drapichrust utworzono 8 października 2009 utworzono 8 października 2009 (edytowane) Witam, od jakiegos czasu mialem problemy z trojanem boot.mebroot, niby juz go usunalem za pomoca dr. web'a ale nadal cos jest nie tak z komputerem, przegladarka czesto sie zwiesza, problemy z logowaniem do serwisow [log]OTL logfile created on: 2009-10-08 12:04:27 - Run 1 OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\B&K&B\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 767,04 Mb Total Physical Memory | 281,92 Mb Available Physical Memory | 36,75% Memory free 1,83 Gb Paging File | 1,29 Gb Available in Paging File | 70,67% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,77 Gb Total Space | 1,72 Gb Free Space | 17,56% Space Free | Partition Type: NTFS Drive D: | 74,53 Gb Total Space | 68,44 Gb Free Space | 91,83% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 575,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 288,31 Gb Total Space | 93,68 Gb Free Space | 32,49% Space Free | Partition Type: NTFS Drive H: | 1,68 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS I: Drive not present or media not loaded Computer Name: BANANOWA-856ED7 Current User Name: B&K&B Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2008-08-30 06:43:18 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2008-08-30 06:43:18 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe PRC - [2004-10-15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\smc.exe PRC - [2004-08-04 02:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008-08-15 05:13:26 | 30,003,200 | R--- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe PRC - [2007-07-17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2007-06-18 15:10:32 | 00,271,360 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe PRC - [2009-09-22 18:09:58 | 00,869,688 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe PRC - [2009-06-01 16:03:10 | 00,447,728 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\SpIDerAgent.exe PRC - [2009-06-30 22:10:28 | 00,644,336 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spiderml.exe PRC - [2009-08-17 17:47:50 | 00,231,840 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spiderui.exe PRC - [2004-08-04 00:55:54 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2008-09-19 03:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2009-08-17 17:47:50 | 00,231,328 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spidernt.exe PRC - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2008-09-19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2007-07-17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2008-09-19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-09-19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-09-19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-09-19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008-09-19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2009-02-06 18:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2007-06-15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2009-09-11 17:56:54 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-10-08 12:03:31 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B&K&B\Pulpit\OTL.exe PRC - [2009-07-15 13:07:18 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008-08-30 06:43:18 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-09-22 18:09:58 | 00,869,688 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine [Auto | Running]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2004-08-04 02:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2008-09-19 03:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3 [Auto | Running]) SRV - [2007-06-15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running]) SRV - [2004-10-15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\smc.exe -- (SmcService [Auto | Running]) SRV - [2009-08-17 17:47:50 | 00,231,328 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spidernt.exe -- (SPIDERNT [Auto | Running]) SRV - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running]) SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2004-09-27 04:45:55 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\B&K&B\Ustawienia lokalne\Temp\Amsmpu4p.sys -- (Amsmpu4p [On_Demand | Stopped]) DRV - [2008-08-30 08:56:04 | 03,300,864 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - [2009-09-23 13:16:34 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running]) DRV - [2009-09-21 14:47:30 | 00,105,080 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt [Boot | Running]) DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2009-09-23 13:16:34 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running]) DRV - [2008-02-14 08:12:00 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\monfilt.sys -- (monfilt [On_Demand | Running]) DRV - [2004-08-15 02:00:00 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running]) DRV - [2007-02-22 11:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped]) DRV - [2007-02-22 11:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped]) DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped]) DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped]) DRV - [2007-02-28 11:00:06 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- G:\l2 existance\system\npkcrypt.sys -- (npkcrypt [On_Demand | Stopped]) DRV - [2004-10-06 13:31:04 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2008-09-25 15:51:42 | 00,115,328 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running]) DRV - [2004-07-17 13:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2009-08-17 17:47:48 | 00,306,464 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\DrWeb\spider.sys -- (SPIDER [Auto | Running]) DRV - [2009-09-23 13:21:16 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2004-10-15 18:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer [Boot | Running]) DRV - [2008-07-25 14:09:24 | 00,845,184 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\viahduaa.sys -- (VIAHdAudAddService [On_Demand | Running]) DRV - [2004-10-15 18:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n [Auto | Running]) DRV - [2004-10-15 18:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n [Auto | Running]) DRV - [2004-10-15 18:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n [Auto | Running]) DRV - [2004-10-15 18:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n [Auto | Running]) DRV - [2004-10-15 18:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-682003330-1708537768-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-682003330-1708537768-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/ie IE - HKU\S-1-5-21-682003330-1708537768-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.entretieneteds.vze.com IE - HKU\S-1-5-21-682003330-1708537768-725345543-1003\S-1-5-21-682003330-1708537768-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-08 00:09:32 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-14 20:22:20 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-17 16:31:19 | 00,000,000 | ---D | M] [2009-06-30 21:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\mozilla\Extensions [2009-06-30 21:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-10-07 14:55:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\mozilla\Firefox\Profiles\tfq0tlbu.default\extensions [2009-09-08 11:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\mozilla\Firefox\Profiles\tfq0tlbu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-08 11:56:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-09-11 17:57:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-08-18 09:56:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009-09-11 17:56:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-09-11 17:56:53 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2009-09-11 17:56:57 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-06-24 14:27:26 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-06-24 14:27:26 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-06-24 14:27:26 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-06-24 14:27:26 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-06-24 14:27:26 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-06-24 14:27:26 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-06-24 14:27:26 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) O4 - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\SpIDerAgent.exe (Doctor Web, Ltd.) O4 - HKLM..\Run: [SpIDerMail] C:\Program Files\DrWeb\spiderml.exe (Doctor Web, Ltd.) O4 - HKLM..\Run: [SpIDerNT] C:\Program Files\DrWeb\spiderui.exe (Doctor Web, Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-21-682003330-1708537768-725345543-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-682003330-1708537768-725345543-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-682003330-1708537768-725345543-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-682003330-1708537768-725345543-1003..\Run: [Steam] G:\CounterStrike\Steam.exe (Valve Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682003330-1708537768-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682003330-1708537768-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-1708537768-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682003330-1708537768-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-682003330-1708537768-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-1708537768-725345543-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - G:\Ms Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Ms Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Ms Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Ms Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (Microgaming) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\DrWeb\drwebsp.dll (Doctor Web, Ltd.