x-kom hosting

Internet wolno pracuje

mishi93
utworzono
utworzono

Witam,
internet ostatnio mi coś zwolnił, toteż wziąłem się za czyszczenie kompa.
Prosiłbym o sprawdzenie dwóch logów :

Hijack

[log]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:31, on 2009-11-12
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\ComboFix\CF28764.exe
C:\WINDOWS\system32\cscript.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Hama Wireless LAN Utility.lnk = C:\Program Files\Hama\Common\RaUI.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Gnutella Turbo\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\OFFICE\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1230200677843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248703451390
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1c9a98598ff2f98) (gupdate1c9a98598ff2f98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4999 bytes[/log]


combofix

[log]ComboFix 09-11-11.02 - -the-biscuit- 2009-11-12 17:55.7.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1536.1036 [GMT 1:00]
Uruchomiony z: c:\documents and settings\-the-biscuit-\Pulpit\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\clofghls.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\spdwnwxp.exe

.
((((((((((((((((((((((((( Pliki utworzone od 2009-10-12 do 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 16:43 . 2009-11-12 16:43 -------- d-----w- c:\windows\LastGood
2009-11-12 15:37 . 2009-11-12 15:37 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Temp
2009-11-06 02:14 . 2009-11-06 02:14 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-10-30 15:31 . 2009-10-30 15:31 -------- d-----w- c:\program files\Sports Interactive
2009-10-30 14:59 . 2009-10-30 14:59 -------- d-----w- c:\documents and settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\World in Conflict
2009-10-28 00:07 . 2009-10-28 00:07 -------- d-----w- c:\program files\RocketDock
2009-10-20 18:50 . 2009-10-20 18:50 21052 ----atw- c:\windows\system32\SIntfNT.dll
2009-10-20 18:50 . 2009-10-20 18:50 15144 ----atw- c:\windows\system32\SIntf32.dll
2009-10-20 18:50 . 2009-10-20 18:50 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-10-20 18:50 . 1995-07-13 23:43 27632 ----a-r- c:\windows\system\Ctl3dv2.dll
2009-10-20 18:50 . 1995-04-26 21:20 125856 ----a-r- c:\windows\system\Mfco250.dll
2009-10-20 18:50 . 1995-04-26 21:15 322384 ----a-w- c:\windows\system\Mfc250.dll
2009-10-20 18:50 . 1995-04-26 20:33 146976 ----a-w- c:\windows\system\Mfcoleui.dll
2009-10-20 18:50 . 2009-10-20 18:50 -------- d-----w- c:\program files\YDP
2009-10-16 15:28 . 2009-10-16 15:28 -------- d-----w- c:\documents and settings\-the-biscuit-\Dane aplikacji\Leadertech
2009-10-15 07:30 . 2009-10-15 07:31 -------- d-----w- C:\46cf487d5a6d47ffc6bce88f9fe3e7

