babel utworzono 23 sierpnia 2009 utworzono 23 sierpnia 2009 (edytowane) Hej mam prosbe, czy moglby ktos sprawdzic mi logi w to piekne niedzielne popoludnie. Komp pobiera mi 100% procka... zablokowalem niektore niepotrzebne procesy ale dalej wole sie juz nie bawic... Log do sprawdzenia OTL logfile created on: 2009-08-23 11:25:04 - Run 2OTL by OldTimer - Version 3.0.10.7 Folder = F:\Dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,50 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 59,63% Memory free 2,60 Gb Paging File | 2,23 Gb Available in Paging File | 85,54% Paging File free Paging file location(s): C:\pagefile.sys 1280 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,77 Gb Total Space | 1,65 Gb Free Space | 16,85% Space Free | Partition Type: NTFS Drive D: | 39,07 Gb Total Space | 4,86 Gb Free Space | 12,43% Space Free | Partition Type: NTFS Drive E: | 39,07 Gb Total Space | 6,02 Gb Free Space | 15,41% Space Free | Partition Type: NTFS Drive F: | 23,87 Gb Total Space | 7,89 Gb Free Space | 33,03% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: 27F2D3C7C41748E Current User Name: Tomek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-04-16 16:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2008-06-10 13:56:32 | 01,406,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-02-06 14:23:12 | 02,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-05-16 15:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2009-08-20 21:01:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-04-14 18:21:44 | 00,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe PRC - [2009-08-23 10:43:50 | 00,514,048 | ---- | M] (OldTimer Tools) -- F:\Dokumenty\Pobieranie\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2008-07-25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008-07-25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-02-06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) SRV - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running]) SRV - [2008-07-29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-04-14 18:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2008-07-29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - File not found -- -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped]) SRV - [2002-12-17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped]) SRV - [2007-04-13 22:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) SRV - [2008-07-29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2007-05-16 10:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped]) SRV - [2008-05-16 15:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [unknown | Stopped]) SRV - File not found -- -- (RichVideo [Auto | Stopped]) SRV - [2008-08-07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped]) SRV - File not found -- -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped]) SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2007-07-06 13:00:00 | 00,906,368 | ---- | M] (NXP Semiconductors Germany GmbH) -- C:\WINDOWS\System32\DRIVERS\3xHybrid.sys -- (3xHybrid [On_Demand | Running]) DRV - [2008-09-24 11:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) DRV - [2006-06-19 00:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running]) DRV - [2009-02-06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running]) DRV - [2009-02-06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [system | Running]) DRV - [2009-02-06 14:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running]) DRV - [2006-04-13 01:04:40 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped]) DRV - [2006-04-13 01:04:40 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped]) DRV - [2006-04-13 01:04:40 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped]) DRV - [2008-04-13 20:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped]) DRV - [2008-05-16 15:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2005-12-05 01:29:34 | 00,093,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\Drivers\P1370Aud.sys -- (P1370Aud [On_Demand | Stopped]) DRV - [2005-12-06 01:58:58 | 00,004,992 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\Drivers\P1370Aul.sys -- (P1370Aul [On_Demand | Stopped]) DRV - [2006-03-24 09:24:32 | 00,006,272 | R--- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\System32\DRIVERS\P1370Vfx.sys -- (P1370Vfx [On_Demand | Stopped]) DRV - [2006-06-20 08:39:28 | 00,297,792 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\P1370Vid.sys -- (P1370VID [On_Demand | Stopped]) DRV - [2007-09-17 15:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) DRV - [2009-01-21 00:00:04 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running]) DRV - [2008-06-10 14:04:28 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running]) DRV - [2001-08-18 02:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2007-07-12 12:49:16 | 00,096,384 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running]) DRV - [2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2008-06-09 18:11:19 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) DRV - [2008-04-13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped]) DRV - [2003-07-02 05:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1 [boot | Running]) DRV - [2004-07-06 23:45:42 | 00,060,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid [boot | Running]) DRV - [2007-10-17 19:23:46 | 00,094,208 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\System32\drivers\viaxraid.sys -- (viaxraid [boot | Running]) DRV - [2006-10-17 21:22:26 | 00,009,216 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32 [boot | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\S-1-5-21-1177238915-1844823847-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "MyWebSearch" FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.4 FF - prefs.js..extensions.enabledItems: youplayer@addons.mozilla.org:0.9.8 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=5doEriBGV05Qq5WG5pqAgA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-06-28 22:23:12 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-29 00:18:28 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-20 21:01:17 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-20 21:01:17 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2008-08-27 08:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Extensions [2008-08-27 08:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-08-22 22:00:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions [2009-06-29 11:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008-08-27 08:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66} [2009-08-19 21:38:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009-08-13 19:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008-11-08 10:00:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\bkmrksync@nokia.com [2008-09-26 12:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\en-GB@dictionaries.addons.mozilla.org [2008-05-31 19:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\youplayer@addons.mozilla.org [2008-06-09 18:13:51 | 00,002,921 | ---- | M] () -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\FireFox\Profiles\nj652gi8.default\searchplugins\daemon-search.xml [2009-07-10 06:48:51 | 00,009,941 | ---- | M] () -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\FireFox\Profiles\nj652gi8.default\searchplugins\mywebsearch.xml [2009-08-22 22:00:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-08-20 21:01:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-01-29 00:18:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009-04-02 17:40:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-08-20 21:00:59 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-08-20 21:00:59 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007-04-10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2008-12-05 23:52:44 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2008-09-04 01:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2009-03-09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-02-06 13:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-08-20 21:01:05 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009-02-12 13:52:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009-02-12 13:52:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009-02-12 13:52:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009-02-12 13:52:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-02-12 13:52:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009-02-12 13:52:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009-02-12 13:52:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009-08-20 21:01:08 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-08-20 21:01:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-08-20 21:01:08 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-08-20 21:01:08 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-08-20 21:01:08 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-08-20 21:01:08 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-08-20 21:01:08 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (228606 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 8018 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1 O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1 O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1 O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\.DEFAULT\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\..Trusted Domains: com.tw ([asia.msi] http in Zaufane witryny) O15 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\..Trusted Domains: com.tw ([global.msi] http in Zaufane witryny) O15 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\..Trusted Domains: com.tw ([www.msi] http in Zaufane witryny) O15 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\..Trusted Domains: internet ([]about in Internet) O15 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Tomek/USTAWI~1/Temp/msoclip1/01/clip_image002.jpg O24 - Desktop Components:1 (Bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-05-31 10:46:21 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{98575291-c3b2-11dd-9b6b-001109dda565}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found ========== Files/Folders - Created Within 30 Days ========== [4 C:\WINDOWS\*.tmp files] [2009-08-23 10:00:37 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\HijackThis.lnk [2009-08-23 09:48:15 | 00,000,000 | ---D | C] -- F:\Dokumenty\Pobieranie [2009-08-23 08:34:24 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2009-08-23 08:34:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2009-08-20 16:40:26 | 00,461,846 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\PDF2.pdf [2009-08-20 16:10:22 | 00,461,830 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\PDF.pdf [2009-08-20 14:14:07 | 00,010,042 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\(32-bit)_ESET_NOD32_Antivirus_4.0.314_-serial_incl.4946717.TPB.torrent [2009-08-16 19:01:39 | 00,148,527 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\watch.htm [2009-08-16 11:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\GetRightToGo [2009-08-08 08:19:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009-08-06 18:10:20 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\GG.lnk [2009-06-30 17:16:04 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll [2009-02-28 19:41:14 | 00,009,760 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2009-02-28 19:41:10 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2009-01-04 14:05:23 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2008-10-12 09:55:25 | 00,001,047 | ---- | C] () -- C:\WINDOWS\GTA-SA_Trn_Settings.ini [2008-09-30 16:18:56 | 00,000,797 | ---- | C] () -- C:\WINDOWS\VPlayer.INI [2008-08-02 14:50:35 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2008-07-07 22:29:43 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll.off [2008-07-07 22:29:43 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll.off [2008-07-05 20:52:14 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008-06-09 18:11:18 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-06-03 14:19:46 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008-05-03 05:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008-05-03 05:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-05-03 05:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008-05-03 05:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008-05-03 05:46:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008-05-01 21:15:11 | 00,000,635 | ---- | C] () -- C:\WINDOWS\Sof.INI [2008-03-20 20:06:05 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008-03-08 12:22:55 | 00,002,918 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2008-03-02 22:56:47 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-03-02 17:59:36 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-01-31 18:18:14 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys [2007-10-17 19:20:23 