kasia20 utworzono 1 października 2009 utworzono 1 października 2009 (edytowane) Proszę o sprawdzenie: [log]ComboFix 09-09-30.05 - DOM 2009-10-01 8:05.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.48.1045.18.1023.497 [GMT 2:00] Uruchomiony z: c:\documents and settings\DOM\Pulpit\ComboFix.exe * Rezydentny antywirus jest aktywny . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\aqq.dll c:\windows\system32\ieuinit.inf c:\windows\system32\qmgr.dll . . . jest zainfekowany!! . ((((((((((((((((((((((((( Pliki utworzone od 2009-09-01 do 2009-10-01 ))))))))))))))))))))))))))))))) . Nie utworzono żadnych nowych plików w tym okresie . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-01 06:08 . 2008-10-19 16:28 -------- d-----w- c:\documents and settings\DOM\Dane aplikacji\uTorrent 2009-09-30 12:15 . 2009-01-28 14:00 -------- d-----w- c:\documents and settings\DOM\Dane aplikacji\gtk-2.0 2009-09-29 15:43 . 2008-10-17 16:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-29 15:27 . 2009-04-29 12:38 -------- d-----w- c:\program files\AVI ReComp 2009-09-27 06:09 . 2008-10-21 12:24 -------- d-----w- c:\program files\Gadu-Gadu 2009-09-17 17:33 . 2009-06-20 13:51 -------- d-----w- c:\program files\Ubisoft 2009-08-30 18:31 . 2002-03-25 20:02 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys 2009-08-26 18:59 . 2009-05-18 19:20 -------- d-----w- c:\documents and settings\DOM\Dane aplikacji\foobar2000 2009-03-22 20:44 . 2009-03-22 20:43 17 --sha-w- c:\windows\CT5STET.BIN . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-20 577536] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-01 1519616] "NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Privoxy.lnk - c:\program files\Privoxy\privoxy.exe [2008-1-20 302080] [HKLM\~\startupfolder\C:^Documents and Settings^DOM^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk] path=c:\documents and settings\DOM\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-10-21 16512] . Zawartość folderu 'Zaplanowane zadania' 2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.crawler.com/?tbid=66020 uInternet Connection Wizard,ShellNext = hxxp://clk.tradedoubler.com/click?p=55647&a=1324857&g=16827436&pools=175516 IE: &D&ownload &with BitComet - c:\documents and settings\DOM\Pulpit\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\documents and settings\DOM\Pulpit\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\documents and settings\DOM\Pulpit\BitComet.exe/AddAllLink.htm IE: Add to Google Photos Screensa&ver - c:\windows\System32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\cugee0yl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/ FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=66020&qkw= FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBOARDS.dll . - - - - USUNIĘTO PUSTE WPISY - - - - WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-01 08:11 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-725345543-2077806209-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:cd,a4,c9,59,cb,f0,ea,5a,60,8e,22,74,fe,f5,17,a6,53,a1,c1,5b,fd,14,32, 63,fc,6b,4f,c6,4d,cb,4b,fe,5d,75,24,2e,b2,0c,be,c9,76,04,f9,ac,41,7d,d6,25,\ "??"=hex:ad,54,86,6a,80,6c,d1,15,23,da,bd,eb,11,03,b0,0d . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(676) c:\windows\System32\ODBC32.dll - - - - - - - > 'lsass.exe'(732) c:\windows\System32\dssenh.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\rundll32.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Czas ukończenia: 2009-10-01 8:13 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-10-01 06:13 Przed: 26 224 893 952 bajtów wolnych Po: 26 352 107 520 bajtów wolnych winxpsp1_pl_pro_bf.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 124 [/log] Powód tematu: wolniejsze działanie systemu, profilaktyka.
