x-kom hosting

Proszę o sprawdzenie loga

Rampampam
utworzono
utworzono
ComboFix 09-07-05.03 - xxxxxxx 2009-07-07 10:35.12 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.510.154 [GMT 2:00]Uruchomiony z: c:\documents and settings\xxxxxxx\Pulpit\ComboFix.exeAV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Utworzono nowy punkt przywracania.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\bpk.datc:\windows\system32\inst.datc:\windows\system32\pk.binc:\windows\system32\web.datc:\windows\system32\windows32.exe.---- Poprzednie uruchomienie -------.c:\program files\FunWebProductsc:\program files\MyWebSearchc:\program files\FunWebProducts\ScreenSaver\Images\014590BA.urrc:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.htmlc:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.htmlc:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.htmlc:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLLc:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLLc:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLLc:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXEc:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLLc:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLLc:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPGc:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLLc:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLLc:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLLc:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLLc:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLLc:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCRc:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLLc:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLLc:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLLc:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXEc:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLLc:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMVc:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DATc:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLLc:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNGc:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JARc:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFESTc:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXEc:\program files\MyWebSearch\bar\2.bin\M3HTML.DLLc:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLLc:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXEc:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JARc:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFESTc:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLLc:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLLc:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLLc:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXEc:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXEc:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLLc:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXEc:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLLc:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLLc:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLLc:\program files\MyWebSearch\bar\Avatar\COMMON.F3Sc:\program files\MyWebSearch\bar\Cache\00014FA1c:\program files\MyWebSearch\bar\Cache\00015176.binc:\program files\MyWebSearch\bar\Cache\000153B8.binc:\program files\MyWebSearch\bar\Cache\0001556E.binc:\program files\MyWebSearch\bar\Cache\000158BA.binc:\program files\MyWebSearch\bar\Cache\00159DA1.binc:\program files\MyWebSearch\bar\Cache\00159F66.binc:\program files\MyWebSearch\bar\Cache\files.inic:\program files\MyWebSearch\bar\Game\CHECKERS.F3Sc:\program files\MyWebSearch\bar\Game\CHESS.F3Sc:\program files\MyWebSearch\bar\Game\REVERSI.F3Sc:\program files\MyWebSearch\bar\History\search3c:\program files\MyWebSearch\bar\icons\CM.ICOc:\program files\MyWebSearch\bar\icons\MFC.ICOc:\program files\MyWebSearch\bar\icons\PSS.ICOc:\program files\MyWebSearch\bar\icons\SMILEY.ICOc:\program files\MyWebSearch\bar\icons\Thumbs.dbc:\program files\MyWebSearch\bar\icons\WB.ICOc:\program files\MyWebSearch\bar\icons\ZWINKY.ICOc:\program files\MyWebSearch\bar\Message\COMMON.F3Sc:\program files\MyWebSearch\bar\Notifier\COMMON.F3Sc:\program files\MyWebSearch\bar\Notifier\DOG.F3Sc:\program files\MyWebSearch\bar\Notifier\FISH.F3Sc:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3Sc:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3Sc:\program files\MyWebSearch\bar\Notifier\MAID.F3Sc:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3Sc:\program files\MyWebSearch\bar\Notifier\OPERA.F3Sc:\program files\MyWebSearch\bar\Notifier\ROBOT.F3Sc:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3Sc:\program files\MyWebSearch\bar\Notifier\SURFER.F3Sc:\program files\MyWebSearch\bar\Settings\prevcfg2.htmc:\program files\MyWebSearch\bar\Settings\s_pid.datc:\windows\system\alg.exec:\windows\system32\f3PSSavr.scr.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_MYWEBSEARCHSERVICE(((((((((((((((((((((((((   Pliki utworzone od 2009-06-07 do 2009-07-07  ))))))))))))))))))))))))))))))).2009-07-05 19:51 . 2009-07-05 19:51	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard2009-06-28 17:22 . 2009-06-28 17:22	406057	--sh--w-	c:\windows\smss.cmd2009-06-27 09:21 . 2005-05-26 13:34	2297552	----a-w-	c:\windows\system32\d3dx9_26.dll2009-06-26 13:14 . 2009-06-19 20:26	18432	----a-w-	c:\windows\system32\inf.exe2009-06-26 13:14 . 2009-06-19 20:03	160768	------w-	c:\windows\system32\firewallz.dll2009-06-25 14:20 . 2009-06-25 14:20	--------	d-----w-	c:\documents and settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\Ahead2009-06-20 16:25 . 2009-06-20 16:25	0	----a-w-	C:\iphist.dat2009-06-20 13:03 . 2004-08-22 14:31	5248	----a-w-	c:\windows\system32\drivers\d347prt.sys2009-06-20 13:03 . 2004-08-22 14:31	155136	----a-w-	c:\windows\system32\drivers\d347bus.sys2009-06-20 13:03 . 2009-06-20 13:03	--------	d-----w-	c:\program files\D-Tools2009-06-20 13:02 . 2009-06-20 13:02	--------	d-----w-	c:\windows\Downloaded Installations2009-06-20 12:53 . 2004-03-02 14:37	125184	------w-	c:\windows\system32\drivers\imagesrv.sys2009-06-20 12:53 . 2004-03-02 14:37	5504	------w-	c:\windows\system32\drivers\imagedrv.sys2009-06-20 12:53 . 2000-06-26 08:45	106496	----a-w-	c:\windows\system32\TwnLib20.dll2009-06-20 12:53 . 2009-06-20 12:53	--------	d-----w-	c:\program files\Common Files\Ahead2009-06-20 12:53 . 2004-07-26 14:16	476320	------w-	c:\windows\system32\ImagXpr7.dll2009-06-20 12:53 . 2004-07-26 14:16	471040	------w-	c:\windows\system32\ImagXRA7.dll2009-06-20 12:53 . 2004-07-26 14:16	262144	------w-	c:\windows\system32\ImagXR7.dll2009-06-20 12:53 . 2004-07-26 14:16	1568768	------w-	c:\windows\system32\ImagX7.dll2009-06-20 12:53 . 2001-07-09 08:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe2009-06-20 12:53 . 2009-06-20 12:53	--------	d-----w-	c:\program files\Ahead2009-06-20 10:56 . 2009-06-20 10:56	152576	----a-w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll2009-06-16 19:13 . 2009-06-22 07:07	1	----a-w-	c:\documents and settings\xxxxxxx\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys2009-06-16 19:13 . 2009-06-16 19:13	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\OpenOffice.org2009-06-16 19:10 . 2009-06-16 19:10	--------	d-----w-	c:\program files\OpenOffice.org 32009-06-16 11:39 . 2009-06-16 11:39	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ChessBase2009-06-16 11:28 . 2009-06-16 11:28	--------	d-----w-	c:\documents and settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\ChessBase2009-06-14 22:00 . 2009-06-14 22:00	--------	d-----w-	c:\documents and settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\Opera2009-06-14 21:37 . 2009-06-14 21:37	--------	d-----w-	c:\program files\Opera2009-06-13 14:52 . 2009-06-18 17:23	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\OpenFM2009-06-13 14:48 . 2009-06-13 14:48	--------	d-----w-	c:\documents and settings\xxxxxxx\.gstreamer-0.102009-06-13 09:44 . 2009-06-13 09:44	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\OpenFM2009-06-13 09:07 . 2009-06-13 11:12	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu2009-06-13 09:07 . 2009-06-21 18:39	--------	d-----w-	c:\program files\Nowe Gadu-Gadu2009-06-09 19:38 . 2009-06-09 19:39	--------	d-----w-	c:\program files\Armageddon2009-06-09 11:08 . 2009-06-09 11:08	--------	d-sh--w-	C:\found.0002009-06-08 10:51 . 2009-06-08 10:51	--------	d-----w-	c:\program files\Ares.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-06 20:48 . 2008-12-12 20:49	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP2009-07-06 14:02 . 2009-02-12 09:22	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Tibia2009-07-06 11:13 . 2009-05-24 16:01	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Skype2009-07-06 11:13 . 2009-05-24 16:03	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\skypePM2009-07-01 16:20 . 2009-05-29 12:44	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\ChessBase2009-06-27 10:44 . 2009-02-12 09:28	54784	----a-w-	c:\documents and settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-27 08:56 . 2008-12-12 15:01	--------	d--h--w-	c:\program files\InstallShield Installation Information2009-06-25 14:18 . 2009-05-12 04:48	6059945	----a-w-	c:\windows\Internet Logs\tvDebug.Zip2009-06-20 16:41 . 2009-06-20 16:42	1622528	----a-w-	c:\windows\Internet Logs\xDB1A.tmp2009-06-20 10:57 . 2008-12-12 15:05	--------	d-----w-	c:\program files\Java2009-06-18 06:30 . 2009-05-06 06:06	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PrevxCSI2009-06-16 11:24 . 2008-12-12 15:01	--------	d-----w-	c:\program files\Common Files\InstallShield2009-06-16 07:52 . 2009-06-16 08:53	1577984	----a-w-	c:\windows\Internet Logs\xDB19.tmp2009-06-16 07:52 . 2009-06-16 08:53	384512	----a-w-	c:\windows\Internet Logs\xDB18.tmp2009-06-15 20:18 . 2009-06-16 04:16	1576960	----a-w-	c:\windows\Internet Logs\xDB17.tmp2009-06-15 09:51 . 2009-06-15 12:29	546304	----a-w-	c:\windows\Internet Logs\xDB15.tmp2009-06-15 09:51 . 