x-kom hosting

Logi do sprawdzenia

babel
utworzono
utworzono (edytowane)

Hej mam prosbe, czy moglby ktos sprawdzic mi logi w to piekne niedzielne popoludnie. Komp pobiera mi 100% procka... zablokowalem niektore niepotrzebne procesy ale dalej wole sie juz nie bawic...

Log do sprawdzenia
OTL logfile created on: 2009-08-23 11:25:04 - Run 2

OTL by OldTimer - Version 3.0.10.7 Folder = F:\Dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,50 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 59,63% Memory free

2,60 Gb Paging File | 2,23 Gb Available in Paging File | 85,54% Paging File free

Paging file location(s): C:\pagefile.sys 1280 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 9,77 Gb Total Space | 1,65 Gb Free Space | 16,85% Space Free | Partition Type: NTFS

Drive D: | 39,07 Gb Total Space | 4,86 Gb Free Space | 12,43% Space Free | Partition Type: NTFS

Drive E: | 39,07 Gb Total Space | 6,02 Gb Free Space | 15,41% Space Free | Partition Type: NTFS

Drive F: | 23,87 Gb Total Space | 7,89 Gb Free Space | 33,03% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: 27F2D3C7C41748E

Current User Name: Tomek

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2007-04-16 16:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2008-06-10 13:56:32 | 01,406,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe

PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009-02-06 14:23:12 | 02,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2008-05-16 15:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2009-08-20 21:01:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008-04-14 18:21:44 | 00,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe

PRC - [2009-08-23 10:43:50 | 00,514,048 | ---- | M] (OldTimer Tools) -- F:\Dokumenty\Pobieranie\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008-07-25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2008-07-25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2009-02-06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])

SRV - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])

SRV - [2008-07-29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008-04-14 18:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2008-07-29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - File not found -- -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])

SRV - [2002-12-17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])

SRV - [2007-04-13 22:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])

SRV - [2008-07-29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2007-05-16 10:27:28 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])

SRV - [2008-05-16 15:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [unknown | Stopped])

SRV - File not found -- -- (RichVideo [Auto | Stopped])

SRV - [2008-08-07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])

SRV - File not found -- -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])

SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007-07-06 13:00:00 | 00,906,368 | ---- | M] (NXP Semiconductors Germany GmbH) -- C:\WINDOWS\System32\DRIVERS\3xHybrid.sys -- (3xHybrid [On_Demand | Running])

DRV - [2008-09-24 11:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

DRV - [2006-06-19 00:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running])

DRV - [2009-02-06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])

DRV - [2009-02-06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [system | Running])

DRV - [2009-02-06 14:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running])

DRV - [2006-04-13 01:04:40 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

DRV - [2006-04-13 01:04:40 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

DRV - [2006-04-13 01:04:40 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

DRV - [2008-04-13 20:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])

DRV - [2008-05-16 15:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2005-12-05 01:29:34 | 00,093,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\Drivers\P1370Aud.sys -- (P1370Aud [On_Demand | Stopped])

DRV - [2005-12-06 01:58:58 | 00,004,992 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\Drivers\P1370Aul.sys -- (P1370Aul [On_Demand | Stopped])

DRV - [2006-03-24 09:24:32 | 00,006,272 | R--- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\System32\DRIVERS\P1370Vfx.sys -- (P1370Vfx [On_Demand | Stopped])

DRV - [2006-06-20 08:39:28 | 00,297,792 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\P1370Vid.sys -- (P1370VID [On_Demand | Stopped])

DRV - [2007-09-17 15:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])

DRV - [2009-01-21 00:00:04 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])

DRV - [2008-06-10 14:04:28 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])

DRV - [2001-08-18 02:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2007-07-12 12:49:16 | 00,096,384 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])

DRV - [2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2008-06-09 18:11:19 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2008-04-13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])

DRV - [2003-07-02 05:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1 [boot | Running])

DRV - [2004-07-06 23:45:42 | 00,060,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid [boot | Running])