Psycholandia komentarz 1 października 2009 komentarz 1 października 2009 Kaś daj loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338
kasia20 komentarz 1 października 2009 Autor komentarz 1 października 2009 Już podaję: [log]OTL logfile created on: 2009-10-01 15:09:36 - Run 1 OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\DOM\Pulpit Windows XP Professional Edition Dodatek Service Pack. 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 572,65 Mb Available Physical Memory | 55,95% Memory free 2,41 Gb Paging File | 2,04 Gb Available in Paging File | 84,63% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 24,41 Gb Free Space | 62,49% Space Free | Partition Type: NTFS Drive D: | 109,98 Gb Total Space | 18,02 Gb Free Space | 16,38% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AMD Current User Name: DOM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2002-09-20 20:05:24 | 01,005,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006-06-20 23:42:44 | 00,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2008-06-10 05:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe PRC - [2008-07-01 09:01:04 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2008-01-20 19:06:08 | 00,302,080 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Program Files\Privoxy\privoxy.exe PRC - [2008-07-01 09:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2001-02-23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe PRC - [2006-06-01 11:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2008-10-28 18:45:02 | 00,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009-10-01 15:08:30 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DOM\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2008-07-01 09:08:00 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) SRV - [2008-07-01 09:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running]) SRV - [2008-08-01 00:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2002-09-20 20:04:38 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2001-02-23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running]) SRV - [2006-06-01 11:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - [2002-09-20 20:04:38 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Running]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2006-06-22 10:21:06 | 03,972,736 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) DRV - [2002-07-17 08:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys -- (ASPI [On_Demand | Stopped]) DRV - [2008-07-01 08:56:22 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running]) DRV - [2008-07-01 08:57:14 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys -- (easdrv [System | Running]) DRV - [2008-07-01 09:04:40 | 00,034,312 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running]) DRV - [2006-06-01 11:22:00 | 03,925,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2005-08-18 11:52:06 | 00,093,568 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata [Boot | Running]) DRV - [2005-04-06 04:22:28 | 00,033,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2005-04-06 04:22:30 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2002-10-09 10:17:16 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-08-01 00:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2009-08-30 20:31:58 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-725345543-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm IE - HKU\S-1-5-21-725345543-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-725345543-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=66020 IE - HKU\S-1-5-21-725345543-2077806209-839522115-1003\S-1-5-21-725345543-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Crawler Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.order.1: "Crawler Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=66020&qkw=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-18 20:06:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-18 20:06:56 | 00,000,000 | ---D | M] [2008-10-17 18:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\mozilla\Extensions [2008-10-17 18:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-06-23 00:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\mozilla\Firefox\Profiles\cugee0yl.default\extensions [2009-04-30 16:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\mozilla\Firefox\Profiles\cugee0yl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008-11-18 23:48:21 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\DOM\Dane aplikacji\Mozilla\FireFox\Profiles\cugee0yl.default\searchplugins\winamp-search.xml [2009-06-23 00:52:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-06-18 20:06:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008-11-26 17:02:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009-06-18 20:06:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-06-18 20:06:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2008-06-24 19:07:32 | 00,927,224 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPBOARDS.dll [2008-06-27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-18 20:06:54 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008-11-29 18:57:08 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2007-07-26 14:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml [2008-11-29 18:57:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-11-29 18:57:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008-11-29 18:57:08 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2008-11-29 18:57:08 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-11-29 18:57:08 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2008-11-29 18:57:08 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation) O3 - HKU\S-1-5-21-725345543-2077806209-839522115-1003\..