------w- c:\windows\system32\dllcache\scrrun.dll
2010-05-19 16:22 . 2008-05-09 08:45 135168 ------w- c:\windows\system32\dllcache\cscript.exe
2010-05-19 16:22 . 2008-05-08 11:24 155648 ------w- c:\windows\system32\dllcache\wscript.exe
2010-05-19 16:22 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-05-19 16:07 . 2010-02-26 12:50 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-05-19 16:07 . 2010-02-26 12:43 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-05-19 16:07 . 2010-05-21 07:17 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-05-19 16:07 . 2010-05-19 16:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software
2010-05-19 16:07 . 2010-05-19 16:07 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-19 15:53 . 2010-05-21 07:10 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-05-19 15:46 . 2009-09-04 21:05 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2010-05-19 15:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 15:37 . 2010-05-21 07:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-19 15:37 . 2010-05-19 15:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-05-19 15:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 15:22 . 2010-05-19 15:22 -------- d-----w- c:\program files\Trend Micro
2010-05-19 14:35 . 2010-05-19 14:35 954 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\icn_C839E3454CDB33946A211092936948F5.dll
2010-05-19 14:35 . 2010-05-19 14:35 5653 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\icn_42C2662EE13B94340A4823BE678E7B06.dll
2010-05-19 14:35 . 2010-05-19 14:35 125 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\icn_5149C053C7D38EE4AB9A00CB3B5D2472.dll
2010-05-19 14:35 . 2010-05-19 14:35 112 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\icn_34036E1FCF45B924BAC213FAF9ABB47C.dll
2010-05-19 14:35 . 2010-05-19 14:35 10 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\icn_1F8E917D13964b04CAB0F52E0C799F59.dll
2010-05-19 14:35 . 2008-04-14 20:50 686592 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\_entreelist.dll
2010-05-19 14:35 . 2008-04-14 20:49 714240 ----a-w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan\_enviewlist.dll
2010-05-19 14:35 . 2010-05-19 15:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SecTaskMan
2010-05-19 14:33 . 2010-05-19 14:40 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-05-19 14:31 . 2010-05-19 14:31 -------- d-----w- c:\windows\system32\xircom
2010-05-19 14:31 . 2010-05-19 14:31 -------- d-----w- c:\windows\system32\wbem\snmp
2010-05-19 14:31 . 2010-05-19 14:31 -------- d-----w- c:\windows\system32\npp
2010-05-19 14:31 . 2010-05-19 14:31 -------- d-----w- c:\windows\srchasst
2010-05-19 14:31 . 2010-05-19 14:31 -------- d-----w- c:\program files\microsoft frontpage
2010-05-19 14:13 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-19 14:13 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-05-19 14:09 . 2010-05-19 14:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla
2010-05-19 14:09 . 2010-05-21 07:11 -------- d-----w- c:\program files\ipla
2010-05-19 14:09 . 2010-05-19 14:09 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-05-19 14:09 . 2010-05-19 14:09 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-05-19 14:04 . 2010-05-19 14:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-05-19 14:01 . 2010-05-21 07:18 -------- d-----w- c:\program files\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 07:18 . 2010-05-19 11:01 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-19 14:07 . 2010-05-19 12:03 -------- d-----w- c:\program files\Winamp
2010-05-19 11:56 . 2010-05-19 11:35 -------- d-----w- c:\program files\Ahead
2010-05-19 11:50 . 2010-05-19 11:49 -------- d-----w- c:\program files\SubEdit-Player
2010-05-19 11:49 . 2010-05-19 11:49 0 ----a-w- c:\windows\nsreg.dat
2010-05-19 11:49 . 2010-05-19 11:49 -------- d-----w- c:\program files\Real Alternative
2010-05-19 11:49 . 2010-05-19 11:48 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-19 11:42 . 2010-05-19 11:42 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-19 11:42 . 2010-05-19 11:42 -------- d-----w- c:\program files\Nonbrand
2010-05-19 11:42 . 2010-05-19 11:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-19 11:42 . 2010-05-19 11:13 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-19 11:35 . 2010-05-19 11:35 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-19 11:30 . 2010-05-19 11:18 -------- d-----w- c:\program files\HP
2010-05-19 11:30 . 2010-05-19 11:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\HP
2010-05-19 11:24 . 2010-05-19 11:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\WEBREG
2010-05-19 11:23 . 2010-05-19 11:23 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Hewlett-Packard
2010-05-19 11:19 . 2010-05-19 11:19 -------- d-----w- c:\program files\Common Files\HP
2010-05-19 11:19 . 2010-05-19 11:19 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-19 11:13 . 2010-05-19 11:13 -------- d-----w- c:\program files\Realtek
2010-05-19 11:11 . 2010-05-19 11:11 -------- d-----w- c:\program files\Intel
2010-05-19 11:11 . 2010-05-19 11:11 -------- d-----w- c:\program files\Yahoo!