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 16:52 . 2009-10-02 20:14 -------- d-----w- c:\documents and settings\-the-biscuit-\Dane aplikacji\Xfire
2009-11-12 16:47 . 2008-12-24 22:23 -------- d-----w- c:\documents and settings\-the-biscuit-\Dane aplikacji\uTorrent
2009-11-12 16:45 . 2009-07-24 16:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-11-12 16:30 . 2009-04-03 19:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-12 14:56 . 2008-12-26 04:08 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-12 14:55 . 2008-12-26 04:08 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-30 19:47 . 2008-12-24 22:32 -------- d-----w- c:\documents and settings\-the-biscuit-\Dane aplikacji\Nowe Gadu-Gadu
2009-10-30 15:54 . 2009-02-15 22:37 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Sports Interactive
2009-10-30 15:53 . 2009-02-15 22:23 -------- d-----w- c:\documents and settings\-the-biscuit-\Dane aplikacji\Sports Interactive
2009-10-19 23:53 . 2009-10-19 23:53 3091968 ----a-w- c:\windows\system32\SET314.tmp
2009-10-15 15:34 . 2008-12-25 03:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-15 07:19 . 2009-08-28 16:28 -------- d-----w- c:\program files\BioWare
2009-10-14 20:40 . 2009-08-04 18:23 -------- d-----w- c:\documents and settings\-the-biscuit-\Dane aplikacji\Hamachi
2009-10-14 17:03 . 2008-12-29 16:16 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-11 11:00 . 2009-10-11 11:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Age of Empires 3
2009-10-11 09:16 . 2009-10-09 16:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-09 20:34 . 2009-10-09 20:34 -------- d-----w- c:\documents and settings\-the-biscuit-\Dane aplikacji\HTML Executable
2009-10-09 16:59 . 2009-10-09 16:59 -------- d-----w- c:\program files\Microsoft
2009-10-09 16:53 . 2009-07-24 16:12 -------- d-----w- c:\program files\Microsoft Works
2009-10-09 16:10 . 2009-07-27 20:27 -------- d-----w- c:\documents and settings\-the-biscuit-\Dane aplikacji\GetRightToGo
2009-10-08 15:52 . 2009-10-08 15:52 -------- d-----w- c:\program files\Longman
2009-10-08 13:57 . 2009-10-08 13:57 614400 ----a-w- c:\windows\system32\SET285.tmp
2009-10-08 13:57 . 2009-10-08 13:57 23040 ----a-w- c:\windows\system32\SET284.tmp
2009-10-08 13:57 . 2009-10-08 13:57 220160 ----a-w- c:\windows\system32\SET283.tmp
2009-10-03 15:09 . 2009-10-03 15:09 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\Xfire
2009-10-01 20:19 . 2008-12-26 04:08 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-01 19:50 . 2009-01-10 18:20 22328 -c--a-w- c:\documents and settings\-the-biscuit-\Dane aplikacji\PnkBstrK.sys
2009-10-01 19:50 . 2009-01-10 18:20 22328 -c--a-w- c:\documents and settings\-the-biscuit-\Dane aplikacji\PnkBstrK.sys
2009-10-01 19:20 . 2009-10-01 19:17 -------- d-----w- c:\program files\RegCleaner
2009-10-01 19:07 . 2009-10-01 19:07 -------- d-----w- c:\documents and settings\-the-biscuit-\Dane aplikacji\IObit
2009-10-01 16:14 . 2009-10-01 16:11 -------- d-----w- c:\program files\ATI Technologies
2009-10-01 15:59 . 2009-08-03 20:49 -------- d-----w- c:\documents and settings\-the-biscuit-\Dane aplikacji\ATI
2009-09-28 18:53 . 2008-12-27 12:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-09-28 18:28 . 2009-02-17 17:29 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-09-28 16:41 . 2009-09-12 07:22 177024 ----a-w- c:\documents and settings\-the-biscuit-\Dane aplikacji\Mozilla\Firefox\Profiles\moch2s37.default\FlashGot.exe
2009-09-25 16:16 . 2009-09-25 16:16 -------- d-----w- c:\documents and settings\-the-biscuit-\Dane aplikacji\teamspeak2
2009-09-25 05:37 . 2004-08-04 12:00 669696 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-21 21:38 . 2009-09-21 21:38 -------- d-----w- c:\documents and settings\-the-biscuit-\Dane aplikacji\Utherverse
2009-09-11 14:19 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 15:44 . 2009-09-21 19:28 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 15:44 . 2009-09-21 19:28 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 15:44 . 2009-09-01 14:24 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 15:29 . 2009-09-21 19:28 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 15:29 . 2009-09-21 19:28 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 15:29 . 2009-09-21 19:28 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 15:29 . 2009-09-21 19:28 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 15:29 . 2009-09-21 19:28 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-08-26 20:57 . 2008-12-29 16:00 152576 -c--a-w- c:\documents and settings\-the-biscuit-\Dane aplikacji\Sun\Java\jre1.6.0_11\lzma.dll
2009-08-26 20:43 . 2009-08-26 20:43 152576 ----a-w- c:\documents and settings\-the-biscuit-\Dane aplikacji\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-26 08:02 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\-the-biscuit-\Menu Start\Programy\Autostart\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-11-6 3152272]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Hama Wireless LAN Utility.lnk - c:\program files\Hama\Common\RaUI.exe [2009-7-22 1118208]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\torrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"d:\\cood\\iw3mp.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-08-29 116264]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-08-10 108289]
R2 HOSTNT;Hostnt;c:\windows\system32\drivers\hostnt.sys [2007-11-15 4032]
S2 gupdate1c9a98598ff2f98;Google Update Service (gupdate1c9a98598ff2f98);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 133104]
S2 MPC03;MPC03 Driver;c:\windows\system32\drivers\MPC03LS.SYS [2007-11-15 7424]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-02-15 13352]
S3 Grand;GrandDog USB Driver;c:\windows\system32\drivers\GrandUsb.sys [2007-11-15 53232]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-08-29 402432]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Zawartość folderu 'Zaplanowane zadania'