\Toolbar\WebBrowser: (no name) - {463DF6D5-BEC1-4D67-B217-59DB692DFC53} - No CLSID value found. O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMCTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-725345543-2077806209-839522115-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-725345543-2077806209-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-725345543-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-725345543-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-725345543-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-725345543-2077806209-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &D&ownload &with BitComet - C:\Documents and Settings\DOM\Pulpit\BitComet.exe File not found O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Documents and Settings\DOM\Pulpit\BitComet.exe File not found O8 - Extra context menu item: &D&ownload all with BitComet - C:\Documents and Settings\DOM\Pulpit\BitComet.exe File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm () O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.33.64.2 212.33.64.18 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-10-17 18:01:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2 C:\WINDOWS\*.tmp files] [2009-10-01 15:08:23 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DOM\Pulpit\OTL.exe [2009-10-01 08:46:25 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-10-01 08:28:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm [2009-10-01 08:28:06 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Last.fm.lnk [2009-10-01 08:28:03 | 00,000,000 | ---D | C] -- C:\Program Files\Last.fm [2009-10-01 08:13:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009-10-01 08:04:32 | 00,000,194 | ---- | C] () -- C:\Boot.bak [2009-10-01 08:04:29 | 00,248,048 | ---- | C] () -- C:\cmldr [2009-10-01 08:04:27 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-10-01 08:03:37 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-10-01 08:03:35 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-10-01 08:03:34 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009-10-01 08:03:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009-10-01 08:03:34 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009-10-01 08:03:34 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009-10-01 08:03:34 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009-10-01 08:03:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009-10-01 08:01:40 | 03,324,248 | R--- | C] () -- C:\Documents and Settings\DOM\Pulpit\ComboFix.exe [2009-09-30 17:35:31 | 00,044,980 | ---- | C] () -- C:\Documents and Settings\DOM\Pulpit\wertyui.jpg [2009-09-29 21:59:39 | 00,484,727 | ---- | C] () -- C:\Documents and Settings\DOM\Pulpit\105 teraz 55.jpg [2009-09-29 21:56:00 | 00,443,426 | ---- | C] () -- C:\Documents and Settings\DOM\Pulpit\104.jpg [2009-09-29 21:52:47 | 00,544,093 | ---- | C] () -- C:\Documents and Settings\DOM\Pulpit\103.jpg [2009-09-29 17:54:10 | 00,000,435 | -H-- | C] () -- C:\Documents and Settings\DOM\Pulpit\TP03.AVI.ini [2009-09-27 08:59:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DOM\Moje dokumenty\Explorer [2009-09-20 21:43:07 | 00,000,428 | -H-- | C] () -- C:\Documents and Settings\DOM\Pulpit\Zielona mila.avi.ini [2009-09-17 19:41:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DOM\Moje dokumenty\SH3 [2009-09-07 22:14:48 | 00,000,474 | -H-- | C] () -- C:\Documents and Settings\DOM\Pulpit\Greys Anatomy S04E06 Kung Fu Fighting.avi.ini [2009-09-07 20:24:04 | 00,000,479 | -H-- | C] () -- C:\Documents and Settings\DOM\Pulpit\Greys Anatomy S04E05 Haunt You Every Day.avi.ini [2009-06-29 21:36:26 | 00,000,185 | ---- | C] () -- C:\WINDOWS\msdchem.ini [2009-06-01 00:44:40 | 00,000,092 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini [2009-04-28 09:10:55 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-02-27 14:31:41 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-01-16 19:14:16 | 00,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2009-01-14 20:05:38 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-01-14 20:05:30 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-01-14 20:05:30 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-12-18 00:30:06 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-12-18 00:30:06 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-11-25 09:20:04 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008-10-29 17:19:46 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2008-10-27 00:54:41 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-10-20 12:50:33 | 00,000,395 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008-10-20 12:49:31 | 00,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2008-10-20 12:49:31 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2008-10-20 12:49:31 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2008-10-20 12:49:24 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2008-10-20 12:49:24 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2008-10-20 12:49:24 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2008-10-20 12:49:23 | 00,008,975 | ---- | C] () -- C:\WINDOWS\HL-2030.INI [2008-10-17 18:08:41 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008-10-17 18:06:56 | 00,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS [2008-07-01 09:04:40 | 00,034,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2008-02-29 06:14:04 | 00,223,744 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll [2006-06-01 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-06-01 11:22:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-06-01 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-06-01 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-06-01 11:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-06-01 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-06-01 11:22:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2002-10-16 00:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2002-10-09 10:17:49 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini [2002-10-09 10:17:34 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [2 C:\WINDOWS\*.tmp files] [2009-10-01 15:08:30 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DOM\Pulpit\OTL.exe [2009-10-01 15:05:35 | 00,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-10-01 15:05:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-10-01 