x-kom hosting

Zainfekowany plik NDIS.sys

aGuLeK '90
utworzono
utworzono

Od kilku dni ESET wykrywa jakąś infekcję, wskazuje plik NDIS.sys znajdujący się w folderze Drivers w folderze plików systemowych. Rozpoznaje przy tym wirusa - Vin32/Protector.C

Jest opcja usunięcia, lecz niestety nie skutkuje. Skanowałam system Ad-Awarem, CureIt-em i Malwarebyte's Anti-Malware, które tego zagrożenia nie wykrywają.

Jak mogłabym usunąć tego wirusa?

Załaczam loga z OTLa

Log do sprawdzenia
OTL by OldTimer - Version 3.0.10.7 Folder = D:\Dane\Instalki

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,48 Mb Total Physical Memory | 604,68 Mb Available Physical Memory | 59,08% Memory free

2,40 Gb Paging File | 2,03 Gb Available in Paging File | 84,25% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 24,53 Gb Total Space | 12,47 Gb Free Space | 50,82% Space Free | Partition Type: NTFS

Drive D: | 49,99 Gb Total Space | 9,33 Gb Free Space | 18,67% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: A-CD906E1DEC024

Current User Name: A

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2004-03-03 06:29:54 | 00,397,312 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2009-07-03 10:14:58 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2008-02-18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2007-07-24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2009-05-14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2007-01-31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2004-08-04 14:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe

PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2006-11-17 05:42:52 | 00,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2009-05-14 15:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2009-06-09 15:34:10 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2009-08-28 13:13:02 | 00,832,808 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe

PRC - [2009-09-11 18:02:43 | 00,514,048 | ---- | M] (OldTimer Tools) -- D:\Dane\Instalki\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008-02-18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

SRV - [2007-03-20 03:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])

SRV - [2008-07-25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2004-03-03 06:29:54 | 00,397,312 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

SRV - [2007-07-24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

SRV - [2007-01-31 14:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])

SRV - [2008-07-25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2009-05-14 15:54:22 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])

SRV - [2009-05-14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])

SRV - [2008-07-29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008-02-06 14:13:55 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008-07-29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2009-07-03 10:14:58 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Running])

SRV - [2008-07-29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2003-04-07 08:21:46 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])

SRV - [2009-01-07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [On_Demand | Stopped])

SRV - [2009-01-21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [On_Demand | Stopped])

SRV - [2006-11-03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [On_Demand | Stopped])

SRV - [2007-10-25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009-02-04 13:55:11 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [system | Running])

DRV - [2003-12-08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])

DRV - [2003-12-08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])

DRV - [2007-03-08 14:34:46 | 04,027,840 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

DRV - [2004-03-03 06:31:22 | 00,679,936 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

DRV - [2009-05-14 15:41:10 | 00,114,472 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])

DRV - [2009-05-14 15:47:14 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [system | Running])

DRV - [2009-05-14 15:49:32 | 00,094,360 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running])

DRV - [2008-11-26 19:29:34 | 00,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\DRIVERS\ggflt.sys -- (ggflt [On_Demand | Stopped])

DRV - [2008-11-26 19:29:34 | 00,021,672 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\System32\DRIVERS\ggsemc.sys -- (ggsemc [On_Demand | Stopped])

DRV - [2003-04-07 08:21:44 | 00,051,024 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

DRV - [2003-04-07 08:21:48 | 00,016,080 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

DRV - [2003-04-07 08:21:48 | 00,021,456 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

DRV - [2009-05-01 10:14:39 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [boot | Running])

DRV - [2009-09-09 18:51:02 | 00,182,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [boot | Running])

DRV - [2008-06-19 18:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])

DRV - [2003-08-04 14:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])

DRV - [2009-04-03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore [boot | Running])

DRV - [2002-09-16 18:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv [system | Running])

DRV - [2004-08-04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2004-08-03 22:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])

DRV - [2007-11-13 10:47:46 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2008-05-25 21:32:51 | 00,717,296 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Stopped])

DRV - [2005-07-13 11:08:20 | 00,033,890 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\System32\Drivers\Capt905c.sys -- (SQTECH905C [On_Demand | Stopped])

DRV - [2003-08-12 13:51:00 | 00,060,255 | ---- | M] (STMicroelectronics ) -- C:\WINDOWS\System32\DRIVERS\stmatm.sys -- (Stmatm [On_Demand | Running])