2009-06-15 12:29	1575424	----a-w-	c:\windows\Internet Logs\xDB16.tmp2009-06-13 11:07 . 2009-06-13 11:11	1572864	----a-w-	c:\windows\Internet Logs\xDB14.tmp2009-06-13 11:07 . 2009-06-13 11:11	1944576	----a-w-	c:\windows\Internet Logs\xDB13.tmp2009-06-11 08:34 . 2009-06-11 08:41	1553408	----a-w-	c:\windows\Internet Logs\xDB12.tmp2009-06-11 08:34 . 2009-06-11 08:41	949760	----a-w-	c:\windows\Internet Logs\xDB11.tmp2009-06-09 06:30 . 2009-06-09 11:10	382976	----a-w-	c:\windows\Internet Logs\xDB10.tmp2009-06-07 08:20 . 2009-06-07 09:38	2541568	----a-w-	c:\windows\Internet Logs\xDBE.tmp2009-06-07 08:20 . 2009-06-07 09:38	1524224	----a-w-	c:\windows\Internet Logs\xDBF.tmp2009-06-04 11:34 . 2009-06-04 13:05	3073024	----a-w-	c:\windows\Internet Logs\xDBC.tmp2009-06-04 11:34 . 2009-06-04 13:05	1510400	----a-w-	c:\windows\Internet Logs\xDBD.tmp2009-06-02 20:30 . 2009-06-03 04:45	103424	----a-w-	c:\windows\Internet Logs\xDBA.tmp2009-06-02 20:29 . 2009-06-03 04:45	1504256	----a-w-	c:\windows\Internet Logs\xDBB.tmp2009-06-02 17:43 . 2009-06-02 17:43	64314	----a-w-	c:\windows\Internet Logs\vsmon_2nd_2009_06_02_19_36_00_small.dmp.zip2009-06-02 17:36 . 2009-06-02 17:38	339968	----a-w-	c:\windows\Internet Logs\xDB9.tmp2009-06-02 04:44 . 2009-04-03 16:48	4212	---ha-w-	c:\windows\system32\zllictbl.dat2009-06-01 14:12 . 2009-06-01 15:43	2710016	----a-w-	c:\windows\Internet Logs\xDB8.tmp2009-05-29 12:56 . 2009-05-29 12:56	--------	d-----w-	c:\program files\Your Company Name2009-05-29 12:40 . 2009-05-29 12:40	--------	d-----w-	c:\program files\Common Files\CHESSBASE2009-05-29 11:22 . 2009-02-24 12:54	382464	----a-w-	C:\KillIt.exe2009-05-28 21:19 . 2009-05-29 06:21	1466880	----a-w-	c:\windows\Internet Logs\xDB7.tmp2009-05-28 21:19 . 2009-05-29 06:21	124928	----a-w-	c:\windows\Internet Logs\xDB6.tmp2009-05-28 18:05 . 2009-05-28 18:29	517632	----a-w-	c:\windows\Internet Logs\xDB5.tmp2009-05-28 09:23 . 2009-05-28 09:23	42088	----a-w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll2009-05-28 08:34 . 2009-05-28 08:34	11264	----a-w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll2009-05-27 19:10 . 2009-05-17 06:42	152576	----a-w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll2009-05-27 14:56 . 2009-05-27 18:44	1456640	----a-w-	c:\windows\Internet Logs\xDB4.tmp2009-05-27 14:56 . 2009-05-27 18:44	897536	----a-w-	c:\windows\Internet Logs\xDB3.tmp2009-05-27 09:31 . 2009-05-27 12:17	3043328	----a-w-	c:\windows\Internet Logs\xDB1.tmp2009-05-27 09:31 . 2009-05-27 12:17	1452544	----a-w-	c:\windows\Internet Logs\xDB2.tmp2009-05-26 10:17 . 2009-05-26 10:14	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Wru2009-05-24 16:03 . 2009-05-24 16:03	56	---ha-w-	c:\windows\system32\ezsidmv.dat2009-05-24 16:00 . 2009-05-24 16:00	--------	d-----r-	c:\program files\Skype2009-05-24 16:00 . 2009-05-24 16:00	--------	d-----w-	c:\program files\Common Files\Skype2009-05-24 16:00 . 2009-01-15 10:58	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype2009-05-21 19:14 . 2009-05-21 09:20	--------	d-----w-	c:\program files\No-IP2009-05-21 09:53 . 2009-04-30 16:00	--------	d-----w-	c:\program files\AskBarDis2009-05-21 09:53 . 2009-05-21 09:53	--------	d-----w-	c:\program files\Zone Labs2009-05-21 09:33 . 2008-12-12 15:16	410984	----a-w-	c:\windows\system32\deploytk.dll2009-05-20 06:11 . 2009-03-13 19:12	--------	d-----w-	c:\program files\ipla2009-05-19 13:18 . 2009-01-07 09:59	--------	d-----w-	c:\program files\Google2009-05-19 13:17 . 2009-05-14 15:56	--------	d-----w-	c:\program files\ALLPlayer2009-05-19 13:17 . 2009-05-14 15:56	--------	d-----w-	c:\program files\NAPI-PROJEKT2009-05-17 21:45 . 2009-05-17 21:36	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\FileZilla2009-05-17 13:10 . 2009-05-08 15:42	--------	d-----w-	c:\program files\BearShare Applications2009-05-16 05:34 . 2008-12-12 15:03	--------	d-----w-	c:\program files\Gadu-Gadu2009-05-15 08:32 . 2009-05-15 08:32	--------	d-----w-	c:\program files\BepanthenDesktopCelendar2009-05-13 11:33 . 2009-05-13 11:33	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab2009-05-11 20:41 . 2009-05-11 20:07	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Dev-Cpp2009-05-11 12:19 . 2009-02-22 09:08	22024	----a-w-	c:\windows\system32\drivers\pxscan.sys2009-05-11 12:19 . 2009-05-11 12:19	27656	----a-w-	c:\windows\system32\drivers\pxsec.sys2009-05-11 12:18 . 2009-02-22 09:07	787000	----a-w-	c:\documents and settings\All Users\Dane aplikacji\PrevxCSI\~PrevxCSIUpdate.exe2009-05-09 19:48 . 2009-05-09 19:48	--------	d-----w-	c:\program files\PLAY2009-05-09 19:36 . 2009-05-09 19:36	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Globe72009-05-09 19:07 . 2009-05-09 19:07	40070	----a-r-	c:\documents and settings\xxxxxxx\Dane aplikacji\Microsoft\Installer\{1AF2006B-F09D-4A03-A240-86DE18F8F04D}\_7e4e29f1.exe2009-05-09 19:07 . 2009-05-09 19:07	40070	----a-r-	c:\documents and settings\xxxxxxx\Dane aplikacji\Microsoft\Installer\{1AF2006B-F09D-4A03-A240-86DE18F8F04D}\_7e4a7ff5.exe2009-05-09 18:46 . 2009-05-09 18:46	--------	d-----w-	c:\program files\Zeallsoft2009-05-05 17:13 . 2009-05-05 17:13	112441	----a-w-	c:\windows\Internet Logs\vsmon_2nd_2009_05_05_18_16_06_small.dmp.zip2009-05-05 10:42 . 2009-05-05 10:42	114097	----a-w-	c:\windows\Internet Logs\vsmon_2nd_2009_05_05_12_36_18_small.dmp.zip2009-05-04 17:40 . 2009-05-04 17:40	110043	----a-w-	c:\windows\Internet Logs\vsmon_2nd_2009_05_04_17_38_41_small.dmp.zip2009-05-02 16:50 . 2009-05-02 16:50	115355	----a-w-	c:\windows\Internet Logs\vsmon_2nd_2009_05_02_10_48_56_small.dmp.zip2009-05-01 06:25 . 2009-05-01 06:25	19259116	----a-w-	c:\windows\Internet Logs\vsmon_on_demand_thread_2009_05_01_06_28_38_full.dmp.zip2009-04-29 17:35 . 2009-04-28 17:33	55640	----a-w-	c:\windows\system32\drivers\avgntflt.sys2009-04-28 08:10 . 2009-04-28 08:10	29500	---ha-w-	c:\windows\system32\mlfcache.dat2009-04-24 13:38 . 2009-04-24 13:38	215872	----a-w-	c:\windows\system32\drivers\truecrypt.sys2009-04-14 21:42 . 2009-04-14 21:42	717296	----a-w-	c:\windows\system32\drivers\sptd.sys2007-01-25 02:52 . 2007-01-25 02:52	65536	----a-w-	c:\program files\Common Files\NMSAccessU.exe.------- Sigcheck -------[7] 2004-08-03 22:44	14336	BA98327E90022DBD6EE76490E0622E2E	c:\windows\$NtServicePackUninstall$\svchost.exe[7] 2008-04-14 17:21	14336	8607D35D92528E2DF386F19A960D23CE	c:\windows\ServicePackFiles\i386\svchost.exe[7] 2008-04-14 17:21	14336	8607D35D92528E2DF386F19A960D23CE	c:\windows\system32\svchost.exe[7] 2004-08-03 22:44	578560	0C81764F50F32D376E6E4B9E9F4B01A0	c:\windows\$NtServicePackUninstall$\user32.dll[7] 2008-04-14 17:20	580096	A435C5C069AFD901751AC323AD238793	c:\windows\ServicePackFiles\i386\user32.dll[7] 2008-04-14 17:20	580096	A435C5C069AFD901751AC323AD238793	c:\windows\system32\user32.dll[7] 2004-08-03 22:44	82944	AB82237486B727DD7DAB36A76F38A3A2	c:\windows\$NtServicePackUninstall$\ws2_32.dll[7] 2008-04-14 17:20	82432	C0AA2AB856680C44739B41E01F5BD4E9	c:\windows\ServicePackFiles\i386\ws2_32.dll[7] 2008-04-14 17:20	82432	C0AA2AB856680C44739B41E01F5BD4E9	c:\windows\system32\ws2_32.dll[7] 2008-10-16 10:35	670208	721DD14395B1EAD8D0B330F8B7B5B9F4	c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll[7] 2008-10-16 01:02	668672	81AB7E7CEBEB09BCFB8C4AE1074E1CC1	c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll[7] 2008-10-16 01:06	669696	D9A313E9E938FCD9C63EFD544C997183	c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll[7] 2008-10-16 10:39	662016	E3B72859EAEBBC3D2415E85B258D98A8	c:\windows\$NtServicePackUninstall$\wininet.dll[7] 2008-04-14 17:20	668672	0457F0AFD6EE10445D8CF721FB5FA4EB	c:\windows\$NtUninstallKB958215$\wininet.dll[7] 2004-08-03 22:44	658944	D37DAFB534AC8343D59A1B501ABE852C	c:\windows\$NtUninstallKB958215_0$\wininet.dll[7] 2008-04-14 17:20	668672	0457F0AFD6EE10445D8CF721FB5FA4EB	c:\windows\ServicePackFiles\i386\wininet.dll[7] 2008-10-16 01:02	668672	81AB7E7CEBEB09BCFB8C4AE1074E1CC1	c:\windows\system32\wininet.dll[7] 2008-10-16 01:02	668672	81AB7E7CEBEB09BCFB8C4AE1074E1CC1	c:\windows\system32\dllcache\wininet.dll[7] 2008-06-20 10:44	360960	744E57C99232201AE98C49168B918F48	c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys[7] 2008-06-20 11:51	361600	9AEFA14BD6B182D61E3119FA5F436D3D	c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[7] 2008-06-20 11:59	361600	AD978A1B783B5719720CFF204B666C8E	c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2008-06-20 10:45	360320	2A5554FC5B1E04E131230E3CE035C3F9	c:\windows\$NtServicePackUninstall$\tcpip.sys[7] 2008-04-13 19:20	361344	93EA8D04EC73A85DB02EB8805988F733	c:\windows\$NtUninstallKB951748$\tcpip.sys[-] 2004-09-14 22:25	359040	7B11118B078B88F87183FE69EDA43137	c:\windows\$NtUninstallKB951748_0$\tcpip.sys[7] 2008-04-13 19:20	361344	93EA8D04EC73A85DB02EB8805988F733	c:\windows\ServicePackFiles\i386\tcpip.sys[7] 2008-06-20 11:51	361600	9AEFA14BD6B182D61E3119FA5F436D3D	c:\windows\system32\dllcache\tcpip.sys[7] 2008-06-20 11:51	361600	9AEFA14BD6B182D61E3119FA5F436D3D	c:\windows\system32\drivers\tcpip.sys[7] 2004-08-03 22:44	504832	0344407089B08548D4FEBA62BB0F32D0	c:\windows\$NtServicePackUninstall$\winlogon.exe[7] 2008-04-14 17:21	510464	51FD2E13D723857B9CA239AE77150F48	c:\windows\ServicePackFiles\i386\winlogon.exe[7] 2008-04-14 17:21	510464	51FD2E13D723857B9CA239AE77150F48	c:\windows\system32\winlogon.exe[7] 2004-08-03 21:14	182912	558635D3AF1C7546D26067D5D9B6959E	c:\windows\$NtServicePackUninstall$\ndis.sys[7] 2008-04-13 19:20	182656	1DF7F42665C94B825322FAE71721130D	c:\windows\ServicePackFiles\i386\ndis.sys[7] 2008-04-13 19:20	182656	1DF7F42665C94B825322FAE71721130D	c:\windows\system32\drivers\ndis.sys[7] 2004-08-03 21:00	29056	4448006B6BC60E6C027932CFC38D6855	c:\windows\$NtServicePackUninstall$\ip6fw.sys[7] 2008-04-13 18:53	36608	3BB22519A194418D5FEC05D800A19AD0	c:\windows\ServicePackFiles\i386\ip6fw.sys[7] 2008-04-13 18:53	36608	3BB22519A194418D5FEC05D800A19AD0	c:\windows\system32\drivers\ip6fw.sys[7] 2008-08-14 13:40	2064256	BD1C2093733023E5AFC1520C095C2195	