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-30 21:14:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006-11-13 11:47:38 | 00,000,000 | R--D | M] - H:\Autorun -- [ CDFS ] O32 - AutoRun File - [2006-08-02 10:58:15 | 00,000,057 | R--- | M] () - H:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{33643780-a834-11de-a56c-00248cbcd36c}\Shell - "" = AutoRun O33 - MountPoints2\{33643780-a834-11de-a56c-00248cbcd36c}\Shell\AutoRun\command - "" = H:\UbiAutorun.exe -- [2004-11-05 18:32:48 | 00,200,704 | R--- | M] (UBISOFT) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [3 C:\WINDOWS\*.tmp files] [2009-09-17 12:45:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Boss Media [2009-10-06 15:33:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web [2009-10-02 22:35:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2009-09-17 16:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help [2009-10-02 22:35:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B&K&B\Dane aplikacji\ipla [2009-09-11 20:52:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B&K&B\Dane aplikacji\Microgaming [2009-09-17 12:45:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B&K&B\Ustawienia lokalne\Dane aplikacji\Boss Media [2009-09-17 16:28:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B&K&B\Ustawienia lokalne\Dane aplikacji\Microsoft Help [2009-09-17 16:30:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2009-10-06 15:33:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web [2009-10-02 21:48:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009-09-23 13:28:19 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft [2009-10-06 15:33:07 | 00,000,000 | ---D | C] -- C:\Program Files\DrWeb [2009-10-02 22:35:46 | 00,000,000 | ---D | C] -- C:\Program Files\ipla [2009-09-20 12:16:43 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2009-09-17 16:31:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2009-09-17 16:30:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2009-09-17 12:45:07 | 00,000,000 | ---D | C] -- C:\Program Files\ParadisePoker [2009-09-24 18:36:07 | 00,000,000 | ---D | C] -- C:\Program Files\Replay Converter 3 [2009-10-02 21:48:35 | 00,000,000 | ---D | C] -- C:\Program Files\Sygate [2009-10-08 12:03:07 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\B&K&B\Pulpit\OTL.exe [2009-10-06 15:33:23 | 00,105,080 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys [2009-10-02 21:48:40 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg6n.sys [2009-10-02 21:48:40 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg5n.sys [2009-10-02 21:48:40 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg4n.sys [2009-10-02 21:48:39 | 00,060,496 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\Teefer.sys [2009-10-02 21:48:39 | 00,021,075 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys [2009-10-02 21:48:39 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg3n.sys [2009-10-02 21:48:37 | 00,083,096 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\SSSensor.dll [2009-09-24 18:36:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Converter 3 [2009-09-23 14:17:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B&K&B\Moje dokumenty\THE SETTLERS - Rise of an Empire [2009-09-23 13:16:32 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll [2009-09-23 13:16:29 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll [2009-09-21 13:48:38 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll [2009-09-21 13:48:37 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2009-09-21 13:48:37 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2009-09-17 16:31:56 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll [2009-09-17 16:28:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW [2009-09-15 09:39:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\B&K&B\Pulpit\egzamin rachunkowosc [2009-09-11 20:51:57 | 00,000,000 | ---D | C] -- C:\Microgaming [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-10-08 12:03:31 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B&K&B\Pulpit\OTL.exe [2009-10-08 11:46:43 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\B&K&B\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-08 11:46:13 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2009-10-08 11:45:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-10-08 11:45:04 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-10-08 11:44:56 | 00,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2009-10-08 11:44:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-10-08 03:09:06 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Update.job [2009-10-06 15:33:18 | 00,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job [2009-10-06 15:33:11 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk [2009-10-02 22:35:51 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ipla.lnk [2009-10-01 22:52:06 | 05,877,635 | ---- | M] () -- C:\Documents and Settings\B&K&B\Pulpit\David Guetta & Akon - Sexy Bitch [2156].mp3 [2009-10-01 15:52:08 | 00,026,366 | ---- | M] () -- C:\Documents and Settings\B&K&B\Pulpit\GMC kalkulacje.xlsx [2009-09-30 19:43:56 | 00,000,379 | ---- | M] () -- C:\Documents and Settings\B&K&B\Pulpit\Skrót do FILMY NOWE.lnk [2009-09-24 18:27:19 | 07,709,670 | ---- | M] () -- C:\Documents and Settings\B&K&B\Pulpit\sunrise.flv [2009-09-23 13:51:40 | 00,000,566 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\THE SETTLERS - Narodziny Imperium.lnk [2009-09-23 13:28:23 | 00,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Alcohol 120%.lnk [2009-09-23 13:21:16 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-09-23 13:16:34 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-09-23 13:16:34 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-09-21 14:47:30 | 00,105,080 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys [2009-09-18 12:58:01 | 00,000,350 | ---- | M] () -- C:\Documents and Settings\B&K&B\Pulpit\Skrót do FILMY.lnk [2009-09-18 11:44:05 | 00,027,488 | ---- | M] () -- C:\Documents and Settings\B&K&B\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-09-18 