Kojo utworzono 26 sierpnia 2009 utworzono 26 sierpnia 2009 Witam, Postanowiłam wziąć się za sprzątanie dysku, gdyż w kwarantannie zalega mi już trochę różnego robactwa itp. Ostatnio wpakowało mi się na 7 trojanów(Win32/TrojanDownloader.Bredolab.AA) jeden po drugim, które NOD32 od razu wykrył i przerzucił do kwarantanny. Jako że zupełnie nie znam się na ich usuwaniu byłabym wdzięczna za pomoc w pozbyciu się ich:) Dołączam zrzut z kwarantanny do pozostałego robactwa i loga z OTL: Log do sprawdzenia OTL logfile created on: 2009-08-26 22:23:44 - Run 2 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 275,72 Gb Free Space | 92,50% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LIWI-56CBBA89C6 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2002-12-31 14:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-08-10 09:21:56 | 16,384,000 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2007-05-30 14:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\AVG Anti-Spyware 7.5\guard.exe PRC - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2007-11-06 11:30:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2005-01-10 13:10:38 | 00,729,088 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe PRC - [2002-12-31 14:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2009-08-26 21:27:16 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2007-05-30 14:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [1999-12-12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Disabled | Stopped]) SRV - [2009-02-06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) SRV - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running]) SRV - [2002-12-31 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2007-05-15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Disabled | Stopped]) SRV - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running]) SRV - [2007-04-13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) SRV - [2007-05-08 19:47:22 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped]) SRV - [2007-11-06 11:30:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2005-08-08 06:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Disabled | Stopped]) SRV - [2005-01-10 13:10:38 | 00,729,088 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe -- (TabletService [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running]) DRV - [2006-11-01 14:42:14 | 00,033,280 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\System32\DRIVERS\AmdLLD.sys -- (AmdLLD [On_Demand | Running]) DRV - [2007-05-30 14:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [system | Running]) DRV - [2007-05-30 14:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys -- (AvgAsCln [system | Running]) DRV - [2007-04-17 14:42:00 | 00,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter [On_Demand | Stopped]) DRV - [2009-02-06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running]) DRV - [2009-02-06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [system | Running]) DRV - [2009-02-06 14:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running]) DRV - [2007-08-16 11:49:14 | 00,155,792 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\FTT3.sys -- (FTT3 [boot | Running]) DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-05-15 15:55:36 | 00,118,576 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running]) DRV - [2007-05-15 15:55:36 | 00,037,040 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass [system | Running]) DRV - [2007-05-15 15:55:36 | 00,038,576 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (incdrm [system | Running]) DRV - [2007-08-10 07:52:44 | 04,603,904 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2007-11-06 11:30:00 | 07,429,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running]) DRV - [2003-08-04 14:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped]) DRV - [2001-04-09 14:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass [boot | Running]) DRV - [2002-12-31 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2007-05-31 09:19:22 | 00,096,896 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running]) DRV - [2007-10-18 00:09:08 | 00,051,200 | ---- | M] (Your Corporation) -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys -- (RushTopDevice2 [On_Demand | Stopped]) DRV - [2002-12-31 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2004-09-14 22:19:56 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped]) DRV - [2007-01-25 17:45:02 | 00,006,784 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\whfltr2k.sys -- (whfltr2k [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\S-1-5-21-1482476501-746137067-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://onet.pl" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ea9be299-129b-4c3c-8876-d98c18c2fd39}:0.9.6 FF - prefs.js..extensions.enabledItems: {C4A808D2-254E-4039-832A-C75B72FBA2DA}:0.6.20080306 FF - prefs.js..extensions.enabledItems: {9E1A1CD4-8916-4951-AAB4-2D4497FDFD90}:0.5.20071013 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-26 19:26:43 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-09 13:56:29 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-09 13:56:29 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2008-08-27 14:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions [2008-08-27 14:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-08-26 21:08:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions [2008-08-16 00:27:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0} [2008-08-16 15:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{9E1A1CD4-8916-4951-AAB4-2D4497FDFD90} [2008-08-16 15:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{C4A808D2-254E-4039-832A-C75B72FBA2DA} [2009-08-26 21:08:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009-07-01 15:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{ea9be299-129b-4c3c-8876-d98c18c2fd39} [2008-06-09 21:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\pbreak.br@gmail.com [2009-08-26 21:08:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-08-09 13:56:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-03-26 19:26:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-08-26 19:42:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-09 13:56:23 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-08-09 13:56:23 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-07-25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-02-24 21:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2007-02-04 23:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2009-08-09 13:56:25 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007-05-10 22:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-07-20 13:39:10 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-07-20 13:39:10 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-07-20 13:39:10 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-07-20 13:39:10 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-07-20 13:39:10 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-07-20 13:39:10 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-07-20 13:39:10 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - No CLSID value found. O3 - HKU\S-1-5-21-1482476501-746137067-839522115-500\..