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2001-07-22 03:16:20 | 00,000,562 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 03:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2001-07-07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini ========== Files - Modified Within 30 Days ========== [5 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2009-08-23 10:00:38 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\HijackThis.lnk [2009-08-23 08:49:44 | 00,181,834 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-08-23 08:49:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-08-23 08:49:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-08-23 08:49:35 | 16,100,10624 | -HS- | M] () -- C:\hiberfil.sys [2009-08-23 08:30:12 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009-08-22 20:13:44 | 00,080,384 | ---- | M] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-22 12:08:48 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-08-21 15:57:36 | 00,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2009-08-20 16:40:26 | 00,461,846 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\PDF2.pdf [2009-08-20 16:10:22 | 00,461,830 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\PDF.pdf [2009-08-20 14:14:08 | 00,010,042 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\(32-bit)_ESET_NOD32_Antivirus_4.0.314_-serial_incl.4946717.TPB.torrent [2009-08-17 09:54:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-08-16 19:01:39 | 00,148,527 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\watch.htm [2009-08-15 08:41:52 | 00,515,416 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-08-15 08:41:52 | 00,456,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-08-15 08:41:52 | 00,094,928 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-08-15 08:41:52 | 00,077,610 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-08-15 08:41:50 | 01,158,994 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-08-11 11:32:26 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-08-08 10:24:23 | 00,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini [2009-08-08 09:34:12 | 15,381,136 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Tomek\Pulpit\Launch.exe [2009-08-08 08:30:37 | 00,000,562 | ---- | M] () -- C:\WINDOWS\win.ini [2009-08-08 08:30:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-08-08 08:30:37 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2009-08-08 08:21:59 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\CCleaner.lnk [2009-08-06 18:10:20 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\GG.lnk [2009-08-05 10:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll [2009-08-05 10:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll [2009-07-30 01:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-07-29 10:49:55 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009-07-27 23:27:56 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx [2009-07-27 07:04:56 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Tomek\Dane aplikacji\vso_ts_preview.xml ========== LOP Check ========== [2009-08-23 08:34:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009-05-03 08:39:38 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{203DB912-4B39-4636-930F-102CFD1E9177} [2009-02-15 11:48:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} [2009-02-15 11:49:51 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{D5ABFFAD-D592-4F98-B02B-587125B4801F} [2008-03-08 13:21:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead [2008-03-14 18:21:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink [2008-03-05 01:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations [2009-06-06 19:57:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DriverScanner [2009-08-23 08:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2008-11-08 09:16:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-01-10 14:04:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2008-05-31 10:45:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\muvee Technologies [2009-06-25 13:24:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2008-12-29 01:50:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks [2009-01-21 07:31:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\vsosdk [2008-02-29 19:51:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-02-15 10:31:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2008-02-29 19:51:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\MasterAdmin\Dane aplikacji [2009-08-19 08:05:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009-08-16 11:36:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji [2009-01-24 12:45:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\.purple [2008-03-14 19:02:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Ahead [2009-08-23 08:32:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\BitTorrent [2008-06-09 18:11:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\DAEMON Tools [2009-02-15 11:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\DNA [2008-03-01 16:46:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Gadu-Gadu [2009-08-16 11:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\GetRightToGo [2009-06-15 14:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\LG Electronics [2008-05-31 11:23:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\muvee Technologies [2008-09-16 15:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\NetMedia Providers [2009-05-30 13:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu [2009-05-30 13:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\OpenFM [2008-09-16 15:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Publish Providers [2008-05-28 13:38:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\SecuROM [2009-02-15 11:50:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\uniblue [2008-11-30 10:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\uTorrent [2009-07-27 07:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Vso [2009-08-17 09:54:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2001-07-22 03:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-02-28 19:49:33 | 00,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job [2009-08-23 08:49:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\svchost.exe:SummaryInformation < End of report >
Gość komentarz 23 sierpnia 2009 komentarz 23 sierpnia 2009 @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\svchost.exe:SummaryInformation Użyj ComboFixa i wklej z niego log. .