c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe[7] 2008-08-14 13:26	2067328	5AB2F07AD3FD76790294DDCCC6E06D46	c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe[7] 2008-08-14 18:27	2067328	638346856E53887B0C3DA62A9AB2C203	c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe[7] 2008-08-14 13:46	2059008	740D5209CE5EC76BB99923A710CD0A53	c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe[7] 2008-04-14 16:29	2067200	4BBA965664FAA56B187C27F4CAD7E7C5	c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe[7] 2004-08-03 22:54	2058112	44D1BC1B05E0C7C82E81687B79C653C7	c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe[7] 2008-08-14 13:26	2067328	5AB2F07AD3FD76790294DDCCC6E06D46	c:\windows\Driver Cache\i386\ntkrnlpa.exe[7] 2008-04-14 16:29	2067200	4BBA965664FAA56B187C27F4CAD7E7C5	c:\windows\ServicePackFiles\i386\ntkrnlpa.exe[7] 2008-08-14 13:26	2067328	5AB2F07AD3FD76790294DDCCC6E06D46	c:\windows\system32\ntkrnlpa.exe[7] 2008-08-14 13:26	2067328	5AB2F07AD3FD76790294DDCCC6E06D46	c:\windows\system32\dllcache\ntkrnlpa.exe[7] 2008-08-14 13:40	2187264	8EAC2F887F5E093186A6B2E548F719BA	c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe[7] 2008-08-14 13:26	2190464	9CE159C91E076FF6C25D055310EBB259	c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe[7] 2008-08-14 18:27	2190464	DCDD970025463DFC9676EBE18ABD6A86	c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe[7] 2008-08-14 13:46	2181632	1E808411607A060AD7C582B7556C9AFA	c:\windows\$NtServicePackUninstall$\ntoskrnl.exe[7] 2008-04-14 16:30	2190336	8CA14ECF04594EABBE93C9FF2E3CBFB1	c:\windows\$NtUninstallKB956841$\ntoskrnl.exe[7] 2004-08-03 22:39	2182272	DCF53422B7EDDED3B7431FBAE4A7EE3F	c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe[7] 2008-08-14 13:26	2190464	9CE159C91E076FF6C25D055310EBB259	c:\windows\Driver Cache\i386\ntoskrnl.exe[7] 2008-04-14 16:30	2190336	8CA14ECF04594EABBE93C9FF2E3CBFB1	c:\windows\ServicePackFiles\i386\ntoskrnl.exe[7] 2008-08-14 13:26	2190464	9CE159C91E076FF6C25D055310EBB259	c:\windows\system32\ntoskrnl.exe[7] 2008-08-14 13:26	2190464	9CE159C91E076FF6C25D055310EBB259	c:\windows\system32\dllcache\ntoskrnl.exe[7] 2008-04-14 17:21	1035264	C791ED9EAC5E76D9525E157B1D7A599A	c:\windows\explorer.exe[7] 2004-08-03 22:44	1033728	379098A96E6C165B659DE7E4328010EA	c:\windows\$NtServicePackUninstall$\explorer.exe[7] 2008-04-14 17:21	1035264	C791ED9EAC5E76D9525E157B1D7A599A	c:\windows\ServicePackFiles\i386\explorer.exe[7] 2004-08-03 22:44	108544	3DA8D964D2CC12EF8E8C342471A37917	c:\windows\$NtServicePackUninstall$\services.exe[7] 2008-04-14 17:21	109056	3E3AE424E27C4CEFE4CAB368C7B570EA	c:\windows\ServicePackFiles\i386\services.exe[7] 2008-04-14 17:21	109056	3E3AE424E27C4CEFE4CAB368C7B570EA	c:\windows\system32\services.exe[7] 2004-08-03 22:44	13312	F485FEFC8CC4FD29243D800BE5D275D1	c:\windows\$NtServicePackUninstall$\lsass.exe[7] 2008-04-14 17:21	13312	88296F7943F30A1EE3AF735440B92268	c:\windows\ServicePackFiles\i386\lsass.exe[7] 2008-04-14 17:21	13312	88296F7943F30A1EE3AF735440B92268	c:\windows\system32\lsass.exe[7] 2004-08-03 22:44	15360	CBFA30492D70CE3938D8A7783D0C0436	c:\windows\$NtServicePackUninstall$\ctfmon.exe[7] 2008-04-14 17:21	15360	1BD41EDA5B869AFC99895C39A8DE36E1	c:\windows\ServicePackFiles\i386\ctfmon.exe[7] 2008-04-14 17:21	15360	1BD41EDA5B869AFC99895C39A8DE36E1	c:\windows\system32\ctfmon.exe[7] 2004-08-03 22:44	57856	BEBE8A85954FF460374FD5A0CD21E19B	c:\windows\$NtServicePackUninstall$\spoolsv.exe[7] 2008-04-14 17:21	57856	DD69EC597AB942C39B950D9C3CE1375D	c:\windows\ServicePackFiles\i386\spoolsv.exe[7] 2008-04-14 17:21	57856	DD69EC597AB942C39B950D9C3CE1375D	c:\windows\system32\spoolsv.exe[7] 2008-04-14 17:21	112128	9A19BA6D99B8EC3DB5B3EFF71B0A0BB5	c:\windows\ServicePackFiles\i386\wuauclt.exe[7] 2008-10-16 13:09	51224	E654B78D2F1D791B30D0ED9A8195EC22	c:\windows\system32\wuauclt.exe[7] 2008-10-16 13:09	51224	E654B78D2F1D791B30D0ED9A8195EC22	c:\windows\system32\dllcache\wuauclt.exe[7] 2004-08-03 22:44	25088	BD768099B4C44AA631728CB74EB54396	c:\windows\$NtServicePackUninstall$\userinit.exe[7] 2008-04-14 17:21	26624	2A5B37D520508BE6570A3EA79695F5B5	c:\windows\ServicePackFiles\i386\userinit.exe[7] 2008-04-14 17:21	26624	2A5B37D520508BE6570A3EA79695F5B5	c:\windows\system32\userinit.exe[7] 2004-08-03 22:44	296448	2C28157229925280916B3041CCC5FE4B	c:\windows\$NtServicePackUninstall$\termsrv.dll[7] 2008-04-14 17:20	296448	52E0505408EDD4AB5CCC7F83B67B4299	c:\windows\ServicePackFiles\i386\termsrv.dll[7] 2008-04-14 17:20	296448	52E0505408EDD4AB5CCC7F83B67B4299	c:\windows\system32\termsrv.dll[7] 2004-08-03 22:44	1012224	578BB2F44597CB53451DED99013573F3	c:\windows\$NtServicePackUninstall$\kernel32.dll[7] 2008-04-14 17:20	1018368	FCE4ECC34A36EDACF03DBE8DE5E28910	c:\windows\ServicePackFiles\i386\kernel32.dll[7] 2008-04-14 17:20	1018368	FCE4ECC34A36EDACF03DBE8DE5E28910	c:\windows\system32\kernel32.dll[7] 2004-08-03 22:44	17408	B20BB2A65349EF132FA7F2EB51A29E5C	c:\windows\$NtServicePackUninstall$\powrprof.dll[7] 2008-04-14 17:20	17408	414C17A2958AEDAC700BBAAFBF999F94	c:\windows\ServicePackFiles\i386\powrprof.dll[7] 2008-04-14 17:20	17408	414C17A2958AEDAC700BBAAFBF999F94	c:\windows\system32\powrprof.dll[7] 2004-08-03 22:44	110080	BDB679C04273B19BF46BD0D591FDEEC3	c:\windows\$NtServicePackUninstall$\imm32.dll[7] 2008-04-14 17:20	110080	2E9A03268E609917B83921EE16FD9CFB	c:\windows\ServicePackFiles\i386\imm32.dll[7] 2008-04-14 17:20	110080	2E9A03268E609917B83921EE16FD9CFB	c:\windows\system32\imm32.dll[7] 2004-08-03 22:44	1548288	F044A12CFFB8E58BC044A2605283A636	c:\windows\$NtServicePackUninstall$\sfcfiles.dll[7] 2008-04-14 17:20	1571840	A9ED600F08A92143253C10EDB5651ECF	c:\windows\ServicePackFiles\i386\sfcfiles.dll[7] 2008-04-14 17:20	1571840	A9ED600F08A92143253C10EDB5651ECF	c:\windows\system32\sfcfiles.dll[7] 2004-08-03 22:43	172032	8D60B308D061DA209CC271D9B480468C	c:\windows\$NtServicePackUninstall$\appmgmts.dll[7] 2008-04-14 17:19	172032	1561430DA2F2AB81CC0CE71AF95A778D	c:\windows\ServicePackFiles\i386\appmgmts.dll[7] 2008-04-14 17:19	172032	1561430DA2F2AB81CC0CE71AF95A778D	c:\windows\system32\appmgmts.dll[7] 2004-08-03 22:38	24960	CC13DB862F929AE33F64C3BEDC01CD31	c:\windows\$NtServicePackUninstall$\kbdclass.sys[7] 2008-04-14 16:20	24960	2AECA45D4AEAACBDCB77AD11184E4601	c:\windows\ServicePackFiles\i386\kbdclass.sys[7] 2008-04-14 16:20	24960	2AECA45D4AEAACBDCB77AD11184E4601	c:\windows\system32\drivers\kbdclass.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]2009-05-06 12:31	398776	----a-w-	c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 68856]"ares"="d:\ares\Ares.exe" [2008-12-13 882176]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]"Systool"="c:\windows\smss.cmd" [2009-06-28 406057][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKLM\~\startupfolder\C:^Documents and Settings^xxxxxxx^Menu Start^Programy^Autostart^smgr32.exe]path=c:\documents and settings\xxxxxxx\Menu Start\Programy\Autostart\smgr32.exebackup=c:\windows\pss\smgr32.exeStartup[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="d:\\Warcraft III\\Warcraft III.exe"="d:\\Tibia\\Tibia.exe"="c:\\Program Files\\Ares\\Ares.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="d:\\Gadu-Gadu\\gg.exe"="c:\\Documents and Settings\\xxxxxxx\\Pulpit\\AlissowOts\\AlissowOts\\AlissowOTs.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Tibia\\Tibcxcia.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-22 22024]R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-05-11 27656]R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-10 4368952]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [2008-12-12 332928].Zawartość folderu 'Zaplanowane zadania'2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]2009-07-07 c:\windows\Tasks\RegCure Program Check.job- d:\regcure\RegCure.exe [2008-12-29 17:58]2009-05-31 c:\windows\Tasks\RegCure.job- d:\regcure\RegCure.exe [2008-12-29 17:58].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLLHKLM-Run-trjD - c:\windows\system\alg.exeHKLM-Run-lsass.exe - c:\windows\lsass.exe.------- Skan uzupełniający -------.uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZRfox000&ptb=WzmUfgpJ90LJYCq.YOgd4AuSearch Page = hxxp://www.google.comuDefault_Search_URL = hxxp://www.google.com/ieuSearch Bar = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = hxxp://www.gaduradio.pl/index.php?gadugadu=2be3be8980575dff29a2baf792cd009euSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZRfox000FF - ProfilePath - c:\documents and settings\xxxxxxx\Dane aplikacji\Mozilla\Firefox\Profiles\u8btksix.default\FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=FF - prefs.js: browser.search.selectedEngine - Winamp SearchFF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=FF - component: c:\documents and settings\xxxxxxx\Dane aplikacji\Mozilla\Firefox\Profiles\u8btksix.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dllFF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dllFF - plugin: c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-07 10:40Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run  lsass.exe = c:\windows\lsass.exe????????????????????????????? skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'explorer.exe'(1208)c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllc:\program files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLc:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\Java\jre6\bin\jqs.exec:\program files\Common Files\NMSAccessU.exec:\program files\Analog Devices\SoundMAX\SMAgent.exed:\alcohol 120\StarWind\StarWindServiceAE.exec:\windows\system32\wdfmgr.exec:\windows\system32\wbem\wmiapsrv.exec:\windows\system32\notepad.exe.**************************************************************************.Czas ukończenia: 2009-07-07 10:46 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-07-07 08:45ComboFix2.txt  2009-04-20 18:36Przed: 398 372 864 bajtów wolnychPo: 899 432 448 bajtów wolnychCurrent=4 Default=4 Failed=2 LastKnownGood=3 Sets=1,2,3,4449	--- E O F ---	2009-04-01 05:23

