x-kom hosting

Dziwne problemy i podejrzewanie wirusa JEFFO

Rampampam
utworzono
utworzono
Log do sprawdzenia
OTL logfile created on: 2009-08-14 10:40:00 - Run 3
OTL by OldTimer - Version 3.0.10.6 Folder = C:\Documents and Settings\xxxxxxx\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

509,98 Mb Total Physical Memory | 195,09 Mb Available Physical Memory | 38,25% Memory free
1,22 Gb Paging File | 0,96 Gb Available in Paging File | 78,72% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 11,87 Gb Total Space | 0,45 Gb Free Space | 3,77% Space Free | Partition Type: NTFS
Drive D: | 25,39 Gb Total Space | 15,69 Gb Free Space | 61,78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMA_PC
Current User Name: xxxxxxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-02-16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009-05-11 14:19:21 | 04,368,952 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2009-08-09 12:18:38 | 00,256,000 | ---- | M] () -- C:\WINDOWS\System32\dlg.exe
PRC - [2009-05-21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007-01-25 04:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe
PRC - [2002-07-15 16:36:54 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- D:\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009-05-11 14:19:21 | 04,368,952 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2009-02-16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2007-07-09 09:39:12 | 02,119,104 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2009-01-08 15:33:42 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009-07-23 15:40:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-02-25 23:27:30 | 01,433,952 | ---- | M] (Nullsoft) -- D:\Winamp\winamp.exe
PRC - [2009-08-14 10:38:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxxxxxx\Pulpit\OTL.exe
PRC - [2009-08-04 00:25:15 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe

========== Win32 Services (SafeList) ==========

SRV - [2007-10-24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - File not found -- -- (AVP [Auto | Stopped])
SRV - [2007-10-24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009-05-11 14:19:21 | 04,368,952 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner [Auto | Running])
SRV - [2009-08-09 12:18:38 | 00,256,000 | ---- | M] () -- C:\WINDOWS\System32\dlg.exe -- (dlgx1 [Auto | Running])
SRV - [2007-10-09 13:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009-08-04 00:25:15 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca14894b2adeba [Auto | Stopped])
SRV - [2009-05-12 20:37:19 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007-10-11 10:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])
SRV - [2009-05-21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007-10-11 10:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007-01-25 04:52:26 | 00,065,536 | ---- | M] () -- C:\Program Files\Common Files\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
SRV - [2001-08-24 20:00:00 | 00,036,352 | --S- | M] (Microsoft Corporation) -- C:\WINDOWS\svchost.exe -- (PowerManager [Auto | Stopped])
SRV - [2002-07-15 16:36:54 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- D:\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2009-02-16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2002-08-22 18:57:02 | 00,098,752 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [boot | Running])
DRV - [2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [boot | Running])
DRV - [2003-03-04 13:56:26 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2004-11-02 10:27:20 | 00,773,565 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2008-01-29 18:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [boot | Running])
DRV - [2008-04-30 18:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running])
DRV - [2001-08-18 00:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])
DRV - [2009-05-11 14:19:22 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan [boot | Running])
DRV - [2009-05-11 14:19:21 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys -- (pxsec [boot | Running])
DRV - [2008-06-27 03:39:42 | 00,332,928 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\RTL8187.sys -- (RTLWUSB [On_Demand | Stopped])
DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002-10-11 13:46:24 | 00,518,720 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2009-04-14 23:42:10 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])
DRV - [2008-11-17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [boot | Running])
DRV - [2001-10-26 17:05:44 | 00,006,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2009-04-24 15:38:58 | 00,215,872 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys -- (truecrypt [system | Running])
DRV - [2009-02-16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [system | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ie'>http://www.google.com/ie'>http://www.google.com/ie
IE - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZRfox000&ptb=WzmUfgpJ90LJYCq.YOgd4A
IE - HKU\S-1-5-21-602162358-706699826-839522115-1003\S-1-5-21-602162358-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Winamp Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.winamp.com?src=toolbar"
FF - prefs.js..extensions.enabledItems: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}:2.0.0.54356
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-22 20:04:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-07-25 13:30:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-04 00:26:01 | 00,000,000 | ---D | M]

