Deeriox utworzono 30 września 2009 utworzono 30 września 2009 Cześć, No więc mam problem z Firefox, który postaram się szczegółowo opisać. A więc lecimy. Nie mogę się zalogować na Gmail (długi czas pokazuje "Ładowanie..." a potem "To trwa dłużej niż zwykle"), ani na swoją stronę projektu, zaś na onecie pokazuje mi stronę, ale w specyficzny sposób (na górze strony jest Logo i górne menu, potem długo, długo nic i reszta - patrz [URL=http://img39.imageshack.us/i/onets.jpg/][IMG]http://img39.imageshack.us/img39/3263/onets.th.jpg[/IMG][/URL] Na Gmail mogę się zalogować tylko jeśli wezmę widok podstawowy HTML. Jednak na pocztę na onet.pl na Firefoxie loguje się bez problemu. Pod IE zarówno Gmail, jak i onet.pl otwiera się bezproblemowo. Wiem, że coś miałem z wirusami, skanowałem swoim F-Secure, coś tam wykrył, ale problem nie minął. Przeskanowałem kilkoma skanerami online (sporo nie chciało mi się otworzyć), coś tam wykryły, wykasowałem. Ponieważ F-Secure kończy mi się licencja, a na dodatek te wirusy - więc go odinstalowałem i wziąłem darmową wersje Avira. Też coś wykryła, naprawiłem, ale strony nadal nie działają. Myślałem, że coś się Javą spieprzyło, zainstalowałem jeszcze raz najnowszą - nic. Już nie wiem co mam zrobić, a problem jest naprawdę spory. Jedyne moje podejrzenia, że może to nadal jakieś wirusy, których nie umiem się pozbyć, ale dlaczego blokowały by tylko pojedyncze strony.
jaskowski komentarz 30 września 2009 komentarz 30 września 2009 jak takie podejrzenia to daj logi http://www.forumpc.pl/index.php?showtopic=104338
Deeriox komentarz 30 września 2009 Autor komentarz 30 września 2009 [log]OTL logfile created on: 2009-09-30 17:49:02 - Run 1 OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Administrator\Pulpit\Download Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 64,86% Memory free 3,85 Gb Paging File | 3,00 Gb Available in Paging File | 78,07% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 42,97 Gb Free Space | 73,34% Space Free | Partition Type: NTFS Drive D: | 78,13 Gb Total Space | 72,74 Gb Free Space | 93,11% Space Free | Partition Type: NTFS Drive E: | 92,77 Gb Total Space | 24,18 Gb Free Space | 26,06% Space Free | Partition Type: NTFS Drive F: | 68,58 Gb Total Space | 61,10 Gb Free Space | 89,08% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KOMP-90FD06073 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\sched.exe PRC - [2009-07-21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avguard.exe PRC - [2009-08-14 13:26:56 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe PRC - [2009-09-14 16:55:40 | 00,476,288 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE PRC - [2008-06-25 15:42:48 | 00,117,400 | ---- | M] (F-Secure Corporation) -- D:\typowe\F-Secure Internet Security\Common\FSMA32.EXE PRC - [2009-07-31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-06-25 15:42:50 | 00,232,088 | ---- | M] (F-Secure Corporation) -- D:\typowe\F-Secure Internet Security\Common\FSMB32.EXE PRC - [2008-06-25 15:42:48 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FCH32.EXE PRC - [2008-06-25 15:42:48 | 00,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FAMEH32.EXE PRC - [2008-06-25 15:41:34 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsqh.exe PRC - [2008-06-25 15:41:04 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe PRC - [2009-09-14 16:55:40 | 00,599,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe PRC - [2008-06-25 15:43:10 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe PRC - [2008-06-25 15:41:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe PRC - [2008-06-25 17:28:24 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsus.exe PRC - [2009-08-14 13:26:56 | 00,348,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008-06-25 15:42:48 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSM32.EXE PRC - [2008-09-02 12:48:12 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2008-11-20 15:35:08 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2008-06-25 15:42:32 | 00,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSGUI\fsguidll.exe PRC - [2009-07-31 15:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-03-02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avgnt.exe PRC - [2008-12-10 11:02:30 | 00,216,520 | ---- | M] (DT Soft Ltd) -- D:\typowe\DAEMON Tools Lite\daemon.exe PRC - [2008-09-02 12:40:46 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe PRC - [2009-09-12 11:25:28 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\typowe\Firefox 3\firefox.exe PRC - [2008-06-25 15:42:36 | 01,251,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSGUI\scanwizard.exe PRC - [2008-12-30 21:28:26 | 00,358,400 | ---- | M] (AIMP DevTeam) -- D:\typowe\AIMP2\AIMP2.exe PRC - [2009-08-31 18:07:34 | 11,391,592 | ---- | M] (GG Network S.A.) -- D:\typowe\Nowe Gadu-Gadu\gg.exe PRC - [2009-08-31 16:56:26 | 00,077,824 | ---- | M] () -- D:\typowe\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-09-30 17:47:31 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\Download\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running]) SRV - [2009-07-21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running]) SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2009-03-17 