Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I'm infected


  • Please log in to reply
11 replies to this topic

#1 Lucas81

Lucas81

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 15 March 2011 - 01:03 PM

Hello,

Here's the log. I cannot scan my pc with GMER since it freezes up.

DDS (Ver_11-03-05.01) - NTFSx86
Run by Lukasz at 18:02:05,71 on 2011-03-15
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3326.2770 [GMT 1:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lukasz\Pulpit\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpeedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" delay 20000
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [razer] c:\program files\razer\razerhid.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: ????3?? - c:\documents and settings\lukasz\dane aplikacji\flashgetbho\GetUrl.htm
IE: ????3?????? - c:\documents and settings\lukasz\dane aplikacji\flashgetbho\GetAllUrl.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241526848437
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241531027296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/pi/components/bph/SignActivX.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\lukasz\daneap~1\mozilla\firefox\profiles\e06krkqw.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\all users\dane aplikacji\gadu-gadu 10\_userdata\npgg.4.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-3-9 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-3-9 192728]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 36880]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-3-9 101976]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-9 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-14 301528]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-14 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-14 42184]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2011-3-9 121000]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-1-5 21992]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 32272]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2009-5-8 13225]
S2 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2010-7-1 136616]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-20 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-5-5 1684736]
.
=============== Created Last 30 ================
.
2011-03-15 16:39:12 -------- d-----w- c:\program files\Uniblue
2011-03-14 09:27:17 89088 ----a-w- C:\mbr.exe
2011-03-13 18:56:28 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-03-12 09:24:49 -------- d-----w- C:\_OTM
2011-03-10 13:34:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-10 10:13:19 -------- d-----w- c:\documents and settings\lukasz\DoctorWeb
2011-03-10 09:45:10 -------- d-----w- c:\program files\UnHackMe
2011-03-10 09:42:31 -------- d-----w- c:\docume~1\lukasz\daneap~1\Malwarebytes
2011-03-10 09:42:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-10 09:42:20 -------- d-----w- c:\docume~1\alluse~1\daneap~1\Malwarebytes
2011-03-10 09:42:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-10 09:42:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-09 12:37:12 388096 ----a-r- c:\docume~1\lukasz\daneap~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-09 12:37:11 -------- d-----w- c:\program files\Trend Micro
2011-03-09 10:47:26 -------- d-----w- C:\sfzone_profile
2011-03-09 10:42:16 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-03-09 10:42:07 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-03-09 10:42:06 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-09 10:41:58 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-03-09 10:03:29 -------- d-----w- c:\docume~1\alluse~1\daneap~1\PC Tools
2011-02-26 12:12:09 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2011-02-26 09:49:58 -------- d-----w- c:\program files\CPUID
2011-02-22 19:12:32 -------- d-----w- c:\program files\common files\BioWare
2011-02-20 11:17:00 -------- d-----w- c:\docume~1\lukasz\ustawi~1\daneap~1\Temp
2011-02-20 11:16:54 -------- d-----w- c:\docume~1\lukasz\ustawi~1\daneap~1\Google
2011-02-14 19:15:51 40648 ----a-w- c:\windows\avastSS.scr
2011-02-14 19:15:46 -------- d-----w- c:\docume~1\alluse~1\daneap~1\Alwil Software
2011-02-14 18:50:17 -------- d-----w- c:\windows\pss
2011-02-14 13:51:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
==================== Find3M ====================
.
2011-03-15 16:37:00 16608 ------w- c:\windows\gdrv.sys
2011-03-15 12:39:25 39926 ----a-w- C:\cc_20090508_144258.reg
2011-02-14 13:51:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-11 18:08:41 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-02-11 18:08:41 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-02-11 18:08:38 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-02-09 13:53:59 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:59 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:11 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27:00 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-01-08 03:27:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27:00 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27:00 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-01-08 03:27:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04:12 1855232 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:22 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52:41 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25:52 732160 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:37 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:05:16,25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:32 PM

Posted 19 March 2011 - 01:18 PM

hi Lucas81,

You have two Av installed. Avast and Kaspersky. Only on Av per machine is needed. You should remove one via the add/remove programs panel and reboot computer. Why do you think you have malware?

How Can I Reduce My Risk to Malware?


#3 Lucas81

Lucas81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 19 March 2011 - 01:30 PM

I don't have Kaspersky anymore. Removed it some time ago and installed Avast. I was hacked recently. I followed some guide to clean up PC but Avast sometimes show me dangerous file that might point to my PC being infected so I would like to be sure.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:32 PM

Posted 20 March 2011 - 01:38 PM

Well you have malwarebytes, unhackme and you ran Dr Web. Are they all coming up clean. Kaspersky has a uninstaller for there products here You can download and run either the zip or the .exe. Read the instructions first.
So what does Avast do with the file it finds?