DRV - [2007-10-17 19:23:46 | 00,094,208 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\System32\drivers\viaxraid.sys -- (viaxraid [boot | Running])

DRV - [2006-10-17 21:22:26 | 00,009,216 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32 [boot | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]

IE - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\S-1-5-21-1177238915-1844823847-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"

FF - prefs.js..browser.startup.homepage: "http://www.gazeta.pl/0,0.html"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.4

FF - prefs.js..extensions.enabledItems: youplayer@addons.mozilla.org:0.9.8

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=5doEriBGV05Qq5WG5pqAgA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-06-28 22:23:12 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-29 00:18:28 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-20 21:01:17 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-20 21:01:17 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008-08-27 08:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Extensions

[2008-08-27 08:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-08-22 22:00:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions

[2009-06-29 11:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2008-08-27 08:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}

[2009-08-19 21:38:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2009-08-13 19:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2008-11-08 10:00:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\bkmrksync@nokia.com

[2008-09-26 12:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2008-05-31 19:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\mozilla\Firefox\Profiles\nj652gi8.default\extensions\youplayer@addons.mozilla.org

[2008-06-09 18:13:51 | 00,002,921 | ---- | M] () -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\FireFox\Profiles\nj652gi8.default\searchplugins\daemon-search.xml

[2009-07-10 06:48:51 | 00,009,941 | ---- | M] () -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\FireFox\Profiles\nj652gi8.default\searchplugins\mywebsearch.xml

[2009-08-22 22:00:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-08-20 21:01:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-01-29 00:18:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2009-04-02 17:40:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009-08-20 21:00:59 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-08-20 21:00:59 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2007-04-10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll

[2008-12-05 23:52:44 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll

[2008-09-04 01:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

[2009-03-09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009-02-06 13:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll

[2009-08-20 21:01:05 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2009-02-12 13:52:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009-02-12 13:52:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009-02-12 13:52:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009-02-12 13:52:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009-02-12 13:52:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009-02-12 13:52:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009-02-12 13:52:49 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009-08-20 21:01:08 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2009-08-20 21:01:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-08-20 21:01:08 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-08-20 21:01:08 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-08-20 21:01:08 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-08-20 21:01:08 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-08-20 21:01:08 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (228606 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.1001-search.info

O1 - Hosts: 127.0.0.1 1001-search.info

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 8018 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1

O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1

O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1

O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\..Trusted Domains: com.tw ([asia.msi] http in Zaufane witryny)

O15 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\..Trusted Domains: com.tw ([global.msi] http in Zaufane witryny)

O15 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\..Trusted Domains: com.tw ([www.msi] http in Zaufane witryny)

O15 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\..Trusted Domains: internet ([]about in Internet)

O15 - HKU\S-1-5-21-1177238915-1844823847-725345543-1003\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Tomek/USTAWI~1/Temp/msoclip1/01/clip_image002.jpg

O24 - Desktop Components:1 (Bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-05-31 10:46:21 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{98575291-c3b2-11dd-9b6b-001109dda565}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]

[2009-08-23 10:00:37 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\HijackThis.lnk

[2009-08-23 09:48:15 | 00,000,000 | ---D | C] -- F:\Dokumenty\Pobieranie

[2009-08-23 08:34:24 | 00,000,000 | ---D | C] -- C:\Program Files\ESET

[2009-08-23 08:34:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2009-08-20 16:40:26 | 00,461,846 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\PDF2.pdf

[2009-08-20 16:10:22 | 00,461,830 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\PDF.pdf

[2009-08-20 14:14:07 | 00,010,042 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\(32-bit)_ESET_NOD32_Antivirus_4.0.314_-serial_incl.4946717.TPB.torrent

[2009-08-16 19:01:39 | 00,148,527 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\watch.htm

[2009-08-16 11:36:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\GetRightToGo

[2009-08-08 08:19:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009-08-06 18:10:20 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\GG.lnk

[2009-06-30 17:16:04 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2009-02-28 19:41:14 | 00,009,760 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll

[2009-02-28 19:41:10 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2009-01-04 14:05:23 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2008-10-12 09:55:25 | 00,001,047 | ---- | C] () -- C:\WINDOWS\GTA-SA_Trn_Settings.ini

[2008-09-30 16:18:56 | 00,000,797 | ---- | C] () -- C:\WINDOWS\VPlayer.INI

[2008-08-02 14:50:35 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2008-07-07 22:29:43 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll.off

[2008-07-07 22:29:43 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll.off

[2008-07-05 20:52:14 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2008-06-09 18:11:18 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008-06-03 14:19:46 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008-05-03 05:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008-05-03 05:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008-05-03 05:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008-05-03 05:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008-05-03 05:46:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008-05-01 21:15:11 | 00,000,635 | ---- | C] () -- C:\WINDOWS\Sof.INI

[2008-03-20 20:06:05 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2008-03-08 12:22:55 | 00,002,918 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2008-03-02 22:56:47 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008-03-02 17:59:36 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008-01-31 18:18:14 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys

[2007-10-17 19:20:23 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2001-07-22 03:16:20 | 00,000,562 | ---- | C] () -- C:\WINDOWS\win.ini

[2001-07-22 03:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2001-07-07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009-08-23 10:00:38 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\HijackThis.lnk

[2009-08-23 08:49:44 | 00,181,834 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-08-23 08:49:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-08-23 08:49:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-08-23 08:49:35 | 16,100,10624 | -HS- | M] () -- C:\hiberfil.sys

[2009-08-23 08:30:12 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009-08-22 20:13:44 | 00,080,384 | ---- | M] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-08-22 12:08:48 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-08-21 15:57:36 | 00,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2009-08-20 16:40:26 | 00,461,846 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\PDF2.pdf

[2009-08-20 16:10:22 | 00,461,830 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\PDF.pdf

[2009-08-20 14:14:08 | 00,010,042 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\(32-bit)_ESET_NOD32_Antivirus_4.0.314_-serial_incl.4946717.TPB.torrent

[2009-08-17 09:54:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009-08-16 19:01:39 | 00,148,527 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\watch.htm

[2009-08-15 08:41:52 | 00,515,416 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2009-08-15 08:41:52 | 00,456,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-08-15 08:41:52 | 00,094,928 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2009-08-15 08:41:52 | 00,077,610 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-08-15 08:41:50 | 01,158,994 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-08-11 11:32:26 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-08-08 10:24:23 | 00,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini

[2009-08-08 09:34:12 | 15,381,136 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Tomek\Pulpit\Launch.exe

[2009-08-08 08:30:37 | 00,000,562 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-08-08 08:30:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-08-08 08:30:37 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2009-08-08 08:21:59 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\CCleaner.lnk

[2009-08-06 18:10:20 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\GG.lnk

[2009-08-05 10:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll

[2009-08-05 10:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll

[2009-07-30 01:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009-07-29 10:49:55 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2009-07-27 23:27:56 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx

[2009-07-27 07:04:56 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Tomek\Dane aplikacji\vso_ts_preview.xml

========== LOP Check ==========

[2009-08-23 08:34:24 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji

[2009-05-03 08:39:38 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{203DB912-4B39-4636-930F-102CFD1E9177}

[2009-02-15 11:48:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

[2009-02-15 11:49:51 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{D5ABFFAD-D592-4F98-B02B-587125B4801F}

[2008-03-08 13:21:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead

[2008-03-14 18:21:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink

[2008-03-05 01:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations

[2009-06-06 19:57:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DriverScanner

[2009-08-23 08:34:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2008-11-08 09:16:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations

[2009-01-10 14:04:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla

[2008-05-31 10:45:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\muvee Technologies

[2009-06-25 13:24:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2008-12-29 01:50:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks

[2009-01-21 07:31:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\vsosdk

[2008-02-29 19:51:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji

[2009-02-15 10:31:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji

[2008-02-29 19:51:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\MasterAdmin\Dane aplikacji