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 17:59]

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 17:59]
.
.
------- Skan uzupełniający -------
.
IE: Download with &Shareaza - c:\program files\Gnutella Turbo\Plugins\RazaWebHook.dll/3000
IE: E&ksportuj do programu Microsoft Excel - d:\office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\-the-biscuit-\Dane aplikacji\Mozilla\Firefox\Profiles\moch2s37.default\
FF - prefs.js: browser.search.selectedEngine - Wrzuta
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - plugin: c:\documents and settings\-the-biscuit-\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-AtiPTA - atiptaxx.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 18:00
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spil.sys >>UNKNOWN [0x8A097938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF72DFB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF72DFB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF72DFB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF7717D60 sfsync02.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF72DFB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF72DFB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Czas ukończenia: 2009-11-12 18:04
ComboFix-quarantined-files.txt 2009-11-12 17:03

Przed: 53 730 009 088 bajtów wolnych
Po: 53 806 907 392 bajtów wolnych

- - End Of File - - F67BEB195DA14D5D51798E901736AD96[/log]

MarekM25
komentarz
komentarz

Daj loga z [url="http://www.forumpc.pl/index.php?showtopic=104338"]OTListIt2[/url].

mishi93
komentarz
komentarz

Oto i on :)

[log]OTL logfile created on: 2009-11-17 19:41:09 - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\-the-biscuit-\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,50 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 70,21% Memory free
2,48 Gb Paging File | 2,17 Gb Available in Paging File | 87,58% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87,89 Gb Total Space | 42,49 Gb Free Space | 48,35% Space Free | Partition Type: NTFS
Drive D: | 61,15 Gb Total Space | 45,60 Gb Free Space | 74,56% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THE-BISCUIT
Current User Name: -the-biscuit-
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-11-17 19:39:45 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-the-biscuit-\Pulpit\OTL.exe
PRC - [2009-11-16 18:20:52 | 00,215,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009-11-14 19:21:46 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009-10-01 21:19:25 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009-07-25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-07-21 16:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009-07-21 16:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-02-06 11:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-14 09:24:00 | 01,118,208 | ---- | M] (Hama GmbH & Co KG) -- C:\Program Files\Hama\Common\RaUI.exe
PRC - [2007-09-02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007-04-16 15:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009-11-17 19:39:45 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-the-biscuit-\Pulpit\OTL.exe
MOD - [2008-04-14 18:20:31 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 17:59:08 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2007-09-02 13:57:36 | 00,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-11-16 18:20:52 | 00,215,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009-10-01 21:19:25 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009-07-26 06:43:14 | 00,025,832 | ---- | M] (BioWare) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-07-21 16:42:04 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009-07-21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-07-21 09:40:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009-05-13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009-03-20 18:59:08 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a98598ff2f98)
SRV - [2008-11-04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-07-29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008-07-29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008-07-29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008-07-25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-07-25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008-04-14 18:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006-10-26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-08-13 15:37:36 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-07-28 15:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-07-27 21:33:43 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP)
DRV - [2009-07-21 17:30:48 | 03,565,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009-06-04 14:26:35 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009-05-11 09:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 09:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-12-29 21:08:28 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-09-24 10:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2008-04-13 19:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008-04-13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 17:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-11-15 14:56:44 | 00,004,032 | ---- | M] () -- C:\WINDOWS\system32\drivers\hostnt.sys -- (HOSTNT)
DRV - [2007-11-15 14:27:47 | 00,053,232 | ---- | M] (SafeNet China Ltd.) -- C:\WINDOWS\system32\drivers\GrandUsb.sys -- (Grand)
DRV - [2007-10-01 11:06:38 | 00,451,968 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007-09-25 16:37:50 | 00,020,520 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2007-09-25 16:37:48 | 00,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2007-08-29 03:04:04 | 00,116,264 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2007-08-29 03:04:04 | 00,019,240 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2006-09-06 02:26:57 | 00,168,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2006-01-19 16:33:26 | 00,402,432 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (SG762_XP)
DRV - [2005-01-14 17:14:07 | 00,047,616 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2004-12-03 11:20:41 | 00,020,544 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2004-10-28 11:47:59 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004-10-23 04:05:16 | 00,007,424 | R--- | M] (StepServo) -- C:\WINDOWS\system32\drivers\MPC03LS.SYS -- (MPC03)
DRV - [2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004-08-03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001-08-17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.69