15:05:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-10-01 10:08:36 | 00,116,736 | ---- | M] () -- C:\Documents and Settings\DOM\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-01 08:28:06 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Last.fm.lnk [2009-10-01 08:12:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-10-01 08:11:39 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009-10-01 08:04:32 | 00,000,264 | RHS- | M] () -- C:\boot.ini [2009-10-01 08:01:57 | 03,324,248 | R--- | M] () -- C:\Documents and Settings\DOM\Pulpit\ComboFix.exe [2009-09-30 17:35:31 | 00,044,980 | ---- | M] () -- C:\Documents and Settings\DOM\Pulpit\wertyui.jpg [2009-09-30 17:29:33 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-09-29 21:59:40 | 00,484,727 | ---- | M] () -- C:\Documents and Settings\DOM\Pulpit\105 teraz 55.jpg [2009-09-29 21:56:01 | 00,443,426 | ---- | M] () -- C:\Documents and Settings\DOM\Pulpit\104.jpg [2009-09-29 21:52:47 | 00,544,093 | ---- | M] () -- C:\Documents and Settings\DOM\Pulpit\103.jpg [2009-09-29 17:54:16 | 00,000,435 | -H-- | M] () -- C:\Documents and Settings\DOM\Pulpit\TP03.AVI.ini [2009-09-27 08:57:15 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-09-26 13:17:35 | 00,000,473 | -H-- | M] () -- C:\Documents and Settings\DOM\Pulpit\Madagaskar 2 - Ucieczka z Afryki.avi.ini [2009-09-21 14:21:29 | 00,000,428 | -H-- | M] () -- C:\Documents and Settings\DOM\Pulpit\Zielona mila.avi.ini [2009-09-20 08:23:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-09-08 13:59:29 | 00,000,474 | -H-- | M] () -- C:\Documents and Settings\DOM\Pulpit\Greys Anatomy S04E06 Kung Fu Fighting.avi.ini [2009-09-08 13:59:28 | 00,000,479 | -H-- | M] () -- C:\Documents and Settings\DOM\Pulpit\Greys Anatomy S04E05 Haunt You Every Day.avi.ini [color=#E56717]========== LOP Check ==========[/color] [2009-06-09 17:01:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009-05-10 10:29:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2008-10-19 18:15:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2009-10-01 08:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm [2009-01-30 11:55:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2008-10-17 18:50:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-09-29 17:27:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\DOM\Dane aplikacji [2008-10-26 14:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Ahead [2009-02-26 20:29:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Any DVD Converter Professional [2009-05-10 10:29:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Ashampoo [2009-08-26 20:59:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\foobar2000 [2008-10-21 14:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Gadu-Gadu [2009-02-12 15:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\GanymedeNet [2009-09-30 14:15:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\gtk-2.0 [2008-10-19 20:53:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Nowe Gadu-Gadu [2008-11-30 15:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\OpenOffice.org [2008-12-09 21:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Opera [2009-06-20 15:56:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\SecuROM [2008-11-28 14:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Tlen.pl [2009-10-01 13:19:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\uTorrent [2008-10-17 18:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2008-10-17 18:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009-03-10 00:18:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2002-10-09 10:16:48 | 00,000,065 | ---- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-10-01 15:05:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FB1B13D8 < End of report >[/log]
Psycholandia komentarz 1 października 2009 komentarz 1 października 2009 1. Wchodzisz w start, uruchom, wpisujesz: msconfig i zakładka uruchamianie, odznaczasz tam: [code]O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)[/code] 2. W okienko OTL wklej poniższy skrypt i klik na Run Fix: [code]:Processes explorer.exe :OTL O3 - HKU\S-1-5-21-725345543-2077806209-839522115-1003\..\Toolbar\WebBrowser: (no name) - {463DF6D5-BEC1-4D67-B217-59DB692DFC53} - No CLSID value found. O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) :Files C:\RECYCLER C:\WINDOWS\NIRCMD.exe C:\WINDOWS\PEV.exe C:\WINDOWS\SWREG.exe C:\WINDOWS\SWSC.exe C:\WINDOWS\sed.exe C:\WINDOWS\grep.exe C:\WINDOWS\zip.exe C:\WINDOWS\SWXCACLS.exe :Commands [emptytemp] [start explorer] [Reboot][/code] Uruchamiasz ponownie OTL i klik na CleanUP. Czysto. 3. Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware) 4. Wykonaj optymalizację: http://www.forumpc.pl/index.php?showtopic=17478 5. do notatnika wklej: [code]FCopy:: c:\qmgr.dll | c:\windows\system32\qmgr.dll[/code] i zapisz jako [b]CFScript.txt[/b] [b]CFScript.txt[/b] przeciągnij i upuść na ikonkę [b]Combofix'a[/b]
kasia20 komentarz 1 października 2009 Autor komentarz 1 października 2009 Z Malware: [log]Malwarebytes' Anti-Malware 1.41 Wersja bazy definicji: 2883 Windows 5.1.2600 Dodatek Service Pack. 1 2009-10-01 16:18:26 mbam-log-2009-10-01 (16-18-25).txt Typ skanowania: Pełne skanowanie (C:\|D:\|) Przeskanowane obiekty: 179358 Upłynęło: 26 minute(s), 52 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 0 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: (Nie wykryto groźnych plików)[/log] A i jeszcze mikro zapytanie: po użyciu tego tam OTL na pulpicie mam kilka ikonek, które zdaje się były ukryte. Są to w większości pliki do usunięcia (wiem to napewno, ponieważ są to pozostałości po filmach ), ale gdy chciałam je po prostu wyrzucić wśród nich znalazłam jeden systemowy, mianowicie [b]Thumbs.db[/b] i nie wiem czy mogę to bezpiecznie usunąć. To jedna sprawa. A jeśli chodzi o pkt. 5 no to cóż, śmieszna sprawa, ale po zabiegu wsiąkła mi ikonka ComboFix xD No proszę, przy poszukiwaniach okazało się, że mam dużo dużo więcej plików, które były ukryte, w różnych miejscach, nie tylko na pulpicie (jak wyżej pisałam). Cóż z nimi począć?