[2009-08-19 08:05:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji

[2009-08-16 11:36:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji

[2009-01-24 12:45:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\.purple

[2008-03-14 19:02:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Ahead

[2009-08-23 08:32:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\BitTorrent

[2008-06-09 18:11:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\DAEMON Tools

[2009-02-15 11:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\DNA

[2008-03-01 16:46:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Gadu-Gadu

[2009-08-16 11:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\GetRightToGo

[2009-06-15 14:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\LG Electronics

[2008-05-31 11:23:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\muvee Technologies

[2008-09-16 15:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\NetMedia Providers

[2009-05-30 13:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu

[2009-05-30 13:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\OpenFM

[2008-09-16 15:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Publish Providers

[2008-05-28 13:38:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\SecuROM

[2009-02-15 11:50:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\uniblue

[2008-11-30 10:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\uTorrent

[2009-07-27 07:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Vso

[2009-08-17 09:54:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2001-07-22 03:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-02-28 19:49:33 | 00,000,290 | -H-- | M] () -- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

[2009-08-23 08:49:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\svchost.exe:SummaryInformation

< End of report >

Gość
komentarz
komentarz
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\svchost.exe:SummaryInformation

Użyj ComboFixa i wklej z niego log.

.

babel
komentarz
komentarz

ok...

Log do sprawdzenia
ComboFix 09-08-22.06 - Tomek 2009-08-23 12:50.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.981 [GMT 1:00]

Uruchomiony z: f:\dokumenty\Pobieranie\ComboFix.exe

* Rezydentny antywirus jest aktywny

.

ADS - svchost.exe: deleted 88 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Tomek\Dane aplikacji\inst.exe

c:\windows\Installer\11ba9fb.msi

c:\windows\Installer\18896e.msi

c:\windows\Installer\18896f.msi

c:\windows\Installer\188970.msi

c:\windows\Installer\188971.msi

c:\windows\Installer\188972.msi

c:\windows\Installer\188973.msi

c:\windows\Installer\202994.msi

c:\windows\Installer\202995.msi

c:\windows\Installer\202996.msi

c:\windows\Installer\202997.msi

c:\windows\Installer\202998.msi

c:\windows\Installer\202999.msi

c:\windows\Installer\20299a.msi

c:\windows\Installer\20299b.msi

c:\windows\Installer\20299c.msi

c:\windows\Installer\24d104.msi

c:\windows\Installer\24d109.msi

c:\windows\Installer\550aef.msi

c:\windows\Installer\58a55.msi

c:\windows\Installer\833d79.msi

c:\windows\Installer\833d7a.msi

c:\windows\Installer\833d7b.msi

c:\windows\Installer\90207.msi

c:\windows\Installer\90208.msi

.

((((((((((((((((((((((((( Pliki utworzone od 2009-07-23 do 2009-08-23 )))))))))))))))))))))))))))))))

.

2009-08-23 11:50 . 2009-08-23 11:50 -------- dc----w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\ESET

2009-08-23 07:34 . 2009-08-23 07:34 -------- dc----w- c:\program files\ESET

2009-08-23 07:34 . 2009-08-23 07:34 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\ESET

2009-08-19 07:02 . 2009-08-19 07:02 -------- dc----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Mozilla

2009-08-16 10:36 . 2009-08-16 10:39 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\GetRightToGo

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-23 07:43 . 2008-03-21 12:04 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-08-23 07:32 . 2008-04-29 16:41 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\BitTorrent

2009-08-21 14:58 . 2008-03-05 00:36 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\Skype

2009-08-21 14:57 . 2008-03-05 00:42 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\skypePM

2009-08-15 07:41 . 2001-10-26 20:15 94928 ----a-w- c:\windows\system32\perfc015.dat

2009-08-15 07:41 . 2001-10-26 20:15 515416 ----a-w- c:\windows\system32\perfh015.dat

2009-08-08 07:48 . 2008-02-29 19:38 -------- dc-h--w- c:\program files\InstallShield Installation Information

