manugino utworzono 22 marca 2010 utworzono 22 marca 2010 [log]ComboFix 10-03-21.04 - Kasiula 2010-03-22 14:19:58.9.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.503.239 [GMT 1:00] Uruchomiony z: c:\documents and settings\Kasiula\Pulpit\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kasiula\Menu Start\Programy\Autostart\syspck32.exe c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\av.exe c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\ave.exe c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\MSASCui.exe c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\vma.exe c:\documents and settings\Kasiula\wuaucldt.exe c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\system32\drivers\meibtvdc.sys c:\windows\system32\ieuinit.inf c:\windows\system32\wuaucldt.exe c:\windows\system32\drivers\cdrom.sys - brakowało pliku Plik odzyskano z - c:\windows\ServicePackFiles\i386\cdrom.sys . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hnfjixic ((((((((((((((((((((((((( Pliki utworzone od 2010-02-22 do 2010-03-22 ))))))))))))))))))))))))))))))) . 2010-03-22 13:24 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys 2010-03-22 13:24 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2010-03-22 12:45 . 2010-03-22 12:45 -------- d-----w- c:\documents and settings\Kasiula\Dane aplikacji\Malwarebytes 2010-03-22 12:45 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-22 12:44 . 2010-03-22 12:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2010-03-22 12:44 . 2010-03-22 12:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-22 12:44 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-22 11:42 . 2010-03-22 11:43 203776 --sha-w- c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\490373180.dll 2010-03-15 09:35 . 2010-03-15 09:35 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\McAfee 2010-03-12 08:35 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-10 22:11 . 2010-03-10 22:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\McAfee 2010-03-10 22:11 . 2010-03-10 22:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\McAfee Security Scan 2010-03-10 22:11 . 2010-03-15 09:34 -------- d-----w- c:\program files\McAfee Security Scan 2010-03-09 21:13 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2060-08-18 17:02 . 2008-08-06 11:06 1496064 ------w- c:\windows\system32\CC3250MT.DLL 2060-08-18 16:40 . 2008-08-06 11:06 909824 ------w- c:\windows\system32\cp3245mt.dll 2060-08-18 16:40 . 2008-08-06 11:06 24064 ------w- c:\windows\system32\borlndmm.dll 2010-03-22 08:55 . 2010-03-22 08:55 8 ----a-w- c:\windows\system32\config\systemprofile\Dane aplikacji\jasltw.dat 2010-03-20 13:08 . 2009-09-17 19:52 -------- d-----w- c:\documents and settings\Kasiula\Dane aplikacji\RayV 2010-02-21 17:56 . 2007-12-07 17:04 -------- d-----w- c:\program files\epson 2010-02-14 20:08 . 2010-02-11 20:38 -------- d-----w- c:\program files\Pity 2009 2010-02-14 20:06 . 2007-11-24 11:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-11 21:23 . 2010-02-11 21:23 -------- d-----w- c:\program files\Asseco Poland SA 2010-01-11 13:12 . 2007-11-02 13:22 60272 ----a-w- c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-12-31 16:50 . 2001-08-18 06:24 353792 ----a-w- c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "RayV"="c:\program files\RayV\RayV\RayV.exe" [2009-08-19 2487592] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-03 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-08-14 98304] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-08-14 114688] "Persistence"="c:\windows\System32\igfxpers.exe" [2006-08-14 94208] "HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-8-3 950272] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\RayV\\RayV\\RayV.exe"= "c:\\Program Files\\RayV\\RayV\\RayV.dll"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2008-04-04 5248] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-26 108289] R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2007-11-02 841110] R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2007-11-02 8278] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-08-03 450560] S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2008-04-04 159616] . Zawartość folderu 'Zaplanowane zadania' 2009-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21] 2010-03-22 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-10-12 20:18] . . ------- Skan uzupełniający ------- . uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.google.pl/ uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.winamp.com?src=toolbar FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-syncman - c:\documents and settings\kasiula\wuaucldt.exe AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe AddRemove-{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E} - c:\program files\InstallShield Installation Information\{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}\Setup.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-22 14:28 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(2724) c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL c:\program files\Common Files\Microsoft Shared\Web Components\10\1045\OWCI10.DLL c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL c:\program files\Common Files\Microsoft Shared\Web Components\11\1045\OWCI11.DLL . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\windows\system32\wdfmgr.exe c:\windows\RTHDCPL.EXE c:\windows\ATK0100\ATKOSD.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Czas ukończenia: 2010-03-22 14:33:14 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-03-22 13:33 ComboFix2.txt 2009-03-26 15:53 Przed: 8 287 719 424 bajtów wolnych Po: 8 519 516 160 bajtów wolnych - - End Of File - - 353D996CDFBD300073E75C421656CCF4[/log]