How Can I Reduce My Risk to Malware?


#5 Lucas81

Lucas81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 20 March 2011 - 04:10 PM

UnHack me found some stuff but it pointed it to be safe. Dr. Web Cureit found some trojan backdoor.doebyt. After that I run Malwarebytes and it found:

Zainfekowanych plików:
c:\system volume information\_restore{1cdcf55f-b5fd-45e1-b312-3b6867241af7}\RP838\A0100334.exe (HackTool.Snadboy) -> Quarantined and deleted successfully.
d:\Steam\steamapps\common\mafia ii - public demo\pc\mafia.ii.[demo]-patch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
d:\system volume information\_restore{4dd67057-b00a-4790-8a17-75eb708cb112}\RP766\A0209709.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\system volume information\_restore{4dd67057-b00a-4790-8a17-75eb708cb112}\RP767\A0213989.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.


Nowadays MB comes up clean. Avast sometimes gave me the warning I talked about and I just deleted the files. The avast scan comes up clean apart from not being able to scan file "winstart.bat".

#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:32 PM

Posted 20 March 2011 - 07:02 PM

Well if Malwarebytes removed them then nothing to worry about. Some files can't be scanned by AV. Why dont you search your machine and see if you can find winstart.bat
Right click on start and chose search, for file name type in winstart.bat
For look in use Local Disk (C:)
click search

How Can I Reduce My Risk to Malware?


#7 Lucas81

Lucas81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 21 March 2011 - 04:13 AM

Didn't find anything. Well maybe then you can tell me why suddenly my Windows boot time went up from around 30s to 5 minutes :(. Didn't really install anything lately and I'm pretty sure my autostart is as clean as it can :(.

#8 Lucas81

Lucas81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 22 March 2011 - 09:01 AM

Just wanted to add that my friend "forced" me to run ComboFix so if you would like to see a log I can attach it.

#9 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:32 PM

Posted 22 March 2011 - 06:31 PM

We will get another download as a check for malware. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine. Post the log in your reply:

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#10 Lucas81

Lucas81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 23 March 2011 - 04:20 AM