2009-08-05 09:01 . 2004-08-04 02:44 205312 -c--a-w- c:\windows\system32\mswebdvd.dll

2009-07-30 07:50 . 2009-07-21 07:34 -------- dc----w- c:\program files\Nowe Gadu-Gadu

2009-07-27 06:04 . 2009-05-21 18:33 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\Vso

2009-07-17 19:04 . 2004-08-04 02:43 58880 -c--a-w- c:\windows\system32\atl.dll

2009-07-16 18:00 . 2009-07-16 18:00 -------- dc----w- c:\program files\MKVtoolnix

2009-07-16 15:49 . 2009-07-16 15:49 -------- dc----w- c:\program files\CombinedCommunityCodecPack

2009-07-13 22:43 . 2007-10-08 23:34 286208 -c--a-w- c:\windows\system32\wmpdxm.dll

2009-06-30 19:00 . 2009-06-29 18:41 -------- dc----w- c:\program files\PS3 Media Server

2009-06-30 16:16 . 2009-06-30 16:16 -------- dc----w- c:\program files\Convar

2009-06-29 16:14 . 2007-07-13 22:56 828928 -c--a-w- c:\windows\system32\wininet.dll

2009-06-29 16:14 . 2007-10-08 23:35 78336 -c--a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:14 . 2007-10-08 23:51 17408 -c--a-w- c:\windows\system32\corpol.dll

2009-06-25 12:24 . 2009-05-30 12:05 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM

2009-06-16 14:40 . 2007-10-08 23:56 119808 -c--a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2007-10-08 23:56 81920 -c--a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:45 . 2005-05-11 06:33 78336 -c--a-w- c:\windows\system32\telnet.exe

2009-06-15 10:45 . 2004-08-04 02:44 82944 -c--a-w- c:\windows\system32\tlntsess.exe

2009-06-10 14:15 . 2004-08-04 02:43 84992 -c--a-w- c:\windows\system32\avifil32.dll

2009-06-10 08:22 . 2008-02-29 18:02 2066432 -c--a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:16 . 2007-10-08 23:58 132096 -c--a-w- c:\windows\system32\wkssvc.dll

2009-06-08 17:45 . 2009-02-28 15:16 32152 -c--a-w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-06-03 19:11 . 2007-10-08 23:56 1294848 -c--a-w- c:\windows\system32\quartz.dll

2009-05-28 09:23 . 2009-05-28 09:23 42088 -c--a-w- c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

2009-05-28 08:34 . 2009-05-28 08:34 11264 -c--a-w- c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll

.

------- Sigcheck -------

[7] 2008-04-14 17:20 33792 36F3AB18B1BE303DA51DE90A67DE3942 c:\windows\ServicePackFiles\i386\msgsvc.dll

c:\windows\system32\msgsvc.dll ... - brak elementu !!

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Pml Driver HPZ12"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\PS3 Media Server\\PMS.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 viaxraid;viaxraid;c:\windows\system32\drivers\viaxraid.sys [2007-10-17 94208]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]

R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2007-07-06 906368]

S0 viaxbus;viaxbus; [x]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-11-08 93056]

S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-11-08 4992]

S3 P1370Vfx;P1370Vfx;c:\windows\system32\drivers\P1370Vfx.sys [2008-11-08 6272]

S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-11-08 297792]

.

Zawartość folderu 'Zaplanowane zadania'

2009-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 12:56]

.

- - - - USUNIĘTO PUSTE WPISY - - - -

Notify-klogon - (no file)

.