\Toolbar\WebBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - No CLSID value found. O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe () O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TabUserW.exe.lnk = C:\WINDOWS\System32\WTablet\TabUserW.exe (Wacom Technology, Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} http://install.anark.com/client/version4/windows-ie/en/AMClient.cab (Reg Error: Key error.) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab (CKAVWebScan Object) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 217.98.63.164 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-06-04 20:18:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009-08-26 22:18:20 | 00,382,246 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\nod32.jpg [2009-08-26 21:54:08 | 00,000,000 | ---D | C] -- C:\Program Files\BearShare [2009-08-26 20:47:10 | 00,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Trojan Remover.lnk [2009-08-26 20:47:09 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2009-08-26 20:47:09 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2009-08-26 20:47:09 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2009-08-26 20:47:09 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2009-08-26 20:47:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll [2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Simply Super Software [2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Simply Super Software [2009-08-26 20:26:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009-08-26 20:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy [2009-08-26 19:49:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Grisoft [2009-08-26 19:49:21 | 00,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys [2009-08-26 19:49:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft [2009-08-26 19:49:19 | 00,000,000 | ---D | C] -- C:\Program Files\AVG Anti-Spyware 7.5 [2009-08-25 23:23:16 | 00,110,606 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0719.jpg [2009-08-25 23:23:11 | 00,139,746 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0823.jpg [2009-08-25 23:22:29 | 00,116,111 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0717.jpg [2009-08-25 23:21:12 | 00,101,368 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0805.jpg [2009-08-25 23:08:38 | 00,065,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\hirako02.jpg [2009-08-25 22:51:17 | 00,258,180 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Kawaii_by_Rennard.swf [2009-08-25 22:50:09 | 02,942,883 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\opening_bleach_by_shinobu7.swf [2009-08-24 23:28:15 | 00,070,039 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\shinji-1.png [2009-08-22 23:49:02 | 00,150,095 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\20.png [2009-08-22 14:21:40 | 00,139,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Tempura.doc [2009-08-19 00:24:12 | 00,002,874 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\urahara_tessai.gif [2009-08-19 00:17:56 | 00,025,919 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\62125793448baa3ee106c5.gif [2009-08-14 14:30:31 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\podręczniki.doc [2009-08-13 15:18:16 | 00,001,927 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\kako_ks2.gif [2009-08-11 22:42:38 | 00,159,537 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\5205939.jpg [2009-08-10 20:03:30 | 01,896,174 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Bleach.gif [2009-08-09 19:51:40 | 00,525,657 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Dance_Dance_America_by_yuumei.swf [2009-07-02 16:20:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Route.INI [2008-11-21 23:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-11-02 18:14:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ActivePaint.INI [2008-10-08 18:27:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2008-08-21 20:34:17 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-07-03 21:12:52 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-06-04 21:40:52 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2008-06-04 21:35:16 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\adinst32.dll [2008-06-04 21:31:43 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll [2008-06-04 21:25:09 | 00,000,126 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI [2008-06-04 21:25:07 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\DECODER.DLL [2008-06-04 20:47:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini [2008-06-04 20:45:12 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll [2008-06-04 20:45:10 | 00,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll [2008-06-04 20:45:10 | 00,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll [2008-06-04 20:45:10 | 00,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll [2008-06-04 20:39:28 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2007-11-06 11:30:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007-11-06 11:30:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007-11-06 11:30:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007-11-06 11:30:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007-11-06 11:30:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007-01-25 17:45:02 | 00,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys [2006-11-01 08:54:30 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006-11-01 08:52:38 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2006-05-26 15:29:14 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2006-04-03 14:26:36 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2003-05-15 08:39:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2002-12-31 14:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2002-12-31 14:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2002-12-31 14:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini [2002-12-31 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2002-05-15 06:58:38 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll [1999-01-22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2009-08-26 22:18:20 | 00,382,246 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\nod32.jpg [2009-08-26 20:54:29 | 00,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-08-26 20:54:29 | 00,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-08-26 20:54:29 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-08-26 20:54:29 | 00,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-08-26 20:54:29 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-08-26 20:50:30 | 00,012,398 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat [2009-08-26 20:50:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-08-26 20:50:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-08-26 20:47:10 | 00,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Trojan Remover.lnk [2009-08-25 23:23:16 | 00,110,606 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0719.jpg [2009-08-25 23:23:11 | 00,139,746 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0823.jpg [2009-08-25 23:22:29 | 00,116,111 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0717.jpg [2009-08-25 23:21:12 | 00,101,368 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0805.jpg [2009-08-25 23:08:38 | 00,065,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\hirako02.jpg [2009-08-25 22:51:17 | 00,258,180 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Kawaii_by_Rennard.swf [2009-08-25 22:50:09 | 02,942,883 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\opening_bleach_by_shinobu7.swf [2009-08-24 23:28:15 | 00,070,039 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\shinji-1.png [2009-08-23 16:26:32 | 00,150,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-22 23:49:02 | 00,150,095 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\20.png [2009-08-22 21:46:05 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-08-22 14:21:40 | 00,139,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Tempura.doc [2009-08-19 00:24:12 | 00,002,874 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\urahara_tessai.gif [2009-08-19 00:17:57 | 00,025,919 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\62125793448baa3ee106c5.gif [2009-08-14 14:30:32 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\podręczniki.doc [2009-08-13 15:18:16 | 00,001,927 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\kako_ks2.gif [2009-08-11 22:42:38 | 00,159,537 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\5205939.jpg [2009-08-10 20:03:30 | 01,896,174 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Bleach.gif [2009-08-09 19:51:41 | 00,525,657 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Dance_Dance_America_by_yuumei.swf [2009-08-08 19:47:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl ========== LOP Check ========== [2009-08-26 21:54:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji [2008-06-04 22:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead [2008-12-23 15:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Any Video Converter [2008-09-08 21:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\AVSMedia [2008-10-29 20:23:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\CadSoft [2009-04-23 14:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\CyberLink [2008-07-15 11:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DMCache [2008-07-15 10:57:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\fltk.org [2008-10-08 18:15:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Free Sound Recorder [2008-07-10 18:40:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu [2009-08-26 19:49:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Grisoft [2009-08-26 20:46:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Simply Super Software [2009-03-15 16:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SYSTEMAX Software Development [2009-08-10 20:36:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tlen.pl [2009-08-26 20:46:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2008-11-02 22:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\10015 [2009-03-08 15:39:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\262EE [2008-06-04 21:01:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead [2008-06-04 21:19:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ [2008-11-02 22:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\channels [2008-10-28 17:31:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink [2008-06-20 09:27:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2009-08-26 19:49:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft [2008-06-04 22:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2009-08-26 20:46:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2009-01-01 22:30:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit [2009-03-15 16:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SYSTEMAX Software Development [2009-08-26 20:53:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-03-26 16:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2008-06-04 22:06:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2008-06-04 20:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2008-06-04 20:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2002-12-31 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-08-26 20:50:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9AEE100C @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:94A19129 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0 < End of report >
Kojo komentarz 27 sierpnia 2009 Autor komentarz 27 sierpnia 2009 Tylko nie wiem czy ten log to wyszedł dobrze, bo jak odpaliłam ComboFixa to mi pokazał że NOD32 jeszcze działa pomimo, że wyłączyłam go w procesach w Menedżerze Zadań... Log do sprawdzenia ComboFix 09-08-26.07 - Administrator 2009-08-27 17:21.11.