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-08-14 13:26:56 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-06-25 15:41:04 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Running]) SRV - [2008-06-25 15:41:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD [On_Demand | Running]) SRV - [2008-06-25 15:42:48 | 00,117,400 | ---- | M] (F-Secure Corporation) -- D:\typowe\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA [Auto | Running]) SRV - [2008-06-25 15:43:10 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient [On_Demand | Running]) SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2009-07-31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-10-27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- D:\typowe\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - [2007-06-29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- D:\typowe\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2007-06-27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped]) SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-03-16 23:33:02 | 03,597,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - [2007-11-14 09:48:20 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running]) DRV - [2008-10-04 22:03:30 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running]) DRV - [2009-02-13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running]) DRV - [2009-07-28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running]) DRV - [2009-03-30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running]) DRV - [2007-09-25 16:59:46 | 00,015,152 | ---- | M] () -- D:\typowe\MediaCoder\SysInfo.sys -- (CrystalSysInfo [On_Demand | Stopped]) DRV - [2008-06-25 15:41:36 | 00,039,776 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter [Disabled | Stopped]) DRV - [2009-09-14 16:56:29 | 00,099,960 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running]) DRV - [2008-06-25 15:42:40 | 00,066,720 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS [System | Running]) DRV - [2008-06-25 15:41:36 | 00,025,184 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer [Disabled | Stopped]) DRV - [2009-07-08 13:17:40 | 00,033,920 | ---- | M] () -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts [Boot | Running]) DRV - [2008-06-25 15:41:54 | 00,079,904 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW [Boot | Running]) DRV - [2008-04-13 22:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2008-02-14 11:04:06 | 04,676,096 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2007-11-02 13:08:28 | 00,068,096 | ---- | M] (EZB Systems, Inc.) -- D:\typowe\UltraISO\drivers\ISODrive.sys -- (ISODrive [System | Running]) DRV - [2008-10-04 22:03:23 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running]) DRV - [2008-10-21 21:51:08 | 00,027,904 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\Ndisprot.sys -- (Ndisprot [On_Demand | Stopped]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2009-05-13 23:56:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2008-01-03 16:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2009-02-11 23:58:12 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2009-05-11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1343024091-484763869-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1343024091-484763869-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-1343024091-484763869-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blackicetales.com/ IE - HKU\S-1-5-21-1343024091-484763869-682003330-500\S-1-5-21-1343024091-484763869-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {dd68c513-9296-4b63-8d8b-8f1c991c8a48}:0.1.7.3 FF - prefs.js..extensions.enabledItems: {eaf8a4ef-d221-45ca-9deb-d0934b45fa34}:1.3.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-11-20 15:35:14 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-08-13 15:34:20 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-25 13:29:21 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\typowe\Firefox 3\components [2009-09-29 06:45:30 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\typowe\Firefox 3\plugins [2009-09-12 11:25:30 | 00,000,000 | ---D | M] [2009-04-26 23:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions [2008-10-04 17:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-04-26 23:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\MediaCoder [2009-09-29 20:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions [2009-09-01 19:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48} [2009-04-25 13:09:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34} [2009-08-05 17:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions\foxyproxy@eric.h.jung [2009-09-23 21:23:56 | 00,001,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\p3nivm1g.default\searchplugins\pwn-sjp.xml [2009-03-23 12:29:26 | 00,001,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\p3nivm1g.default\searchplugins\translaticapl---angielsko-polski.xml [2009-03-23 12:29:28 | 00,001,819 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\p3nivm1g.default\searchplugins\translaticapl---polsko-angielski.xml Hosts file not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\typowe\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found O3 - HKU\S-1-5-21-1343024091-484763869-682003330-500\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\typowe\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] D:\typowe\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\typowe\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QuickTime Task] D:\typowe\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1343024091-484763869-682003330-500..