Gość
komentarz
komentarz

1. Wklej do Notatnika:

File::c:\windows\smss.cmdc:\windows\system32\inf.exec:\windows\system32\firewallz.dllc:\windows\Internet Logs\tvDebug.Zipc:\windows\Internet Logs\xDB1A.tmpc:\windows\Internet Logs\xDB19.tmpc:\windows\Internet Logs\xDB18.tmpc:\windows\Internet Logs\xDB17.tmpc:\windows\Internet Logs\xDB15.tmpc:\windows\Internet Logs\xDB16.tmpc:\windows\Internet Logs\xDB14.tmpc:\windows\Internet Logs\xDB13.tmpc:\windows\Internet Logs\xDB12.tmpc:\windows\Internet Logs\xDB11.tmpc:\windows\Internet Logs\xDB10.tmpc:\windows\Internet Logs\xDBE.tmpc:\windows\Internet Logs\xDBF.tmpc:\windows\Internet Logs\xDBC.tmpc:\windows\Internet Logs\xDBD.tmpc:\windows\Internet Logs\xDBA.tmpc:\windows\Internet Logs\xDBB.tmpc:\windows\Internet Logs\vsmon_2nd_2009_06_02_19_36_00_small.dmp.zipc:\windows\Internet Logs\xDB9.tmpc:\windows\Internet Logs\xDB8.tmpc:\KillIt.exec:\windows\Internet Logs\xDB7.tmpc:\windows\Internet Logs\xDB6.tmpc:\windows\Internet Logs\xDB5.tmpc:\windows\Internet Logs\xDB4.tmpc:\windows\Internet Logs\xDB3.tmpc:\windows\Internet Logs\xDB1.tmpc:\windows\Internet Logs\xDB2.tmpc:\windows\Internet Logs\vsmon_2nd_2009_05_05_18_16_06_small.dmp.zipc:\windows\Internet Logs\vsmon_2nd_2009_05_05_12_36_18_small.dmp.zipc:\windows\Internet Logs\vsmon_2nd_2009_05_04_17_38_41_small.dmp.zipc:\windows\Internet Logs\vsmon_2nd_2009_05_02_10_48_56_small.dmp.zipc:\windows\Internet Logs\vsmon_on_demand_thread_2009_05_01_06_28_38_full.dmp.zipc:\documents and settings\xxxxxxx\Menu Start\Programy\Autostart\smgr32.exec:\windows\lsass.exeFolder::C:\found.000c:\program files\AskBarDisc:\program files\Your Company Namec:\program files\Common Files\CHESSBASERegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"=-"swg"=-"ares"=-"MSMSGS"=-"lsass.exe"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"=-"NeroFilterCheck"=-"Systool"=-[-HKLM\~\startupfolder\C:^Documents and Settings^xxxxxxx^Menu Start^Programy^Autostart^smgr32.exe]

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

2. Daj logi z >>> OTL.

.