ComboFix 11-03-21.02 - Lukasz 2011-03-22 14:42:06.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3326.2780 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Lukasz\Pulpit\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lukasz\Dane aplikacji\.#
c:\documents and settings\Lukasz\Dane aplikacji\BITS
c:\documents and settings\Lukasz\Dane aplikacji\BITS\BITS.ini
c:\documents and settings\Lukasz\Dane aplikacji\BITS\UPnP.ini
c:\windows\system32\gmail.dll
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-02-22 do 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-22 13:01 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-22 13:01 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-22 13:01 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-22 13:01 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-22 13:01 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-22 13:01 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-22 13:01 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-22 13:01 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-22 13:00 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-22 13:00 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-22 12:59 . 2011-03-22 12:59 -------- d-----w- c:\program files\AVAST Software
2011-03-22 12:59 . 2011-03-22 12:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\AVAST Software
2011-03-22 12:05 . 2011-03-17 16:18 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-03-22 12:04 . 2011-03-22 12:04 -------- d-----w- c:\documents and settings\All Users\Soluto
2011-03-22 12:04 . 2011-03-22 12:05 -------- d-----w- c:\program files\Soluto
2011-03-22 12:03 . 2011-03-22 12:21 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Soluto
2011-03-20 21:15 . 2011-03-20 21:15 -------- d-----w- C:\kleaner.tmp
2011-03-15 16:39 . 2011-03-15 16:39 -------- d-----w- c:\program files\Uniblue
2011-03-14 09:27 . 2011-03-14 09:27 89088 ----a-w- C:\mbr.exe
2011-03-13 18:56 . 2011-03-13 18:56 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-03-12 09:24 . 2011-03-12 09:24 -------- d-----w- C:\_OTM
2011-03-10 13:34 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-10 10:13 . 2011-03-10 10:13 -------- d-----w- c:\documents and settings\Lukasz\DoctorWeb
2011-03-10 09:45 . 2011-03-10 13:56 -------- d-----w- c:\program files\UnHackMe
2011-03-10 09:42 . 2011-03-10 09:42 -------- d-----w- c:\documents and settings\Lukasz\Dane aplikacji\Malwarebytes
2011-03-10 09:42 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-10 09:42 . 2011-03-10 09:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2011-03-10 09:42 . 2011-03-10 09:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-10 09:42 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-09 12:37 . 2011-03-09 12:37 388096 ----a-r- c:\documents and settings\Lukasz\Dane aplikacji\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-09 12:37 . 2011-03-14 08:35 -------- d-----w- c:\program files\Trend Micro
2011-03-09 10:47 . 2011-03-09 11:07 -------- d-----w- C:\sfzone_profile
2011-03-09 10:03 . 2011-03-09 10:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PC Tools
2011-02-26 12:12 . 2011-02-26 12:12 -------- d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2011-02-26 09:49 . 2011-02-26 09:49 -------- d-----w- c:\program files\CPUID
2011-02-22 19:12 . 2011-03-11 10:18 -------- d-----w- c:\program files\Common Files\BioWare
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-22 12:44 . 2009-05-08 12:43 7954 ----a-w- C:\cc_20090508_144258.reg
2011-03-15 16:37 . 2009-05-08 11:36 16608 ------w- c:\windows\gdrv.sys
2011-02-14 13:51 . 2011-02-14 13:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-14 13:51 . 2010-08-09 20:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-09 13:53 . 2003-04-16 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-04-16 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-05-05 11:32 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-05-05 11:32 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2003-04-16 12:00 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-08 03:27 . 2011-01-25 21:15 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-01-25 21:15 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2010-08-01 16:20 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2010-08-01 16:20 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2010-08-01 16:20 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2009-03-27 08:03 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-01-08 03:27 . 2009-03-27 08:03 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-01-08 03:27 . 2009-03-27 08:03 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2009-03-27 08:03 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2009-03-27 08:03 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2009-03-27 08:03 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-01-07 18:58 . 2011-01-07 18:58 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-01-07 18:58 . 2011-01-07 18:58 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-01-07 18:58 . 2011-01-07 18:58 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-01-07 18:58 . 2011-01-07 18:58 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-01-07 18:58 . 2011-01-07 18:58 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-01-07 18:58 . 2011-01-07 18:58 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-01-07 18:58 . 2011-01-07 18:58 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-01-07 18:58 . 2011-01-07 18:58 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-01-07 18:58 . 2011-01-07 18:58 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-01-07 18:58 . 2011-01-07 18:58 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-01-07 18:58 . 2011-01-07 18:58 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-01-07 18:58 . 2011-01-07 18:58 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-01-07 18:58 . 2011-01-07 18:58 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-01-07 18:58 . 2011-01-07 18:58 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-01-07 18:58 . 2011-01-07 18:58 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-01-07 18:58 . 2011-01-07 18:58 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 18:58 . 2011-01-07 18:58 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-01-07 18:58 . 2011-01-07 18:58 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-01-07 18:58 . 2011-01-07 18:58 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-01-07 18:58 . 2011-01-07 18:58 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 18:58 . 2011-01-07 18:58 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 14:09 . 2003-04-16 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2003-04-16 12:00 1855232 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 17:21 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