[2009-02-26 11:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\mozilla\Extensions
[2009-02-26 11:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-08-13 21:14:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\mozilla\Firefox\Profiles\u8btksix.default\extensions
[2009-07-18 17:50:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\mozilla\Firefox\Profiles\u8btksix.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009-05-08 15:53:10 | 00,009,895 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Mozilla\FireFox\Profiles\u8btksix.default\searchplugins\mywebsearch.xml
[2009-07-18 17:50:17 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Mozilla\FireFox\Profiles\u8btksix.default\searchplugins\winamp-search.xml
[2009-08-14 10:37:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-07-23 15:40:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-05-24 18:00:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008-12-12 17:05:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008-12-12 17:16:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-05-22 20:05:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-06-20 12:57:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009-05-08 17:43:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
[2009-07-23 15:40:11 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-07-23 15:40:11 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-05-01 23:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009-05-21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-05-12 20:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009-05-19 00:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009-02-06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009-07-23 15:40:13 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007-05-10 23:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008-10-04 21:24:00 | 03,695,008 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2009-04-03 18:51:02 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll
[2009-05-01 23:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009-07-23 15:40:13 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\ShellBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\ShellBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKU\S-1-5-21-602162358-706699826-839522115-1003\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [systool] C:\WINDOWS\smss.cmd ( )
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-602162358-706699826-839522115-1003..\Run: [ares] D:\oo\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-602162358-706699826-839522115-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKU\S-1-5-21-602162358-706699826-839522115-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-602162358-706699826-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-706699826-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-602162358-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-602162358-706699826-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.77.2 82.139.8.7 88.156.63.9
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-12-12 16:37:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-08-14 10:38:46 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\xxxxxxx\Pulpit\OTL.exe
[2009-08-13 21:46:36 | 03,053,608 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Obraz 006.jpg
[2009-08-11 15:21:26 | 00,000,480 | ---- | C] () -- C:\WINDOWS\mamba.ini
[2009-08-11 15:18:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Pulpit\mamba[www.INSTALKI.pl]
[2009-08-11 15:18:13 | 00,043,685 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\mamba[www.INSTALKI.pl].zip
[2009-08-10 00:32:50 | 00,057,856 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\35_wyniki_juniorow_kajaki_ksiazka.doc
[2009-08-09 12:18:38 | 00,256,000 | ---- | C] () -- C:\WINDOWS\System32\dlg.exe
[2009-08-09 12:18:38 | 00,128,000 | ---- | C] () -- C:\WINDOWS\System32\dlg.dll
[2009-08-09 11:54:08 | 00,418,358 | -HS- | C] ( ) -- C:\avmon.com
[2009-08-06 18:25:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxxxxxx\Pulpit\omg1104
[2009-08-05 11:07:22 | 00,978,722 | ---- | C] (TibiaCam TV ) -- C:\Documents and Settings\xxxxxxx\Pulpit\TibiaCamLite-2.8.2(3).exe
[2009-08-05 11:07:00 | 00,978,722 | ---- | C] (TibiaCam TV ) -- C:\Documents and Settings\xxxxxxx\Pulpit\TibiaCamLite-2.8.2(2).exe