Rampampam
komentarz
komentarz
ComboFix 09-07-05.03 - xxxxxxx 2009-07-08 12:30.13 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.510.167 [GMT 2:00]Uruchomiony z: c:\documents and settings\xxxxxxx\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\xxxxxxx\Pulpit\CFScript.txtAV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}FILE ::"c:\documents and settings\xxxxxxx\Menu Start\Programy\Autostart\smgr32.exe""c:\KillIt.exe""c:\windows\Internet Logs\tvDebug.Zip""c:\windows\Internet Logs\vsmon_2nd_2009_05_02_10_48_56_small.dmp.zip""c:\windows\Internet Logs\vsmon_2nd_2009_05_04_17_38_41_small.dmp.zip""c:\windows\Internet Logs\vsmon_2nd_2009_05_05_12_36_18_small.dmp.zip""c:\windows\Internet Logs\vsmon_2nd_2009_05_05_18_16_06_small.dmp.zip""c:\windows\Internet Logs\vsmon_2nd_2009_06_02_19_36_00_small.dmp.zip""c:\windows\Internet Logs\vsmon_on_demand_thread_2009_05_01_06_28_38_full.dmp.zip""c:\windows\Internet Logs\xDB1.tmp""c:\windows\Internet Logs\xDB10.tmp""c:\windows\Internet Logs\xDB11.tmp""c:\windows\Internet Logs\xDB12.tmp""c:\windows\Internet Logs\xDB13.tmp""c:\windows\Internet Logs\xDB14.tmp""c:\windows\Internet Logs\xDB15.tmp""c:\windows\Internet Logs\xDB16.tmp""c:\windows\Internet Logs\xDB17.tmp""c:\windows\Internet Logs\xDB18.tmp""c:\windows\Internet Logs\xDB19.tmp""c:\windows\Internet Logs\xDB1A.tmp""c:\windows\Internet Logs\xDB2.tmp""c:\windows\Internet Logs\xDB3.tmp""c:\windows\Internet Logs\xDB4.tmp""c:\windows\Internet Logs\xDB5.tmp""c:\windows\Internet Logs\xDB6.tmp""c:\windows\Internet Logs\xDB7.tmp""c:\windows\Internet Logs\xDB8.tmp""c:\windows\Internet Logs\xDB9.tmp""c:\windows\Internet Logs\xDBA.tmp""c:\windows\Internet Logs\xDBB.tmp""c:\windows\Internet Logs\xDBC.tmp""c:\windows\Internet Logs\xDBD.tmp""c:\windows\Internet Logs\xDBE.tmp""c:\windows\Internet Logs\xDBF.tmp""c:\windows\lsass.exe""c:\windows\smss.cmd""c:\windows\system32\firewallz.dll""c:\windows\system32\inf.exe".(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\found.000c:\found.000\file0000.chkc:\KillIt.exec:\program files\AskBarDisc:\program files\AskBarDis\zonealarm.icoc:\program files\Common Files\CHESSBASEc:\program files\Common Files\CHESSBASE\ENGINES\Crafty 20-14.enginec:\program files\Common Files\CHESSBASE\ENGINES\Fritz 11.enginec:\program files\Your Company Namec:\windows\Internet Logs\tvDebug.Zipc:\windows\Internet Logs\vsmon_2nd_2009_05_02_10_48_56_small.dmp.zipc:\windows\Internet Logs\vsmon_2nd_2009_05_04_17_38_41_small.dmp.zipc:\windows\Internet Logs\vsmon_2nd_2009_05_05_12_36_18_small.dmp.zipc:\windows\Internet Logs\vsmon_2nd_2009_05_05_18_16_06_small.dmp.zipc:\windows\Internet Logs\vsmon_2nd_2009_06_02_19_36_00_small.dmp.zipc:\windows\Internet Logs\vsmon_on_demand_thread_2009_05_01_06_28_38_full.dmp.zipc:\windows\Internet Logs\xDB1.tmpc:\windows\Internet Logs\xDB10.tmpc:\windows\Internet Logs\xDB11.tmpc:\windows\Internet Logs\xDB12.tmpc:\windows\Internet Logs\xDB13.tmpc:\windows\Internet Logs\xDB14.tmpc:\windows\Internet Logs\xDB15.tmpc:\windows\Internet Logs\xDB16.tmpc:\windows\Internet Logs\xDB17.tmpc:\windows\Internet Logs\xDB18.tmpc:\windows\Internet Logs\xDB19.tmpc:\windows\Internet Logs\xDB1A.tmpc:\windows\Internet Logs\xDB2.tmpc:\windows\Internet Logs\xDB3.tmpc:\windows\Internet Logs\xDB4.tmpc:\windows\Internet Logs\xDB5.tmpc:\windows\Internet Logs\xDB6.tmpc:\windows\Internet Logs\xDB7.tmpc:\windows\Internet Logs\xDB8.tmpc:\windows\Internet Logs\xDB9.tmpc:\windows\Internet Logs\xDBA.tmpc:\windows\Internet Logs\xDBB.tmpc:\windows\Internet Logs\xDBC.tmpc:\windows\Internet Logs\xDBD.tmpc:\windows\Internet Logs\xDBE.tmpc:\windows\Internet Logs\xDBF.tmpc:\windows\smss.cmdc:\windows\system32\firewallz.dllc:\windows\system32\inf.exe.(((((((((((((((((((((((((   Pliki utworzone od 2009-06-08 do 2009-07-08  ))))))))))))))))))))))))))))))).2009-07-05 19:51 . 2009-07-05 19:51	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard2009-06-27 09:21 . 2005-05-26 13:34	2297552	----a-w-	c:\windows\system32\d3dx9_26.dll2009-06-25 14:20 . 2009-06-25 14:20	--------	d-----w-	c:\documents and settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\Ahead2009-06-20 16:25 . 2009-06-20 16:25	0	----a-w-	C:\iphist.dat2009-06-20 13:03 . 2004-08-22 14:31	5248	----a-w-	c:\windows\system32\drivers\d347prt.sys2009-06-20 13:03 . 2004-08-22 14:31	155136	----a-w-	c:\windows\system32\drivers\d347bus.sys2009-06-20 13:03 . 2009-06-20 13:03	--------	d-----w-	c:\program files\D-Tools2009-06-20 13:02 . 2009-06-20 13:02	--------	d-----w-	c:\windows\Downloaded Installations2009-06-20 12:53 . 2004-03-02 14:37	125184	------w-	c:\windows\system32\drivers\imagesrv.sys2009-06-20 12:53 . 2004-03-02 14:37	5504	------w-	c:\windows\system32\drivers\imagedrv.sys2009-06-20 12:53 . 2000-06-26 08:45	106496	----a-w-	c:\windows\system32\TwnLib20.dll2009-06-20 12:53 . 2009-06-20 12:53	--------	d-----w-	c:\program files\Common Files\Ahead2009-06-20 12:53 . 2004-07-26 14:16	476320	------w-	c:\windows\system32\ImagXpr7.dll2009-06-20 12:53 . 2004-07-26 14:16	471040	------w-	c:\windows\system32\ImagXRA7.dll2009-06-20 12:53 . 2004-07-26 14:16	262144	------w-	c:\windows\system32\ImagXR7.dll2009-06-20 12:53 . 2004-07-26 14:16	1568768	------w-	c:\windows\system32\ImagX7.dll2009-06-20 12:53 . 2001-07-09 08:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe2009-06-20 12:53 . 2009-06-20 12:53	--------	d-----w-	c:\program files\Ahead2009-06-20 10:56 . 2009-06-20 10:56	152576	----a-w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll2009-06-16 19:13 . 2009-06-22 07:07	1	----a-w-	c:\documents and settings\xxxxxxx\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys2009-06-16 19:13 . 2009-06-16 19:13	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\OpenOffice.org2009-06-16 19:10 . 2009-06-16 19:10	--------	d-----w-	c:\program files\OpenOffice.org 32009-06-16 11:39 . 2009-06-16 11:39	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\ChessBase2009-06-16 11:28 . 2009-06-16 11:28	--------	d-----w-	c:\documents and settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\ChessBase2009-06-14 22:00 . 2009-06-14 22:00	--------	d-----w-	c:\documents and settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\Opera2009-06-14 21:37 . 2009-06-14 21:37	--------	d-----w-	c:\program files\Opera2009-06-13 14:52 . 2009-06-18 17:23	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\OpenFM2009-06-13 14:48 . 2009-06-13 14:48	--------	d-----w-	c:\documents and settings\xxxxxxx\.gstreamer-0.102009-06-13 09:44 . 2009-06-13 09:44	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\OpenFM2009-06-13 09:07 . 2009-06-13 11:12	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu2009-06-13 09:07 . 2009-06-21 18:39	--------	d-----w-	c:\program files\Nowe Gadu-Gadu2009-06-09 19:38 . 2009-06-09 19:39	--------	d-----w-	c:\program files\Armageddon2009-06-08 10:51 . 2009-06-08 10:51	--------	d-----w-	c:\program files\Ares.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-07-08 10:30 . 2008-12-12 20:49	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP2009-07-06 14:02 . 2009-02-12 09:22	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Tibia2009-07-06 11:13 . 2009-05-24 16:01	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Skype2009-07-06 11:13 . 2009-05-24 16:03	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\skypePM2009-07-01 16:20 . 2009-05-29 12:44	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\ChessBase2009-06-27 10:44 . 2009-02-12 09:28	54784	----a-w-	c:\documents and settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-06-27 08:56 . 2008-12-12 15:01	--------	d--h--w-	c:\program files\InstallShield Installation Information2009-06-20 10:57 . 2008-12-12 15:05	--------	d-----w-	c:\program files\Java2009-06-18 06:30 . 2009-05-06 06:06	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\PrevxCSI2009-06-16 11:24 . 2008-12-12 15:01	--------	d-----w-	c:\program files\Common Files\InstallShield2009-06-02 04:44 . 2009-04-03 16:48	4212	---ha-w-	c:\windows\system32\zllictbl.dat2009-05-28 09:23 . 2009-05-28 09:23	42088	----a-w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll2009-05-28 08:34 . 2009-05-28 08:34	11264	----a-w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll2009-05-27 19:10 . 2009-05-17 06:42	152576	----a-w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll2009-05-26 10:17 . 2009-05-26 10:14	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Wru2009-05-24 16:03 . 2009-05-24 16:03	56	---ha-w-	c:\windows\system32\ezsidmv.dat2009-05-24 16:00 . 2009-05-24 16:00	--------	d-----r-	c:\program files\Skype2009-05-24 16:00 . 2009-05-24 16:00	--------	d-----w-	c:\program files\Common Files\Skype2009-05-24 16:00 . 2009-01-15 10:58	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype2009-05-21 19:14 . 2009-05-21 09:20	--------	d-----w-	c:\program files\No-IP2009-05-21 09:53 . 2009-05-21 09:53	--------	d-----w-	c:\program files\Zone Labs2009-05-21 09:33 . 2008-12-12 15:16	410984	----a-w-	c:\windows\system32\deploytk.dll2009-05-20 06:11 . 2009-03-13 19:12	--------	d-----w-	c:\program files\ipla2009-05-19 13:18 . 2009-01-07 09:59	--------	d-----w-	c:\program files\Google2009-05-19 13:17 . 2009-05-14 15:56	--------	d-----w-	c:\program files\ALLPlayer2009-05-19 13:17 . 2009-05-14 15:56	--------	d-----w-	c:\program files\NAPI-PROJEKT2009-05-17 21:45 . 2009-05-17 21:36	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\FileZilla2009-05-17 13:10 . 2009-05-08 15:42	--------	d-----w-	c:\program files\BearShare Applications2009-05-16 05:34 . 2008-12-12 15:03	--------	d-----w-	c:\program files\Gadu-Gadu2009-05-15 08:32 . 2009-05-15 08:32	--------	d-----w-	c:\program files\BepanthenDesktopCelendar2009-05-13 11:33 . 2009-05-13 11:33	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab2009-05-11 20:41 . 2009-05-11 20:07	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Dev-Cpp2009-05-11 12:19 . 2009-02-22 09:08	22024	----a-w-	c:\windows\system32\drivers\pxscan.sys2009-05-11 12:19 . 2009-05-11 12:19	27656	----a-w-	c:\windows\system32\drivers\pxsec.sys2009-05-11 12:18 . 2009-02-22 09:07	787000	----a-w-	c:\documents and settings\All Users\Dane aplikacji\PrevxCSI\~PrevxCSIUpdate.exe2009-05-09 19:48 . 2009-05-09 19:48	--------	d-----w-	c:\program files\PLAY2009-05-09 19:36 . 2009-05-09 19:36	--------	d-----w-	c:\documents and settings\xxxxxxx\Dane aplikacji\Globe72009-05-09 19:07 . 2009-05-09 19:07	40070	----a-r-	c:\documents and settings\xxxxxxx\Dane aplikacji\Microsoft\Installer\{1AF2006B-F09D-4A03-A240-86DE18F8F04D}\_7e4e29f1.exe2009-05-09 19:07 . 2009-05-09 19:07	40070	----a-r-	c:\documents and settings\xxxxxxx\Dane aplikacji\Microsoft\Installer\{1AF2006B-F09D-4A03-A240-86DE18F8F04D}\_7e4a7ff5.exe2009-05-09 18:46 . 2009-05-09 18:46	--------	d-----w-	c:\program files\Zeallsoft2009-04-29 17:35 . 2009-04-28 17:33	55640	----a-w-	c:\windows\system32\drivers\avgntflt.sys2009-04-28 08:10 . 2009-04-28 08:10	29500	---ha-w-	c:\windows\system32\mlfcache.dat2009-04-24 13:38 . 2009-04-24 13:38	215872	----a-w-	c:\windows\system32\drivers\truecrypt.sys2009-04-14 21:42 . 2009-04-14 21:42	717296	----a-w-	c:\windows\system32\drivers\sptd.sys2007-01-25 02:52 . 2007-01-25 02:52	65536	----a-w-	c:\program files\Common Files\NMSAccessU.exe.(((((((((((((((((((((((((((((   SnapShot@2009-07-07_08.41.07   ))))))))))))))))))))))))))))))))))))))))).+ 2009-07-08 08:19 . 2009-07-08 08:19	16384			  c:\windows\temp\Perflib_Perfdata_2e4.dat+ 2009-07-07 17:56 . 2009-07-07 17:56	5120			  c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe- 2009-07-05 19:52 . 2009-07-05 19:52	5120			  c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360][HKEY_LOCAL_MACHINE\software\microsoft\security center]"UpdatesDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="d:\\Warcraft III\\Warcraft III.exe"="d:\\Tibia\\Tibia.exe"="c:\\Program Files\\Ares\\Ares.exe"="c:\\Program Files\\Java\\jre6\\bin\\java.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="d:\\Gadu-Gadu\\gg.exe"="c:\\Documents and Settings\\xxxxxxx\\Pulpit\\AlissowOts\\AlissowOts\\AlissowOTs.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Tibia\\Tibcxcia.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-22 22024]R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-05-11 27656]R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-10 4368952]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [2008-12-12 332928].Zawartość folderu 'Zaplanowane zadania'2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]2009-07-08 c:\windows\Tasks\RegCure Program Check.job- d:\regcure\RegCure.exe [2008-12-29 17:58]2009-05-31 c:\windows\Tasks\RegCure.job- d:\regcure\RegCure.exe [2008-12-29 17:58].- - - - USUNIĘTO PUSTE WPISY - - - -BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file).------- Skan uzupełniający -------.uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZRfox000&ptb=WzmUfgpJ90LJYCq.YOgd4AuSearch Page = hxxp://www.google.comuDefault_Search_URL = hxxp://www.google.com/ieuSearch Bar = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = hxxp://www.gaduradio.pl/index.php?gadugadu=2be3be8980575dff29a2baf792cd009euSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZRfox000FF - ProfilePath - c:\documents and settings\xxxxxxx\Dane aplikacji\Mozilla\Firefox\Profiles\u8btksix.default\FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=FF - prefs.js: browser.search.selectedEngine - Winamp SearchFF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=FF - component: c:\documents and settings\xxxxxxx\Dane aplikacji\Mozilla\Firefox\Profiles\u8btksix.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dllFF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dllFF - plugin: c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-07-08 12:34Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2009-07-08 12:36ComboFix-quarantined-files.txt  2009-07-08 10:36ComboFix2.txt  2009-07-07 08:46ComboFix3.txt  2009-04-20 18:36Przed: 1 026 031 616 bajtów wolnychPo: 1 007 611 904 bajtów wolnychCurrent=4 Default=4 Failed=2 LastKnownGood=3 Sets=1,2,3,4272	--- E O F ---	2009-04-01 05:23
Gość
komentarz
komentarz

Log z ComboFixa jest czysty. ;]

Daj logi z OTL.