11:43:30 | 00,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-09-17 12:45:11 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\B&K&B\Pulpit\ParadisePoker.lnk [2009-09-11 20:57:00 | 00,000,059 | ---- | M] () -- C:\WINDOWS\pp.enc [2009-09-11 20:52:31 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\B&K&B\Pulpit\Unibet Poker.lnk [2009-09-11 00:06:49 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [color=#E56717]========== Files - No Company Name ==========[/color] [2009-10-06 15:33:18 | 00,000,288 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Daily scan.job [2009-10-06 15:33:16 | 00,000,346 | ---- | C] () -- C:\WINDOWS\tasks\Dr.Web Update.job [2009-10-06 15:33:11 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skaner Dr.Web.lnk [2009-10-02 22:35:51 | 00,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ipla.lnk [2009-10-01 22:51:05 | 05,877,635 | ---- | C] () -- C:\Documents and Settings\B&K&B\Pulpit\David Guetta & Akon - Sexy Bitch [2156].mp3 [2009-09-30 19:43:57 | 00,000,379 | ---- | C] () -- C:\Documents and Settings\B&K&B\Pulpit\Skrót do FILMY NOWE.lnk [2009-09-24 18:38:27 | 00,003,046 | ---- | C] () -- C:\Documents and Settings\B&K&B\Dane aplikacji\ReplayConverterLog.log [2009-09-24 18:24:52 | 07,709,670 | ---- | C] () -- C:\Documents and Settings\B&K&B\Pulpit\sunrise.flv [2009-09-23 13:51:40 | 00,000,566 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\THE SETTLERS - Narodziny Imperium.lnk [2009-09-23 13:28:23 | 00,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Alcohol 120%.lnk [2009-09-23 13:21:15 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-09-23 13:16:34 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-09-23 13:16:34 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-09-18 12:58:03 | 00,000,350 | ---- | C] () -- C:\Documents and Settings\B&K&B\Pulpit\Skrót do FILMY.lnk [2009-09-17 16:36:20 | 00,026,366 | ---- | C] () -- C:\Documents and Settings\B&K&B\Pulpit\GMC kalkulacje.xlsx [2009-09-17 12:45:11 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\B&K&B\Pulpit\ParadisePoker.lnk [2009-09-11 20:57:00 | 00,000,059 | ---- | C] () -- C:\WINDOWS\pp.enc [2009-09-11 20:52:31 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\B&K&B\Pulpit\Unibet Poker.lnk [2009-08-08 13:18:32 | 00,004,985 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ojvzdisj.xda [2009-07-19 23:34:34 | 08,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll [2009-07-12 19:05:04 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009-07-09 17:22:39 | 02,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll [2009-07-09 17:22:39 | 00,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll [2009-07-09 17:22:39 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll [2009-07-09 17:22:38 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll [2009-07-09 17:22:38 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll [2009-07-09 17:22:31 | 00,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2009-07-06 21:27:29 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\B&K&B\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-07-03 00:28:21 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2009-07-03 00:27:04 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll [2009-07-03 00:27:03 | 00,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll [2009-07-03 00:26:59 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll [2009-07-03 00:26:52 | 00,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll [2009-07-03 00:26:46 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll [2009-07-03 00:26:37 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll [2009-07-03 00:26:32 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll [2009-07-03 00:26:25 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2009-07-03 00:26:20 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2009-07-03 00:25:28 | 01,416,015 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll [2009-07-03 00:25:16 | 00,557,469 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2009-07-03 00:25:12 | 00,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2009-07-03 00:25:10 | 04,471,092 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2009-07-03 00:24:26 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2009-07-03 00:24:24 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2009-07-03 00:24:22 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2009-07-03 00:24:20 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2009-07-03 00:24:18 | 00,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2009-07-03 00:24:12 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2009-07-03 00:24:09 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2009-07-03 00:24:04 | 02,041,363 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2009-07-03 00:23:34 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2009-07-03 00:23:26 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2009-07-03 00:23:16 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2009-07-03 00:23:15 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2009-07-03 00:22:57 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2009-07-02 22:41:25 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-07-02 22:41:25 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-06-30 