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-12-29 17:02:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-10-18 10:11:53 | 00,000,000 | ---D | M]

[2009-04-10 14:50:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Extensions
[2009-01-05 20:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-04-10 14:50:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Extensions\mozswing@mozswing.org
[2009-11-15 16:49:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Firefox\Profiles\moch2s37.default\extensions
[2009-10-20 23:15:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Firefox\Profiles\moch2s37.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009-09-14 21:24:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Firefox\Profiles\moch2s37.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009-08-13 15:15:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Firefox\Profiles\moch2s37.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-09-30 17:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Firefox\Profiles\moch2s37.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-03-07 11:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Firefox\Profiles\moch2s37.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009-11-12 15:52:13 | 00,004,868 | ---- | M] () -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Firefox\Profiles\moch2s37.default\searchplugins\isohunt---bt-search.xml
[2009-03-07 11:23:54 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Firefox\Profiles\moch2s37.default\searchplugins\mozilla-add-ons.xml
[2009-04-11 17:28:30 | 00,001,972 | ---- | M] () -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Firefox\Profiles\moch2s37.default\searchplugins\wrzuta.xml
[2009-01-10 09:59:05 | 00,002,127 | ---- | M] () -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Mozilla\Firefox\Profiles\moch2s37.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml
[2009-11-15 17:54:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-08-26 21:58:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-04-01 17:37:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-08-26 21:46:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009-07-25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2006-10-26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008-09-10 20:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008-09-10 20:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