[2009-08-05 11:05:32 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-08-04 20:36:51 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-08-04 20:36:51 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-08-04 20:36:51 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-08-04 20:36:51 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-08-04 20:36:51 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-08-04 20:36:51 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-08-04 20:36:51 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-08-04 20:34:45 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-08-04 12:58:28 | 00,000,316 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Buy DivX for Windows.lnk
[2009-08-04 00:35:17 | 00,001,036 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-08-04 00:35:16 | 00,001,032 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-08-04 00:26:37 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
[2009-08-04 00:25:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009-08-04 00:25:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\xxxxxxx\Moje dokumenty\Moje wideo
[2009-08-03 11:21:39 | 00,039,517 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\ghazbafag.cam
[2009-08-01 18:31:55 | 00,012,800 | ---- | C] () -- C:\WINDOWS\System32\sknc.dll
[2009-08-01 14:20:36 | 35,710,518 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\xampp-win32-1.6.6a-installer.exe
[2009-08-01 14:05:05 | 00,129,536 | ---- | C] () -- C:\WINDOWS\inout2.dll
[2009-08-01 09:56:30 | 00,029,718 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\636049672.htm
[2009-07-30 14:50:32 | 01,098,200 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\kosiarzvspehava.vrf
[2009-07-27 21:42:46 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\NSSstub.lnk
[2009-07-27 21:42:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009-07-26 21:23:51 | 00,000,000 | ---D | C] -- C:\Tibia
[2009-07-25 20:08:02 | 00,406,057 | -HS- | C] ( ) -- C:\WINDOWS\smss.cmd
[2009-07-23 17:49:45 | 00,036,476 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\FOTECZKA 020.JPG
[2009-07-23 17:34:26 | 00,000,000 | ---D | C] -- C:\Program Files\Shape Collage
[2009-07-23 13:45:30 | 00,000,461 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Ventrilo.lnk
[2009-07-23 13:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009-07-18 13:01:56 | 00,065,080 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Ashley_Tisdale_Presents_350a.jpg
[2009-07-18 09:57:15 | 00,084,111 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\27979412_640.jpg
[2009-07-18 09:57:06 | 00,069,367 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\27968629_640.jpg
[2009-07-15 14:56:49 | 02,768,384 | ---- | C] () -- C:\Documents and Settings\xxxxxxx\Pulpit\ventrilo-3.0.1-Windows-i386.exe
[2009-06-21 15:18:59 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-06-20 15:03:13 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009-06-20 15:03:13 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2009-05-29 14:44:48 | 00,000,202 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2009-05-12 14:10:22 | 00,000,085 | ---- | C] () -- C:\WINDOWS\setsTrjD.ini
[2009-04-14 23:42:09 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-04-12 19:17:01 | 00,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI
[2009-03-23 12:18:51 | 00,000,052 | ---- | C] () -- C:\WINDOWS\Relax.ini
[2009-02-28 15:15:41 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-02-28 15:15:41 | 00,617,984 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-02-28 15:15:41 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-02-10 15:25:24 | 00,000,066 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009-01-30 13:17:34 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008-06-27 21:19:26 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\windows32hk.dll
[2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003-02-03 07:26:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2001-07-22 01:16:20 | 00,000,600 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 01:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-06-07 12:23:58 | 00,000,211 | ---- | C] () -- C:\WINDOWS\System32\memdil.ini
[2001-02-20 08:02:10 | 00,000,074 | ---- | C] () -- C:\WINDOWS\System32\syscc.ini