Psycholandia komentarz 22 marca 2010 komentarz 22 marca 2010 Daj loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338
manugino komentarz 22 marca 2010 Autor komentarz 22 marca 2010 [log]OTL logfile created on: 2010-03-22 16:06:21 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Kasiula\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 503,00 Mb Total Physical Memory | 115,00 Mb Available Physical Memory | 23,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 7,92 Gb Free Space | 40,55% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 3,63 Gb Free Space | 14,87% Space Free | Partition Type: NTFS Drive E: | 30,57 Gb Total Space | 3,49 Gb Free Space | 11,41% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-8WVACTDTZ1 Current User Name: Kasiula Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - File not found -- C:\Documents and Settings\Kasiula\Moje dokumenty\Spycheck\Spycheck AntiSpyware\spycheck.exe PRC - [2010-03-22 16:03:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kasiula\Pulpit\OTL.exe PRC - [2010-03-18 10:43:10 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-01-15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010-01-03 14:02:50 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009-08-06 18:48:08 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009-08-06 18:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2009-06-09 17:30:45 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009-03-02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 18:21:43 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 18:21:43 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 18:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 18:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 18:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 18:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 18:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2008-01-15 23:54:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2007-09-25 01:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe PRC - [2007-01-16 12:42:20 | 000,950,272 | ---- | M] ( ) -- C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE PRC - [2006-10-30 12:49:54 | 016,269,312 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2006-10-19 13:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2006-10-18 18:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2006-10-18 18:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2006-10-18 17:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2006-10-18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2006-10-18 17:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2006-10-18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2006-10-14 10:37:40 | 000,110,592 | R--- | M] () -- C:\WINDOWS\ATK0100\HControl.exe PRC - [2006-09-01 14:57:48 | 000,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe PRC - [2006-08-14 07:41:28 | 000,114,688 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2006-08-14 07:39:08 | 000,098,304 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe PRC - [2006-08-14 07:38:08 | 000,094,208 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2006-08-10 15:08:04 | 002,379,776 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe PRC - [2005-10-17 16:09:34 | 000,987,136 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2005-04-02 00:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe PRC - [2004-08-11 01:45:04 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2004-01-26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-03-22 16:03:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kasiula\Pulpit\OTL.exe MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 09:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 15:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 15:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 11:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 11:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-10-23 13:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-06-17 20:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 21:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 18:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 18:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 18:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 18:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 18:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 18:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 18:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 18:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 18:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 18:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 18:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 18:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 18:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 18:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 18:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 17:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Unknown | Running] -- -- (EvtEng) Intel(R) SRV - [2010-01-15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009-08-06 18:48:08 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009-06-09 17:30:45 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2006-10-18 17:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2006-10-18 17:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2005-04-02 00:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme) DRV - [2009-12-07 23:19:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009-06-09 17:30:45 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-04-27 17:32:34 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008-04-13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-01-16 12:52:20 