.

Rampampam
komentarz
komentarz

Oto log z OTL:

OTL logfile created on: 2009-07-10 07:26:08 - Run 1OTL by OldTimer - Version 3.0.6.5	 Folder = C:\Documents and Settings\xxxxxxx\PulpitWindows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.5512)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd509,98 Mb Total Physical Memory | 219,20 Mb Available Physical Memory | 42,98% Memory free1,22 Gb Paging File | 0,97 Gb Available in Paging File | 79,40% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 11,87 Gb Total Space | 0,93 Gb Free Space | 7,87% Space Free | Partition Type: NTFSDrive D: | 25,39 Gb Total Space | 15,79 Gb Free Space | 62,20% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedDrive G: | 3,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFSH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: AMA_PCCurrent User Name: xxxxxxxLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2009-02-16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exePRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXEPRC - [2009-05-11 14:19:21 | 04,368,952 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exePRC - [2009-05-21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2007-01-25 04:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exePRC - [2002-07-15 16:36:54 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exePRC - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- D:\Alcohol 120\StarWind\StarWindServiceAE.exePRC - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exePRC - [2009-02-16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exePRC - [2007-07-09 09:39:12 | 02,119,104 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exePRC - [2009-05-11 14:19:21 | 04,368,952 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exePRC - [2008-04-14 19:21:50 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exePRC - [2009-02-25 23:27:30 | 01,433,952 | ---- | M] (Nullsoft) -- D:\Winamp\winamp.exePRC - [2009-06-13 12:41:37 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2009-07-10 07:24:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxxxxxx\Pulpit\OTL.exe========== Win32 Services (SafeList) ==========SRV - [2007-10-24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])SRV - File not found --  -- (AVP [Auto | Stopped])SRV - [2007-10-24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2009-05-11 14:19:21 | 04,368,952 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner [Auto | Running])SRV - [2007-10-09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])SRV - [2009-05-12 20:37:19 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])SRV - [2007-10-11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])SRV - [2009-05-21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])SRV - [2007-10-11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])SRV - [2007-01-25 04:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe -- (NMSAccessU [Auto | Running])SRV - [2002-07-15 16:36:54 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])SRV - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- D:\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])SRV - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])SRV - [2009-02-16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])========== Driver Services (SafeList) ==========DRV - [2002-08-22 18:57:02 | 00,098,752 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])DRV - [2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [boot | Running])DRV - [2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [boot | Running])DRV - [2003-03-04 13:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])DRV - [2004-11-02 10:27:20 | 00,773,565 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])DRV - [2008-01-29 18:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [boot | Running])DRV - [2008-04-30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])DRV - [2009-05-11 14:19:22 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan [boot | Running])DRV - [2009-05-11 14:19:21 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec [boot | Running])DRV - [2008-06-27 03:39:42 | 00,332,928 | R--- | M] (Realtek Semiconductor Corporation						   ) -- C:\WINDOWS\System32\DRIVERS\RTL8187.sys -- (RTLWUSB [On_Demand | Stopped])DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])DRV - [2002-10-11 13:46:24 | 00,518,720 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])DRV - [2009-04-14 23:42:10 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])DRV - [2008-11-17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [boot | Running])DRV - [2001-10-26 17:05:44 | 00,006,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])DRV - [2009-04-24 15:38:58 | 00,215,872 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys -- (truecrypt [system | Running])DRV - [2009-02-16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [system | Running])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=homeIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Reg Error: Key error. File not foundIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhomeIE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhomeIE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amnezja.org/IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amnezja.org/IE - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/...J90LJYCq.YOgd4AIE - HKU\S-1-5-21-602162358-706699826-839522115-1003\S-1-5-21-602162358-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Winamp Search"FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="FF - prefs.js..browser.search.selectedEngine: "Winamp Search"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.5.1.1FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-22 20:04:45 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-13 15:13:52 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-13 12:41:42 | 00,000,000 | ---D | M][2009-02-26 11:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\mozilla\Extensions[2009-02-26 11:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2009-07-09 12:54:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\mozilla\Firefox\Profiles\u8btksix.default\extensions[2009-03-02 22:11:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\mozilla\Firefox\Profiles\u8btksix.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}[2009-05-08 15:53:10 | 00,009,895 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Mozilla\FireFox\Profiles\u8btksix.default\searchplugins\mywebsearch.xml[2009-06-11 10:43:23 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Mozilla\FireFox\Profiles\u8btksix.default\searchplugins\winamp-search.xml[2009-07-10 07:24:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions[2009-06-13 12:41:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2009-05-24 18:00:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}[2008-12-12 17:05:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}[2008-12-12 17:16:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}[2009-05-22 20:05:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}[2009-06-20 12:57:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}[2009-05-08 17:43:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}[2009-06-13 12:41:37 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll[2009-06-13 12:41:37 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll[2009-05-21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll[2009-02-06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll[2009-06-13 12:41:39 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll[2007-05-10 23:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll[2008-10-04 21:24:00 | 03,695,008 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll[2009-04-03 18:51:02 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xmlO1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1	   localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\ShellBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\ShellBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not foundO3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)O4 - HKU\S-1-5-21-602162358-706699826-839522115-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun  = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu  = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-602162358-706699826-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1O7 - HKU\S-1-5-21-602162358-706699826-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Search -  File not foundO9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll File not foundO9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.77.2 82.139.8.7 88.156.63.9O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter:  - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2008-12-12 16:37:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2002-06-06 16:03:46 | 00,040,960 | ---- | M] () - D:\autoplay.exe -- [ NTFS ]O32 - AutoRun File - [2007-11-02 11:20:28 | 00,000,049 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]O34 - HKLM BootExecute: (autocheck) -  File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) -  File not found========== Files/Folders - Created Within 30 Days ==========[4 C:\WINDOWS\*.tmp files][2009-07-10 07:24:20 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\xxxxxxx\Pulpit\OTL.exe[2009-07-10 07:00:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Pulpit\Nieużywane skróty pulpitu[2009-07-09 21:58:13 | 00,154,470 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\japierdziu.JPG[2009-07-09 12:45:36 | 00,942,370 | ---- | C] (TibiaCam TV												 ) -- C:\Documents and Settings\xxxxxxx\Pulpit\TibiaCamLite-2.8.2.exe[2009-07-08 18:26:56 | 00,000,000 | -HSD | C] -- C:\RECYCLER[2009-07-08 12:35:10 | 02,190,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe[2009-07-08 12:35:10 | 02,067,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe[2009-07-08 12:35:10 | 01,571,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll[2009-07-08 12:35:10 | 01,035,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe[2009-07-08 12:35:10 | 01,018,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll[2009-07-08 12:35:10 | 00,668,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll[2009-07-08 12:35:10 | 00,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll[2009-07-08 12:35:10 | 00,510,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe[2009-07-08 12:35:10 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys[2009-07-08 12:35:10 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll[2009-07-08 12:35:10 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys[2009-07-08 12:35:10 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll[2009-07-08 12:35:10 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll[2009-07-08 12:35:10 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe[2009-07-08 12:35:10 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll[2009-07-08 12:35:10 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe[2009-07-08 12:35:10 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe[2009-07-08 12:35:10 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys[2009-07-08 12:35:10 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe[2009-07-08 12:35:10 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys[2009-07-08 12:35:10 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll[2009-07-08 12:35:10 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe[2009-07-08 12:35:10 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe[2009-07-08 12:35:10 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe[2009-07-07 10:43:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache[2009-07-06 16:13:33 | 00,000,428 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk[2009-07-05 21:51:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard[2009-07-04 09:40:16 | 00,016,914 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Moje dokumenty\botter at the goblin cave.cam[2009-07-03 16:03:35 | 03,196,328 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\ventrilo-3.0.5-Windows-i386.exe[2009-07-03 15:49:47 | 04,827,900 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\TIBIANGICAM.rar[2009-07-03 15:49:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Pulpit\TIBIANGICAM[2009-07-02 07:35:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Pulpit\VCam842[2009-07-01 20:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Pulpit\TibiaBot NG[2009-07-01 19:26:28 | 20,393,405 | ---- | C] (CipSoft GmbH												) -- C:\Documents and Settings\xxxxxxx\Pulpit\tibia841.exe[2009-07-01 19:22:57 | 03,837,952 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\elfbot.dll[2009-07-01 19:16:11 | 02,180,946 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Moj Elf.rar[2009-06-30 13:29:09 | 00,000,480 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Edron Goblins Floor 2.wpt[2009-06-30 10:54:56 | 00,003,334 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Paladin Goblin Trainer Script(2).ng[2009-06-30 10:50:05 | 00,003,334 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Paladin Goblin Trainer Script.ng[2009-06-29 15:53:28 | 00,008,140 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\SouthWestLarvasv1.0(Experienced).wpt[2009-06-29 10:25:06 | 00,001,218 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Edron_Trolls.wpt[2009-06-28 23:50:45 | 00,010,742 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Edron_Goblins_Perfect.wpt[2009-06-28 19:32:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Pulpit\winhex[2009-06-28 19:32:22 | 01,162,764 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\winhex.zip[2009-06-28 19:25:39 | 01,925,120 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\hook.dll[2009-06-28 19:22:37 | 00,000,446 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\TibiaBot NG.lnk[2009-06-28 19:11:19 | 03,676,160 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\xxxxxxx\Pulpit\setup-4.5.0.EXE[2009-06-27 11:21:26 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll[2009-06-27 11:21:25 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll[2009-06-27 11:21:22 