========== Files - Modified Within 30 Days ==========

[2009-08-14 10:40:03 | 00,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-08-14 10:38:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxxxxxx\Pulpit\OTL.exe
[2009-08-14 10:33:40 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009-08-14 10:33:13 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-08-14 10:33:13 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009-08-14 10:33:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-08-14 10:32:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-08-13 21:48:10 | 03,053,608 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Obraz 006.jpg
[2009-08-11 15:21:26 | 00,000,480 | ---- | M] () -- C:\WINDOWS\mamba.ini
[2009-08-11 15:18:12 | 00,043,685 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\mamba[www.INSTALKI.pl].zip
[2009-08-10 10:55:43 | 00,000,437 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\TibiaBot NG.lnk
[2009-08-10 00:32:47 | 00,057,856 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\35_wyniki_juniorow_kajaki_ksiazka.doc
[2009-08-09 12:18:38 | 00,256,000 | ---- | M] () -- C:\WINDOWS\System32\dlg.exe
[2009-08-09 12:18:38 | 00,128,000 | ---- | M] () -- C:\WINDOWS\System32\dlg.dll
[2009-08-09 12:05:18 | 00,418,358 | -HS- | M] ( ) -- C:\avmon.com
[2009-08-06 18:45:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-08-05 22:47:13 | 00,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk
[2009-08-05 11:07:20 | 00,978,722 | ---- | M] (TibiaCam TV ) -- C:\Documents and Settings\xxxxxxx\Pulpit\TibiaCamLite-2.8.2(3).exe
[2009-08-05 11:07:07 | 00,978,722 | ---- | M] (TibiaCam TV ) -- C:\Documents and Settings\xxxxxxx\Pulpit\TibiaCamLite-2.8.2(2).exe
[2009-08-04 20:45:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-08-04 20:45:16 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-08-04 12:58:28 | 00,000,316 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Buy DivX for Windows.lnk
[2009-08-04 09:38:56 | 00,000,461 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Ventrilo.lnk
[2009-08-04 00:26:37 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
[2009-08-03 11:21:37 | 00,039,517 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\ghazbafag.cam
[2009-08-01 16:31:40 | 02,548,648 | -H-- | M] () -- C:\Documents and Settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-08-01 14:34:27 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-08-01 14:25:28 | 35,710,518 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\xampp-win32-1.6.6a-installer.exe
[2009-08-01 14:05:05 | 00,129,536 | ---- | M] () -- C:\WINDOWS\inout2.dll
[2009-08-01 09:56:31 | 00,029,718 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\636049672.htm
[2009-07-30 14:50:39 | 01,098,200 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\kosiarzvspehava.vrf
[2009-07-27 21:42:46 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\NSSstub.lnk
[2009-07-25 20:08:02 | 00,406,057 | -HS- | M] ( ) -- C:\WINDOWS\smss.cmd
[2009-07-24 00:28:01 | 00,012,800 | ---- | M] () -- C:\WINDOWS\System32\sknc.dll
[2009-07-23 17:49:46 | 00,036,476 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\FOTECZKA 020.JPG
[2009-07-18 13:01:57 | 00,065,080 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\Ashley_Tisdale_Presents_350a.jpg
[2009-07-18 09:57:15 | 00,084,111 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\27979412_640.jpg
[2009-07-18 09:57:06 | 00,069,367 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\27968629_640.jpg
[2009-07-15 14:57:10 | 02,768,384 | ---- | M] () -- C:\Documents and Settings\xxxxxxx\Pulpit\ventrilo-3.0.1-Windows-i386.exe

========== LOP Check ==========

[2009-06-16 13:39:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji
[2009-04-12 12:26:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\.Beniamin
[2009-06-16 13:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ChessBase
[2008-12-12 17:02:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
[2009-03-13 21:12:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2009-04-03 18:49:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
[2009-06-18 19:23:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2009-08-06 18:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PrevxCSI
[2009-04-09 11:42:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SecTaskMan
[2009-08-10 10:58:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-05-26 12:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Wru
[2008-12-12 16:38:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji
[2009-08-10 16:40:48 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Gość\Dane aplikacji
[2009-08-10 16:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gość\Dane aplikacji\Gadu-Gadu
[2009-08-10 16:19:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gość\Dane aplikacji\Nowe Gadu-Gadu
[2009-08-10 16:05:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gość\Dane aplikacji\Opera
[2008-12-12 16:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji
[2008-12-12 16:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji
[2009-06-16 21:13:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji
[2009-03-23 13:10:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Canneverbe_Limited
[2009-07-01 18:20:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\ChessBase
[2009-05-11 22:41:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Dev-Cpp
[2009-05-17 23:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\FileZilla
[2009-02-09 20:51:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Gadu-Gadu
[2009-05-09 21:36:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Globe7
[2009-04-30 14:01:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\gtk-2.0
[2009-04-09 14:15:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\ipla
[2009-06-13 13:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu
[2009-06-13 11:44:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\OpenFM
[2009-06-16 21:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\OpenOffice.org
[2009-06-15 00:00:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Opera
[2009-02-09 15:41:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\PCToolsFirewallPlus
[2009-03-14 17:45:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Serif
[2009-04-11 16:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\sqlitestudio
[2009-08-08 11:57:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Tibia
[2009-04-24 15:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\TrueCrypt
[2009-04-20 12:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Uniblue
[2009-04-07 17:08:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxxx\Dane aplikacji\Ventrilo
[2009-08-06 18:45:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001-07-22 01:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-08-14 10:33:13 | 00,001,032 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009-08-14 10:40:03 | 00,001,036 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009-08-14 10:33:13 | 00,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009-05-31 12:08:07 | 00,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009-08-14 10:33:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6
< End of report >


// Logi wstawiamy w tagi [log][ /log] (bez spacji).
// Poprawiłem nazwę tematu.
// KamilJB

Gość
komentarz
komentarz

Tu jest raczej JEFFO:

SRV - [2001-08-24 20:00:00 | 00,036,352 | --S- | M] (Microsoft Corporation) -- C:\WINDOWS\svchost.exe

Dam Ci usuwanie może to jakieś szczątki po nim.

1. Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt:

:OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)O4 - HKLM..\Run: [systool] C:\WINDOWS\smss.cmd ( )SRV - [2001-08-24 20:00:00 | 00,036,352 | --S- | M] (Microsoft Corporation) -- C:\WINDOWS\svchost.exe -- (PowerManager [Auto | Stopped])SRV - [2009-08-09 12:18:38 | 00,256,000 | ---- | M] () -- C:\WINDOWS\System32\dlg.exe -- (dlgx1 [Auto | Running]):FilesC:\WINDOWS\svchost.exeC:\WINDOWS\System32\dlg.exeC:\WINDOWS\System32\dlg.dllC:\avmon.comC:\WINDOWS\inout2.dllC:\WINDOWS\smss.cmdC:\WINDOWS\System32\sknc.dll:Servicesdlgx1PowerManager:Commands[emptytemp][start explorer][Reboot]

Klikasz w Run Fix i zatwierdzasz restart komputera.

Po restarcie pokazujesz log z czyszczenia + wklejasz log z ComboFixa.

.

Rampampam
komentarz
komentarz

Oto log z OtL:

Log do sprawdzenia
All processes killed ========== OTL ========== Process explorer.exe killed successfully! Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Systool deleted successfully. C:\WINDOWS\smss.cmd moved successfully. Service\Driver PowerManager deleted successfully. C:\WINDOWS\svchost.exe moved successfully. Service\Driver dlgx1 deleted successfully. C:\WINDOWS\System32\dlg.exe moved successfully. ========== FILES ========== File\Folder C:\WINDOWS\svchost.exe not found. File\Folder C:\WINDOWS\System32\dlg.exe not found. DllUnregisterServer procedure not found in C:\WINDOWS\System32\dlg.dll C:\WINDOWS\System32\dlg.dll NOT unregistered. C:\WINDOWS\System32\dlg.dll moved successfully. C:\avmon.com moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\inout2.dll C:\WINDOWS\inout2.dll NOT unregistered. C:\WINDOWS\inout2.dll moved successfully. File\Folder C:\WINDOWS\smss.cmd not found. LoadLibrary failed for C:\WINDOWS\System32\sknc.dll C:\WINDOWS\System32\sknc.dll NOT unregistered. C:\WINDOWS\System32\sknc.dll moved successfully. ========== SERVICES/DRIVERS ========== Service\Driver dlgx1 not found. Service\Driver dlgx1 not found. Service\Driver PowerManager not found. Service\Driver PowerManager not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: All Users.WINDOWS User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: elgy User: Gość ->Temp folder emptied: 279293372 bytes ->Temporary Internet Files folder emptied: 89120175 bytes ->Opera cache emptied: 45760864 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 66025 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 582975 bytes User: xxxxxxx ->Temp folder emptied: 61065212 bytes ->Temporary Internet Files folder emptied: 20421131 bytes ->Java cache emptied: 5075492 bytes ->FireFox cache emptied: 44730706 bytes ->Google Chrome cache emptied: 5976421 bytes ->Opera cache emptied: 25828494 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 491144 bytes RecycleBin emptied: 1162122 bytes Total Files Cleaned = 552,72 mb OTL by OldTimer - Version 3.0.10.6 log created on 08142009_132642 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

A tutaj ComboFIx:

Log do sprawdzenia
ComboFix 09-08-10.06 - xxxxxxx 2009-08-14 14:14.15.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.510.91 [GMT 2:00] Uruchomiony z: c:\documents and settings\xxxxxxx\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\svchost.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_POWERMANAGER -------\Service_PowerManager ((((((((((((((((((((((((( Pliki utworzone od 2009-07-14 do 2009-08-14 ))))))))))))))))))))))))))))))) . 2009-08-14 11:14 . 2009-08-14 11:14 -------- d-----w- C:\_OTL 2009-08-10 14:04 . 2009-08-10 14:19 -------- d-----w- c:\documents and settings\Gość 2009-08-04 07:15 . 2009-08-04 07:15 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2009-08-03 22:25 . 2009-05-01 21:03 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-08-03 22:25 . 2009-05-01 21:03 118520 ------w- c:\windows\system32\pxinsi64.exe 2009-08-03 22:25 . 2009-08-03 22:25 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google 2009-08-03 22:25 . 2009-08-03 22:25 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-07-27 19:42 . 2009-08-01 20:59 -------- d-----w- c:\windows\system32\Adobe 2009-07-26 19:23 . 2009-08-01 18:04 -------- d-----w- C:\Tibia 2009-07-23 15:34 . 2009-07-23 15:34 -------- d-----w- c:\program files\Shape Collage 2009-07-23 11:44 . 2009-07-23 11:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-18 15:50 . 2009-07-15 11:35 62760 ----a-w- c:\documents and settings\xxxxxxx\Dane aplikacji\Mozilla\Firefox\Profiles\u8btksix.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-14 12:04 . 2009-05-06 06:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PrevxCSI 2009-08-13 12:35 . 2009-06-16 19:13 1 ----a-w- c:\documents and settings\xxxxxxx\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-08-11 19:18 . 2009-08-12 07:58 1879552 ----a-w- c:\windows\Internet Logs\xDB6.tmp 2009-08-11 15:10 . 2009-08-11 15:10 69813 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_11_15_04_37_small.dmp.zip 2009-08-11 13:04 . 2009-08-11 13:06 940544 ----a-w- c:\windows\Internet Logs\xDB5.tmp 2009-08-10 08:58 . 2008-12-12 20:49 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-08-08 09:57 . 2009-02-12 09:22 -------- d-----w- c:\documents and settings\xxxxxxx\Dane aplikacji\Tibia 2009-08-06 13:17 . 2009-08-06 13:48 3147776 ----a-w- c:\windows\Internet Logs\xDB3.tmp 2009-08-06 13:17 . 2009-08-06 13:48 1859584 ----a-w- c:\windows\Internet Logs\xDB4.tmp 2009-08-03 22:27 . 2009-01-07 09:59 -------- d-----w- c:\program files\Google 2009-07-31 04:02 . 2009-07-31 04:01 1238240 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2009-07-22 20:08 . 2009-05-24 16:01 -------- d-----w- c:\documents and settings\xxxxxxx\Dane aplikacji\Skype 2009-07-22 20:00 . 2009-05-24 16:03 -------- d-----w- c:\documents and settings\xxxxxxx\Dane aplikacji\skypePM 2009-07-19 11:06 . 2009-07-19 11:06 121659 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_19_12_33_40_small.dmp.zip 2009-07-11 08:38 . 2009-07-11 08:44 1741312 ----a-w- c:\windows\Internet Logs\xDB2.tmp 2009-07-10 06:12 . 2009-07-10 07:33 1739264 ----a-w- c:\windows\Internet Logs\xDB1.tmp 2009-07-01 16:20 . 2009-05-29 12:44 -------- d-----w- c:\documents and settings\xxxxxxx\Dane aplikacji\ChessBase 2009-06-27 10:44 . 2009-02-12 09:28 54784 ----a-w- c:\documents and settings\xxxxxxx\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-06-27 08:56 . 2008-12-12 15:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-21 18:39 . 2009-06-13 09:07 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-06-20 16:25 . 2009-06-20 16:25 0 ----a-w- C:\iphist.dat 2009-06-20 13:03 . 2009-06-20 13:03 -------- d-----w- c:\program files\D-Tools 2009-06-20 12:53 . 2009-06-20 12:53 -------- d-----w- c:\program files\Ahead 2009-06-20 12:53 . 2009-06-20 12:53 -------- d-----w- c:\program files\Common Files\Ahead 2009-06-20 10:57 . 2008-12-12 15:05 -------- d-----w- c:\program files\Java 2009-06-20 10:56 . 2009-06-20 10:56 152576 ----a-w- c:\documents and settings\xxxxxxx\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-18 17:23 . 2009-06-13 14:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2009-06-16 19:13 . 2009-06-16 19:13 -------- d-----w- c:\documents and settings\xxxxxxx\Dane aplikacji\OpenOffice.org 2009-06-16 19:10 . 2009-06-16 19:10 -------- d-----w- c:\program files\OpenOffice.org 3 2009-06-16 11:39 . 2009-06-16 11:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ChessBase 2009-06-16 11:24 . 