------- Skan uzupełniający -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://192.168.1.254/

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

Trusted Zone: com.tw\www.msi

FF - ProfilePath - c:\documents and settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\nj652gi8.default\

FF - prefs.js: browser.search.selectedEngine - MyWebSearch

FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html

FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=5doEriBGV05Qq5WG5pqAgA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=

FF - plugin: c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-23 12:55

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2009-08-23 12:57

ComboFix-quarantined-files.txt 2009-08-23 11:57

Przed: 1 685 241 856 bajtów wolnych

Po: 1 627 443 200 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

247 --- E O F --- 2009-08-13 22:18

Gość
komentarz
komentarz

Wklej do Notatnika:

Driver::

viaxbus

FCopy::

c:\windows\ServicePackFiles\i386\msgsvc.dll | c:\windows\system32\msgsvc.dll

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32]

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

.

babel
komentarz
komentarz

ok...zrobiłem wszystko jak w/w. Program usunąłem ręcznie i to jest ten nowy log...

Log do sprawdzenia
ComboFix 09-08-22.06 - Tomek 2009-08-23 13:39.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.883 [GMT 1:00]

Uruchomiony z: f:\dokumenty\Pobieranie\ComboFix.exe

Użyto następujących komend :: f:\dokumenty\Pobieranie\CFScript.txt

* Rezydentny antywirus jest aktywny

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\msgsvc.dll --> c:\windows\system32\msgsvc.dll

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_viaxbus

((((((((((((((((((((((((( Pliki utworzone od 2009-07-23 do 2009-08-23 )))))))))))))))))))))))))))))))

.

2009-08-23 12:39 . 2008-04-14 17:20 33792 -c--a-w- c:\windows\system32\msgsvc.dll

2009-08-23 12:39 . 2008-04-14 17:20 33792 -c--a-w- c:\windows\system32\dllcache\msgsvc.dll

2009-08-23 11:50 . 2009-08-23 11:50 -------- dc----w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\ESET

2009-08-23 07:34 . 2009-08-23 07:34 -------- dc----w- c:\program files\ESET

2009-08-23 07:34 . 2009-08-23 07:34 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\ESET

2009-08-19 07:02 . 2009-08-19 07:02 -------- dc----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Mozilla

2009-08-16 10:36 . 2009-08-16 10:39 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\GetRightToGo

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-23 07:43 . 2008-03-21 12:04 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-08-23 07:32 . 2008-04-29 16:41 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\BitTorrent

2009-08-21 14:58 . 2008-03-05 00:36 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\Skype

2009-08-21 14:57 . 2008-03-05 00:42 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\skypePM

2009-08-15 07:41 . 2001-10-26 20:15 94928 ----a-w- c:\windows\system32\perfc015.dat

2009-08-15 07:41 . 2001-10-26 20:15 515416 ----a-w- c:\windows\system32\perfh015.dat

2009-08-08 07:48 . 2008-02-29 19:38 -------- dc-h--w- c:\program files\InstallShield Installation Information

2009-08-05 09:01 . 2004-08-04 02:44 205312 -c--a-w- c:\windows\system32\mswebdvd.dll

2009-07-30 07:50 . 2009-07-21 07:34 -------- dc----w- c:\program files\Nowe Gadu-Gadu

2009-07-27 06:04 . 2009-05-21 18:33 -------- dc----w- c:\documents and settings\Tomek\Dane aplikacji\Vso

2009-07-17 19:04 . 2004-08-04 02:43 58880 -c--a-w- c:\windows\system32\atl.dll

2009-07-16 18:00 . 2009-07-16 18:00 -------- dc----w- c:\program files\MKVtoolnix

2009-07-16 15:49 . 2009-07-16 15:49 -------- dc----w- c:\program files\CombinedCommunityCodecPack

2009-07-13 22:43 . 2007-10-08 23:34 286208 -c--a-w- c:\windows\system32\wmpdxm.dll

2009-06-30 19:00 . 2009-06-29 18:41 -------- dc----w- c:\program files\PS3 Media Server

2009-06-30 16:16 . 2009-06-30 16:16 -------- dc----w- c:\program files\Convar

2009-06-29 16:14 . 2007-07-13 22:56 828928 -c----w- c:\windows\system32\wininet.dll

2009-06-29 16:14 . 2007-10-08 23:35 78336 -c--a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:14 . 2007-10-08 23:51 17408 -c--a-w- c:\windows\system32\corpol.dll