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50) DRV - [2007-01-10 09:14:34 | 000,450,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WlanBZXP.sys -- (SG762_XP) DRV - [2006-11-03 02:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-10-19 09:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006-10-17 04:55:28 | 001,711,104 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Sterownik karty Intel(R) DRV - [2006-08-14 09:00:24 | 001,109,568 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2006-01-20 17:59:16 | 000,841,110 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini) DRV - [2006-01-02 19:02:26 | 000,008,278 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan) DRV - [2005-04-25 09:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Vax347b.sys -- (Vax347b) DRV - [2005-02-17 16:07:48 | 000,005,632 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2005-02-17 00:19:00 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004-08-03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2004-04-30 08:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s) DRV - [2003-12-08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003-12-08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL File not found IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.winamp.com?src=toolbar" FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.10.1 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-18 10:43:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-18 10:43:25 | 000,000,000 | ---D | M] [2008-09-13 14:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Extensions [2010-03-21 12:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\extensions [2009-07-12 12:41:39 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009-10-20 18:48:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008-02-24 00:19:47 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\searchplugins\aolsearch.xml [2009-07-12 12:41:44 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\searchplugins\winamp-search.xml [2009-04-29 10:19:28 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2010-03-21 12:04:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-03-18 10:43:18 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-18 10:43:18 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-18 10:43:18 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-18 10:43:18 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-18 10:43:18 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-18 10:43:18 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-03-22 14:28:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe () O4 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV) O4 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE ( ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Kasiula/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-11-02 10:21:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-03-18 10:50:10 | 000,033,792 | ---- | M] () - D:\autobusy-nowy.doc -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-11-02 10:21:15 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-03-22 16:03:13 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kasiula\Pulpit\OTL.exe [2010-03-22 15:03:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010-03-22 14:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasiula\Moje dokumenty\Spycheck [2010-03-22 14:33:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-03-22 14:33:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010-03-22 14:19:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-03-22 14:19:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-03-22 14:19:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-03-22 14:19:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-03-22 14:18:55 | 000,000,000 | ---D | C] -- C:\ComboFix [2010-03-22 13:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasiula\Dane aplikacji\Malwarebytes [2010-03-22 13:45:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-03-22 13:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-03-22 13:44:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-03-22 13:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-03-21 16:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasiula\Moje dokumenty\Pobieranie [2010-03-15 10:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\McAfee [2010-03-10 23:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee [2010-03-10 23:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan [2010-03-10 23:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010-02-11 22:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\Asseco Poland SA [2010-02-11 21:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Pity 2009 [2010-02-09 19:48:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kasiula\Pulpit\epson [2010-02-09 19:17:59 | 000,061,440 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\ECBTEG.DLL [2010-02-09 19:17:58 | 000,073,676 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EBPMON2.DLL [2010-02-09 19:17:58 | 000,034,304 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EBPCHP.DLL [2010-02-09 19:17:33 | 000,000,000 | ---D | C] -- C:\EPSON [2008-12-17 15:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2008-04-04 09:28:54 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys [2008-04-04 09:28:54 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys [2007-11-02 14:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2007-11-02 11:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Intel [2007-11-02 11:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Intel [2007-11-02 10:25:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2007-11-02 10:25:05 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2007-11-02 10:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [11 C:\Documents and Settings\Kasiula\Pulpit\*.tmp files -> C:\Documents and Settings\Kasiula\Pulpit\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-03-22 16:03:23 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kasiula\Pulpit\OTL.exe [2010-03-22 14:28:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-03-22 14:28:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010-03-22 14:28:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-03-22 14:27:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-22 14:27:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-03-22 14:26:23 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Kasiula\NTUSER.DAT [2010-03-22 14:26:23 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Kasiula\ntuser.ini [2010-03-22 14:14:36 | 003,897,235 | R--- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\ComboFix.exe [2010-03-22 14:07:35 | 005,864,422 | -H-- | M] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-22 13:50:22 | 000,015,266 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\wo588q8Gd1tnB [2010-03-22 13:50:21 | 000,015,266 | -HS- | M] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\wo588q8Gd1tnB [2010-03-22 13:45:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-03-22 12:43:13 | 000,203,776 | -HS- | M] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\490373180.dll [2010-03-21 23:15:26 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\Kolejną grupę stanowią WSKAŹNIKI RENTOWNOŚCI.doc [2010-03-21 18:41:35 | 000,379,847 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\2041122_niekaRaportAnalityczny27.10.20091.pdf [2010-03-21 18:39:59 | 000,389,552 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\1691306_Raportanalitycznyniezka20.12.2007.pdf [2010-03-21 18:05:06 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\Microsoft Office Word 2003.lnk [2010-03-21 14:48:05 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\Kasiula\Dane aplikacji\AVSMediaPlayer.m3u [2010-03-19 19:21:49 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-17 22:12:49 | 000,720,896 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\Moja praca magisterska.doc [2010-03-17 15:39:48 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\List motywacyjny.doc [2010-03-17 15:38:59 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\CURRICULUM VITAE.doc [2010-03-16 18:43:18 | 002,437,544 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\PsychoCats.wmv [2010-03-15 10:34:42 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk [2010-03-15 10:34:42 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2010-03-13 09:36:14 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Wybór przeglądarki.lnk [2010-03-12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010-03-09 20:20:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-03-09 20:18:45 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-25 00:16:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-02-24 16:15:12 | 000,002,557 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\Microsoft Office Excel 2003.lnk [2010-02-24 12:51:42 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\~$ja praca magisterska.doc [2010-02-21 18:53:46 | 000,000,578 | ---- | M] () -- C:\WINDOWS\EPSTPLOG.BAK [2010-02-09 19:13:00 | 005,127,680 | ---- | M] () -- C:\Documents and Settings\Kasiula\Pulpit\epson3736eu.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [11 C:\Documents and Settings\Kasiula\Pulpit\*.tmp files -> C:\Documents and Settings\Kasiula\Pulpit\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-03-22 14:19:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-03-22 14:19:08 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-03-22 14:19:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-03-22 14:19:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-03-22 14:19:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-03-22 14:16:29 | 003,897,235 | R--- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\ComboFix.exe [2010-03-22 13:45:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-03-22 12:42:59 | 000,203,776 | -HS- | C] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\490373180.dll [2010-03-22 12:40:17 | 000,015,266 | -HS- | C] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\wo588q8Gd1tnB [2010-03-22 09:56:02 | 000,015,266 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\wo588q8Gd1tnB [2010-03-21 23:15:08 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\Kolejną grupę stanowią WSKAŹNIKI RENTOWNOŚCI.doc [2010-03-21 18:41:35 | 000,379,847 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\2041122_niekaRaportAnalityczny27.10.20091.pdf [2010-03-21 18:39:59 | 000,389,552 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\1691306_Raportanalitycznyniezka20.12.2007.pdf [2010-03-16 18:43:18 | 002,437,544 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\PsychoCats.wmv [2010-03-13 09:36:14 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Wybór przeglądarki.lnk [2010-03-10 23:11:26 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk [2010-03-10 23:11:26 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2010-03-10 17:36:43 | 002,210,067 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\f0770528.jpg [2010-03-04 11:09:42 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\List motywacyjny.doc [2010-03-04 11:09:31 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\CURRICULUM VITAE.doc [2010-02-24 12:51:42 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\~$ja praca magisterska.doc [2010-02-21 18:53:08 | 000,000,578 | ---- | C] () -- C:\WINDOWS\EPSTPLOG.BAK [2010-02-09 19:17:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT [2010-02-09 19:12:13 | 005,127,680 | ---- | C] () -- C:\Documents and Settings\Kasiula\Pulpit\epson3736eu.exe [2009-11-17 22:46:13 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\Kasiula\Dane aplikacji\AVSMediaPlayer.m3u [2009-11-17 22:45:09 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-10-14 20:27:25 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009-10-13 18:13:41 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-09-12 19:34:05 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys [2009-09-12 19:34:05 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\393699DEB8.sys [2008-08-23 12:40:28 | 000,004,068 | ---- | C] () -- C:\WINDOWS\SONYMAP.INI [2008-08-06 12:06:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll [2008-08-06 12:05:41 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2008-08-03 12:28:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll [2008-04-04 09:32:28 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008-01-05 20:25:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2007-12-07 18:06:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2007-12-07 18:03:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CDE DX4400DEFGIPS.ini [2007-11-24 12:12:06 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2007-11-02 20:14:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-11-02 12:17:26 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2007-11-02 12:10:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2007-11-02 11:25:05 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Kasiula\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-11-02 11:04:08 | 000,000,492 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-11-02 10:31:23 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2007-11-02 10:30:47 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll [2007-11-02 10:29:48 | 000,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002-03-21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL [2001-09-17 13:20:02 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [color=#E56717]========== LOP Check ==========[/color] [2007-12-07 18:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EPSON [2007-12-07 18:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\UDL [2008-03-16 19:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasiula\Dane aplikacji\EPSON [2007-11-06 22:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasiula\Dane aplikacji\Gadu-Gadu [2010-03-20 14:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kasiula\Dane aplikacji\RayV [2010-03-22 14:28:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2007-11-02 10:21:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2007-11-02 14:16:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2009-03-25 23:36:02 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2001-07-21 23:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2010-03-22 14:33:14 | 000,015,521 | ---- | M] () -- C:\ComboFix.txt [2007-11-02 10:21:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007-11-02 10:27:54 | 000,286,720 | ---- | M] () -- C:\Debug.txt [2007-11-02 10:21:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007-11-02 10:21:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2007-11-02 14:08:26 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-12-25 12:45:47 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-03-22 14:27:23 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys [2008-08-03 15:00:14 | 000,000,159 | ---- | M] () -- C:\Setup.log [2008-01-29 18:18:12 | 000,000,016 | ---- | M] () -- C:\UsageTrack.txt [2009-09-12 19:31:16 | 000,519,712 | ---- | M] () -- C:\vcredist_x86.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2008-12-25 12:41:04 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:agp440.sys [2008-12-25 12:41:04 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys [2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004-08-03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2002-09-20 18:18:00 | 010,180,934 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008-12-25 12:41:04 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2002-09-20 18:18:00 | 010,180,934 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008-12-25 12:41:04 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys [2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\erdnt\cache\beep.sys [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-17 22:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2002-09-20 18:18:00 | 010,180,934 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008-12-25 12:41:04 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2002-09-20 18:18:00 | 010,180,934 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:cdrom.sys [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys [2008-12-25 12:41:04 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\dllcache\cdrom.sys [2008-04-13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\erdnt\cache\eventlog.dll [2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys [2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\erdnt\cache\winlogon.exe [2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 18:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log]
Psycholandia komentarz 22 marca 2010 komentarz 22 marca 2010 Co z plikiem: avgnt.exe? On jest od Aviry. W okienko OTL wklej poniższy skrypt i klik na Run Fix: [quote]:Processes explorer.exe :OTL IE - HKU\S-1-5-21-1644491937-1532298954-839522115-1003\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL File not found O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Kasiula/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg :Commands [emptytemp] [start explorer] [Reboot][/quote] Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
