kamilos403
-
Postów
5 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez kamilos403
-
-
nie zrobie z OTL bo wyskakuje mi po paru minutach takie cos: list index out of bounds ;/
prosze was o pomoc
EDIT:
http://wklej.org/id/816900/ udało mi sie zrobić loga z OTL.
-
ojj z ComboFix nie dam loga bo nie wiem gdzie on jest
a przepraszam ze nie dalem zamiast OTL bo troche nie ogarniam w tym juz daje
przepraszam was dzis juz nie dam loga z OTL bo musze isc
kolega nizej ma racje przepraszam zapomnialem o opcji edytuj ;p
tutaj macie loga z ComboFix
ComboFix 12-07-31.03 - Dom 2012-08-02 17:03:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1022.4 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Dom\Moje dokumenty\Pobieranie\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\documents and settings\All Users\Menu Start\Programy\Family Keylogger 4
c:\documents and settings\All Users\Menu Start\Programy\Family Keylogger 4\Family Keylogger.lnk
c:\documents and settings\All Users\Menu Start\Programy\Family Keylogger 4\Help.lnk
c:\documents and settings\All Users\Menu Start\Programy\Family Keylogger 4\Quick Start.lnk
c:\documents and settings\All Users\Menu Start\Programy\Family Keylogger 4\Uninstall.lnk
c:\documents and settings\Dom\Dane aplikacji\facemoods.com
c:\documents and settings\Dom\Dane aplikacji\Toolbar4
c:\documents and settings\Dom\Ustawienia lokalne\Dane aplikacji\promo.exe
c:\documents and settings\Dom\Ustawienia lokalne\Dane aplikacji\setup.exe
C:\Documents
c:\program files\LP
c:\program files\LP\6F0E\170.tmp
c:\program files\LP\6F0E\177.tmp
c:\program files\LP\6F0E\17A.tmp
c:\program files\LP\6F0E\43.tmp
c:\program files\TNod User & Password Finder\TNODUP.exe
c:\windows\COM+.log
c:\windows\system32\d3d10core.dll
c:\windows\system32\embedded
c:\windows\system32\embedded\uninstall.exe
c:\windows\system32\kernel32new.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\Updater
c:\windows\system32\Updater\gpup.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
c:\windows\system32\midimap.dll . . . jest zainfekowany!!
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-07-02 do 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 14:57 . 2012-08-02 14:57 -------- d-----w- c:\windows\LastGood
2012-08-02 14:00 . 2012-08-02 14:01 -------- d-----w- c:\documents and settings\Dom\Ustawienia lokalne\Dane aplikacji\ApplicationHistory
2012-08-02 13:17 . 2012-08-02 13:17 -------- d-----w- c:\program files\MSBuild
2012-07-30 23:59 . 2012-08-01 15:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PMB Files
2012-07-28 15:29 . 2012-07-28 15:29 -------- d-----w- c:\documents and settings\Dom\Ustawienia lokalne\Dane aplikacji\screenSHU
2012-07-24 19:36 . 2002-06-06 12:38 139264 ----a-w- c:\windows\system32\eax.dll
2012-07-23 08:42 . 2012-07-24 15:00 7 ----a-w- c:\program files\Common Files\userInit.dll
2012-07-21 10:27 . 2012-07-21 10:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-20 21:55 . 2012-07-20 21:55 -------- d-----w- c:\documents and settings\Dom\Dane aplikacji\.mineshaftersquared
2012-07-18 16:34 . 2012-07-18 16:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-16 16:48 . 2012-07-16 16:48 -------- d-----w- c:\program files\Oracle
2012-07-15 18:07 . 2012-08-01 14:48 -------- d-----w- c:\documents and settings\Dom\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
2012-07-15 18:07 . 2012-08-02 15:10 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
2012-07-15 18:07 . 2012-07-15 18:07 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-07-15 13:23 . 2012-07-21 20:04 -------- d-----w- c:\documents and settings\Dom\Dane aplikacji\GanymedeNet
2012-07-15 13:21 . 2012-07-15 13:22 -------- d-----w- c:\program files\Ganymede
2012-07-14 16:05 . 2012-07-14 16:27 -------- d-----w- c:\documents and settings\Dom\Dane aplikacji\.techniclauncher
2012-07-11 19:40 . 2012-07-25 16:23 -------- d-----w- c:\program files\RonOTS
2012-07-10 18:28 . 2009-03-18 15:35 26176 ---ha-w- c:\windows\system32\hamachi.sys
2012-07-10 18:13 . 2012-07-14 11:32 -------- d-----w- C:\vcs5BGEffects
2012-07-10 17:55 . 2012-07-10 17:55 -------- d-----w- c:\documents and settings\Dom\Dane aplikacji\Avnex