\Run: [DAEMON Tools Lite] D:\typowe\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1343024091-484763869-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\typowe\MICROS~1\OFFICE11\EXCEL.EXE File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\typowe\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\typowe\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\typowe\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\typowe\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} http://www.quest3d.com/webplugin/download/quest3dactivex2.cab (Quest3DCtlr2 Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\typowe\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\typowe\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-10-04 16:08:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [5 C:\WINDOWS\*.tmp files] [2009-09-30 16:58:26 | 00,046,014 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Onet.JPG [2009-09-30 07:58:41 | 00,015,173 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Angielski Tech.docx [2009-09-30 07:02:47 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk [2009-09-30 07:02:39 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2009-09-30 07:02:39 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009-09-30 07:02:39 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2009-09-30 07:02:39 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2009-09-30 07:02:39 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2009-09-30 07:02:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira [2009-09-29 21:16:18 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2009-09-29 07:12:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\ArcaBit [2009-09-29 06:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\fotki [2009-09-28 22:52:49 | 00,000,615 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan.lnk [2009-09-28 22:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\ArcaMicroScan [2009-09-28 14:35:28 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2009-09-28 06:28:43 | 00,000,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\YouTube Downloader.lnk [2009-09-12 17:35:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Internet Saving Optimizer [2009-09-12 17:23:37 | 00,000,000 | ---D | C] -- C:\Program Files\Sukoku [2009-09-12 17:23:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sukoku [2009-09-12 17:23:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Media Access Startup [2009-09-12 17:22:22 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{7F4A1B90-59B3-4968-96A3-F7C1BE30DEBE} [2009-09-12 17:22:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DoubleD [2009-09-10 22:24:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\cache [2009-09-05 15:43:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AGI [2009-09-01 20:04:45 | 00,296,049 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\sexi pulpit.jpg [2009-08-08 00:05:08 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-08-08 00:05:07 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-08-08 00:05:02 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-08-08 00:05:02 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-08-08 00:05:01 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-08-08 00:05:00 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-08-08 00:04:59 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-02-11 23:58:12 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-12-29 19:59:33 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008-12-16 20:48:44 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008-12-06 13:35:08 | 00,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2008-11-04 20:25:37 | 00,000,146 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-10-05 22:11:19 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-10-05 12:55:24 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-10-04 22:03:24 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2008-10-04 22:03:05 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008-10-04 16:24:10 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2001-07-22 00:16:20 | 00,000,692 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2009-09-30 16:58:26 | 00,046,014 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Onet.JPG [2009-09-30 15:16:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-09-30 15:16:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-09-30 15:16:01 | 00,173,776 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2009-09-30 08:02:28 | 00,015,173 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Angielski Tech.docx [2009-09-30 07:02:47 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk [2009-09-30 02:00:52 | 00,000,538 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job [2009-09-29 19:46:14 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-09-29 16:18:11 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-28 22:52:49 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan.lnk [2009-09-28 06:28:43 | 00,000,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\YouTube Downloader.lnk [2009-09-25 19:31:34 | 00,052,736 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-23 20:30:27 | 00,000,692 | ---- | M] () -- C:\WINDOWS\win.ini [2009-09-16 19:44:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-09-01 20:05:07 | 00,296,049 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\sexi pulpit.jpg [color=#E56717]========== LOP Check ==========[/color] [2009-09-29 07:12:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji [2009-08-27 23:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\AGI [2009-02-28 18:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead [2009-09-30 15:25:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\AIMP [2009-09-29 07:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ArcaBit [2009-09-29 19:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ArcaMicroScan [2008-10-04 16:30:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ATI [2009-04-26 23:09:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Broad Intelligence [2009-02-19 22:38:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools [2009-02-19 22:40:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools Lite [2009-02-12 00:12:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools Pro [2008-12-15 00:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Expressivo [2009-02-11 21:15:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\F-Secure [2009-04-23 02:55:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\HateML [2008-12-19 14:33:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Kingston [2009-09-20 20:37:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu [2009-04-26 23:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenCandy [2009-07-18 15:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenFM [2009-08-04 11:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera [2009-07-15 17:20:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SecuROM [2009-08-27 23:13:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Temp [2009-08-07 15:28:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tor [2009-05-08 19:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft [2009-02-19 04:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent [2009-08-07 15:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Vidalia [2009-09-05 15:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Webshots [2009-02-20 00:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\WSPWNOUP2007 [2008-10-04 22:04:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Xfire [2009-09-30 07:02:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009-09-12 17:22:58 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{7F4A1B90-59B3-4968-96A3-F7C1BE30DEBE} [2009-09-05 15:43:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AGI [2008-10-05 20:49:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead [2008-12-29 20:06:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI [2009-02-19 22:36:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2009-02-12 00:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro [2008-10-21 22:13:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\f-secure [2008-12-06 13:07:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\fssg [2009-07-27 19:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Mistrz Klawiatury II Data [2009-09-22 08:39:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-09-25 14:07:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sukoku [2009-08-28 00:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-05-08 19:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2008-10-04 18:00:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-09-30 07:41:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2008-10-04 16:11:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009-09-16 19:44:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2001-07-22 00:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-09-30 15:16:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009-09-30 02:00:52 | 00,000,538 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF < End of report > [/log]
Psycholandia komentarz 30 września 2009 komentarz 30 września 2009 W okienko OTL wklej poniższy skrypt i klik na Run Fix: [code]:Processes explorer.exe :OTL O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found O3 - HKU\S-1-5-21-1343024091-484763869-682003330-500\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found :Files C:\WINDOWS\tasks\Scheduled scanning task.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\Documents and Settings\All Users\Dane aplikacji\Sukoku C:\Program Files\Sukoku :Commands [emptytemp] [start explorer] [Reboot][/code] Daj loga powstałego po usuwaniu.