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.3327.2898 [GMT 2:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Rezydentny antywirus jest aktywny . /wow section - STAGE 41 FINDSTR: Nie moľna otworzy† c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\*.inf FINDSTR: Nie moľna otworzy† c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\*.reg FINDSTR: Nie moľna otworzy† c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\*.bat FINDSTR: Nie moľna otworzy† c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\*.vbs FINDSTR: Nie moľna otworzy† c:\documents and settings\Default User\Ustawienia lokalne\Dane aplikacji\*.inf FINDSTR: Nie moľna otworzy† c:\documents and settings\Default User\Ustawienia lokalne\Dane aplikacji\*.reg FINDSTR: Nie moľna otworzy† c:\documents and settings\Default User\Ustawienia lokalne\Dane aplikacji\*.bat FINDSTR: Nie moľna otworzy† c:\documents and settings\Default User\Ustawienia lokalne\Dane aplikacji\*.vbs FINDSTR: Nie moľna otworzy† c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\*.inf FINDSTR: Nie moľna otworzy† c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\*.reg FINDSTR: Nie moľna otworzy† c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\*.bat FINDSTR: Nie moľna otworzy† c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\*.vbs FINDSTR: Nie moľna otworzy† c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\*.inf FINDSTR: Nie moľna otworzy† c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\*.reg FINDSTR: Nie moľna otworzy† c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\*.bat FINDSTR: Nie moľna otworzy† c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\*.vbs ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Dane aplikacji\wiaserva.log c:\windows\system32\ieuinit.inf c:\windows\system32\msconfig.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-07-27 do 2009-08-27 ))))))))))))))))))))))))))))))) . 2009-08-26 18:26 . 2009-08-26 18:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-26 17:49 . 2009-08-26 17:49 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Grisoft 2009-08-26 17:49 . 2007-05-30 12:10 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys 2009-08-26 17:49 . 2009-08-26 17:49 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Grisoft 2009-08-26 17:49 . 2009-08-26 17:49 -------- d-----w- c:\program files\AVG Anti-Spyware 7.5 2009-08-26 17:42 . 2009-08-26 17:42 152576 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Sun\Java\jre1.6.0_15\lzma.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-27 15:16 . 2009-08-26 18:26 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-08-27 15:03 . 2002-12-31 12:00 74230 ----a-w- c:\windows\system32\perfc015.dat 2009-08-27 15:03 . 2002-12-31 12:00 448004 ----a-w- c:\windows\system32\perfh015.dat 2009-08-27 14:59 . 2008-06-04 19:31 12398 ----a-w- c:\windows\system32\tablet.dat 2009-08-26 19:54 . 2009-08-26 19:54 -------- d-----w- c:\program files\BearShare 2009-08-26 18:53 . 2008-09-07 17:05 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-08-26 18:53 . 2009-08-26 18:46 -------- d-----w- c:\program files\Trojan Remover 2009-08-26 18:46 . 2009-08-26 18:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software 2009-08-26 18:46 . 2009-08-26 18:46 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Simply Super Software 2009-08-26 17:42 . 2008-06-04 19:40 -------- d-----w- c:\program files\Java 2009-08-10 18:36 . 2008-06-04 20:40 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Tlen.pl 2009-08-05 17:29 . 2009-08-26 18:53 3036024 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Simply Super Software\Trojan Remover\knc7.exe 2009-07-25 03:23 . 2009-03-26 17:26 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-21 13:10 . 2008-06-04 20:07 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Winamp 2009-07-21 11:27 . 2008-06-04 20:07 -------- d-----w- c:\program files\Winamp 2009-07-18 19:11 . 2009-07-18 19:11 -------- d-----w- c:\program files\CDex_170b2 2009-07-13 21:53 . 2009-07-13 21:40 -------- d-----w- c:\program files\CamStudio 2009-07-13 21:36 . 2009-07-13 21:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-13 18:12 . 2009-07-13 18:12 -------- d-----w- c:\program files\VDOWNLOADER 2009-07-02 14:13 . 2009-07-02 14:13 -------- d-----w- c:\program files\NAVIGO Copernicus 2009-06-04 18:12 . 2008-06-04 19:03 40600 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776] "WinSys2"="c:\windows\system32\winsys2.exe" [2007-10-30 208896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "!AVG Anti-Spyware"="c:\program files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-26 1068424] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-11-06 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-6-4 106496] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RichVideo"=2 (0x2) "InCDsrv"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Tlen.pl\\tlen.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\system32\\drivers\\svchost.exe"= R0 FTT3;FTT3;c:\windows\system32\drivers\FTT3.sys [2008-06-04 155792] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-09-09 28544] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720] R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-01-25 6784] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys --> c:\windows\system32\Drivers\e4ldr.sys [?] S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2008-06-04 28160] S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys --> c:\windows\system32\DRIVERS\e4usbaw.sys [?] S3 RushTopDevice2;RushTopDevice2;c:\program files\MSI\DualCoreCenter\RushTop.sys [2008-06-04 51200] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . - - - - USUNIĘTO PUSTE WPISY - - - - SafeBoot-AVG Anti-Spyware Driver . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9cloutq6.default\ FF - prefs.js: browser.startup.homepage - hxxp://onet.pl FF - plugin: c:\program files\Java\jre6\bin\npdeploytk.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-27 17:23 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-08-27 17:24 ComboFix-quarantined-files.txt 2009-08-27 15:24 Przed: 296 071 729 152 bajtów wolnych Po: 296 051 208 192 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 195
Gość komentarz 27 sierpnia 2009 komentarz 27 sierpnia 2009 Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt: :OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe ():FilesC:\WINDOWS\System32\winsys2.exe:Commands[emptytemp][start explorer][Reboot] Kliknij w Run Fix. Zatwierdź restart komputera. Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Run Scan. Pokazujesz nowy log OTL.txt (z czyszczenia + skan). .