Psycholandia komentarz 1 października 2009 komentarz 1 października 2009 Wejdź w któryś dysk, na górze [b]Narzędzia[/b], [b]Opcje folderów[/b], [b]Widok[/b] i zaznacz: [b]Nie pokazuj ukrytych plików i folderów[/b] [quote]A jeśli chodzi o pkt. 5 no to cóż, śmieszna sprawa, ale po zabiegu wsiąkła mi ikonka ComboFix xD[/quote] Bo ta opcja czyści pozostałości po skanerach typu OTL, Combofix. Kliknij na nią jeszcze raz jeśli wykonałaś wszystko.
kasia20 komentarz 1 października 2009 Autor komentarz 1 października 2009 Dobra, ukryte pliki zostały ukryte xD choć usunęłam część zbędnych plików ale (nie załamuj się proszę) ikonki ComboFix'a dalej nie ma. Zapomniałam dodać, że ze skanowania Malware nic nie wykryło
Psycholandia komentarz 1 października 2009 komentarz 1 października 2009 Musisz combofixa na nowo ściągnąć, opcja CleanUP go wyczyściła. 1
kasia20 komentarz 1 października 2009 Autor komentarz 1 października 2009 Dobra, tak czułam, ale chciałam się upewnić ;D Po upuszczeniu na ikonkę ComboFix'a znowu rozpoczęło się skanowanie. Nie wiem czy potrzebnie, ale daję log, który się utworzył: [log]ComboFix 09-09-30.06 - DOM 2009-10-01 17:04.5.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.48.1045.18.1023.584 [GMT 2:00] Uruchomiony z: c:\documents and settings\DOM\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\DOM\Pulpit\CFScript.txt * Rezydentny antywirus jest aktywny . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . Zainfekowana kopia c:\windows\system32\qmgr.dll została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\ERDNT\cache\qmgr.dll . ((((((((((((((((((((((((( Pliki utworzone od 2009-09-01 do 2009-10-01 ))))))))))))))))))))))))))))))) . 2009-10-01 13:50 . 2009-10-01 13:50 -------- d-----w- c:\documents and settings\DOM\Dane aplikacji\Malwarebytes 2009-10-01 13:50 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-01 13:50 . 2009-10-01 13:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2009-10-01 13:50 . 2009-10-01 13:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-01 13:50 . 2009-09-10 12:53 18520 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-01 06:28 . 2009-10-01 06:28 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Last.fm 2009-10-01 06:28 . 2009-10-01 06:29 -------- d-----w- c:\program files\Last.fm . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-01 11:19 . 2008-10-19 16:28 -------- d-----w- c:\documents and settings\DOM\Dane aplikacji\uTorrent 2009-09-30 12:15 . 2009-01-28 14:00 -------- d-----w- c:\documents and settings\DOM\Dane aplikacji\gtk-2.0 2009-09-29 15:43 . 2008-10-17 16:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-29 15:27 . 2009-04-29 12:38 -------- d-----w- c:\program files\AVI ReComp 2009-09-27 06:09 . 2008-10-21 12:24 -------- d-----w- c:\program files\Gadu-Gadu 2009-09-17 17:33 . 2009-06-20 13:51 -------- d-----w- c:\program files\Ubisoft 2009-08-30 18:31 . 2002-03-25 20:02 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys 2009-08-26 18:59 . 2009-05-18 19:20 -------- d-----w- c:\documents and settings\DOM\Dane aplikacji\foobar2000 2009-03-22 20:44 . 2009-03-22 20:43 17 --sha-w- c:\windows\CT5STET.BIN . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-06-01 7618560] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-20 577536] "NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-06-01 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-20 13312] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Privoxy.lnk - c:\program files\Privoxy\privoxy.exe [2008-1-20 302080] [HKLM\~\startupfolder\C:^Documents and Settings^DOM^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk] path=c:\documents and settings\DOM\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-10-21 16512] . Zawartość folderu 'Zaplanowane zadania' 2009-03-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.crawler.com/?tbid=66020 uInternet Connection Wizard,ShellNext = hxxp://clk.tradedoubler.com/click?p=55647&a=1324857&g=16827436&pools=175516 IE: &D&ownload &with BitComet - c:\documents and settings\DOM\Pulpit\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\documents and settings\DOM\Pulpit\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\documents and settings\DOM\Pulpit\BitComet.exe/AddAllLink.htm IE: Add to Google Photos Screensa&ver - c:\windows\System32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm FF - ProfilePath - c:\documents and settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\cugee0yl.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/ FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=66020&qkw= FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBOARDS.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-01 17:08 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-725345543-2077806209-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:cd,a4,c9,59,cb,f0,ea,5a,60,8e,22,74,fe,f5,17,a6,53,a1,c1,5b,fd,14,32, 63,fc,6b,4f,c6,4d,cb,4b,fe,5d,75,24,2e,b2,0c,be,c9,76,04,f9,ac,41,7d,d6,25,\ "??"=hex:ad,54,86,6a,80,6c,d1,15,23,da,bd,eb,11,03,b0,0d . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(668) c:\windows\System32\ODBC32.dll - - - - - - - > 'lsass.exe'(724) c:\windows\System32\dssenh.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\rundll32.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe . ************************************************************************** . Czas ukończenia: 2009-10-01 17:10 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-10-01 15:10 Przed: 26 289 225 728 bajtów wolnych Po: 26 275 172 352 bajtów wolnych 116[/log]
MarekM25 komentarz 1 października 2009 komentarz 1 października 2009 Zainfekowana kopia c:\windows\system32\qmgr.dll została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\ERDNT\cache\qmgr.dll Więc nie wątpliwe się naprawiło. Jak się zachowuje teraz komputer?? 1