DRV - [2006-05-25 14:28:44 | 00,684,265 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\torususb.sys -- (TaurusUsb [On_Demand | Running])

DRV - [2006-11-07 10:42:16 | 00,061,504 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w200bus.sys -- (w200bus [On_Demand | Stopped])

DRV - [2006-11-07 10:42:22 | 00,009,328 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w200mdfl.sys -- (w200mdfl [On_Demand | Stopped])

DRV - [2006-11-07 10:42:24 | 00,097,056 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w200mdm.sys -- (w200mdm [On_Demand | Stopped])

DRV - [2006-11-07 09:42:28 | 00,088,560 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w200mgmt.sys -- (w200mgmt [On_Demand | Stopped])

DRV - [2006-11-07 09:42:30 | 00,086,368 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\w200obex.sys -- (w200obex [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

IE - HKU\S-1-5-21-1844237615-152049171-682003330-1004\S-1-5-21-1844237615-152049171-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-02 08:57:56 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008-03-09 11:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\mozilla\Extensions

[2008-03-09 11:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Pomocnik rejestracji usługi Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)

O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\A\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)

O3 - HKU\S-1-5-21-1844237615-152049171-682003330-1004\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)

O3 - HKU\S-1-5-21-1844237615-152049171-682003330-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)

O3 - HKU\S-1-5-21-1844237615-152049171-682003330-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1844237615-152049171-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]

O7 - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0

O7 - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0

O7 - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKU\S-1-5-21-1844237615-152049171-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0

O7 - HKU\S-1-5-21-1844237615-152049171-682003330-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html ()

O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} http://www.eska.pl/streamplayers/OggX.ocx (OggX Control)

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecurity.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} http://download.gamedesire.com/g_bin/pl/boards_2_0_0_35.cab (Ganymede Board Games)

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab (Windows Live Safety Center Base Module)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218708868843 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007-06-02 19:24:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009-09-09 16:44:23 | 00,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2009-09-09 16:38:04 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll

[2009-09-09 15:31:43 | 00,000,154 | ---- | C] () -- C:\Documents and Settings\A\Pulpit\Brzydula na PEB.url

[2009-09-04 19:20:05 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk

[2009-09-04 15:05:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\A\Ustawienia lokalne\Dane aplikacji\cache

[2009-09-03 22:51:18 | 00,001,414 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ZTE ZXDSL 852.lnk

[2009-09-03 22:51:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\InsFiles

[2009-09-03 22:50:13 | 00,425,984 | ---- | C] (STMicroelectronics ) -- C:\WINDOWS\System32\stmcfg32.dll

[2009-09-03 22:50:13 | 00,151,552 | ---- | C] (STMicroelectronics ) -- C:\WINDOWS\System32\stmctrl.dll

[2009-09-03 22:50:04 | 00,684,265 | ---- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys

[2009-09-03 22:50:04 | 00,446,464 | ---- | C] (STMicroelectronics ) -- C:\WINDOWS\System32\stmadsl.cpl

[2009-09-03 22:50:04 | 00,102,400 | ---- | C] (STMicroelectronics ) -- C:\WINDOWS\stmtrace.exe

[2009-09-03 22:50:04 | 00,060,255 | ---- | C] (STMicroelectronics ) -- C:\WINDOWS\System32\drivers\stmatm.sys

[2009-09-03 22:50:04 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\stmclean.exe

[2009-09-03 22:50:04 | 00,000,902 | ---- | C] () -- C:\WINDOWS\System32\setup.ini

[2009-09-03 22:50:03 | 00,065,536 | ---- | C] (STMicroelectronics) -- C:\WINDOWS\DSLTest.exe

[2009-09-03 22:50:03 | 00,018,498 | ---- | C] () -- C:\WINDOWS\System32\CSALogo.bmp

[2009-09-03 22:50:03 | 00,003,242 | ---- | C] () -- C:\WINDOWS\stsetup.htm

[2009-09-03 22:50:03 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\icStop.ico

[2009-09-03 22:50:03 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\icShTx.ico

[2009-09-03 22:50:03 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\icShTR.ico

[2009-09-03 22:50:03 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\icShRx.ico

[2009-09-03 22:50:03 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\icShow.ico