Kojo komentarz 27 sierpnia 2009 Autor komentarz 27 sierpnia 2009 OK, zrobione. Po czyszczeniu: Log do sprawdzenia All processes killed ========== OTL ========== No active process named explorer.exe was found! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinSys2 deleted successfully. C:\WINDOWS\System32\winsys2.exe moved successfully. ========== FILES ========== File\Folder C:\WINDOWS\System32\winsys2.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 587573 bytes ->Temporary Internet Files folder emptied: 42862 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 52952571 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\130FA2D4E5B34BA89C4A70B615655319.TMP folder deleted successfully. %systemroot% .tmp files removed: 2641190 bytes %systemroot%\System32 .tmp files removed: 2596 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 53,65 mb OTL by OldTimer - Version 3.0.10.7 log created on 08272009_193502 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Po skanowaniu: Log do sprawdzenia OTL logfile created on: 2009-08-27 19:40:52 - Run 3 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 275,75 Gb Free Space | 92,51% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LIWI-56CBBA89C6 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2002-12-31 14:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-05-30 14:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\AVG Anti-Spyware 7.5\guard.exe PRC - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2007-11-06 11:30:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2005-01-10 13:10:38 | 00,729,088 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe PRC - [2002-12-31 14:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2007-08-10 09:21:56 | 16,384,000 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2005-01-10 13:03:28 | 00,106,496 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\TabUserW.exe PRC - [2009-08-26 21:27:16 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2007-05-30 14:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [1999-12-12 19:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Disabled | Stopped]) SRV - [2009-02-06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) SRV - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running]) SRV - [2002-12-31 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2007-05-15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Disabled | Stopped]) SRV - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2007-08-23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running]) SRV - [2007-04-13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) SRV - [2007-05-08 19:47:22 | 00,271,920 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped]) SRV - [2007-11-06 11:30:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2005-08-08 06:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Disabled | Stopped]) SRV - [2005-01-10 13:10:38 | 00,729,088 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe -- (TabletService [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running]) DRV - [2006-11-01 14:42:14 | 00,033,280 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\System32\DRIVERS\AmdLLD.sys -- (AmdLLD [On_Demand | Running]) DRV - [2007-05-30 14:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [system | Running]) DRV - [2007-05-30 14:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys -- (AvgAsCln [system | Running]) DRV - [2007-04-17 14:42:00 | 00,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter [On_Demand | Stopped]) DRV - [2009-02-06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running]) DRV - [2009-02-06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [system | Running]) DRV - [2009-02-06 14:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running]) DRV - [2007-08-16 11:49:14 | 00,155,792 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\FTT3.sys -- (FTT3 [boot | Running]) DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-05-15 15:55:36 | 00,118,576 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running]) DRV - [2007-05-15 15:55:36 | 00,037,040 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass [system | Running]) DRV - [2007-05-15 15:55:36 | 00,038,576 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (incdrm [system | Running]) DRV - [2007-08-10 07:52:44 | 04,603,904 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2007-11-06 11:30:00 | 07,429,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running]) DRV - [2003-08-04 14:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped]) DRV - [2001-04-09 14:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass [boot | Running]) DRV - [2002-12-31 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2007-05-31 09:19:22 | 00,096,896 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running]) DRV - [2007-10-18 00:09:08 | 00,051,200 | ---- | M] (Your Corporation) -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys -- (RushTopDevice2 [On_Demand | Stopped]) DRV - [2002-12-31 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2004-09-14 22:19:56 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped]) DRV - [2007-01-25 17:45:02 | 00,006,784 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\whfltr2k.sys -- (whfltr2k [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl IE - HKU\S-1-5-21-1482476501-746137067-839522115-500\S-1-5-21-1482476501-746137067-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://onet.pl" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ea9be299-129b-4c3c-8876-d98c18c2fd39}:0.9.6 FF - prefs.js..extensions.enabledItems: {C4A808D2-254E-4039-832A-C75B72FBA2DA}:0.6.20080306 FF - prefs.js..extensions.enabledItems: {9E1A1CD4-8916-4951-AAB4-2D4497FDFD90}:0.5.20071013 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-26 19:26:43 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-09 13:56:29 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-09 13:56:29 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2008-08-27 14:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions [2008-08-27 14:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-08-27 17:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions [2008-08-16 00:27:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0} [2008-08-16 15:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{9E1A1CD4-8916-4951-AAB4-2D4497FDFD90} [2008-08-16 15:15:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{C4A808D2-254E-4039-832A-C75B72FBA2DA} [2009-08-26 21:08:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009-07-01 15:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\{ea9be299-129b-4c3c-8876-d98c18c2fd39} [2008-06-09 21:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\9cloutq6.default\extensions\pbreak.br@gmail.com [2009-08-27 17:10:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-08-09 13:56:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-03-26 19:26:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009-08-26 19:42:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-08-09 13:56:23 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-08-09 13:56:23 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-07-25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-02-24 21:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2007-02-04 23:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2009-08-09 13:56:25 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007-05-10 22:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-07-20 13:39:10 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-07-20 13:39:10 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-07-20 13:39:10 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-07-20 13:39:10 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-07-20 13:39:10 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-07-20 13:39:10 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-07-20 13:39:10 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - No CLSID value found. O3 - HKU\S-1-5-21-1482476501-746137067-839522115-500\..