O1 HOSTS File: (351756 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 12080 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\-the-biscuit-\Menu Start\Programy\Autostart\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Hama Wireless LAN Utility.lnk = C:\Program Files\Hama\Common\RaUI.exe (Hama GmbH & Co KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Gnutella Turbo\Plugins\RazaWebHook.dll File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\OFFICE\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1230200677843 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248703451390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-11-15 14:07:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-11-17 19:39:23 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\-the-biscuit-\Pulpit\OTL.exe
[2009-11-14 23:03:27 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-11-14 19:17:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\Temp
[2009-11-14 18:28:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2009-11-14 18:04:12 | 00,000,000 | ---D | C] -- C:\Program Files\Black Isle
[2009-11-13 12:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\BioWare
[2009-11-13 12:46:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\-the-biscuit-\Moje dokumenty\BioWare
[2009-11-13 12:01:39 | 00,000,000 | ---D | C] -- C:\Program Files\Dragon Age
[2009-11-12 18:53:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\-the-biscuit-\DoctorWeb
[2009-10-30 16:53:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\-the-biscuit-\Moje dokumenty\Sports Interactive
[2009-10-30 15:59:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\World in Conflict
[2009-10-28 01:14:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\-the-biscuit-\Pulpit\Programy
[2009-10-28 01:07:01 | 00,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2009-10-20 19:50:12 | 00,322,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\Mfc250.dll
[2009-10-20 19:50:12 | 00,125,856 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System\Mfco250.dll
[2009-10-20 19:50:12 | 00,027,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System\Ctl3dv2.dll
[2009-10-20 19:50:11 | 00,146,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\Mfcoleui.dll
[2009-10-20 19:50:09 | 00,000,000 | ---D | C] -- C:\Program Files\YDP
[2009-08-04 13:12:45 | 01,719,336 | ---- | C] (Yugma,Inc. ) -- C:\Documents and Settings\All Users\Dane aplikacji\YugmaSE-Uninstaller.exe
[2009-06-04 14:26:35 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-11-17 19:41:25 | 12,845,056 | -H-- | M] () -- C:\Documents and Settings\-the-biscuit-\ntuser.dat
[2009-11-17 19:39:45 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\-the-biscuit-\Pulpit\OTL.exe
[2009-11-17 19:36:20 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-11-17 19:36:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-11-17 19:36:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-17 19:36:10 | 16,101,90848 | -HS- | M] () -- C:\hiberfil.sys
[2009-11-17 19:34:33 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\-the-biscuit-\ntuser.ini
[2009-11-17 19:27:00 | 00,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-11-17 18:45:04 | 00,001,164 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1801674531-839522115-1006UA.job
[2009-11-16 23:31:43 | 10,672,478 | -H-- | M] () -- C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-11-16 22:28:19 | 00,000,779 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-11-16 18:20:52 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009-11-16 18:20:52 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009-11-16 18:13:16 | 00,138,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-11-15 20:20:18 | 00,499,510 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-11-15 20:20:18 | 00,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-11-15 20:20:18 | 00,088,816 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-11-15 20:20:18 | 00,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-11-15 20:20:17 | 01,114,842 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-11-15 17:45:03 | 00,001,112 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1801674531-839522115-1006Core.job
[2009-11-14 20:23:31 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-11-14 19:06:40 | 00,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Dragon Age Origins.lnk
[2009-11-12 23:49:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-11-12 19:00:31 | 02,879,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-11-12 18:49:10 | 00,351,756 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-11-12 17:46:11 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-11-06 03:14:42 | 00,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2009-11-05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-10-28 20:43:36 | 00,000,185 | ---- | M] () -- C:\WINDOWS\YdpDict.ini
[2009-10-27 20:58:09 | 00,039,599 | ---- | M] () -- C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\BugReport_09-10-27_205809.dmp
[2009-10-27 20:57:29 | 00,042,343 | ---- | M] () -- C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\BugReport_09-10-27_205728.dmp
[2009-10-20 19:50:33 | 00,021,052 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009-10-20 19:50:33 | 00,015,144 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2009-10-20 19:50:33 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2009-10-20 00:53:41 | 03,091,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009-10-20 00:53:41 | 03,091,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-11-15 17:40:17 | 00,001,164 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1801674531-839522115-1006UA.job
[2009-11-15 17:40:17 | 00,001,112 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1801674531-839522115-1006Core.job
[2009-11-14 19:06:40 | 00,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Dragon Age Origins.lnk
[2009-11-06 03:14:42 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009-10-27 20:58:09 | 00,039,599 | ---- | C] () -- C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\BugReport_09-10-27_205809.dmp
[2009-10-27 20:57:28 | 00,042,343 | ---- | C] () -- C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\BugReport_09-10-27_205728.dmp
[2009-10-20 19:50:29 | 00,021,052 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009-10-20 19:50:29 | 00,015,144 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009-10-20 19:50:29 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009-10-20 19:50:27 | 00,000,185 | ---- | C] () -- C:\WINDOWS\YdpDict.ini
[2009-10-05 17:07:27 | 00,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2009-09-20 18:15:28 | 00,000,044 | ---- | C] () -- C:\WINDOWS\vzones.ini
[2009-09-15 22:45:25 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009-09-15 22:36:51 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2009-08-07 18:51:34 | 00,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-07-25 21:04:24 | 00,000,122 | ---- | C] () -- C:\WINDOWS\WA.INI
[2009-06-27 02:20:02 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009-06-08 07:17:25 | 00,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009-06-04 14:59:31 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\vso_ts_preview.xml