manugino komentarz 28 marca 2010 Autor komentarz 28 marca 2010 W avirze wyskakuje trojan FakeAV [log]Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3510 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 6.0.2900.5512 2010-03-27 23:37:51 mbam-log-2010-03-27 (23-37-51).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|) Przeskanowane obiekty: 62169 Upłynęło: 34 minute(s), 31 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 3 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\System Volume Information\_restore{252B16B5-40EE-43EB-A2B8-5931154C9F65}\RP416\A0065836.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{252B16B5-40EE-43EB-A2B8-5931154C9F65}\RP416\A0065980.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{252B16B5-40EE-43EB-A2B8-5931154C9F65}\RP416\A0066129.sys (Malware.Trace) -> Quarantined and deleted successfully. [/log]
Psycholandia komentarz 28 marca 2010 komentarz 28 marca 2010 Daj loga z Combofix: http://www.forumpc.pl/index.php?showtopic=153621
manugino komentarz 28 marca 2010 Autor komentarz 28 marca 2010 [log]ComboFix 10-03-28.01 - Kasiula 2010-03-28 23:14:33.10.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.503.156 [GMT 2:00] Uruchomiony z: c:\documents and settings\Kasiula\Pulpit\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Pliki utworzone od 2010-02-28 do 2010-03-28 ))))))))))))))))))))))))))))))) . 2010-03-27 21:58 . 2010-03-27 21:58 -------- d-----w- C:\_OTL 2010-03-22 13:24 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys 2010-03-22 13:24 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2010-03-22 12:45 . 2010-03-22 12:45 -------- d-----w- c:\documents and settings\Kasiula\Dane aplikacji\Malwarebytes 2010-03-22 12:45 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-22 12:44 . 2010-03-22 12:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2010-03-22 12:44 . 2010-03-22 12:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-22 12:44 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-15 09:35 . 2010-03-15 09:35 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\McAfee 2010-03-12 08:35 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-10 22:11 . 2010-03-10 22:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\McAfee 2010-03-10 22:11 . 2010-03-10 22:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\McAfee Security Scan 2010-03-10 22:11 . 2010-03-15 09:34 -------- d-----w- c:\program files\McAfee Security Scan 2010-03-09 21:13 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2060-08-18 17:02 . 2008-08-06 11:06 1496064 ------w- c:\windows\system32\CC3250MT.DLL 2060-08-18 16:40 . 2008-08-06 11:06 909824 ------w- c:\windows\system32\cp3245mt.dll 2060-08-18 16:40 . 2008-08-06 11:06 24064 ------w- c:\windows\system32\borlndmm.dll 2010-03-28 11:28 . 2001-10-26 16:15 85334 ----a-w- c:\windows\system32\perfc015.dat 2010-03-28 11:28 . 2001-10-26 16:15 494082 ----a-w- c:\windows\system32\perfh015.dat 2010-03-28 11:28 . 2007-11-02 10:04 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys 2010-03-22 08:55 . 2010-03-22 08:55 8 ----a-w- c:\windows\system32\config\systemprofile\Dane aplikacji\jasltw.dat 2010-03-20 13:08 . 2009-09-17 19:52 -------- d-----w- c:\documents and settings\Kasiula\Dane aplikacji\RayV 2010-02-21 17:56 . 2007-12-07 17:04 -------- d-----w- c:\program files\epson 2010-02-14 20:08 . 2010-02-11 20:38 -------- d-----w- c:\program files\Pity 2009 2010-02-14 20:06 . 2007-11-24 11:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-11 21:23 . 2010-02-11 21:23 -------- d-----w- c:\program files\Asseco Poland SA 2010-01-11 13:12 . 2007-11-02 13:22 60272 ----a-w- c:\documents and settings\Kasiula\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-12-31 16:50 . 2001-08-18 06:24 353792 ----a-w- c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "RayV"="c:\program files\RayV\RayV\RayV.exe" [2009-08-19 2487592] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2009-06-04 869888] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-03 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-08-14 98304] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-08-14 114688] "Persistence"="c:\windows\System32\igfxpers.exe" [2006-08-14 94208] "HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-8-3 950272] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\RayV\\RayV\\RayV.exe"= "c:\\Program Files\\RayV\\RayV\\RayV.dll"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2008-04-04 5248] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-26 108289] R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2007-11-02 841110] R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2007-11-02 8278] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-08-03 450560] S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2008-04-04 159616] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - AEGISP . Zawartość folderu 'Zaplanowane zadania' 2009-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21] 2010-03-28 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-10-12 20:18] . . ------- Skan uzupełniający ------- . uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.google.pl/ uSearch Bar = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.winamp.com?src=toolbar FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\Kasiula\Dane aplikacji\Mozilla\Firefox\Profiles\sk826olf.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-28 23:19 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2010-03-28 23:21:24 ComboFix-quarantined-files.txt 2010-03-28 21:21 ComboFix2.txt 2010-03-22 13:33 Przed: 8 396 734 464 bajtów wolnych Po: 8 357 171 200 bajtów wolnych - - End Of File - - ED54426518210E04255457A15C8C1AA4[/log]
Psycholandia komentarz 28 marca 2010 komentarz 28 marca 2010 (edytowane) Nic takiego tu nie widzę. Hm, pokaż zdjęcie tego co wyskoczyło. Albo przepisz. Wyskakuje nadal?
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.