2008-12-12 15:01 -------- d-----w- c:\program files\Common Files\InstallShield 2009-06-02 04:44 . 2009-04-03 16:48 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-05-28 09:23 . 2009-05-28 09:23 42088 ----a-w- c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-05-28 08:34 . 2009-05-28 08:34 11264 ----a-w- c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll 2009-05-27 19:10 . 2009-05-17 06:42 152576 ----a-w- c:\documents and settings\xxxxxxx\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-24 16:03 . 2009-05-24 16:03 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2009-05-21 09:33 . 2008-12-12 15:16 410984 ----a-w- c:\windows\system32\deploytk.dll 2007-01-25 02:52 . 2007-01-25 02:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-04_18.45.55 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-14 12:20 . 2009-08-14 12:20 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat + 2009-08-14 12:19 . 2009-08-14 12:19 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat + 2009-08-14 12:19 . 2009-08-14 12:19 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat + 2009-08-14 12:19 . 2009-08-14 12:19 880640 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat + 2009-08-14 12:19 . 2009-08-14 12:19 241664 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT + 2009-08-14 12:19 . 2009-08-14 12:19 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT + 2009-08-14 12:19 . 2009-08-14 12:19 6242304 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-08 68856] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ares"="d:\oo\Ares\Ares.exe" [2008-12-13 882176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\Warcraft III\\Warcraft III.exe"= "d:\\Tibia\\Tibia.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Gadu-Gadu\\gg.exe"= "d:\\Tibia\\Tibcxcia.exe"= "c:\\Tibia\\Tibia.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\oo\\Ares\\Ares.exe"= "d:\\Tibia84\\Tibia.exe"= "d:\\Tibia841\\Tibia.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-22 22024] R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-05-11 27656] R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-10 4368952] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S2 gupdate1ca14894b2adeba;Usługa Google Update (gupdate1ca14894b2adeba);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 133104] S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [2008-12-12 332928] . Zawartość folderu 'Zaplanowane zadania' 2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2009-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 22:25] 2009-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 22:25] 2009-08-14 c:\windows\Tasks\RegCure Program Check.job - d:\regcure\RegCure.exe [2008-12-29 17:58] 2009-05-31 c:\windows\Tasks\RegCure.job - d:\regcure\RegCure.exe [2008-12-29 17:58] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZRfox000&ptb=WzmUfgpJ90LJYCq.YOgd4A uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.gaduradio.pl/index.php?gadugadu=2be3be8980575dff29a2baf792cd009e uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\xxxxxxx\Dane aplikacji\Mozilla\Firefox\Profiles\u8btksix.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: browser.startup.homepage - hxxp://www.winamp.com?src=toolbar FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\xxxxxxx\Dane aplikacji\Mozilla\Firefox\Profiles\u8btksix.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\xxxxxxx\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - plugin: d:\divx\DivX Player\npDivxPlayerPlugin.dll FF - plugin: d:\divx\DivX Web Player\npdivx32.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-14 14:21 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\NMSAccessU.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe d:\alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Mozilla Firefox\firefox.exe . ************************************************************************** . Czas ukończenia: 2009-08-14 14:24 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-08-14 12:24 ComboFix2.txt 2009-08-04 18:49 Przed: 902 504 448 bajtów wolnych Po: 838 361 088 bajtów wolnych Current=4 Default=4 Failed=2 LastKnownGood=3 Sets=1,2,3,4 197 --- E O F --- 2009-04-01 05:23
MarekM25
komentarz
komentarz

combofix wydaje się, że usunął Jeefo jednak dla bezpieczeństwa przeskanuj jeszcze komputer tym: http://www.sophos.com/support/disinfection/jeefoa.html

Kurde znowu kompletnie nie czytelny log i scalony. Kamil u Ciebie też taki jest??

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.