Deeriox komentarz 30 września 2009 Autor komentarz 30 września 2009 Jak włączyłem "Run Fix" po pewnym czasie działania wyskoczył jakiś error. W pasku na dole pisało "Emptying Temp folders. DO NOT INTERRUPT..." niby nie powinienem nic robić, tyle, że komp się zaciął i musiałem ostatecznie go zrestartować ręcznie. W każdym razie po restarcie i skanie wyszedł taki log... [log]OTL logfile created on: 2009-09-30 22:05:03 - Run 2 OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Administrator\Pulpit\Download Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,35% Memory free 3,85 Gb Paging File | 3,25 Gb Available in Paging File | 84,59% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 48,78 Gb Free Space | 83,24% Space Free | Partition Type: NTFS Drive D: | 78,13 Gb Total Space | 72,74 Gb Free Space | 93,11% Space Free | Partition Type: NTFS Drive E: | 92,77 Gb Total Space | 24,38 Gb Free Space | 26,28% Space Free | Partition Type: NTFS Drive F: | 68,58 Gb Total Space | 61,10 Gb Free Space | 89,08% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KOMP-90FD06073 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\sched.exe PRC - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009-07-21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avguard.exe PRC - [2009-08-14 13:26:56 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe PRC - [2009-09-14 16:55:40 | 00,476,288 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE PRC - [2008-06-25 15:42:48 | 00,117,400 | ---- | M] (F-Secure Corporation) -- D:\typowe\F-Secure Internet Security\Common\FSMA32.EXE PRC - [2009-07-31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-06-25 15:42:50 | 00,232,088 | ---- | M] (F-Secure Corporation) -- D:\typowe\F-Secure Internet Security\Common\FSMB32.EXE PRC - [2008-06-25 15:42:48 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FCH32.EXE PRC - [2008-06-25 15:42:48 | 00,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FAMEH32.EXE PRC - [2008-06-25 15:41:34 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsqh.exe PRC - [2008-06-25 15:43:10 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe PRC - [2008-06-25 15:41:04 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe PRC - [2008-06-25 15:41:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe PRC - [2009-09-14 16:55:40 | 00,599,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe PRC - [2008-06-25 17:28:24 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsus.exe PRC - [2009-08-14 13:26:56 | 00,348,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe PRC - [2008-06-25 15:42:48 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSM32.EXE PRC - [2008-06-25 15:42:32 | 00,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSGUI\fsguidll.exe PRC - [2009-02-27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- D:\typowe\Adobe\Reader 9.0\Reader\Reader_sl.exe PRC - [2008-09-02 12:48:12 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2008-11-20 15:35:08 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009-07-31 15:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-03-02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avgnt.exe PRC - [2008-12-10 11:02:30 | 00,216,520 | ---- | M] (DT Soft Ltd) -- D:\typowe\DAEMON Tools Lite\daemon.exe PRC - [2008-09-02 12:40:46 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe PRC - [2009-09-30 17:47:31 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\Download\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running]) SRV - [2009-07-21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running]) SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2009-03-17 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-08-14 13:26:56 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-06-25 15:41:04 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Running]) SRV - [2008-06-25 15:41:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD [On_Demand | Running]) SRV - [2008-06-25 15:42:48 | 00,117,400 | ---- | M] (F-Secure Corporation) -- D:\typowe\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA [Auto | Running]) SRV - [2008-06-25 15:43:10 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient [On_Demand | Running]) SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2009-07-31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-10-27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- D:\typowe\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - [2007-06-29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- D:\typowe\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2007-06-27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped]) SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-03-16 23:33:02 | 03,597,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - [2007-11-14 09:48:20 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running]) DRV - [2008-10-04 22:03:30 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running]) DRV - [2009-02-13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running]) DRV - [2009-07-28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running]) DRV - [2009-03-30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running]) DRV - [2007-09-25 16:59:46 | 00,015,152 | ---- | M] () -- D:\typowe\MediaCoder\SysInfo.sys -- (CrystalSysInfo [On_Demand | Stopped]) DRV - [2008-06-25 15:41:36 | 00,039,776 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter [Disabled | Stopped]) DRV - [2009-09-14 16:56:29 | 00,099,960 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running]) DRV - [2008-06-25 15:42:40 | 00,066,720 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS [System | Running]) DRV - [2008-06-25 15:41:36 | 00,025,184 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer [Disabled | Stopped]) DRV - [2009-07-08 13:17:40 | 00,033,920 | ---- | M] () -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts [Boot | Running]) DRV - [2008-06-25 15:41:54 | 00,079,904 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW [Boot | Running]) DRV - [2008-04-13 22:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2008-02-14 11:04:06 | 04,676,096 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2007-11-02 13:08:28 | 00,068,096 | ---- | M] (EZB Systems, Inc.) -- D:\typowe\UltraISO\drivers\ISODrive.sys -- (ISODrive [System | Running]) DRV - [2008-10-04 22:03:23 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running]) DRV - [2008-10-21 21:51:08 | 00,027,904 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\Ndisprot.sys -- (Ndisprot [On_Demand | Stopped]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2009-05-13 23:56:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2008-01-03 16:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2009-02-11 23:58:12 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2009-05-11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blackicetales.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {dd68c513-9296-4b63-8d8b-8f1c991c8a48}:0.1.7.3 FF - prefs.js..extensions.enabledItems: {eaf8a4ef-d221-45ca-9deb-d0934b45fa34}:1.3.0.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-11-20 15:35:14 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-08-13 15:34:20 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-25 13:29:21 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\typowe\Firefox 3\components [2009-09-29 06:45:30 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\typowe\Firefox 3\plugins [2009-09-12 11:25:30 | 00,000,000 | ---D | M] [2009-04-26 23:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions [2008-10-04 17:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-04-26 23:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\MediaCoder [2009-09-30 21:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions [2009-09-01 19:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48} [2009-04-25 13:09:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34} [2009-08-05 17:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions\foxyproxy@eric.h.jung [2009-09-30 21:40:37 | 00,001,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\p3nivm1g.default\searchplugins\pwn-sjp.xml [2009-03-23 12:29:26 | 00,001,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\p3nivm1g.default\searchplugins\translaticapl---angielsko-polski.xml [2009-03-23 12:29:28 | 00,001,819 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\p3nivm1g.default\searchplugins\translaticapl---polsko-angielski.xml Hosts file not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\typowe\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\typowe\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] D:\typowe\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\typowe\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QuickTime Task] D:\typowe\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\typowe\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\typowe\MICROS~1\OFFICE11\EXCEL.EXE File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\typowe\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\typowe\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\typowe\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\typowe\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} http://www.quest3d.com/webplugin/download/quest3dactivex2.cab (Quest3DCtlr2 Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\typowe\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\typowe\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-10-04 16:08:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-09-30 21:58:54 | 00,000,538 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job [2009-09-30 21:56:35 | 00,000,000 | ---D | C] -- C:\_OTL [2009-09-30 16:58:26 | 00,046,014 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Onet.JPG [2009-09-30 07:58:41 | 00,015,173 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Angielski Tech.docx [2009-09-30 07:02:47 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk [2009-09-30 07:02:39 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2009-09-30 07:02:39 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2009-09-30 07:02:39 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2009-09-30 07:02:39 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2009-09-30 07:02:39 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2009-09-30 07:02:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira [2009-09-29 21:16:18 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache [2009-09-29 07:12:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\ArcaBit [2009-09-29 06:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\fotki [2009-09-28 22:52:49 | 00,000,615 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan.lnk [2009-09-28 22:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\ArcaMicroScan [2009-09-28 22:31:07 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009-09-28 22:31:07 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009-09-28 22:31:07 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009-09-28 14:35:28 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2009-09-28 06:28:43 | 00,000,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\YouTube Downloader.lnk [2009-09-12 17:35:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Internet Saving Optimizer [2009-09-12 17:23:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Media Access Startup [2009-09-12 17:22:22 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{7F4A1B90-59B3-4968-96A3-F7C1BE30DEBE} [2009-09-12 