[2009-06-04 14:26:50 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\pcouffin.log
[2009-06-04 14:26:35 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\pcouffin.cat
[2009-06-04 14:26:35 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\pcouffin.inf
[2009-04-09 22:53:02 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Smiley.ico
[2009-02-20 17:01:26 | 00,000,267 | ---- | C] () -- C:\WINDOWS\game.ini
[2009-02-15 14:26:43 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2009-02-04 14:40:03 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009-01-10 19:20:45 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\PnkBstrK.sys
[2009-01-10 18:28:00 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-01-02 02:35:20 | 00,286,208 | ---- | C] () -- C:\WINDOWS\binkw32.dll
[2008-12-26 17:52:25 | 00,086,528 | ---- | C] () -- C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-26 05:08:47 | 00,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-12-25 12:11:03 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008-12-25 11:52:07 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008-12-25 04:05:55 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-12-25 01:49:00 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008-12-25 01:48:59 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2008-12-25 01:48:57 | 00,000,328 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008-12-25 01:48:56 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2008-12-25 00:09:49 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-12-25 00:09:47 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-12-25 00:09:46 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-12-25 00:09:46 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-12-25 00:09:44 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-12-25 00:09:44 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-12-24 23:59:23 | 00,358,120 | ---- | C] () -- C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2008-12-24 23:53:48 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2008-12-24 23:21:37 | 10,672,478 | -H-- | C] () -- C:\Documents and Settings\-the-biscuit-\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2008-12-24 23:19:29 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\desktop.ini
[2008-10-25 23:38:07 | 00,000,081 | ---- | C] () -- C:\WINDOWS\xptools.ini
[2008-10-25 23:32:45 | 00,620,032 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dll
[2008-10-25 23:32:41 | 00,000,120 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007-11-22 11:04:27 | 00,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2007-11-15 14:56:37 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2007-11-15 14:25:39 | 00,004,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\hostnt.sys
[2006-06-29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006-06-29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-04-18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004-08-04 13:00:00 | 00,000,779 | ---- | C] () -- C:\WINDOWS\win.ini
[2004-08-04 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999-01-22 17:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2009-04-10 15:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Ashampoo
[2009-10-01 16:59:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\ATI
[2008-12-25 00:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\BESTplayer
[2009-03-23 22:45:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009-01-10 18:53:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\DAEMON Tools
[2009-08-13 16:08:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\DAEMON Tools Lite
[2009-01-10 18:54:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\DAEMON Tools Pro
[2009-08-03 21:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\DriverCure
[2009-05-31 15:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Gadu-Gadu
[2009-10-09 17:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\GetRightToGo
[2009-10-09 21:34:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\HTML Executable
[2009-10-01 20:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\IObit
[2009-03-22 15:18:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\JCreator
[2009-10-16 16:28:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Leadertech
[2009-10-30 20:47:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Nowe Gadu-Gadu
[2009-04-10 15:04:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Shareaza
[2009-07-06 11:35:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Soldat
[2009-10-30 16:53:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Sports Interactive
[2009-09-10 17:49:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\STOIK
[2009-08-27 17:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\The Path
[2009-09-21 22:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Utherverse
[2009-11-14 18:04:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\uTorrent
[2009-06-08 07:14:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\-the-biscuit-\Dane aplikacji\Vso
[2008-11-11 16:25:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2DBoy
[2009-10-11 12:00:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Age of Empires 3
[2009-04-10 15:47:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo
[2009-04-09 22:53:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\B399
[2009-11-13 12:48:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BioWare
[2009-01-10 18:52:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-08-03 21:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DriverCure
[2009-05-22 16:49:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2009-08-19 11:34:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Innovative Solutions
[2009-03-22 15:18:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\JCreator
[2009-08-03 21:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ParetoLogic
[2009-10-30 16:54:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive
[2009-11-15 23:58:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-07-13 13:48:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
[2004-08-04 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-11-17 19:36:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:466F9D5D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9
< End of report >[/log]

Psycholandia
komentarz
komentarz

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

[code]:Processes
explorer.exe

:Files
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1801674531-839522115-1006UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1801674531-839522115-1006Core. job

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

mishi93
komentarz
komentarz

Log z Malware. co prawda ostatnio tym skanowalem i nic chyba nie było, ale znow prosze :)

[log]Malwarebytes' Anti-Malware 1.41
Wersja bazy definicji: 3189
Windows 5.1.2600 Dodatek Service Pack 3

2009-11-17 22:25:09
mbam-log-2009-11-17 (22-25-09).txt

Typ skanowania: Szybkie skanowanie
Przeskanowane obiekty: 106765
Upłynęło: 9 minute(s), 11 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
(Nie wykryto groźnych plików)[/log]

Psycholandia
komentarz
komentarz

Uruchom OTL i klik CleanUP. Czysto.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.