babel komentarz 23 sierpnia 2009 Autor komentarz 23 sierpnia 2009 ok... Log do sprawdzenia ComboFix 09-08-22.06 - Tomek 2009-08-23 12:50.1.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.981 [GMT 1:00] Uruchomiony z: f:\dokumenty\Pobieranie\ComboFix.exe * Rezydentny antywirus jest aktywny . ADS - svchost.exe: deleted 88 bytes in 2 streams. ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Tomek\Dane aplikacji\inst.exe c:\windows\Installer\11ba9fb.msi c:\windows\Installer\18896e.msi c:\windows\Installer\18896f.msi c:\windows\Installer\188970.msi c:\windows\Installer\188971.msi c:\windows\Installer\188972.msi c:\windows\Installer\188973.msi c:\windows\Installer\202994.msi c:\windows\Installer\202995.msi c:\windows\Installer\202996.msi c:\windows\Installer\202997.msi c:\windows\Installer\202998.msi c:\windows\Installer\202999.msi c:\windows\Installer\20299a.msi c:\windows\Installer\20299b.msi c:\windows\Installer\20299c.msi c:\windows\Installer\24d104.msi c:\windows\Installer\24d109.msi c:\windows\Installer\550aef.msi c:\windows\Installer\58a55.msi c:\windows\Installer\833d79.msi c:\windows\Installer\833d7a.msi c:\windows\Installer\833d7b.msi c:\windows\Installer\90207.msi c:\windows\Installer\90208.msi . ((((((((((((((((((((((((( Pliki utworzone od 2009-07-23 do 2009-08-23 ))))))))))))))))))))))))))))))) . 2009-08-23 11:50 . 2009-08-23 11:50 -------- dc----w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\ESET 2009-08-23 07:34 . 2009-08-23 07:34 -------- dc----w- c:\program files\ESET 2009-08-23 07:34 . 2009-08-23 07:34 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\ESET 2009-08-19 07:02 . 2009-08-19 07:02 -------- dc----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Mozilla 2009-08-16 10:36 . 2009-08-16 10:39 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\GetRightToGo . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-23 07:43 . 2008-03-21 12:04 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-08-23 07:32 . 2008-04-29 16:41 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\BitTorrent 2009-08-21 14:58 . 2008-03-05 00:36 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\Skype 2009-08-21 14:57 . 2008-03-05 00:42 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\skypePM 2009-08-15 07:41 . 2001-10-26 20:15 94928 ----a-w- c:\windows\system32\perfc015.dat 2009-08-15 07:41 . 2001-10-26 20:15 515416 ----a-w- c:\windows\system32\perfh015.dat 2009-08-08 07:48 . 2008-02-29 19:38 -------- dc-h--w- c:\program files\InstallShield Installation Information 2009-08-05 09:01 . 2004-08-04 02:44 205312 -c--a-w- c:\windows\system32\mswebdvd.dll 2009-07-30 07:50 . 2009-07-21 07:34 -------- dc----w- c:\program files\Nowe Gadu-Gadu 2009-07-27 06:04 . 2009-05-21 18:33 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\Vso 2009-07-17 19:04 . 2004-08-04 02:43 58880 -c--a-w- c:\windows\system32\atl.dll 2009-07-16 18:00 . 2009-07-16 18:00 -------- dc----w- c:\program files\MKVtoolnix 2009-07-16 15:49 . 2009-07-16 15:49 -------- dc----w- c:\program files\CombinedCommunityCodecPack 2009-07-13 22:43 . 2007-10-08 23:34 286208 -c--a-w- c:\windows\system32\wmpdxm.dll 2009-06-30 19:00 . 2009-06-29 18:41 -------- dc----w- c:\program files\PS3 Media Server 2009-06-30 16:16 . 2009-06-30 16:16 -------- dc----w- c:\program files\Convar 2009-06-29 16:14 . 2007-07-13 22:56 828928 -c--a-w- c:\windows\system32\wininet.dll 2009-06-29 16:14 . 2007-10-08 23:35 78336 -c--a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:14 . 2007-10-08 23:51 17408 -c--a-w- c:\windows\system32\corpol.dll 2009-06-25 12:24 . 2009-05-30 12:05 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2009-06-16 14:40 . 2007-10-08 23:56 119808 -c--a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2007-10-08 23:56 81920 -c--a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:45 . 2005-05-11 06:33 78336 -c--a-w- c:\windows\system32\telnet.exe 2009-06-15 10:45 . 2004-08-04 02:44 82944 -c--a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:15 . 2004-08-04 02:43 84992 -c--a-w- c:\windows\system32\avifil32.dll 2009-06-10 08:22 . 2008-02-29 18:02 2066432 -c--a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2007-10-08 23:58 132096 -c--a-w- c:\windows\system32\wkssvc.dll 2009-06-08 17:45 . 2009-02-28 15:16 32152 -c--a-w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-06-03 19:11 . 2007-10-08 23:56 1294848 -c--a-w- c:\windows\system32\quartz.dll 2009-05-28 09:23 . 2009-05-28 09:23 42088 -c--a-w- c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-05-28 08:34 . 