kasia20 komentarz 1 października 2009 Autor komentarz 1 października 2009 No cóż, chodziło mi głównie o to, że w Dodaj/Usuń programy na liście bardzo długo się nie pojawiały. Ale już po pierwszym skanowaniu ComboFixem problem zniknął. Po dalszej pracy nie widzę większych różnic w systemie. Np. co jeszcze drażni: chciażby to, że czasem ikonki na pulpicie "migają", po czym zmieniają swój wygląd na taki jak na screenie, po czym ponownie się zmieniają na poprawne. A towarzyszy temu charakterystyczny dźwięk dysku. Niby nic, ale nie jest to chyba normalne.
Psycholandia komentarz 1 października 2009 komentarz 1 października 2009 Odszukaj na komputerze plik: [b]IconCache.db[/b] i go skasuj, następnie reset. Daj jeszcze raz loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338
kasia20 komentarz 1 października 2009 Autor komentarz 1 października 2009 Zlokalizowany, usunięty. Log: [log]OTL logfile created on: 2009-10-01 21:04:30 - Run 2 OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\DOM\Pulpit Windows XP Professional Edition Dodatek Service Pack. 1 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 468,91 Mb Available Physical Memory | 45,82% Memory free 2,41 Gb Paging File | 1,93 Gb Available in Paging File | 80,38% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 24,48 Gb Free Space | 62,68% Space Free | Partition Type: NTFS Drive D: | 109,98 Gb Total Space | 18,02 Gb Free Space | 16,38% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: AMD Current User Name: DOM Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2002-09-20 20:05:24 | 01,005,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006-06-20 23:42:44 | 00,577,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2008-07-01 09:01:04 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2008-01-20 19:06:08 | 00,302,080 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Program Files\Privoxy\privoxy.exe PRC - [2008-07-01 09:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2001-02-23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe PRC - [2006-06-01 11:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2009-10-01 21:00:06 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DOM\Pulpit\OTL.exe PRC - [2008-10-28 18:45:02 | 00,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2002-09-20 20:05:50 | 00,203,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2008-07-01 09:08:00 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) SRV - [2008-07-01 09:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running]) SRV - [2008-08-01 00:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2002-09-20 20:04:38 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2001-02-23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running]) SRV - [2006-06-01 11:22:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2005-01-28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - [2002-09-20 20:04:38 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Running]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2006-06-22 10:21:06 | 03,972,736 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) DRV - [2002-07-17 08:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys -- (ASPI [On_Demand | Stopped]) DRV - [2008-07-01 08:56:22 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running]) DRV - [2008-07-01 08:57:14 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys -- (easdrv [System | Running]) DRV - [2008-07-01 09:04:40 | 00,034,312 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running]) DRV - [2006-06-01 11:22:00 | 03,925,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2005-08-18 11:52:06 | 00,093,568 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata [Boot | Running]) DRV - [2005-04-06 04:22:28 | 00,033,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2005-04-06 04:22:30 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2002-10-09 10:17:16 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-08-01 00:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2009-08-30 20:31:58 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-725345543-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm IE - HKU\S-1-5-21-725345543-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-725345543-2077806209-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=66020 IE - HKU\S-1-5-21-725345543-2077806209-839522115-1003\S-1-5-21-725345543-2077806209-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Crawler Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.order.1: "Crawler Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=66020&qkw=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-18 20:06:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-18 20:06:56 | 00,000,000 | ---D | M] [2008-10-17 18:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\mozilla\Extensions [2008-10-17 18:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-06-23 00:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\mozilla\Firefox\Profiles\cugee0yl.default\extensions [2009-04-30 16:20:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\mozilla\Firefox\Profiles\cugee0yl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008-11-18 23:48:21 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\DOM\Dane aplikacji\Mozilla\FireFox\Profiles\cugee0yl.default\searchplugins\winamp-search.xml [2009-06-23 00:52:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-06-18 20:06:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008-11-26 17:02:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009-06-18 20:06:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-06-18 20:06:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2008-06-24 19:07:32 | 00,927,224 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPBOARDS.dll [2008-06-27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-06-18 