2012-07-08 15:18 . 2012-07-08 15:18 -------- d-----w- c:\program files\TeamSpeak 3 Clientcc
2012-07-05 13:36 . 2012-07-05 14:42 -------- d-----w- c:\documents and settings\Dom\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 14:29 . 2012-04-05 20:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 14:29 . 2011-06-21 10:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:07 . 2011-04-23 12:01 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2011-04-23 12:01 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:55 . 2010-01-17 14:01 1875328 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 08:48 . 2012-06-08 08:48 50728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2012-06-05 16:26 . 2012-03-09 20:37 8617 ----a-w- C:\napis.zip
2012-06-05 15:48 . 2010-01-17 14:28 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-05 15:48 . 2010-01-17 14:02 1447936 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 13:41 . 2011-05-12 18:58 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-05 13:40 . 2011-05-12 18:58 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-06-04 04:31 . 2010-01-17 14:01 153088 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2011-04-23 11:52 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-04-23 11:52 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-10-27 16:53 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-06 17:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-04-23 11:52 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-04-23 11:52 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-04-14 22:50 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-04-23 11:52 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-04-23 11:52 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-08-06 17:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18 . 2011-12-31 13:30 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-12-30 12:36 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2009-08-06 18:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-04-14 22:50 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2009-10-29 06:43 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-13 09:33 . 2011-05-12 18:59 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-05-13 09:33 . 2012-05-08 15:02 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-05-11 14:44 . 2009-03-14 07:35 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:44 . 2008-04-25 14:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:39 . 2010-05-29 09:50 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 16:48 . 2011-05-12 18:58 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-05-08 13:28 . 2011-05-12 18:59 138056 ----a-w- c:\documents and settings\Dom\Dane aplikacji\PnkBstrK.sys
2012-05-05 03:14 . 2009-09-12 17:15 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2010-02-16 19:02 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-14 00:15 . 2012-07-21 10:27 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-01-17 14:27 . 4678172D19476FA7D539682FCA42C942 . 1420800 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2010-01-17 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2009-06-26 . 946665FA0CC98F57E1023CD21F149D8B . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
.
[-] 2009-12-09 . A9BD5F368966EA709A4BFF992F583F07 . 1705984 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . 6D80898D552439B00B2AB651C4B60C3A . 270336 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
.
[-] 2008-04-25 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2010-01-17 . 572B0A653990AFE6B71D38D7DD2F202D . 370688 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[-] 2010-01-17 . 193B2DEA1AB15B511DDBB8E01E034477 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
c:\windows\System32\ctfmon.exe ... - brak elementu !!
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-05 8491008]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\windows\system32\config\systemprofile\Menu Start\Programy\Autostart\
Styler.lnk - c:\documents and settings\Dom\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2011-4-23 15086]
.