[2009-09-03 22:50:03 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\icNoMo.ico

[2009-09-03 22:50:03 | 00,000,766 | ---- | C] () -- C:\WINDOWS\System32\icInit.ico

[2009-09-03 22:50:03 | 00,000,161 | ---- | C] () -- C:\WINDOWS\DSLSetup.ini

[2009-09-03 22:50:03 | 00,000,000 | ---D | C] -- C:\Program Files\ZTE ZXDSL 852

[2009-09-03 21:24:02 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\A\Pulpit\Hecho en Espana.url

[2009-09-03 21:15:56 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\A\Pulpit\ECDL na skróty.url

[2009-09-02 09:46:37 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\A\Pulpit\dBworx.lnk

[2009-09-02 09:46:35 | 00,000,000 | ---D | C] -- C:\Program Files\dbworx

[2009-09-02 09:44:03 | 01,015,182 | ---- | C] () -- C:\Program Files\setup-1.bin

[2009-08-31 17:48:56 | 00,000,000 | ---D | C] -- C:\Avenger

[2009-08-31 17:17:06 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis

[2009-08-22 15:33:49 | 00,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google SketchUp 7.lnk

[2009-08-22 14:58:38 | 00,000,000 | ---D | C] -- C:\Program Files\DEMO SAM ZAPROJEKTUJ Dom, Wnętrze i Ogród

[2009-08-22 14:33:49 | 00,000,000 | ---D | C] -- C:\Program Files\A9Tech

[2009-08-14 14:08:41 | 00,219,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll.backup

[2009-08-13 17:29:29 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009-08-13 16:06:42 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2009-08-13 16:06:27 | 00,000,302 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2009-08-13 16:05:47 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Utilities

[2009-08-13 08:55:11 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll

[2009-08-13 08:55:11 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll

[2009-08-13 08:55:10 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll

[2009-08-13 08:55:10 | 00,092,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys

[2009-04-04 09:25:12 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-02-05 11:03:21 | 02,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll

[2009-02-04 14:21:07 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2008-10-17 20:05:55 | 00,000,025 | ---- | C] () -- C:\WINDOWS\edytor_map.ini

[2008-07-26 14:34:50 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2008-06-28 11:12:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI

[2008-05-02 09:56:39 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll

[2008-04-16 16:37:22 | 00,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI

[2008-04-07 18:47:08 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI

[2008-03-09 11:25:46 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\fcfedd6_z.dll

[2008-03-09 11:18:10 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\cbfebccd_s.dll

[2008-02-10 12:11:05 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2008-02-10 12:11:05 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2008-02-10 12:11:05 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2008-02-10 12:11:05 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2008-02-08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll

[2008-01-09 15:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2007-12-29 22:41:11 | 00,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2007-11-09 22:33:40 | 00,000,117 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2007-08-20 16:33:03 | 00,000,943 | ---- | C] () -- C:\WINDOWS\videoimp.ini

[2007-08-20 16:32:47 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2007-08-20 16:32:34 | 00,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini

[2007-08-20 16:30:37 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini

[2007-08-06 15:04:30 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2007-08-06 15:04:26 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007-08-06 15:04:25 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007-08-06 15:04:21 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007-08-06 15:04:21 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2007-08-02 18:11:28 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll

[2007-08-02 18:11:14 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll

[2007-07-27 15:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll

[2007-07-27 15:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll

[2007-07-10 13:00:30 | 00,001,567 | ---- | C] () -- C:\WINDOWS\VPlayer.INI

[2007-06-07 09:11:58 | 00,000,301 | ---- | C] () -- C:\WINDOWS\elegancik.INI

[2007-06-05 02:54:53 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2007-06-05 01:47:18 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2007-06-05 01:38:51 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007-06-05 01:32:26 | 00,001,265 | ---- | C] () -- C:\WINDOWS\bestplayer.ini

[2007-06-04 22:16:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\cfgedit.INI

[2007-06-02 22:13:14 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2007-06-02 22:13:04 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini

[2007-06-02 22:07:14 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2007-02-14 22:20:48 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll

[2006-03-06 10:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll

[2005-12-05 20:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll

[2005-12-05 13:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll

[2004-10-04 14:05:10 | 00,000,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004-09-16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS

[2004-09-16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS

[2004-08-04 14:00:00 | 00,182,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndis.sys

[2004-08-04 14:00:00 | 00,000,825 | ---- | C] () -- C:\WINDOWS\win.ini

[2004-08-04 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2002-03-19 18:30:00 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll

[2002-03-19 17:30:00 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll

========== Files - Modified Within 30 Days ==========

[2009-09-11 17:57:42 | 00,000,522 | ---- | M] () -- C:\hpfr3420.xml

[2009-09-11 14:04:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-09-10 19:59:40 | 00,144,384 | ---- | M] () -- C:\Documents and Settings\A\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-09-10 17:47:21 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2009-09-09 18:51:02 | 00,182,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys

[2009-09-09 16:46:12 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009-09-09 15:31:56 | 00,000,154 | ---- | M] () -- C:\Documents and Settings\A\Pulpit\Brzydula na PEB.url

[2009-09-08 18:43:34 | 00,000,213 | ---- | M] () -- C:\Documents and Settings\A\Pulpit\swiattelenowel.ora.pl.url

[2009-09-07 18:36:25 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-09-07 11:05:07 | 00,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI

[2009-09-06 15:31:10 | 01,575,840 | -H-- | M] () -- C:\Documents and Settings\A\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-09-04 19:20:05 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk

[2009-09-04 15:41:31 | 00,000,140 | ---- | M] () -- C:\Documents and Settings\A\Pulpit\Hecho en Espana.url

[2009-09-03 22:51:21 | 00,003,242 | ---- | M] () -- C:\WINDOWS\stsetup.htm

[2009-09-03 22:51:18 | 00,001,414 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ZTE ZXDSL 852.lnk

[2009-09-03 21:16:14 | 00,000,135 | ---- | M] () -- C:\Documents and Settings\A\Pulpit\ECDL na skróty.url

[2009-09-02 09:46:37 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\A\Pulpit\dBworx.lnk

[2009-08-31 17:16:50 | 00,000,302 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2009-08-28 23:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009-08-22 15:33:49 | 00,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google SketchUp 7.lnk

[2009-08-15 21:53:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-08-14 14:08:41 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll

========== LOP Check ==========

[2009-09-09 18:47:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\A\Dane aplikacji

[2008-08-16 17:20:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\3DFA

[2008-05-05 15:30:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\Ahead

[2007-08-20 16:33:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\ArcSoft

[2009-08-30 09:50:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\CameraWindowDC

[2009-03-03 22:28:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\Canon

[2008-08-22 12:38:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\CANON INC

[2007-06-14 16:41:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\CyberLink

[2008-05-25 21:32:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\DAEMON Tools

[2009-09-10 19:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\Desktopicon

[2008-07-15 15:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\ESET

[2007-06-10 22:21:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\Gadu-Gadu

[2008-08-10 15:58:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\GanymedeNet

[2008-12-03 18:20:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\GlarySoft

[2008-12-27 17:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\gtk-2.0

[2008-09-27 14:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\ImgBurn

[2007-06-10 19:15:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\INTERIAPL

[2009-08-27 20:58:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\ipla

[2008-07-26 14:32:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\Megaupload

[2008-01-01 14:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\MoyeaFLV2Video

[2009-01-01 16:32:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\Nowe Gadu-Gadu

[2009-07-21 16:00:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\OpenFM

[2009-09-10 17:51:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\OpenOffice.org2

[2009-05-15 15:42:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\Opera

[2008-03-08 15:04:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\PCToolsFirewallPlus

[2008-03-08 15:03:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\PCToolsSpamMonitorPlus

[2009-08-06 13:02:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\Simply Super Software

[2008-07-08 17:32:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\SuperMemo World

[2008-05-29 14:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\Teleca

[2008-05-27 15:34:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\VSRevoGroup

[2009-06-17 18:02:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\A\Dane aplikacji\ZoomBrowser EX

[2007-06-02 12:12:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji

[2009-08-13 18:51:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji

[2009-02-06 11:09:52 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800}

[2009-02-02 11:14:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BitDefender

[2007-06-02 22:06:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink

[2009-01-12 15:33:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Easy CD-DA Extractor

[2009-03-04 17:59:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2009-08-01 18:37:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla

[2008-04-06 16:01:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier

[2009-07-21 16:54:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2008-03-07 18:03:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Recisio

[2009-08-06 13:02:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software

[2008-05-29 14:18:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Teleca

[2009-09-10 19:46:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2008-08-22 12:27:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser

[2007-06-02 12:12:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji

[2009-08-07 15:53:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji

[2008-07-02 12:49:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\PCToolsFirewallPlus

[2008-07-02 12:49:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\PCToolsSpamMonitorPlus

[2007-06-02 19:27:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji

[2009-08-08 10:00:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

[2009-07-20 10:13:39 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2004-08-04 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-07-19 23:24:02 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1211836887.job

[2009-05-18 13:01:00 | 00,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1233748655.job

[2009-08-31 17:16:50 | 00,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

[2009-09-10 17:47:21 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2009-08-08 10:00:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009-08-08 09:48:50 | 00,000,454 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{14D04D84-32A7-4E5D-8ADF-74234DDFFD9D}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:430C6D84

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1493A0EF

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6900017D

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:7E95B6FD

< End of report >

MarekM25
komentarz
komentarz

Wklej loga z combofixa

aGuLeK '90
komentarz
komentarz
Log do sprawdzenia
ComboFix 09-09-10.03 - A 2009-09-11 19:52.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1023.614 [GMT 2:00]
Uruchomiony z: c:\documents and settings\A\Pulpit\ComboFix.exe
AV: AVG 7.5.446 *On-access scanning enabled* (Updated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
* Rezydentny antywirus jest aktywny

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\532a7a.msi
c:\windows\system32\logs
c:\windows\system32\setup.ini