2009-06-25 12:24 . 2009-05-30 12:05 -------- dc----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM

2009-06-16 14:40 . 2007-10-08 23:56 119808 -c--a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2007-10-08 23:56 81920 -c--a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:45 . 2005-05-11 06:33 78336 -c--a-w- c:\windows\system32\telnet.exe

2009-06-15 10:45 . 2004-08-04 02:44 82944 -c--a-w- c:\windows\system32\tlntsess.exe

2009-06-10 14:15 . 2004-08-04 02:43 84992 -c--a-w- c:\windows\system32\avifil32.dll

2009-06-10 08:22 . 2008-02-29 18:02 2066432 -c--a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:16 . 2007-10-08 23:58 132096 -c--a-w- c:\windows\system32\wkssvc.dll

2009-06-08 17:45 . 2009-02-28 15:16 32152 -c--a-w- c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-06-03 19:11 . 2007-10-08 23:56 1294848 -c--a-w- c:\windows\system32\quartz.dll

2009-05-28 09:23 . 2009-05-28 09:23 42088 -c--a-w- c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

2009-05-28 08:34 . 2009-05-28 08:34 11264 -c--a-w- c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-08-23_11.55.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-23 12:45 . 2009-08-23 12:45 16384 c:\windows\Temp\Perflib_Perfdata_368.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-06-29 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Pml Driver HPZ12"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Program Files\\PS3 Media Server\\PMS.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 viaxraid;viaxraid;c:\windows\system32\drivers\viaxraid.sys [2007-10-17 94208]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]

R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [2007-07-06 906368]

S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-11-08 93056]

S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-11-08 4992]

S3 P1370Vfx;P1370Vfx;c:\windows\system32\drivers\P1370Vfx.sys [2008-11-08 6272]

S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-11-08 297792]

.

Zawartość folderu 'Zaplanowane zadania'

2009-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 12:56]

.

.

------- Skan uzupełniający -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://192.168.1.254/

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

Trusted Zone: com.tw\www.msi

FF - ProfilePath - c:\documents and settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\nj652gi8.default\

FF - prefs.js: browser.search.selectedEngine - MyWebSearch

FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html

FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJfox000&fl=0&ptb=5doEriBGV05Qq5WG5pqAgA&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=

FF - plugin: c:\documents and settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-23 13:45

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(4040)

c:\windows\system32\WININET.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\rundll32.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Czas ukończenia: 2009-08-23 13:50 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-08-23 12:50

ComboFix2.txt 2009-08-23 11:57

Przed: 1 651 027 968 bajtów wolnych

Po: 1 561 980 928 bajtów wolnych

236 --- E O F --- 2009-08-13 22:18

Gość
komentarz
komentarz

Log wygląda na czysty.

1. Odpal OTL i wywołaj go z opcji CleanUp, zgódź się na czyszczenie + restart komputera.

2. Użyj programu Malwarebytes.

Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok.

Wrzuć wygenerowany raport po usuwaniu MBAMem.

.

babel
komentarz
komentarz

ok trochę to trwało ale w końcu jakoś poszło...a tak w ogóle to wielkie dzięki za pomoc...

Log do sprawdzenia
Malwarebytes' Anti-Malware 1.40

Wersja bazy definicji: 2682

Windows 5.1.2600 Dodatek Service Pack 3

2009-08-23 17:03:49

mbam-log-2009-08-23 (17-03-49).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|)

Przeskanowane obiekty: 151469

Upłynęło: 1 hour(s), 3 minute(s), 52 second(s)

Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 10

Zainfekowane wartości rejestru: 0

Zainfekowane pliki rejestru: 1

Zainfekowane foldery: 0

Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:

(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Zainfekowane foldery:

(Nie wykryto groźnych plików)

Zainfekowane pliki:

(Nie wykryto groźnych plików)

Gość
komentarz
komentarz

W takim razie jest OK. :)

.

babel
komentarz
komentarz

W takim razie dziękuje Ci bardzo za poświęcony czas i chęci. :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.