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll[2009-06-27 11:21:21 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll[2009-06-27 11:21:17 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll[2009-06-27 10:56:19 | 00,000,325 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Chessmaster 10th Edition.lnk[2009-06-26 21:37:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Pulpit\AlissowOts[2009-06-25 21:20:40 | 01,336,832 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\ventrilo-2.1.4-Windows-i386.exe[2009-06-25 16:20:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\Ahead[2009-06-24 10:14:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Pulpit\A Guide To Master Chess And Checkers.pdf[2009-06-23 17:06:12 | 00,674,901 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\tibiasoft_com_TibiaMC842.rar[2009-06-23 13:23:29 | 05,353,409 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\[DejaScacchi]Tactical Combinations.exe[2009-06-22 11:34:00 | 00,000,409 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk[2009-06-21 20:40:40 | 20,398,051 | ---- | C] (CipSoft GmbH												) -- C:\Documents and Settings\xxxxxxx\Pulpit\tibia842.exe[2009-06-21 15:18:59 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2009-06-21 13:48:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Pulpit\Andrew Soltis - Pawn Structure Chess (algebraic)[2009-06-21 12:27:19 | 00,927,222 | ---- | C] (TibiaCam TV												 ) -- C:\Documents and Settings\xxxxxxx\Pulpit\TibiaCamLite-2.7.exe[2009-06-20 21:14:52 | 02,251,365 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\aresregular211_installer.exe[2009-06-20 18:25:59 | 00,000,000 | ---- | C] () -- C:\iphist.dat[2009-06-20 15:19:54 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll[2009-06-20 15:16:55 | 00,000,842 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Fritz11.lnk[2009-06-20 15:05:40 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe[2009-06-20 15:05:23 | 00,000,000 | ---D | C] -- C:\Qoobox[2009-06-20 15:05:00 | 03,045,754 | R--- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\ComboFix.exe[2009-06-20 15:03:13 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys[2009-06-20 15:03:13 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys[2009-06-20 15:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\D-Tools[2009-06-20 15:02:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations[2009-06-20 14:53:13 | 00,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll[2009-06-20 14:53:12 | 01,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll[2009-06-20 14:53:12 | 00,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll[2009-06-20 14:53:12 | 00,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll[2009-06-20 14:53:12 | 00,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll[2009-06-20 14:53:12 | 00,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe[2009-06-20 14:53:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead[2009-06-20 14:53:08 | 00,000,000 | ---D | C] -- C:\Program Files\Ahead[2009-06-19 12:06:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Moje dokumenty\THIEF[2009-06-16 21:13:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\OpenOffice.org[2009-06-16 21:10:32 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3[2009-06-16 13:39:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ChessBase[2009-06-16 13:28:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\ChessBase[2009-06-16 13:25:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Moje dokumenty\ChessBase[2009-06-15 00:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\Opera[2009-06-15 00:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Opera[2009-06-14 23:37:16 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Opera.lnk[2009-06-14 23:37:12 | 00,000,000 | ---D | C] -- C:\Program Files\Opera[2009-06-13 16:52:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM[2009-06-13 11:44:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\OpenFM[2009-06-13 11:07:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu[2009-06-13 11:07:13 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu[2009-05-29 14:44:48 | 00,000,202 | ---- | C] () -- C:\WINDOWS\ChssBase.ini[2009-05-12 14:10:22 | 00,000,085 | ---- | C] () -- C:\WINDOWS\setsTrjD.ini[2009-04-14 23:42:09 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys[2009-04-12 19:17:01 | 00,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI[2009-03-23 12:18:51 | 00,000,052 | ---- | C] () -- C:\WINDOWS\Relax.ini[2009-02-28 15:15:41 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2009-02-28 15:15:41 | 00,617,984 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2009-02-28 15:15:41 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2009-02-10 15:25:24 | 00,000,066 | ---- | C] () -- C:\WINDOWS\wininit.ini[2009-01-30 13:17:34 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI[2008-06-27 21:19:26 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\windows32hk.dll[2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll[2003-02-03 07:26:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll[2001-07-22 01:16:20 | 00,000,600 | ---- | C] () -- C:\WINDOWS\win.ini[2001-07-22 01:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini[2001-06-07 12:23:58 | 00,000,211 | ---- | C] () -- C:\WINDOWS\System32\memdil.ini[2001-02-20 08:02:10 | 00,000,074 | ---- | C] () -- C:\WINDOWS\System32\syscc.ini========== Files - Modified Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][4 C:\WINDOWS\*.tmp files][2009-07-10 07:24:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxxxxxx\Pulpit\OTL.exe[2009-07-10 07:22:39 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml[2009-07-10 07:22:30 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job[2009-07-10 07:22:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009-07-10 07:22:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009-07-09 21:58:13 | 00,154,470 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\japierdziu.JPG[2009-07-09 18:45:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2009-07-09 12:45:42 | 00,942,370 | ---- | M] (TibiaCam TV												 ) -- C:\Documents and Settings\xxxxxxx\Pulpit\TibiaCamLite-2.8.2.exe[2009-07-08 12:34:16 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2009-07-07 10:40:35 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2009-07-07 10:31:55 | 03,045,754 | R--- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\ComboFix.exe[2009-07-06 16:13:33 | 00,000,428 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk[2009-07-05 11:17:06 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2009-07-04 09:40:18 | 00,016,914 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Moje dokumenty\botter at the goblin cave.cam[2009-07-03 16:03:59 | 03,196,328 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\ventrilo-3.0.5-Windows-i386.exe[2009-07-03 15:49:59 | 04,827,900 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\TIBIANGICAM.rar[2009-07-01 19:29:19 | 20,393,405 | ---- | M] (CipSoft GmbH												) -- C:\Documents and Settings\xxxxxxx\Pulpit\tibia841.exe[2009-07-01 19:16:23 | 02,180,946 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Moj Elf.rar[2009-06-30 13:29:07 | 00,000,480 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Edron Goblins Floor 2.wpt[2009-06-30 10:50:04 | 00,003,334 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Paladin Goblin Trainer Script.ng[2009-06-30 10:50:03 | 00,003,334 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Paladin Goblin Trainer Script(2).ng[2009-06-29 15:53:13 | 00,008,140 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\SouthWestLarvasv1.0(Experienced).wpt[2009-06-29 10:25:05 | 00,001,218 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Edron_Trolls.wpt[2009-06-28 23:50:43 | 00,010,742 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Edron_Goblins_Perfect.wpt[2009-06-28 19:32:29 | 01,162,764 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\winhex.zip[2009-06-28 19:26:00 | 00,000,446 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\TibiaBot NG.lnk[2009-06-28 19:11:53 | 03,676,160 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\xxxxxxx\Pulpit\setup-4.5.0.EXE[2009-06-27 15:00:36 | 00,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2009-06-27 12:44:09 | 00,054,784 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT[2009-06-27 10:56:19 | 00,000,325 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Chessmaster 10th Edition.lnk[2009-06-27 00:05:58 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-06-25 21:20:48 | 01,336,832 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\ventrilo-2.1.4-Windows-i386.exe[2009-06-23 17:06:16 | 00,674,901 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\tibiasoft_com_TibiaMC842.rar[2009-06-23 13:24:09 | 05,353,409 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\[DejaScacchi]Tactical Combinations.exe[2009-06-22 18:07:28 | 03,837,952 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\elfbot.dll[2009-06-22 11:34:00 | 00,000,409 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk[2009-06-21 20:43:47 | 20,398,051 | ---- | M] (CipSoft GmbH												) -- C:\Documents and Settings\xxxxxxx\Pulpit\tibia842.exe[2009-06-21 12:27:27 | 00,927,222 | ---- | M] (TibiaCam TV												 ) -- C:\Documents and Settings\xxxxxxx\Pulpit\TibiaCamLite-2.7.exe[2009-06-20 21:15:18 | 02,251,365 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\aresregular211_installer.exe[2009-06-20 18:25:59 | 00,000,000 | ---- | M] () -- C:\iphist.dat[2009-06-20 17:49:48 | 00,000,202 | ---- | M] () -- C:\WINDOWS\ChssBase.ini[2009-06-20 15:16:55 | 00,000,842 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Fritz11.lnk[2009-06-20 15:16:53 | 00,000,600 | ---- | M] () -- C:\WINDOWS\win.ini[2009-06-20 14:50:06 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009-06-14 23:37:16 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Opera.lnk========== LOP Check ==========[2009-06-16 13:39:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji[2009-04-12 12:26:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\.Beniamin[2009-06-16 13:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ChessBase[2008-12-12 17:02:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink[2009-03-13 21:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla[2009-04-03 18:49:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier[2009-06-18 19:23:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM[2009-06-18 08:30:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI[2009-04-09 11:42:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SecTaskMan[2009-07-10 06:06:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP[2009-05-26 12:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Wru[2008-12-12 16:38:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji[2009-06-06 16:41:01 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Gość\Dane aplikacji[2009-05-28 08:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gość\Dane aplikacji\Gadu-Gadu[2009-06-06 16:42:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gość\Dane aplikacji\Tibia[2008-12-12 16:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji[2008-12-12 16:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji[2009-06-16 21:13:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji[2009-03-23 13:10:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Canneverbe_Limited[2009-07-01 18:20:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\ChessBase[2009-05-11 22:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Dev-Cpp[2009-05-17 23:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\FileZilla[2009-02-09 20:51:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Gadu-Gadu[2009-05-09 21:36:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Globe7[2009-04-30 14:01:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\gtk-2.0[2009-04-09 14:15:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\ipla[2009-06-13 13:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu[2009-06-13 11:44:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\OpenFM[2009-06-16 21:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\OpenOffice.org[2009-06-15 00:00:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Opera[2009-02-09 15:41:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\PCToolsFirewallPlus[2009-03-14 17:45:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Serif[2009-04-11 16:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\sqlitestudio[2009-07-06 16:02:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Tibia[2009-04-24 15:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\TrueCrypt[2009-04-20 12:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Uniblue[2009-04-07 17:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Ventrilo[2009-07-09 18:45:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job[2001-07-22 01:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini[2009-07-10 07:22:30 | 00,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job[2009-05-31 12:08:07 | 00,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job[2009-07-10 07:22:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6< End of report >
Gość
komentarz
komentarz

Ogólnie jest OK, trzeba troszkę posprzątać. :)

Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt:

:OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O32 - AutoRun File - [2002-06-06 16:03:46 | 00,040,960 | ---- | M] () - D:\autoplay.exe -- [ NTFS ]O32 - AutoRun File - [2007-11-02 11:20:28 | 00,000,049 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\msdaipp - No CLSID value foundO8 - Extra context menu item: &Search - File not foundO2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found:Reg[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"SuperHidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"Hidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"ShowSuperHidden"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]"CheckedValue"=dword:00000001[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]@="":Commands[emptytemp][start explorer][Reboot]

Klikasz w Run Fix i zatwierdzasz restart komputera.