2009-05-28 08:34 11264 -c--a-w- c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll . ------- Sigcheck ------- [7] 2008-04-14 17:20 33792 36F3AB18B1BE303DA51DE90A67DE3942 c:\windows\ServicePackFiles\i386\msgsvc.dll c:\windows\system32\msgsvc.dll ... - brak elementu !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Pml Driver HPZ12"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\PS3 Media Server\\PMS.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 viaxraid;viaxraid;c:\windows\system32\drivers\viaxraid.sys [2007-10-17 94208] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720] R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2007-07-06 906368] S0 viaxbus;viaxbus; [x] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-11-08 93056] S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-11-08 4992] S3 P1370Vfx;P1370Vfx;c:\windows\system32\drivers\P1370Vfx.sys [2008-11-08 6272] S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-11-08 297792] . Zawartość folderu 'Zaplanowane zadania' 2009-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 12:56] . - - - - USUNIĘTO PUSTE WPISY - - - - Notify-klogon - (no file) . ------- Skan uzupełniający ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://192.168.1.254/ Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi FF - ProfilePath - c:\documents and settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\nj652gi8.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=5doEriBGV05Qq5WG5pqAgA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - plugin: c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-23 12:55 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-08-23 12:57 ComboFix-quarantined-files.txt 2009-08-23 11:57 Przed: 1 685 241 856 bajtów wolnych Po: 1 627 443 200 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4 247 --- E O F --- 2009-08-13 22:18
Gość komentarz 23 sierpnia 2009 komentarz 23 sierpnia 2009 Wklej do Notatnika: Driver:: viaxbus FCopy:: c:\windows\ServicePackFiles\i386\msgsvc.dll | c:\windows\system32\msgsvc.dll Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32] >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox. .
babel komentarz 23 sierpnia 2009 Autor komentarz 23 sierpnia 2009 ok...zrobiłem wszystko jak w/w. Program usunąłem ręcznie i to jest ten nowy log... Log do sprawdzenia ComboFix 09-08-22.06 - Tomek 2009-08-23 13:39.2.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.883 [GMT 1:00] Uruchomiony z: f:\dokumenty\Pobieranie\ComboFix.exe Użyto następujących komend :: f:\dokumenty\Pobieranie\CFScript.txt * Rezydentny antywirus jest aktywny . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\msgsvc.dll --> c:\windows\system32\msgsvc.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_viaxbus ((((((((((((((((((((((((( Pliki utworzone od 2009-07-23 do 2009-08-23 ))))))))))))))))))))))))))))))) . 2009-08-23 12:39 . 2008-04-14 17:20 33792 -c--a-w- c:\windows\system32\msgsvc.dll 2009-08-23 12:39 . 2008-04-14 17:20 33792 -c--a-w- c:\windows\system32\dllcache\msgsvc.dll 2009-08-23 11:50 . 2009-08-23 11:50 -------- dc----w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\ESET 2009-08-23 07:34 . 2009-08-23 07:34 -------- dc----w- c:\program files\ESET 2009-08-23 07:34 . 2009-08-23 07:34 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\ESET 2009-08-19 07:02 . 2009-08-19 07:02 -------- dc----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Mozilla 2009-08-16 10:36 . 2009-08-16 10:39 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\GetRightToGo . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-23 07:43 . 2008-03-21 12:04 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-08-23 07:32 . 2008-04-29 16:41 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\BitTorrent 2009-08-21 14:58 . 2008-03-05 00:36 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\Skype 2009-08-21 14:57 . 2008-03-05 00:42 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\skypePM 2009-08-15 07:41 . 2001-10-26 20:15 94928 ----a-w- c:\windows\system32\perfc015.dat 2009-08-15 07:41 . 2001-10-26 20:15 515416 ----a-w- c:\windows\system32\perfh015.dat 2009-08-08 07:48 . 2008-02-29 19:38 -------- dc-h--w- c:\program files\InstallShield Installation Information 2009-08-05 09:01 . 2004-08-04 02:44 205312 -c--a-w- c:\windows\system32\mswebdvd.dll 2009-07-30 07:50 . 2009-07-21 07:34 -------- dc----w- c:\program files\Nowe Gadu-Gadu 2009-07-27 06:04 . 2009-05-21 18:33 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\Vso 2009-07-17 19:04 . 2004-08-04 02:43 58880 -c--a-w- c:\windows\system32\atl.dll 2009-07-16 18:00 . 2009-07-16 18:00 -------- dc----w- c:\program files\MKVtoolnix 2009-07-16 15:49 . 