17:22:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DoubleD [2009-09-10 22:24:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\cache [2009-09-05 15:43:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AGI [2009-09-01 20:04:45 | 00,296,049 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\sexi pulpit.jpg [2009-08-08 00:05:08 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-08-08 00:05:07 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-08-08 00:05:02 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-08-08 00:05:02 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-08-08 00:05:01 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-08-08 00:05:00 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-08-08 00:04:59 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-02-11 23:58:12 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-12-29 19:59:33 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008-12-16 20:48:44 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008-12-06 13:35:08 | 00,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2008-11-04 20:25:37 | 00,000,146 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-10-05 22:11:19 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-10-05 12:55:24 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-10-04 22:03:24 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2008-10-04 22:03:05 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008-10-04 16:24:10 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2001-07-22 00:16:20 | 00,000,692 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-09-30 22:01:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-09-30 22:01:42 | 00,173,776 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2009-09-30 22:01:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-09-30 21:58:55 | 00,000,538 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job [2009-09-30 16:58:26 | 00,046,014 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Onet.JPG [2009-09-30 08:02:28 | 00,015,173 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Angielski Tech.docx [2009-09-30 07:02:47 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk [2009-09-29 19:46:14 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-09-29 16:18:11 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-28 22:52:49 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan.lnk [2009-09-28 06:28:43 | 00,000,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\YouTube Downloader.lnk [2009-09-25 19:31:34 | 00,052,736 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-23 20:30:27 | 00,000,692 | ---- | M] () -- C:\WINDOWS\win.ini [2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-09-01 20:05:07 | 00,296,049 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\sexi pulpit.jpg < End of report > [/log]
Psycholandia komentarz 30 września 2009 komentarz 30 września 2009 uruchom OTL i kliknij na CleanUP. Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
Deeriox komentarz 1 października 2009 Autor komentarz 1 października 2009 Trochę to bezsensowne. Podczas skanu w Malwarebytes pokazywało mi parę komunikatów, brałem deny access, ale w logu nic nie pokazało. [log]Malwarebytes' Anti-Malware 1.41 Wersja bazy definicji: 2886 Windows 5.1.2600 Dodatek Service Pack 3 2009-10-01 19:25:10 mbam-log-2009-10-01 (19-25-10).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|) Przeskanowane obiekty: 185719 Upłynęło: 25 minute(s), 50 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 0 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: (Nie wykryto groźnych plików) [/log]
Psycholandia komentarz 1 października 2009 komentarz 1 października 2009 A jak się teraz zachowuje komputer? Problem ustąpił?
Deeriox komentarz 1 października 2009 Autor komentarz 1 października 2009 Niestety nie, nadal jest. Co ciekawe, dla sprawdzenia, po ponownym skanowaniu w Malwarebytes znowu wykryło mi jakieś 'podejrzane pliki'. Tym razem wrzuciłem do kwarantanny (właściwie to przy większości plików miałem tylko trzy opcje - wstrzymanie dostępu, kwarantanna, zignorowanie - bez możliwości usunięcia, naprawienia, itd.). W każdym razie problem nie ustąpił.
Psycholandia komentarz 1 października 2009 komentarz 1 października 2009 jakie to były pliki? Wykonaj: http://support.microsoft.com/kb/310405/pl Daj nowego loga z OTL
Deeriox komentarz 3 października 2009 Autor komentarz 3 października 2009 (edytowane) Nie pamiętam dokładnie, a po kolejnym skanowaniu już ich nie wykryło. Mam dylemat do kiedy zrobić przywracanie, problem występuje już dłuższy czas i nie pamiętam kiedy wystąpił.
Psycholandia komentarz 3 października 2009 komentarz 3 października 2009 Weź może jakiś miesiąc wstecz o ile masz takie punkty.
Deeriox komentarz 8 października 2009 Autor komentarz 8 października 2009 (edytowane) Punkty mam do lipca. Próbowałem różnych siedmiokrotnie, od punktów sprzed 2 tyg. do 13 sierpnia - za każdym razem "Przywracanie niekompletne". Szukałem na google jak to rozwiązać/naprawić, ale nic nie znalazłem. Minął prawie tydzień. I co, ma ktoś jeszcze jakieś pomysły, sugestie, cokolwiek? Bo problem jak był - tak jest i ani mu się śni sobie pójść.
Taus komentarz 14 października 2009 komentarz 14 października 2009 Witam. Mam pewien problem z przeglądarka ff. Otóż za każdym razem przy przesyłaniu strony internetowej automatycznie otwiera mi się inna niepożądana strona. Jak mógłbym pozbyć się tego problemu? Pozdrawiam
rokko komentarz 15 października 2009 komentarz 15 października 2009 [quote]automatycznie otwiera mi się inna niepożądana strona[/quote] Masz najprawdopodobniej zainfekowany system. Daj logi według zasad panujących na forum http://www.forumpc.pl/index.php?showtopic=117272
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.