20:06:54 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008-11-17 00:50:21 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008-11-29 18:57:08 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2007-07-26 14:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml [2008-11-29 18:57:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-11-29 18:57:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008-11-29 18:57:08 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2008-11-29 18:57:08 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-11-29 18:57:08 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2008-11-29 18:57:08 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMCTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-21-725345543-2077806209-839522115-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-725345543-2077806209-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-725345543-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-725345543-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-725345543-2077806209-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-725345543-2077806209-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &D&ownload &with BitComet - C:\Documents and Settings\DOM\Pulpit\BitComet.exe File not found O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Documents and Settings\DOM\Pulpit\BitComet.exe File not found O8 - Extra context menu item: &D&ownload all with BitComet - C:\Documents and Settings\DOM\Pulpit\BitComet.exe File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm () O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.33.64.2 212.33.64.18 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-10-17 18:01:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-10-01 20:59:42 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DOM\Pulpit\OTL.exe [2009-10-01 20:43:22 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-10-01 17:30:13 | 00,002,076 | ---- | C] () -- C:\Documents and Settings\DOM\Pulpit\wyglad.JPG [2009-10-01 17:10:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009-10-01 17:03:33 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-10-01 17:03:31 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-10-01 17:03:31 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009-10-01 17:03:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009-10-01 17:03:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009-10-01 17:03:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009-10-01 17:03:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009-10-01 17:03:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009-10-01 17:03:04 | 00,000,000 | ---D | C] -- C:\Qoobox [2009-10-01 17:01:54 | 03,324,318 | R--- | C] () -- C:\Documents and Settings\DOM\Pulpit\ComboFix.exe [2009-10-01 15:50:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DOM\Dane aplikacji\Malwarebytes [2009-10-01 15:50:53 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-10-01 15:50:50 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-10-01 15:50:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-10-01 15:50:48 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-10-01 15:50:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-10-01 15:50:04 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\DOM\Pulpit\mbam-setup.exe [2009-10-01 08:28:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm [2009-10-01 08:28:06 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Last.fm.lnk [2009-10-01 08:28:03 | 00,000,000 | ---D | C] -- C:\Program Files\Last.fm [2009-10-01 08:04:32 | 00,000,194 | ---- | C] () -- C:\Boot.bak [2009-10-01 08:04:29 | 00,248,048 | ---- | C] () -- C:\cmldr [2009-10-01 08:04:27 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-09-30 17:35:31 | 00,044,980 | ---- | C] () -- C:\Documents and Settings\DOM\Pulpit\wertyui.jpg [2009-09-29 21:59:39 | 00,484,727 | ---- | C] () -- C:\Documents and Settings\DOM\Pulpit\105 teraz 55.jpg [2009-09-29 21:56:00 | 00,443,426 | ---- | C] () -- C:\Documents and Settings\DOM\Pulpit\104.jpg [2009-09-29 21:52:47 | 00,544,093 | ---- | C] () -- C:\Documents and Settings\DOM\Pulpit\103.jpg [2009-09-27 08:59:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DOM\Moje dokumenty\Explorer [2009-09-17 19:41:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DOM\Moje dokumenty\SH3 [2009-06-29 21:36:26 | 00,000,185 | ---- | C] () -- C:\WINDOWS\msdchem.ini [2009-06-01 00:44:40 | 00,000,092 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini [2009-04-28 09:10:55 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-02-27 14:31:41 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-01-16 19:14:16 | 00,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2009-01-14 20:05:38 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-01-14 20:05:30 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-01-14 20:05:30 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-12-18 00:30:06 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-12-18 00:30:06 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-11-25 09:20:04 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008-10-29 17:19:46 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2008-10-27 00:54:41 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-10-20 12:50:33 | 00,000,395 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008-10-20 12:49:31 | 00,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2008-10-20 12:49:31 | 00,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2008-10-20 12:49:31 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2008-10-20 12:49:24 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2008-10-20 12:49:24 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2008-10-20 12:49:24 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2008-10-20 