c:\documents and settings\Default User\Menu Start\Programy\Autostart\
Styler.lnk - c:\documents and settings\Dom\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2011-4-23 15086]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Wireless LAN RTL8192SU\RtWLan.exe [2011-12-28 974848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dom^Menu Start^Programy^Autostart^Netzmanager.lnk]
path=c:\documents and settings\Dom\Menu Start\Programy\Autostart\Netzmanager.lnk
backup=c:\windows\pss\Netzmanager.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dom^Menu Start^Programy^Autostart^Styler.lnk]
path=c:\documents and settings\Dom\Menu Start\Programy\Autostart\Styler.lnk
backup=c:\windows\pss\Styler.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dom^Menu Start^Programy^Autostart^windate.exe]
path=c:\documents and settings\Dom\Menu Start\Programy\Autostart\windate.exe
backup=c:\windows\pss\windate.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2010-12-21 21:42 2162488 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTAGSSDVDReport]
2011-08-22 14:58 1886584 ------w- c:\documents and settings\Dom\Ustawienia lokalne\Dane aplikacji\Dtag\Dtor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu 10]
2011-07-04 17:45 13374048 ----a-w- c:\program files\Gadu-Gadu 10\gg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2011-12-16 15:51 19858888 ----a-w- c:\program files\ipla\ipla.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 10:29 1996200 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-10-05 05:37 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-10-05 05:37 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-05-10 09:08 16342528 -c----r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\screenSHU]
2012-04-03 18:45 2121216 ----a-w- d:\dokumenty bobina\screenSHU\screenSHU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-01-31 16:02 1274880 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-18 15:30 15146376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-05-10 19:14 1242448 ----a-w- d:\dokumenty bobina\steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svcdotnet]
2011-05-12 18:34 250880 ----a-w- c:\windows\svcdotnet\svcdotnet.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Hama\\Wireless LAN RTL8192SU\\RtWLan.exe"=
"d:\\Dokumenty Bobina\\steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"d:\\Dokumenty Bobina\\steam\\steamapps\\patkir560\\counter-strike\\hl.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"58024:TCP"= 58024:TCP:Pando Media Booster
"58024:UDP"= 58024:UDP:Pando Media Booster
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 118104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 1385896]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2012-06-08 50728]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-12-28 604064]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 250056]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
S3 TelekomNM3;TelekomNM3 NDIS Protocol Driver;\??\c:\progra~1\NETZMA~1\NMINFR~1\TelekomNM3.SYS --> c:\progra~1\NETZMA~1\NMINFR~1\TelekomNM3.SYS [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - FONTCACHE3.0.0.0
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:29]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 14:11]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-23 14:11]
.
2012-08-02 c:\windows\Tasks\User_Feed_Synchronization-{CD2CCFF6-0054-42AD-B474-74E1EA7C504F}.job
- c:\windows\system32\msfeedssync.exe [2008-04-25 02:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Dom\Dane aplikacji\Mozilla\Firefox\Profiles\dxibdeg8.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bac535fc5-38d0-4a42-86c1-ffa25b0ef997%7D&mid=d4ea2c98e3bc47d090774165d4066a10-96b81436f90f74de424f4d5421feaff687ced081&ds=is016&v=11.1.0.7&lang=pl&pr=sa&d=2012-06-03%2019%3A58%3A46&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
MSConfigStartUp-Alcmtr - ALCMTR.EXE
MSConfigStartUp-AQQ - c:\progra~1\WapSter\WAPSTE~1\AQQ.exe
MSConfigStartUp-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
MSConfigStartUp-Bonus.SSR - c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
MSConfigStartUp-Clownfish - c:\program files\Clownfish\Clownfish.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe
MSConfigStartUp-Gainward - c:\program files\VDOTool\TBPanel.exe
MSConfigStartUp-GameXN - c:\documents and settings\All Users\Dane aplikacji\GameXN\GameXNGO.exe
MSConfigStartUp-GameXN (news) - c:\documents and settings\All Users\Dane aplikacji\GameXN\GameXNGO.exe
MSConfigStartUp-GameXN (update) - c:\documents and settings\All Users\Dane aplikacji\GameXN\GameXNGO.exe
MSConfigStartUp-Jing - c:\program files\TechSmith\Jing\Jing.exe
MSConfigStartUp-mshlp - c:\docume~1\Dom\USTAWI~1\Temp\mshlp.exe
MSConfigStartUp-TNOD UP - c:\program files\TNod User & Password Finder\TNODUP.exe
AddRemove-Icy Tower v1.3.1_is1 - c:\games\icytower1.3\unins000.exe
AddRemove-Microsoft .NET Framework 4 Client Profile PLK Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe
AddRemove-Microsoft .NET Framework 4 Extended PLK Language Pack - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe
AddRemove-{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe
AddRemove-{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-02 17:10
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
c:\windows\system32\l3codeca.acm
.
