mmauriced utworzono 15 sierpnia 2009 utworzono 15 sierpnia 2009 Po właczeniu komputera wyświetla sie niebieski pulpit z napisem WARNING. Gdy próbuje włączyc jakąs aplikacje, nie włącza się a w prawym, dolnym rogu pojawia się napis, że dana aplikacja jest "infected" (np gg.exe is infected). Żaden program sie nie instaluje. Malwarebytes uruchomiony w systemie awaryjnym nie wykrywa niczego. Bardzo prosze o pomoc. Oto log z hijackthis: Log do sprawdzenia Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:40:38, on 2009-08-16 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wyborcza.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dialog.net.pl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NodLogin] "C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" /o O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [10742034] C:\Documents and Settings\All Users\Dane aplikacji\10742034\10742034.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231259389718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231270286562 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230889314725&h=88eb57ab62140a61ab13dc11c222eb23/&filename=jinstall-6u11-windows-i586-jc.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 7939 bytes //Logi wstawiamy w tagi log, przeczytaj Regulamin: http://www.forumpc.pl/index.php?showtopic=117447 i dostosuj się do niego //temat przenoszę //jesiona
Psycholandia komentarz 15 sierpnia 2009 komentarz 15 sierpnia 2009 Daj loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338
mmauriced komentarz 16 sierpnia 2009 Autor komentarz 16 sierpnia 2009 Oto log z OTL Log do sprawdzenia OTL logfile created on: 2009-08-16 09:14:45 - Run 1OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Michał\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,50 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 80,04% Memory free 3,35 Gb Paging File | 3,23 Gb Available in Paging File | 96,17% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 9,14 Gb Free Space | 23,41% Space Free | Partition Type: NTFS Drive D: | 72,74 Gb Total Space | 25,97 Gb Free Space | 35,70% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 7,45 Gb Total Space | 5,39 Gb Free Space | 72,44% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: HOME Current User Name: Michał Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008-10-15 09:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE PRC - [2009-08-16 09:14:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michał\Pulpit\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008-10-29 04:09:10 | 00,585,728 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped]) SRV - [2008-10-28 22:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) SRV - [2006-02-28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [1999-12-12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Stopped]) SRV - [2008-02-20 12:14:52 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) SRV - File not found -- -- (ekrn [Auto | Stopped]) SRV - [2009-01-19 21:17:14 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2006-10-20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2009-01-03 20:50:35 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2006-10-30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2009-01-02 11:41:06 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped]) SRV - [2004-01-14 15:21:00 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Stopped]) SRV - [2009-06-17 12:21:20 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Stopped]) SRV - File not found -- -- (NBService [On_Demand | Stopped]) SRV - [2006-10-30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2007-06-27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [Disabled | Stopped]) SRV - [2004-08-04 14:00:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono [Auto | Stopped]) SRV - [2006-10-26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2009-07-30 16:13:14 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Stopped]) SRV - [2007-10-15 21:46:08 | 00,243,056 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Stopped]) SRV - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Stopped]) SRV - [2009-01-29 23:00:14 | 00,074,392 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (SureThing Labelflash service [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2004-02-24 05:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Stopped]) DRV - [2008-09-24 11:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped]) DRV - [2007-09-13 16:54:14 | 00,012,416 | ---- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\asusgsb.sys -- (asusgsb [On_Demand | Stopped]) DRV - [2008-10-29 05:10:58 | 03,341,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped]) DRV - [2009-05-07 13:10:10 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Stopped]) DRV - [2005-05-09 20:08:40 | 00,033,792 | ---- | M] (Team H2O) -- C:\WINDOWS\System32\DRIVERS\cledx.sys -- (CLEDX [On_Demand | Running]) DRV - [2005-01-10 12:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Stopped]) DRV - [2008-02-20 12:01:30 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Stopped]) DRV - [2008-02-20 12:02:22 | 00,029,704 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys -- (easdrv [system | Stopped]) DRV - [2007-09-13 16:54:12 | 00,012,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\EIO.sys -- (EIO [system | Stopped]) DRV - [2008-02-20 12:11:16 | 00,033,800 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running]) DRV - [2008-04-13 20:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Stopped]) DRV - [2006-12-28 06:44:44 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdAud.sys -- (HdAudAddService [On_Demand | Stopped]) DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2009-05-07 13:10:10 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Stopped]) DRV - [2005-01-10 12:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Stopped]) DRV - [2005-07-07 10:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Stopped]) DRV - [2007-07-15 04:37:04 | 00,027,992 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\drivers\pstrip.sys -- (PStrip [Auto | Stopped]) DRV - [2004-08-04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2009-01-18 19:08:47 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) DRV - [2003-12-23 07:32:00 | 00,174,464 | ---- | M] (Marvell Semiconductor Inc.) -- C:\WINDOWS\System32\DRIVERS\yukonwxp.sys -- (yukonwxp [On_Demand | Running]) DRV - [2007-11-03 01:12:32 | 00,041,456 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B} [Auto | Stopped]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wyborcza.pl/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.dialog.net.pl:8080 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-02 11:41:07 | 00,000,000 | ---D | M] O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [10742034] C:\Documents and Settings\All Users\Dane aplikacji\10742034\10742034.