Pokazujesz log z usuwania po restarcie.

.

  • 1 miesiąc później...
Rampampam
komentarz
komentarz (edytowane)

OTl:

Log do sprawdzenia
All processes killed

========== OTL ==========

Process explorer.exe killed successfully!

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Systool deleted successfully.

C:\WINDOWS\smss.cmd moved successfully.

Service\Driver PowerManager deleted successfully.

C:\WINDOWS\svchost.exe moved successfully.

Service\Driver dlgx1 deleted successfully.

C:\WINDOWS\System32\dlg.exe moved successfully.

========== FILES ==========

File\Folder C:\WINDOWS\svchost.exe not found.

File\Folder C:\WINDOWS\System32\dlg.exe not found.

DllUnregisterServer procedure not found in C:\WINDOWS\System32\dlg.dll

C:\WINDOWS\System32\dlg.dll NOT unregistered.

C:\WINDOWS\System32\dlg.dll moved successfully.

C:\avmon.com moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\inout2.dll

C:\WINDOWS\inout2.dll NOT unregistered.

C:\WINDOWS\inout2.dll moved successfully.

File\Folder C:\WINDOWS\smss.cmd not found.

LoadLibrary failed for C:\WINDOWS\System32\sknc.dll

C:\WINDOWS\System32\sknc.dll NOT unregistered.

C:\WINDOWS\System32\sknc.dll moved successfully.

========== SERVICES/DRIVERS ==========

Service\Driver dlgx1 not found.

Service\Driver dlgx1 not found.

Service\Driver PowerManager not found.

Service\Driver PowerManager not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: elgy

User: Gość

->Temp folder emptied: 279293372 bytes

->Temporary Internet Files folder emptied: 89120175 bytes

->Opera cache emptied: 45760864 bytes

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 66025 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 582975 bytes

User: xxxxxxx

->Temp folder emptied: 61065212 bytes

->Temporary Internet Files folder emptied: 20421131 bytes

->Java cache emptied: 5075492 bytes

->FireFox cache emptied: 44730706 bytes

->Google Chrome cache emptied: 5976421 bytes

->Opera cache emptied: 25828494 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 491144 bytes

RecycleBin emptied: 1162122 bytes

Total Files Cleaned = 552,72 mb

OTL by OldTimer - Version 3.0.10.6 log created on 08142009_132642

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

A tutaj combofix:

Log do sprawdzenia
ComboFix 09-08-10.06 - xxxxxxx 2009-08-14 14:14.15.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.510.91 [GMT 2:00] Uruchomiony z: c:\documents and settings\xxxxxxx\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\svchost.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_POWERMANAGER -------\Service_PowerManager ((((((((((((((((((((((((( Pliki utworzone od 2009-07-14 do 2009-08-14 ))))))))))))))))))))))))))))))) . 2009-08-14 11:14 . 2009-08-14 11:14 -------- d-----w- C:\_OTL 2009-08-10 14:04 . 2009-08-10 14:19 -------- d-----w- c:\documents and settings\Gość 2009-08-04 07:15 . 2009-08-04 07:15 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2009-08-03 22:25 . 2009-05-01 21:03 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-08-03 22:25 . 2009-05-01 21:03 118520 ------w- c:\windows\system32\pxinsi64.exe 2009-08-03 22:25 . 2009-08-03 22:25 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2009-08-03 22:25 . 2009-08-03 22:25 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-07-27 19:42 . 2009-08-01 20:59 -------- d-----w- c:\windows\system32\Adobe 2009-07-26 19:23 . 2009-08-01 18:04 -------- d-----w- C:\Tibia 2009-07-23 15:34 . 2009-07-23 15:34 -------- d-----w- c:\program files\Shape Collage 2009-07-23 11:44 . 2009-07-23 11:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-18 15:50 . 2009-07-15 11:35 62760 ----a-w- c:\documents and settings\xxxxxxx\Dane aplikacji\Mozilla\Firefox\Profiles\u8btksix.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-14 12:04 . 2009-05-06 06:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PrevxCSI 2009-08-13 12:35 . 2009-06-16 19:13 1 ----a-w- c:\documents and settings\xxxxxxx\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-08-11 19:18 . 2009-08-12 07:58 1879552 ----a-w- c:\windows\Internet Logs\xDB6.tmp 2009-08-11 15:10 . 2009-08-11 15:10 69813 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_11_15_04_37_small.dmp.zip 2009-08-11 13:04 . 2009-08-11 13:06 940544 ----a-w- c:\windows\Internet Logs\xDB5.tmp 2009-08-10 08:58 . 2008-12-12 20:49 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-08-08 09:57 . 2009-02-12 09:22 -------- d-----w- c:\documents and settings\xxxxxxx\Dane aplikacji\Tibia 2009-08-06 13:17 . 2009-08-06 13:48 3147776 ----a-w- c:\windows\Internet Logs\xDB3.tmp 2009-08-06 13:17 . 2009-08-06 13:48 1859584 ----a-w- c:\windows\Internet Logs\xDB4.tmp 2009-08-03 22:27 . 2009-01-07 09:59 -------- d-----w- c:\program files\Google 2009-07-31 04:02 . 2009-07-31 04:01 1238240 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2009-07-22 20:08 . 2009-05-24 16:01 -------- d-----w- c:\documents and settings\xxxxxxx\Dane aplikacji\Skype 2009-07-22 20:00 . 2009-05-24 16:03 -------- d-----w- c:\documents and settings\xxxxxxx\Dane aplikacji\skypePM 2009-07-19 11:06 . 2009-07-19 11:06 121659 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_19_12_33_40_small.dmp.zip 2009-07-11 08:38 . 2009-07-11 08:44 1741312 ----a-w- c:\windows\Internet Logs\xDB2.tmp 2009-07-10 06:12 . 2009-07-10 07:33 1739264 ----a-w- c:\windows\Internet Logs\xDB1.tmp 2009-07-01 16:20 . 2009-05-29 12:44 -------- d-----w- c:\documents and settings\xxxxxxx\Dane aplikacji\ChessBase 2009-06-27 10:44 . 2009-02-12 09:28 54784 ----a-w- c:\documents and settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-06-27 08:56 . 2008-12-12 15:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-21 18:39 . 2009-06-13 09:07 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-06-20 16:25 . 2009-06-20 16:25 0 ----a-w- C:\iphist.dat 2009-06-20 13:03 . 2009-06-20 13:03 -------- d-----w- c:\program files\D-Tools 2009-06-20 12:53 . 2009-06-20 12:53 -------- d-----w- c:\program files\Ahead 2009-06-20 12:53 . 2009-06-20 12:53 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-20 10:57 . 2008-12-12 15:05 -------- d-----w- c:\program files\Java 2009-06-20 10:56 . 2009-06-20 10:56 152576 ----a-w- c:\documents and settings\xxxxxxx\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-18 17:23 . 2009-06-13 14:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2009-06-16 19:13 . 2009-06-16 19:13 -------- d-----w- c:\documents and settings\xxxxxxx\Dane aplikacji\OpenOffice.org 2009-06-16 19:10 . 2009-06-16 19:10 -------- d-----w- c:\program files\OpenOffice.org 3 2009-06-16 11:39 . 2009-06-16 11:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ChessBase 2009-06-16 11:24 . 2008-12-12 15:01 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-02 04:44 . 2009-04-03 16:48 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-05-28 09:23 . 2009-05-28 09:23 42088 ----a-w- c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-05-28 08:34 . 2009-05-28 08:34 11264 ----a-w- c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll 2009-05-27 19:10 . 2009-05-17 06:42 152576 ----a-w- c:\documents and settings\xxxxxxx\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-24 16:03 . 2009-05-24 16:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-05-21 09:33 . 2008-12-12 15:16 410984 ----a-w- c:\windows\system32\deploytk.dll 2007-01-25 02:52 . 2007-01-25 02:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-04_18.45.55 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-14 12:20 . 2009-08-14 12:20 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat + 2009-08-14 12:19 . 2009-08-14 12:19 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat + 2009-08-14 12:19 . 2009-08-14 12:19 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat + 2009-08-14 12:19 . 2009-08-14 12:19 880640 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat + 2009-08-14 12:19 . 2009-08-14 12:19 241664 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT + 2009-08-14 12:19 . 2009-08-14 12:19 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT + 2009-08-14 12:19 . 2009-08-14 12:19 6242304 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 68856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ares"="d:\oo\Ares\Ares.exe" [2008-12-13 882176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\Warcraft III\\Warcraft III.exe"= "d:\\Tibia\\Tibia.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Gadu-Gadu\\gg.exe"= "d:\\Tibia\\Tibcxcia.exe"= "c:\\Tibia\\Tibia.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\oo\\Ares\\Ares.exe"= "d:\\Tibia84\\Tibia.exe"= "d:\\Tibia841\\Tibia.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-22 22024] R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-05-11 27656] R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-10 4368952] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S2 gupdate1ca14894b2adeba;Usługa Google Update (gupdate1ca14894b2adeba);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 133104] S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [2008-12-12 332928] . Zawartość folderu 'Zaplanowane zadania' 2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2009-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 22:25] 2009-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 22:25] 2009-08-14 c:\windows\Tasks\RegCure Program Check.job - d:\regcure\RegCure.exe [2008-12-29 17:58] 2009-05-31 c:\windows\Tasks\RegCure.job - d:\regcure\RegCure.exe [2008-12-29 17:58] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZRfox000&ptb=WzmUfgpJ90LJYCq.YOgd4A uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.gaduradio.pl/index.php?gadugadu=2be3be8980575dff29a2baf792cd009e uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\xxxxxxx\Dane aplikacji\Mozilla\Firefox\Profiles\u8btksix.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: browser.startup.homepage - hxxp://www.winamp.com?src=toolbar FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\xxxxxxx\Dane aplikacji\Mozilla\Firefox\Profiles\u8btksix.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - plugin: d:\divx\DivX Player\npDivxPlayerPlugin.dll FF - plugin: d:\divx\DivX Web Player\npdivx32.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-14 14:21 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\NMSAccessU.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe d:\alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Mozilla Firefox\firefox.exe . ************************************************************************** . Czas ukończenia: 2009-08-14 14:24 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-08-14 12:24 ComboFix2.txt 2009-08-04 18:49 Przed: 902 504 448 bajtów wolnych Po: 838 361 088 bajtów wolnych Current=4 Default=4 Failed=2 LastKnownGood=3 Sets=1,2,3,4 197 --- E O F --- 2009-04-01 05:23
MarekM25
komentarz
komentarz

Wygląda na to, że combofix usunął Jeefo, ale najlepiej jeszcze przeskanować tym: http://www.sophos.com/support/disinfection/jeefoa.html

Log z combofixa trochę nieczytelnie wygląda, bo wszystko się złączyło.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.