2010-05-19 11:09 . 2001-10-26 17:15 47782 ----a-w- c:\windows\system32\perfc015.dat
2010-05-19 11:09 . 2001-10-26 17:15 352436 ----a-w- c:\windows\system32\perfh015.dat
2010-05-19 11:02 . 2010-05-19 11:02 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-04 14:05 . 2010-05-04 14:05 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
2010-04-07 19:09 . 2010-04-07 19:09 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-04-07 19:08 . 2010-04-07 19:08 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:05 . 2010-04-07 19:05 140216 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-11 12:35 . 2008-04-23 07:20 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:35 . 2008-07-24 20:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:35 . 2008-07-24 20:33 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2008-04-14 20:50 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2008-04-13 22:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
------- Sigcheck -------
[-] 2008-07-25 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-07-25 . 8CD81261DA6BD4BCFBD857A25220A1FB . 689152 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-07-25 . 5F1CCDF37F28A88D0473B0C9EA1E0D58 . 487424 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-07-25 . B49A80A502FD86B2F05BC7BBD723DDAB . 1528832 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-07-25 . AD58E980CBCC1B8980D16D91408EB57A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-07-25 . 0277E1A3E8B337555A45943808451981 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-07-24 20:56 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
c:\windows\System32\wscntfy.exe ... - brak elementu !!
c:\windows\System32\regsvc.dll ... - brak elementu !!
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nonbrand\\802.11g Wireless LAN PCI Card Driver and Utility\\RtWLan.exe"= c:\\Program Files\\Nonbrand\\802.11g Wireless LAN PCI Card Driver and Utility\\RtWlan.exe
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\ipla\\ipla.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesApp32.exe"=
"c:\\Program Files\\TuneUp Utilities 2010\\Integrator.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\R5\\RE5DX9.EXE"=
"c:\\R5\\RE5DX10.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\ACD Systems\\ACDSee Pro\\3.0\\ACDSeeQVPro3.exe"=
"c:\\WINDOWS\\system32\\KB905474\\wgasetup.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-05-19 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-04-07 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-04-07 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-26 1047880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-24 10064]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2010-05-19 13532]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Zawartość folderu 'Zaplanowane zadania'
2010-05-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-21 20:18]
.
.
------- Skan uzupełniający -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
FF - ProfilePath - c:\documents and settings\PAWEŁ\Dane aplikacji\Mozilla\Firefox\Profiles\0g4srvqo.default\
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-21 17:48
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spxa.sys >>UNKNOWN [0x86789938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7872f28
\Driver\ACPI -> ACPI.sys @ 0xf76d9cb8
\Driver\atapi -> atapi.sys @ 0xf766eb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7577bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7566a0d
SendHandler -> NDIS.sys @ 0xf757ab40
user & kernel MBR OK
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
- - - - - - - > 'lsass.exe'(980)
c:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(2364)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Czas ukończenia: 2010-05-21 17:50:03 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-05-21 15:50
Przed: 22 360 182 784 bajtów wolnych
Po: 23 783 464 960 bajtów wolnych
- - End Of File - - E5AAFECB0ACF0DA8637515461E4E2878
HIJACKTHIS:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:33:26, on 2010-05-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BB1B399-6382-49A6-B865-B1062D469F62}: NameServer = 217.30.129.149 217.30.137.200
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 2862 bytes