23:04:31 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2009-06-30 21:44:47 | 00,027,488 | ---- | C] () -- C:\Documents and Settings\B&K&B\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-06-30 21:43:14 | 05,863,146 | -H-- | C] () -- C:\Documents and Settings\B&K&B\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-06-30 21:35:30 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009-06-30 21:35:24 | 00,032,879 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009-06-30 21:35:24 | 00,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2009-06-30 21:20:55 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\B&K&B\Dane aplikacji\desktop.ini [2007-03-29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2004-10-15 18:31:56 | 00,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll [2004-10-06 13:31:38 | 00,000,522 | ---- | C] () -- C:\WINDOWS\win.ini [2004-10-06 13:31:28 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2004-07-17 13:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [color=#E56717]========== LOP Check ==========[/color] [2009-10-06 15:33:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009-06-30 21:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI [2009-09-17 12:45:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Boss Media [2009-10-06 15:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Doctor Web [2009-07-09 17:45:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-10-02 22:35:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2009-08-04 10:21:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton [2009-06-30 22:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller [2009-07-09 18:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2009-10-02 22:35:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji [2009-06-30 21:44:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\ATI [2009-07-31 13:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\DMIDMSA [2009-10-05 12:02:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\ipla [2009-10-05 18:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\Microgaming [2009-07-09 18:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\Nokia [2009-07-30 17:39:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\Nowe Gadu-Gadu [2009-07-01 11:12:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\OpenFM [2009-07-09 18:55:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\PC Suite [2009-08-31 12:38:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\teamspeak2 [2009-10-08 03:30:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\B&K&B\Dane aplikacji\uTorrent [2009-06-30 23:04:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-06-30 21:19:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2009-06-30 21:18:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2009-06-30 23:04:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\postgres\Dane aplikacji [2004-10-06 13:30:34 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-10-06 15:33:18 | 00,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Daily scan.job [2009-10-08 03:09:06 | 00,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Dr.Web Update.job [2009-10-08 11:45:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009-10-08 11:46:13 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log]
Psycholandia komentarz 8 października 2009 komentarz 8 października 2009 W okienko OTL wklej poniższy skrypt i klik na Run Fix: [code] :Processes explorer.exe :OTL O32 - AutoRun File - [2006-11-13 11:47:38 | 00,000,000 | R--D | M] - H:\Autorun -- [ CDFS ] O32 - AutoRun File - [2006-08-02 10:58:15 | 00,000,057 | R--- | M] () - H:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{33643780-a834-11de-a56c-00248cbcd36c}\Shell - "" = AutoRun O33 - MountPoints2\{33643780-a834-11de-a56c-00248cbcd36c}\Shell\AutoRun\command - "" = H:\UbiAutorun.exe -- [2004-11-05 18:32:48 | 00,200,704 | R--- | M] (UBISOFT) :Files C:\WINDOWS\tasks\WGASetup.job :Commands [emptytemp] [start explorer] [Reboot][/code] Otwórz notatnik tekstowy i wklej do niego poniższy tekst: [code]Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [/code] Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie. Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
drapichrust komentarz 8 października 2009 Autor komentarz 8 października 2009 [log]Malwarebytes' Anti-Malware 1.41 Wersja bazy definicji: 2924 Windows 5.1.2600 Dodatek Service Pack 2 2009-10-08 13:35:38 mbam-log-2009-10-08 (13-35-38).txt Typ skanowania: Pełne skanowanie (C:\|D:\|G:\|) Przeskanowane obiekty: 156840 Upłynęło: 15 minute(s), 9 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 1 Zainfekowane foldery: 0 Zainfekowane pliki: 1 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\WINDOWS\system32\videocore.dll (Trojan.Vundo) -> Quarantined and deleted successfully. [/log] nadal są problemy z przeglądarką, nawet nie mogłem zapostować tej wiadomości, musiałem zrobić to z lapa
MarekM25 komentarz 8 października 2009 komentarz 8 października 2009 Wykonaj: http://www.forumpc.pl/index.php?showtopic=99152
drapichrust komentarz 8 października 2009 Autor komentarz 8 października 2009 sprawdzilem i wszystko jest ok. ktos ma jeszcze jakies konstruktywne pomysly bo zaczynam powaznie rozwazac format..
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.