2011-01-21 14:40 67960 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"O&O Defrag"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"DfSdkS"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"m:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"d:\\Steam\\steamapps\\common\\magicka\\Magicka.exe"=
"d:\\Steam\\steamapps\\common\\dawn of war ii - retribution\\DOW2.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Documents and Settings\\Lukasz\\Pulpit\\solutoinstaller.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"6930:TCP"= 6930:TCP:League of Legends Launcher
"6930:UDP"= 6930:UDP:League of Legends Launcher
"56430:TCP"= 56430:TCP:Pando Media Booster
"56430:UDP"= 56430:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-05-08 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-03-22 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-03-22 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-03-22 19544]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-05 21992]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2009-05-08 13225]
S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-03-22 51144]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 136176]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-03-17 327712]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-05-05 1684736]
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 11:16]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 11:16]
.
2011-03-22 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-03-15 14:40]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: ????3?? - c:\documents and settings\Lukasz\Dane aplikacji\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Lukasz\Dane aplikacji\FlashGetBHO\GetAllUrl.htm
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/pi/components/bph/SignActivX.cab
FF - ProfilePath - c:\documents and settings\Lukasz\Dane aplikacji\Mozilla\Firefox\Profiles\e06krkqw.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\Wcescomm.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-22 14:49
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-1303643608-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}Ź]
@="c:\\Documents and Settings\\Lukasz\\Dane aplikacji\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1078081533-1303643608-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\Lukasz\\Dane aplikacji\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1078081533-1303643608-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:45,0c,3c,2f,2a,4e,ec,82,10,da,8a,d3,ae,d5,58,47,83,9b,c3,b0,a5,87,6d,
6f,6e,b5,30,c6,71,e4,59,a6,e7,17,f1,69,20,75,50,09,1c,cb,84,16,8d,b5,85,37,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18
.
[HKEY_USERS\S-1-5-21-1078081533-1303643608-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:94,c1,2d,78,07,21,a1,30,78,97,89,a1,3a,ba,26,b8,a8,e5,03,f1,4c,
d5,0b,65,de,19,a4,de,f9,5d,60,28,61,c9,27,bd,58,b6,8c,54,56,79,8e,53,0a,6f,\
"rkeysecu"=hex:bc,6a,fa,71,ca,f2,8f,6e,df,ce,ed,c1,e1,1b,4a,18
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="46429F4D77FEC36F1F56EE7593FE18F6F3AE1D8C090CCB6169D4A46039A3FD74C1492C8EA9A6C5E40394CAA691A89D06E76D28E33B64268327E6DCF4A7B1BBB98737B2CD938ECA094486A611BCBD0F4C41D0438A856D88550D5FCCAA5AF4D1F83BC2B42B739D40AE8468E5A7DFFBCFC1BC4158DF605DE98D946D82F6163FF1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6171C11EC38DE3D9DB7CE019D40AA5C537444849C52E164C2D05D441EFA8A71A1B362806C48BDCF539E6EA4A0D26D64EF73C1355F30EC830DBB77B4169BE806023CC861D8F572A8CEDBDB3C458E183D86D32CDC7C4313A6CD397620226BFE31E9CBBF9FFB9225AB609EE5F61408D95BA40DC3DC6D3B633F547C610F4DE5F3170AF0388792873852B874060719B76EB09B48AC6B313C12CF336CA6DAA8FB1673D5F089B8DCB2B02BCC1C1BF16685333E03616C13CB5EF671C22293324692579186C0EB269FE53959D58CE60F13532D1DB3EB7031412D8E511D6DDF193F044A53970E7D19A4E7A092506B900DB6F380F6CBAD86779FA8F8ADA05022E5AE9CA92E49B83EABB6725620FE97A1EA71AC7A8CAF1D636B72C5785DF281D542B31D512A9E5314CEA733716166A0097EE13A08AF03EA9D66CDEB7546786BDDADF13AC2E661A4C846CB4DAC4A4ECA9AEEB04B3EC9B0F6AF174876FDE5DE2CFC7C139E23931EA889A87BD5E4DDC48F89BB8581D253E658FAFEFC37BECC9217DB523F66BA76231068E293D69CB79C9A72338EF5A0DD19D6427489708E9EC93206ACA9A1F5E8063D59B575CEF807E74CD37B7E32278BFA70AC9F91DAE31379B86DD904D6E6D71FC7B7B2052F450D033A0F0D88B6081308D74500BA235977DC9867FA85FDC144097CBEC12B5E6E21872C6BB4E8F48B427F70FB66B068B12D75F32908EA85DFC4A45912A0D4B6862C5A9E1313DB549B75605524F8A0BECE2582A1514C74CB3F801612B55E7105C22C1E43139C2430C7A1F454F5B13F2E39EA0FAC5F6664A9FDB6C60F925DF68D7E353CFC609A85D742CD446E8A5D42331D19E2D23848026462B7E0EA7756DC83366D6264CFA9CB0EE2151D58E21F63BDC9609008A4B89B3B5568D57515D5A1138C0D82C79BBA4309A426927C63EBE23233846870CF53FD5EE4435932013AC35947E35025E2133E7525C47A78518D02E771DE02E8CB06FDF2BFD46359B4B8C969505446B3A7C9917129C96E9DD92209AA41DA3A7F0B9473133D3E30D50DD7BB4735D420D950CC178F151D4DF08A9B40BA01792FF4E795394AD335C0C7CBF3256EA9EDDF35A75D2E587641382DD83E78CC35CD43C19CF2AF99A282D881163D98CD803F4B165B8F36C479C8163F1BA6038807019E8F4CEC3B7768847F"
.
Czas ukończenia: 2011-03-22 14:53:15
ComboFix-quarantined-files.txt 2011-03-22 13:53
.
Przed: 4 804 382 720 bajtów wolnych
Po: 4 821 286 912 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2F46D4646DEE03600AF8ABDB17ABC2EF

#11 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:32 PM

Posted 24 March 2011 - 07:33 PM

I dont see any malware. that all looks ok to me.

How Can I Reduce My Risk to Malware?


#12 Lucas81

Lucas81
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 25 March 2011 - 02:49 AM

Ah ok then :).

Thank you for your time and help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users