.
((((((((((((((((((((((((( Pliki utworzone od 2009-08-11 do 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-11 18:04 . 2009-09-11 17:50 182656 -c--a-w- c:\windows\system32\dllcache\ndis.sys
2009-09-09 14:38 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-04 13:05 . 2009-09-04 13:05 -------- d-----w- c:\documents and settings\A\Ustawienia lokalne\Dane aplikacji\cache
2009-09-03 20:51 . 2009-09-03 20:51 -------- d-----w- c:\windows\system32\InsFiles
2009-09-03 20:50 . 2006-06-02 15:38 425984 ----a-w- c:\windows\system32\stmcfg32.dll
2009-09-03 20:50 . 2006-06-02 08:01 151552 ----a-w- c:\windows\system32\stmctrl.dll
2009-09-03 20:50 . 2006-06-06 12:20 102400 ----a-w- c:\windows\stmtrace.exe
2009-09-03 20:50 . 2006-05-25 12:28 684265 ----a-w- c:\windows\system32\drivers\torususb.sys
2009-09-03 20:50 . 2004-07-27 15:18 36864 ----a-w- c:\windows\system32\stmclean.exe
2009-09-03 20:50 . 2003-08-12 11:51 60255 ----a-w- c:\windows\system32\drivers\stmatm.sys
2009-09-03 20:50 . 2009-09-03 20:50 -------- d-----w- c:\program files\ZTE ZXDSL 852
2009-09-03 20:50 . 2005-07-07 14:02 65536 ----a-w- c:\windows\DSLTest.exe
2009-09-02 07:46 . 2009-09-02 07:47 -------- d-----w- c:\program files\dbworx
2009-09-02 07:44 . 2006-09-27 08:49 1015182 ----a-w- c:\program files\setup-1.bin
2009-08-31 15:17 . 2009-08-31 15:17 -------- d-----w- c:\program files\AskBarDis
2009-08-22 12:58 . 2009-08-22 12:59 -------- d-----w- c:\program files\DEMO SAM ZAPROJEKTUJ Dom, Wnętrze i Ogród
2009-08-22 12:33 . 2009-08-22 12:33 -------- d-----w- c:\program files\A9Tech
2009-08-13 15:29 . 2009-08-13 15:29 -------- d-----w- c:\program files\CCleaner
2009-08-13 14:05 . 2009-08-31 15:18 -------- d-----w- c:\program files\Glary Utilities
2009-08-13 06:55 . 2009-06-25 08:27 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-08-13 06:55 . 2009-06-25 08:27 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-08-13 06:55 . 2009-06-25 08:27 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-08-13 06:55 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 17:50 . 2004-08-04 12:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-09-10 17:46 . 2008-02-10 10:12 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-09-10 17:12 . 2008-05-16 20:00 -------- d-----w- c:\documents and settings\A\Dane aplikacji\Desktopicon
2009-09-10 15:51 . 2007-06-02 20:07 -------- d-----w- c:\documents and settings\A\Dane aplikacji\OpenOffice.org2
2009-09-07 08:58 . 2009-01-20 18:42 -------- d-----w- c:\program files\VirtualDub-1.8.8_[www.programosy.pl]
2009-09-04 17:20 . 2009-05-15 16:32 -------- d-----w- c:\program files\Opera
2009-09-04 09:59 . 2009-01-01 14:14 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-09-03 20:44 . 2007-07-03 11:28 -------- d-----w- c:\program files\ESET
2009-08-31 15:08 . 2009-05-27 11:01 -------- d-----w- c:\program files\Spyware Doctor
2009-08-30 07:50 . 2008-08-22 10:38 -------- d-----w- c:\documents and settings\A\Dane aplikacji\CameraWindowDC
2009-08-27 18:58 . 2008-08-14 19:48 -------- d-----w- c:\documents and settings\A\Dane aplikacji\ipla
2009-08-22 13:33 . 2007-06-06 16:42 -------- d-----w- c:\program files\Google
2009-08-17 19:01 . 2009-05-02 13:59 -------- d-----w- c:\program files\Driver Cleaner
2009-08-14 12:08 . 2004-08-04 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-08-13 16:17 . 2008-07-18 08:51 -------- d-----w- c:\program files\Veoh Networks
2009-08-13 16:17 . 2007-06-02 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-13 16:00 . 2007-09-28 16:04 -------- d-----w- c:\program files\Polish Your English
2009-08-12 15:12 . 2009-08-12 15:12 -------- d-----w- c:\program files\BeWAN ADSL V1.9.0.6
2009-08-08 20:57 . 2009-06-23 10:17 -------- d-----w- c:\program files\neostrada tp
2009-08-08 07:39 . 2008-03-09 09:33 -------- d-----w- c:\program files\SkanerOnline
2009-08-06 11:05 . 2009-08-06 11:02 -------- d-----w- c:\program files\Trojan Remover
2009-08-06 11:02 . 2009-08-06 11:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software
2009-08-06 11:02 . 2009-08-06 11:02 -------- d-----w- c:\documents and settings\A\Dane aplikacji\Simply Super Software
2009-08-05 09:01 . 2004-08-04 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 07:05 . 2009-07-24 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 11:36 . 2009-07-24 16:12 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-07-24 16:12 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 19:13 . 2007-11-02 20:27 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-01 16:37 . 2009-08-01 16:37 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2009-08-01 16:37 . 2008-08-14 19:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla
2009-07-24 16:13 . 2009-07-24 16:13 -------- d-----w- c:\documents and settings\A\Dane aplikacji\Malwarebytes
2009-07-24 16:12 . 2009-07-24 16:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-07-21 14:54 . 2009-05-20 09:55 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-07-21 14:00 . 2009-04-30 17:42 -------- d-----w- c:\documents and settings\A\Dane aplikacji\OpenFM
2009-07-17 19:04 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 06:19 . 2009-04-19 19:10 -------- d-----w- c:\documents and settings\A\Dane aplikacji\Winamp
2009-07-17 06:14 . 2007-06-02 20:07 -------- d-----w- c:\program files\Winamp
2009-07-13 21:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:27 . 2004-08-04 12:00 732160 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:27 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:40 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:45 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2008-12-03 16:46 . 2008-12-03 16:46 37 ----a-w- c:\program files\fun_Search.log
2008-12-03 16:46 . 2008-12-03 16:46 1356 ----a-w- c:\program files\fun.ini
2008-12-03 16:46 . 2008-12-03 16:46 158599 ----a-w- c:\program files\first_registry_backup_2008.12.03 - 17_46_39.062.reg
2008-10-11 13:23 . 2009-05-02 12:26 12029 ----a-w- c:\program files\manual.html
2008-10-11 13:03 . 2009-05-02 12:26 24576 ----a-w- c:\program files\memtest.exe
2008-01-15 11:06 . 2008-01-15 11:04 572 ----a-w- c:\program files\aswclnr.log
2007-08-31 08:42 . 2008-12-03 16:36 419840 ----a-w- c:\program files\fun.exe
2006-03-31 12:30 . 2009-09-02 07:43 2947 ----a-w- c:\program files\readme.txt
2006-01-31 14:02 . 2007-06-02 19:59 299008 ----a-r- c:\program files\bestplayer1.0.exe
2000-03-14 18:46 . 2007-06-02 21:23 115712 ----a-r- c:\program files\straczas.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 15:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-09 180269]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Odkurzacz-MCD"=c:\program files\Odkurzacz\odk_mcd.exe
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
"5000:TCP"= 5000:TCP:*:Disabled:AresChatServer