\Toolbar\WebBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - No CLSID value found. O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\TabUserW.exe.lnk = C:\WINDOWS\System32\WTablet\TabUserW.exe (Wacom Technology, Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-21-1482476501-746137067-839522115-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} http://install.anark.com/client/version4/windows-ie/en/AMClient.cab (Reg Error: Key error.) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab (CKAVWebScan Object) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 217.98.63.164 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-06-04 20:18:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009-08-27 19:35:04 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-08-27 19:35:02 | 00,000,000 | ---D | C] -- C:\_OTL [2009-08-27 17:24:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009-08-27 17:23:45 | 03,003,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll [2009-08-27 17:23:45 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll [2009-08-27 17:23:45 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll [2009-08-27 17:23:45 | 00,822,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll [2009-08-27 17:23:45 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll [2009-08-27 17:23:45 | 00,574,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys [2009-08-27 17:23:45 | 00,435,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll [2009-08-27 17:23:45 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll [2009-08-27 17:23:45 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll [2009-08-27 17:23:45 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll [2009-08-27 17:23:45 | 00,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll [2009-08-27 17:23:45 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll [2009-08-27 17:23:45 | 00,243,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll [2009-08-27 17:23:45 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll [2009-08-27 17:23:45 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll [2009-08-27 17:23:45 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll [2009-08-27 17:23:45 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll [2009-08-27 17:23:45 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll [2009-08-27 17:23:45 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys [2009-08-27 17:23:45 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll [2009-08-27 17:23:45 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll [2009-08-27 17:23:45 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll [2009-08-27 17:23:45 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll [2009-08-27 17:23:45 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll [2009-08-27 17:23:45 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll [2009-08-27 17:23:45 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll [2009-08-27 17:23:45 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll [2009-08-27 17:23:45 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\eventlog.dll [2009-08-27 17:23:45 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll [2009-08-27 17:23:45 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mspmsnsv.dll [2009-08-27 17:23:45 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys [2009-08-27 17:23:45 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll [2009-08-27 17:23:45 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll [2009-08-27 17:23:45 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll [2009-08-27 17:23:45 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys [2009-08-27 17:23:45 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe [2009-08-27 17:23:45 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys [2009-08-27 17:23:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll [2009-08-27 17:23:45 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys [2009-08-27 17:23:45 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys [2009-08-27 17:23:44 | 02,149,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe [2009-08-27 17:23:44 | 02,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe [2009-08-27 17:23:44 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe [2009-08-27 17:23:44 | 01,012,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll [2009-08-27 17:23:44 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll [2009-08-27 17:23:44 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys [2009-08-27 17:23:44 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe [2009-08-27 17:23:44 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe [2009-08-27 17:23:44 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe [2009-08-27 17:23:44 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys [2009-08-27 17:23:44 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe [2009-08-27 17:23:44 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe [2009-08-27 17:23:44 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe [2009-08-27 17:23:43 | 00,658,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll [2009-08-27 17:23:43 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll [2009-08-27 17:23:43 | 00,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe [2009-08-27 17:23:43 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys [2009-08-27 17:23:43 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll [2009-08-27 17:23:43 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe [2009-08-27 17:23:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache [2009-08-27 17:21:21 | 00,000,223 | ---- | C] () -- C:\Boot.bak [2009-08-27 17:21:19 | 00,262,400 | ---- | C] () -- C:\cmldr [2009-08-27 17:21:17 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-08-27 17:20:01 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-08-27 17:20:00 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-08-27 17:20:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009-08-27 17:20:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009-08-27 17:20:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009-08-27 17:20:00 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009-08-27 17:20:00 