2009-07-16 15:49 -------- dc----w- c:\program files\CombinedCommunityCodecPack 2009-07-13 22:43 . 2007-10-08 23:34 286208 -c--a-w- c:\windows\system32\wmpdxm.dll 2009-06-30 19:00 . 2009-06-29 18:41 -------- dc----w- c:\program files\PS3 Media Server 2009-06-30 16:16 . 2009-06-30 16:16 -------- dc----w- c:\program files\Convar 2009-06-29 16:14 . 2007-07-13 22:56 828928 -c----w- c:\windows\system32\wininet.dll 2009-06-29 16:14 . 2007-10-08 23:35 78336 -c--a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:14 . 2007-10-08 23:51 17408 -c--a-w- c:\windows\system32\corpol.dll 2009-06-25 12:24 . 2009-05-30 12:05 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2009-06-16 14:40 . 2007-10-08 23:56 119808 -c--a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2007-10-08 23:56 81920 -c--a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:45 . 2005-05-11 06:33 78336 -c--a-w- c:\windows\system32\telnet.exe 2009-06-15 10:45 . 2004-08-04 02:44 82944 -c--a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:15 . 2004-08-04 02:43 84992 -c--a-w- c:\windows\system32\avifil32.dll 2009-06-10 08:22 . 2008-02-29 18:02 2066432 -c--a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2007-10-08 23:58 132096 -c--a-w- c:\windows\system32\wkssvc.dll 2009-06-08 17:45 . 2009-02-28 15:16 32152 -c--a-w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-06-03 19:11 . 2007-10-08 23:56 1294848 -c--a-w- c:\windows\system32\quartz.dll 2009-05-28 09:23 . 2009-05-28 09:23 42088 -c--a-w- c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-05-28 08:34 . 2009-05-28 08:34 11264 -c--a-w- c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-23_11.55.07 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-23 12:45 . 2009-08-23 12:45 16384 c:\windows\Temp\Perflib_Perfdata_368.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Pml Driver HPZ12"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\PS3 Media Server\\PMS.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 viaxraid;viaxraid;c:\windows\system32\drivers\viaxraid.sys [2007-10-17 94208] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720] R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2007-07-06 906368] S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?] S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-11-08 93056] S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-11-08 4992] S3 P1370Vfx;P1370Vfx;c:\windows\system32\drivers\P1370Vfx.sys [2008-11-08 6272] S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-11-08 297792] . Zawartość folderu 'Zaplanowane zadania' 2009-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 12:56] . . ------- Skan uzupełniający ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://192.168.1.254/ Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi FF - ProfilePath - c:\documents and settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\nj652gi8.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=5doEriBGV05Qq5WG5pqAgA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - plugin: c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-23 13:45 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(4040) c:\windows\system32\WININET.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\rundll32.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Czas ukończenia: 2009-08-23 13:50 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-08-23 12:50 ComboFix2.txt 2009-08-23 11:57 Przed: 1 651 027 968 bajtów wolnych Po: 1 561 980 928 bajtów wolnych 236 --- E O F --- 2009-08-13 22:18
Gość komentarz 23 sierpnia 2009 komentarz 23 sierpnia 2009 Log wygląda na czysty. 1. Odpal OTL i wywołaj go z opcji CleanUp, zgódź się na czyszczenie + restart komputera. 2. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. .
babel komentarz 23 sierpnia 2009 Autor komentarz 23 sierpnia 2009 ok trochę to trwało ale w końcu jakoś poszło...a tak w ogóle to wielkie dzięki za pomoc... Log do sprawdzenia Malwarebytes' Anti-Malware 1.40Wersja bazy definicji: 2682 Windows 5.1.2600 Dodatek Service Pack 3 2009-08-23 17:03:49 mbam-log-2009-08-23 (17-03-49).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|) Przeskanowane obiekty: 151469 Upłynęło: 1 hour(s), 3 minute(s), 52 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 10 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 1 Zainfekowane foldery: 0 Zainfekowane pliki: 0 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: (Nie wykryto groźnych plików)
babel komentarz 23 sierpnia 2009 Autor komentarz 23 sierpnia 2009 W takim razie dziękuje Ci bardzo za poświęcony czas i chęci.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.