- - - - - - - > 'lsass.exe'(1172)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
.
Czas ukończenia: 2012-08-02 17:11:56
ComboFix-quarantined-files.txt 2012-08-02 15:11
.
Przed: 9 459 396 608 bajtów wolnych
Po: 10 227 396 608 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Black Edition v8.2" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 5DDC9B3CB2DB8D61F3B21BA3C3397B6E
LOG Z OTL: DAM JUTRO
-
OTL
Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware wersja 1.62.0.1300
TuneUp360
TuneUp Utilities Language Pack (pl-PL)
CCleaner
AML Free Registry Cleaner 4.24
JavaFX 2.1.1
Java™ 6 Update 20
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader X 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.77
Google Chrome 21.0.1180.79
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
a do GMER zaraz dam. będzie sie troche robil bo to wkoncu wszystkie pliki ;p
musze robic GMPERA od nowa bo wywalilo mi komputer po logach...
http://wklej.org/id/815562/ log z GMER
wiecej sie nie uda bo nie wiem czemu ale komputer mi wywala
Prosze o pomocc..
-
Witam
Mam poważny problem mianowicie kiedy chcę odpalić niektóre League of legends exe (czyli gra )wyskakuje mi komunikat: "Aplikacja nie została właściwie uruchomiona (0xc000005b)"
Komputer został przeskanowany:
- ESET NOD 32
- ComboFix
- i wiele innych
- rowniez skanowalem rejestr - bez wysilkow..
Próbowałem także czyścić (porządkować) rejestry:
- CCleaner
bez efektu
przeinstalowywałem:
Microfost Visual C++
oraz
.NET Framework 4 , 3.5 i wszystkie inne wersje
Wszystko to bez efektu Proszę pomóżcie bo ja już nie mam pomysłów co zrobić
za pomoc czeka nagroda w postaci sms 30zl (przepraszam za ta reklame i lapowke ) ale naprawde ten blad mam ponad 3tygodnie i nie wiem jak to naprawic..
gg:40692613
Aplikacja nie została właściwie zainicjowana (0xc00000005)
w Windows XP
Opublikowano · Edytowane przez kamilos403
"BUMP" tu są zakazane. Proszę stosować opcję EDYTUJ, w celu uzupełniania informacji. //picasso
system przeróbka dokladnie black edition
usunal mi tez combofix pliki msconfig bo nie wiedzialem jak go uzywac.. ale teraz wiem
ale po odinstalowaniu tego i tak nic nei daje
All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
Service Cardex stopped successfully!
Service Cardex deleted successfully!
Service TelekomNM3 stopped successfully!
Service TelekomNM3 deleted successfully!
Service XDva397 stopped successfully!
Service XDva397 deleted successfully!
Service EagleXNt stopped successfully!
Service EagleXNt deleted successfully!
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
User: Dom
->Temp folder emptied: 486141 bytes
->Temporary Internet Files folder emptied: 5757281 bytes
->Java cache emptied: 1892340 bytes
->FireFox cache emptied: 820274278 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 60144 bytes
User: Kamil
->Temp folder emptied: 348143824 bytes
->Temporary Internet Files folder emptied: 5244796 bytes
->FireFox cache emptied: 367124175 bytes
->Flash cache emptied: 60543 bytes
User: LocalService
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2372634 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29106052 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 507,00 mb
OTL by OldTimer - Version 3.2.58.1 log created on 08242012_134706
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
tutaj masz loga z wlasnie tego co kazales mi zrobic
BUMP : naprawde nikt nie ma rozwiazania
?
Dobra to bede sobie w opcji edytuj dawał UP mozna tak ?
UP
POMOZE KTOS ?? PROSZE.;.