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009-08-27 17:20:00 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009-08-27 17:19:51 | 00,000,000 | --SD | C] -- C:\ComboFix [2009-08-27 17:16:30 | 00,000,000 | ---D | C] -- C:\Qoobox [2009-08-27 17:14:45 | 03,185,323 | R--- | C] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [2009-08-27 00:12:41 | 00,369,988 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Kisuke_and_Isshin_by_zo_ey.jpg [2009-08-26 23:50:17 | 00,164,612 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\d18_nekokisuke.jpg [2009-08-26 22:18:20 | 00,382,246 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\nod32.jpg [2009-08-26 21:54:08 | 00,000,000 | ---D | C] -- C:\Program Files\BearShare [2009-08-26 20:47:09 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2009-08-26 20:47:09 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2009-08-26 20:47:09 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2009-08-26 20:47:09 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2009-08-26 20:47:09 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll [2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Simply Super Software [2009-08-26 20:46:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Simply Super Software [2009-08-26 20:26:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009-08-26 20:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy [2009-08-26 19:49:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Grisoft [2009-08-26 19:49:21 | 00,010,872 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgAsCln.sys [2009-08-26 19:49:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft [2009-08-26 19:49:19 | 00,000,000 | ---D | C] -- C:\Program Files\AVG Anti-Spyware 7.5 [2009-08-25 23:23:16 | 00,110,606 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0719.jpg [2009-08-25 23:23:11 | 00,139,746 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0823.jpg [2009-08-25 23:22:29 | 00,116,111 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0717.jpg [2009-08-25 23:21:12 | 00,101,368 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0805.jpg [2009-08-25 23:08:38 | 00,065,610 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\hirako02.jpg [2009-08-25 22:51:17 | 00,258,180 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Kawaii_by_Rennard.swf [2009-08-25 22:50:09 | 02,942,883 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\opening_bleach_by_shinobu7.swf [2009-08-24 23:28:15 | 00,070,039 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\shinji-1.png [2009-08-22 23:49:02 | 00,150,095 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\20.png [2009-08-22 14:21:40 | 00,139,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Tempura.doc [2009-08-19 00:24:12 | 00,002,874 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\urahara_tessai.gif [2009-08-19 00:17:56 | 00,025,919 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\62125793448baa3ee106c5.gif [2009-08-14 14:30:31 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\podręczniki.doc [2009-08-13 15:18:16 | 00,001,927 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\kako_ks2.gif [2009-08-11 22:42:38 | 00,159,537 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\5205939.jpg [2009-08-10 20:03:30 | 01,896,174 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Bleach.gif [2009-08-09 19:51:40 | 00,525,657 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Dance_Dance_America_by_yuumei.swf [2009-07-02 16:20:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Route.INI [2008-11-21 23:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-11-02 18:14:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ActivePaint.INI [2008-10-08 18:27:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2008-08-21 20:34:17 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-07-03 21:12:52 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-06-04 21:40:52 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2008-06-04 21:35:16 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\adinst32.dll [2008-06-04 21:31:43 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll [2008-06-04 21:25:09 | 00,000,126 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI [2008-06-04 21:25:07 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\DECODER.DLL [2008-06-04 20:47:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini [2008-06-04 20:45:12 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll [2008-06-04 20:45:10 | 00,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll [2008-06-04 20:45:10 | 00,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll [2008-06-04 20:45:10 | 00,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll [2008-06-04 20:39:28 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2007-11-06 11:30:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007-11-06 11:30:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007-11-06 11:30:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007-11-06 11:30:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007-11-06 11:30:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007-01-25 17:45:02 | 00,006,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\whfltr2k.sys [2006-11-01 08:54:30 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006-11-01 08:52:38 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2006-05-26 15:29:14 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2006-04-03 14:26:36 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2003-05-15 08:39:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2002-12-31 14:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2002-12-31 14:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2002-12-31 14:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini [2002-12-31 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2002-05-15 06:58:38 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll [1999-01-22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Files - Modified Within 30 Days ========== [2009-08-27 19:37:56 | 00,012,398 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat [2009-08-27 19:37:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-08-27 19:37:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-08-27 19:32:56 | 00,448,004 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-08-27 19:32:56 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-08-27 19:32:56 | 00,074,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-08-27 19:32:56 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-08-27 19:32:55 | 00,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-08-27 17:23:36 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-08-27 