12:49:23 | 00,008,975 | ---- | C] () -- C:\WINDOWS\HL-2030.INI [2008-10-17 18:08:41 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008-10-17 18:06:56 | 00,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS [2008-07-01 09:04:40 | 00,034,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2008-02-29 06:14:04 | 00,223,744 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll [2006-06-01 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-06-01 11:22:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-06-01 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-06-01 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-06-01 11:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-06-01 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-06-01 11:22:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2002-10-16 00:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2002-10-09 10:17:49 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini [2002-10-09 10:17:34 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-10-01 21:02:07 | 00,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-10-01 21:02:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-10-01 21:02:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-10-01 21:00:06 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DOM\Pulpit\OTL.exe [2009-10-01 17:30:14 | 00,002,076 | ---- | M] () -- C:\Documents and Settings\DOM\Pulpit\wyglad.JPG [2009-10-01 17:08:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-10-01 17:08:04 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009-10-01 17:02:24 | 03,324,318 | R--- | M] () -- C:\Documents and Settings\DOM\Pulpit\ComboFix.exe [2009-10-01 15:50:53 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-10-01 15:50:16 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\DOM\Pulpit\mbam-setup.exe [2009-10-01 15:34:45 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini [2009-10-01 15:34:45 | 00,000,264 | RHS- | M] () -- C:\boot.ini [2009-10-01 10:08:36 | 00,116,736 | ---- | M] () -- C:\Documents and Settings\DOM\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-01 08:28:06 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Last.fm.lnk [2009-09-30 17:35:31 | 00,044,980 | ---- | M] () -- C:\Documents and Settings\DOM\Pulpit\wertyui.jpg [2009-09-30 17:29:33 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-09-29 21:59:40 | 00,484,727 | ---- | M] () -- C:\Documents and Settings\DOM\Pulpit\105 teraz 55.jpg [2009-09-29 21:56:01 | 00,443,426 | ---- | M] () -- C:\Documents and Settings\DOM\Pulpit\104.jpg [2009-09-29 21:52:47 | 00,544,093 | ---- | M] () -- C:\Documents and Settings\DOM\Pulpit\103.jpg [2009-09-27 08:57:15 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-09-20 08:23:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-09-10 14:53:48 | 00,018,520 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [color=#E56717]========== LOP Check ==========[/color] [2009-10-01 15:50:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009-05-10 10:29:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2008-10-19 18:15:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2009-10-01 08:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm [2009-01-30 11:55:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2008-10-17 18:50:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-10-01 15:50:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\DOM\Dane aplikacji [2008-10-26 14:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Ahead [2009-02-26 20:29:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Any DVD Converter Professional [2009-05-10 10:29:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Ashampoo [2009-08-26 20:59:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\foobar2000 [2008-10-21 14:27:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Gadu-Gadu [2009-02-12 15:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\GanymedeNet [2009-09-30 14:15:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\gtk-2.0 [2008-10-19 20:53:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Nowe Gadu-Gadu [2008-11-30 15:52:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\OpenOffice.org [2008-12-09 21:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Opera [2009-06-20 15:56:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\SecuROM [2008-11-28 14:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\Tlen.pl [2009-10-01 21:01:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DOM\Dane aplikacji\uTorrent [2008-10-17 18:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2008-10-17 18:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009-03-10 00:18:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2002-10-09 10:16:48 | 00,000,065 | ---- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-10-01 21:02:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:FB1B13D8 < End of report >[/log]
Psycholandia komentarz 1 października 2009 komentarz 1 października 2009 Log jest czysty. uruchom OTL i CleanUP kliknij. Wykonaj defragmentację za pomocą tego programu: [url="http://www.dobreprogramy.pl/Auslogics-Disk-Defrag,Program,Windows,13271.html"]Auslogic Disc Defrag[/url] 1
kasia20 komentarz 1 października 2009 Autor komentarz 1 października 2009 Done. Gładko poszło xD dzięki za pomoc
kasia20 komentarz 1 października 2009 Autor komentarz 1 października 2009 Wydaje się, że jest wszystko ok. Jak dotąd nie znalazłam nic niepokojącego, i system może nie śmiga, ale jeszcze dysku nie słyszałam, choć jak się okazuje ikona nieszczęsnego Skype'a jest jakaś felerna xD (reszta ok). Nie miałam jakiegoś syfu, po prostu może zbyt dużo pierdółek zainstalowanych, małych programów, lecz w sporej ilości i stąd to wszystko. Dzięki za pomoc
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.