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-06 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-25 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-06-17 130936]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-05-14 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2009-09-03 60255]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2009-09-03 684265]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-11-26 13352]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 1029456]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-06-17 348752]
S3 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Zawartość folderu 'Zaplanowane zadania'

2009-07-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 08:15]

2009-07-19 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8211836887.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2009-05-18 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8233748655.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2009-08-31 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-13 14:09]

2009-09-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-08-08 c:\windows\Tasks\User_Feed_Synchronization-{14D04D84-32A7-4E5D-8ADF-74234DDFFD9D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Skan uzupełniający -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.neostrada.pl
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.07\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.07\MediaManager\grab.html
IE: Pobierz za pomocą Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
TCP: {508EDEFE-2DB1-4C61-9B1B-5BABE6B4F2AC} = 194.204.159.1 217.98.63.164
DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} - hxxp://www.eska.pl/streamplayers/OggX.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 20:16
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(1700)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-09-11 20:23 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-09-11 18:23

Przed: 13 342 257 152 bajtów wolnych
Po: 13 466 669 056 bajtów wolnych

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
244 --- E O F --- 2009-09-10 15:44
Gość
komentarz
komentarz

Użyj (w Trybie Awaryjnym)-->SDFix.

Pokaż Report.txt znajdujący się w folderze SDFix.

.

aGuLeK '90
komentarz
komentarz
Log do sprawdzenia

SDFix: Version 1.240
Run by A on 2009-09-12 at 11:54

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 12:21:07
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fd,e9,de,7e,d8,2a,f0,59,e8,d1,5d,76,70,fe,b6,3a,44,6a,8c,ec,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fd,e9,de,7e,d8,2a,f0,59,e8,d1,5d,76,70,fe,b6,3a,44,6a,8c,ec,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fd,e9,de,7e,d8,2a,f0,59,e8,d1,5d,76,70,fe,b6,3a,44,6a,8c,ec,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fd,e9,de,7e,d8,2a,f0,59,e8,d1,5d,76,70,fe,b6,3a,44,6a,8c,ec,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fd,e9,de,7e,d8,2a,f0,59,e8,d1,5d,76,70,fe,b6,3a,44,6a,8c,ec,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fd,e9,de,7e,d8,2a,f0,59,e8,d1,5d,76,70,fe,b6,3a,44,6a,8c,ec,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fd,e9,de,7e,d8,2a,f0,59,e8,d1,5d,76,70,fe,b6,3a,44,6a,8c,ec,d7,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Twain]
"y\1r?ó?d?B\1o? ?d?o?m?y?[\1l?n?e?"="C:\WINDOWS\Twain_32\hpsj_0000\hpsj_0000.ds"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Disabled:Ares p2p for windows"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Disabled:Udostępnianie aplikacji RTC"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe:*:Disabled:Nowe Gadu-Gadu beta"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Disabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Sun 28 Oct 2007 6,029,312 A..H. --- "C:\Documents and Settings\A\NTUSER.DAT.bak_jv16pt"
Sun 12 Mar 2006 10,311,680 A.SH. --- "C:\Program Files\AVIConverter\mencoder.exe"
Sun 8 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 20 May 2009 10,053,112 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Sun 9 Aug 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 24 Sep 2008 13,206,032 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ac4702bca4a103da21d02044a460c96e\BIT6C3.tmp"
Sun 28 Oct 2007 262,144 A..H. --- "C:\Documents and Settings\A\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.bak_jv16pt"
Sat 2 Jun 2007 262,144 A..H. --- "C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.bak_jv16pt"
Sat 2 Jun 2007 262,144 A..H. --- "C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.bak_jv16pt"

Finished!

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.