17:21:21 | 00,000,293 | RHS- | M] () -- C:\boot.ini [2009-08-27 17:15:14 | 03,185,323 | R--- | M] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [2009-08-27 00:12:41 | 00,369,988 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Kisuke_and_Isshin_by_zo_ey.jpg [2009-08-26 23:50:17 | 00,164,612 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\d18_nekokisuke.jpg [2009-08-26 22:18:20 | 00,382,246 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\nod32.jpg [2009-08-25 23:23:16 | 00,110,606 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0719.jpg [2009-08-25 23:23:11 | 00,139,746 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0823.jpg [2009-08-25 23:22:29 | 00,116,111 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0717.jpg [2009-08-25 23:21:12 | 00,101,368 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\0805.jpg [2009-08-25 23:08:38 | 00,065,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\hirako02.jpg [2009-08-25 22:51:17 | 00,258,180 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Kawaii_by_Rennard.swf [2009-08-25 22:50:09 | 02,942,883 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\opening_bleach_by_shinobu7.swf [2009-08-24 23:28:15 | 00,070,039 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\shinji-1.png [2009-08-23 16:26:32 | 00,150,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-08-22 23:49:02 | 00,150,095 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\20.png [2009-08-22 21:46:05 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-08-22 14:21:40 | 00,139,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Tempura.doc [2009-08-19 00:24:12 | 00,002,874 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\urahara_tessai.gif [2009-08-19 00:17:57 | 00,025,919 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\62125793448baa3ee106c5.gif [2009-08-14 14:30:32 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\podręczniki.doc [2009-08-13 15:18:16 | 00,001,927 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\kako_ks2.gif [2009-08-11 22:42:38 | 00,159,537 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\5205939.jpg [2009-08-10 20:03:30 | 01,896,174 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Bleach.gif [2009-08-09 19:51:41 | 00,525,657 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\Dance_Dance_America_by_yuumei.swf [2009-08-08 19:47:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl ========== LOP Check ========== [2009-08-27 17:23:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji [2008-06-04 22:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead [2008-12-23 15:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Any Video Converter [2008-09-08 21:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\AVSMedia [2008-10-29 20:23:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\CadSoft [2009-04-23 14:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\CyberLink [2008-07-15 11:47:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DMCache [2008-07-15 10:57:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\fltk.org [2008-10-08 18:15:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Free Sound Recorder [2008-07-10 18:40:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu [2009-08-26 19:49:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Grisoft [2009-08-26 20:46:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Simply Super Software [2009-03-15 16:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SYSTEMAX Software Development [2009-08-10 20:36:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tlen.pl [2009-08-26 20:46:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2008-11-02 22:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\10015 [2009-03-08 15:39:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\262EE [2008-06-04 21:01:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead [2008-06-04 21:19:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ [2008-11-02 22:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\channels [2008-10-28 17:31:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink [2008-06-20 09:27:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2009-08-26 19:49:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft [2008-06-04 22:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2009-08-26 20:46:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2009-01-01 22:30:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit [2009-03-15 16:03:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SYSTEMAX Software Development [2009-08-27 19:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-03-26 16:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl [2008-06-04 22:06:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2008-06-04 20:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2008-06-04 20:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2002-12-31 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-08-27 19:37:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9AEE100C @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:94A19129 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0 < End of report >
Gość komentarz 27 sierpnia 2009 komentarz 27 sierpnia 2009 Teraz jest czysto. 1. Odpal OTL i wywołaj go z opcji CleanUp, zgódź się na czyszczenie + restart komputera. 2. Wyczyść Kwarantannę NOD'a, tak żeby nic nie pozostało. 3. Z folderu "System Volume Information" usuniesz poprzez chwilowe wyłączenie "Przywracania Systemu": >Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka). 4. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. .
Kojo komentarz 27 sierpnia 2009 Autor komentarz 27 sierpnia 2009 Log do sprawdzenia Malwarebytes' Anti-Malware 1.40Wersja bazy definicji: 2706Windows 5.1.2600 Dodatek Service Pack 22009-08-27 20:52:12mbam-log-2009-08-27 (20-52-12).txtTyp skanowania: Pełne skanowanie (C:\|)Przeskanowane obiekty: 132386Upłynęło: 9 minute(s), 42 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 1Zainfekowane wartości rejestru: 3Zainfekowane pliki rejestru: 0Zainfekowane foldery: 0Zainfekowane pliki: 4Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.Zainfekowane wartości rejestru:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Delete on reboot.Zainfekowane pliki rejestru:(Nie wykryto groźnych plików)Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:C:\WINDOWS\temp\wpv421237410850.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\temp\wpv831238011910.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Kojo komentarz 28 sierpnia 2009 Autor komentarz 28 sierpnia 2009 Baaardzo dziękuję za pomoc Pozdrawiam
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.