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe () O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231259389718 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231270286562 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230889314725&h=88eb57ab62140a61ab13dc11c222eb23/&filename=jinstall-6u11-windows-i586-jc.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.30.129.149 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-8234386590-0231392071-430395052-0499\rundll32.exe) - C:\RECYCLER\S-1-5-21-8234386590-0231392071-430395052-0499\.exe File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-01-02 10:46:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2 C:\Documents and Settings\Michał\Moje dokumenty\*.tmp files] [2009-08-16 09:14:28 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michał\Pulpit\OTL.exe [2009-08-16 01:28:24 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23684.exe [2009-08-16 01:28:21 | 00,000,000 | ---D | C] -- C:\Qoobox [2009-08-16 01:22:32 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\HijackThis.lnk [2009-08-16 01:22:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-08-16 00:20:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Moje dokumenty\Ala [2009-08-15 23:51:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\10742034 [2009-08-11 13:46:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Moje dokumenty\The KMPlayer [2009-08-11 13:45:29 | 00,000,000 | ---D | C] -- C:\Program Files\The KMPlayer [2009-08-11 13:31:30 | 00,000,000 | ---D | C] -- C:\Program Files\Zoom Player [2009-08-11 11:57:57 | 00,000,000 | ---D | C] -- C:\OutputFolder [2009-08-10 19:11:44 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\EarMaster Pro 5.lnk [2009-08-10 19:11:43 | 00,000,000 | ---D | C] -- C:\Program Files\EarMaster Pro 5 [2009-08-10 19:11:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Dane aplikacji\EarMaster [2009-08-10 19:11:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\EarMaster [2009-08-09 13:58:20 | 00,045,189 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\sig.cpr [2009-08-05 22:35:23 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll [2009-08-05 22:35:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DeskShare Shared [2009-08-05 22:35:03 | 00,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Unicows.dll [2009-08-05 22:35:03 | 00,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX [2009-08-05 22:35:03 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX [2009-08-05 22:35:00 | 00,000,000 | ---D | C] -- C:\Program Files\Deskshare [2009-08-04 15:59:44 | 00,002,708 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\yann.aup [2009-08-04 15:59:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Moje dokumenty\yann_data [2009-08-03 23:15:09 | 00,040,436 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\for_what_its_worth.gp5 [2009-08-03 23:11:13 | 00,020,439 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\ashtray_heart.gp5 [2009-08-03 14:36:39 | 00,003,156 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\aaa.aup [2009-08-03 14:36:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Moje dokumenty\aaa_data [2009-08-02 21:47:13 | 00,026,649 | -H-- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\mvstcdxx.lst [2009-08-02 21:46:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Moje dokumenty\My SureThing Projects [2009-08-02 21:46:19 | 00,000,000 | ---D | C] -- C:\Program Files\SureThing CD Labeler 5 [2009-08-02 21:37:40 | 00,208,134 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\aa.std [2009-08-02 21:25:47 | 00,204,179 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\18969250.jpg [2009-08-01 18:37:45 | 00,071,868 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\runnin up that hill.cpr [2009-08-01 13:33:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Moje dokumenty\Images [2009-08-01 13:32:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Moje dokumenty\Audio [2009-07-31 23:08:17 | 00,044,544 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\Filmy.doc [2009-07-30 16:19:25 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Far Cry® 2.lnk [2009-07-29 22:37:16 | 00,000,558 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\eMule.lnk [2009-07-29 10:55:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Moje dokumenty\CyberLink [2009-07-24 11:12:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Moje dokumenty\Call of Juarez - Bound in Blood [2009-07-24 11:00:02 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Call of Juarez - Bound in Blood.lnk [2009-07-23 17:13:26 | 00,098,509 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\battle_for_the_sun.gp5 [2009-07-22 21:02:24 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswinsck.ocx [2009-07-22 10:02:25 | 00,000,673 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Half-Life 2.lnk [2009-07-22 07:46:39 | 00,000,000 | ---D | C] -- C:\Program Files\Half Life 2 [2009-07-20 16:58:41 | 00,072,480 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\running_up_that_hill_live.gp3 [2009-07-20 13:56:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Moje dokumenty\NeroVision [2009-05-16 10:27:43 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-05-07 13:10:10 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-05-07 13:10:10 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-04-09 10:47:53 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2009-02-04 23:07:51 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2009-01-28 20:50:44 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-01-28 20:50:44 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-01-28 20:50:44 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-01-25 13:11:07 | 00,001,600 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2009-01-20 12:47:50 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-01-19 22:13:01 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL [2009-01-19 22:13:01 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL [2009-01-19 22:11:28 | 00,000,513 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2009-01-19 22:11:10 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbvvs.dll [2009-01-19 22:10:43 | 00,000,187 | ---- | C] () -- C:\WINDOWS\System32\lxbvcoin.ini [2009-01-19 11:09:35 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-01-19 11:09:34 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-01-19 11:09:34 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-01-18 20:09:09 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-01-18 19:58:38 | 00,000,062 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009-01-18 19:28:14 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll [2009-01-15 00:08:58 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009-01-09 15:30:17 | 00,000,023 | ---- | C] () -- C:\WINDOWS\MixBKS.INI [2009-01-09 15:04:27 | 00,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini [2009-01-09 15:04:27 | 00,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009-01-07 18:57:10 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-01-02 14:50:24 | 00,138,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-01-02 14:00:31 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll [2009-01-02 11:02:17 | 00,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [2009-01-02 11:02:15 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008-10-28 17:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2008-10-07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-02-20 12:11:16 | 00,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2005-05-03 13:38:42 | 00,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll [2004-08-04 14:00:00 | 00,000,594 | ---- | C] () -- C:\WINDOWS\win.ini [2004-08-04 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2003-10-02 12:48:18 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll [2003-04-08 13:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2 C:\Documents and Settings\Michał\Moje dokumenty\*.tmp files] [2009-08-16 09:14:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michał\Pulpit\OTL.exe [2009-08-16 09:11:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-08-16 09:10:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-08-16 09:07:57 | 00,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2009-08-16 01:28:18 | 00,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF23684.exe [2009-08-16 01:22:32 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\HijackThis.lnk [2009-08-16 01:00:00 | 00,000,318 | ---- | M] () -- C:\WINDOWS\tasks\yhcfhokc.job [2009-08-16 00:27:50 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-08-16 00:08:53 | 00,099,328 | ---- | M] () -- C:\Documents and Settings\Michał\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-11 13:06:53 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-08-10 19:11:44 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\EarMaster Pro 5.lnk [2009-08-09 13:58:20 | 00,045,189 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\sig.cpr [2009-08-07 18:00:02 | 00,000,513 | ---- | M] () -- C:\WINDOWS\lexstat.ini [2009-08-06 23:07:24 | 00,091,648 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\Nowy Dokument programu Microsoft Word (2).doc [2009-08-05 22:35:23 | 00,356,352 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll [2009-08-04 15:59:44 | 00,002,708 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\yann.aup [2009-08-03 23:23:35 | 00,046,872 | ---- | M] () -- C:\Documents and Settings\Michał\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-08-03 23:15:09 | 00,040,436 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\for_what_its_worth.gp5 [2009-08-03 23:11:13 | 00,020,439 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\ashtray_heart.gp5 [2009-08-03 22:18:47 | 01,492,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-08-03 14:36:39 | 00,003,156 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\aaa.aup [2009-08-02 21:47:13 | 00,026,649 | -H-- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\mvstcdxx.lst [2009-08-02 21:37:40 | 00,208,134 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\aa.std [2009-08-02 21:25:40 | 00,204,179 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\18969250.jpg [2009-08-01 21:22:14 | 00,071,868 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\runnin up that hill.cpr [2009-07-31 13:31:54 | 00,138,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-07-31 13:31:45 | 00,201,816 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2009-07-30 16:19:25 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Far Cry® 2.lnk [2009-07-30 16:19:01 | 01,063,096 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-07-30 16:19:01 | 00,493,860 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-07-30 16:19:01 | 00,435,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-07-30 16:19:01 | 00,087,166 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-07-30 16:19:01 | 00,070,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-07-30 16:13:45 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\Michał\Dane aplikacji\PnkBstrK.sys [2009-07-30 16:13:14 | 02,250,024 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe [2009-07-30 16:13:14 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe [2009-07-29 22:37:16 | 00,000,558 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\eMule.lnk [2009-07-24 11:00:02 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Call of Juarez - Bound in Blood.lnk [2009-07-23 17:13:26 | 00,098,509 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\battle_for_the_sun.gp5 [2009-07-22 21:02:24 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswinsck.ocx [2009-07-22 10:02:25 | 00,000,673 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Half-Life 2.lnk [2009-07-20 16:58:41 | 00,072,480 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\running_up_that_hill_live.gp3 [2009-07-20 12:55:41 | 00,189,072 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr ========== Alternate Data Streams ========== @Alternate Data Stream - 500 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF < End of report >
Mateusz J. komentarz 16 sierpnia 2009 komentarz 16 sierpnia 2009 widzę, że tworzyłeś loga z CobmoFix pokaż go jeśli nie usuwałeś jeszcze tego loga - od razu mówię, że masz nie tworzyć nowego loga.
mmauriced komentarz 16 sierpnia 2009 Autor komentarz 16 sierpnia 2009 Nie mam go. Combofix się zaczął cos robić i wyskoczył błąd w trakcie
Gość komentarz 16 sierpnia 2009 komentarz 16 sierpnia 2009 O4 - HKLM..\Run: [10742034] C:\Documents and Settings\All Users\Dane aplikacji\10742034\10742034.exe () Tego pewnie jest dużo więcej, a OTL ich nie widzi. Użyj ComboFixa w Trybie Awaryjnym. .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.