GnijCie utworzono 2 maja 2010 utworzono 2 maja 2010 (edytowane) Witam Mam nastepujacy problem, gdy juz zaloguje sie na konto nie moge nic robic przy wiekszym szcesciu przez 2 min inaczej nawet przez 5 !! nie wiem co jest, ale bywa że gdy zaktualizuje sie awast problem ustaje, ale dzieje sie tak prawie przy kazdym zalogowaniu. Moze ktoś z Was wie dlaczego tak jest? [color="#ff0000"] //przenoszę do subforum Logi do sprawdzenia //raaz [/color]
Bobek komentarz 4 maja 2010 komentarz 4 maja 2010 Też tak miałem .. Tylko format został . [color="#ff0000"] //format to nie jest rozwiązanie //raaz[/color]
rokko komentarz 4 maja 2010 komentarz 4 maja 2010 [quote]Moze ktoś z Was wie dlaczego tak jest? [/quote] W ciemno nikt na to pytanie nie jest w stanie odpowiedzieć, trzeba by diagnostykę systemu zrobić, przeglądnąć logi, dzienniki itp. Potencjalne rozwiązanie problemu = stworzenie nowego profilu użytkownika, a później ewentualnie transfer plików ze starego profilu do nowego. Spróbuj tego i sprawdź w praktyce.
GnijCie komentarz 5 maja 2010 Autor komentarz 5 maja 2010 Powiem,że dam to rady znieść o ile nie wyrządza to wiekszych szkód dla komputera. A to z profilem to mam 2 profile i na każdym tak sie robi. Podajcie mi jakiś program do logów
Bobek komentarz 5 maja 2010 komentarz 5 maja 2010 Combofix [color="#ff0000"]//po pierwsze użycia ComboFixa mogą proponować osoby sprawdzające logi // po drugie zacznij trochę bardziej przykładać się do pisania, bo na dzień dzisiejszy //Twoje posty kwalifikują się tylko do kosza //ostatni raz ostrzegam //raaz[/color]
GnijCie komentarz 8 maja 2010 Autor komentarz 8 maja 2010 (edytowane) [log]ComboFix 10-05-06.05 - anka 2010-05-08 13:17:57.4.1 - x86 Uruchomiony z: E:\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\anka\Dane aplikacji\Desktopicon c:\documents and settings\anka\Dane aplikacji\Desktopicon\eBay.ico c:\documents and settings\anka\Dane aplikacji\Desktopicon\uninst.exe c:\documents and settings\anka\Dane aplikacji\EurekaLog c:\documents and settings\anka\Dane aplikacji\EurekaLog\EurekaLog.ini . ((((((((((((((((((((((((( Pliki utworzone od 2010-04-08 do 2010-05-08 ))))))))))))))))))))))))))))))) . 2010-05-06 16:28 . 2010-05-06 16:28 -------- d-----w- c:\documents and settings\daedd\Ustawienia lokalne\Dane aplikacji\Ahead 2010-05-05 22:12 . 2010-05-05 22:36 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Ahead 2010-05-05 22:12 . 2010-05-05 22:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ahead 2010-05-05 22:06 . 2010-05-05 22:10 -------- d-----w- c:\program files\Common Files\Ahead 2010-05-05 22:06 . 2010-05-05 22:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero 2010-05-05 22:06 . 2010-05-05 22:06 -------- d-----w- c:\program files\Nero 2010-05-03 20:47 . 2010-05-03 20:47 7680 ----a-w- c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\1000000600002i\svchost.exe 2010-05-02 23:11 . 2010-05-02 23:11 7680 ----a-w- c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\1000000b00002i\rundll32.exe 2010-05-02 23:11 . 2010-05-02 23:11 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Thinstall 2010-05-02 15:08 . 2010-05-02 15:08 -------- d-----w- c:\program files\Steinberg 2010-05-01 22:10 . 2010-05-01 22:10 3584 ----a-r- c:\documents and settings\anka\Dane aplikacji\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2010-05-01 22:10 . 2010-05-01 22:10 -------- d-----w- c:\program files\Windows Installer Clean Up 2010-05-01 22:10 . 2010-05-01 22:10 -------- d-----w- c:\program files\MSECACHE 2010-05-01 12:25 . 2010-05-03 12:18 -------- d-----w- c:\program files\Unlocker 2010-04-25 21:09 . 2010-04-25 21:10 -------- d-----w- c:\documents and settings\anka\Ustawienia lokalne\Dane aplikacji\BearShare 2010-04-24 16:17 . 2010-04-24 16:17 -------- d-----w- c:\program files\Rockstar Games 2010-04-17 22:19 . 2010-04-17 22:19 -------- d-----w- c:\documents and settings\anka\WapSter 2010-04-17 21:49 . 2010-04-17 21:49 10134 ----a-r- c:\documents and settings\anka\Dane aplikacji\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2010-04-17 21:49 . 2010-04-17 21:49 -------- d-----w- c:\program files\Microsoft WSE 2010-04-17 21:49 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2010-04-17 21:13 . 2010-05-05 18:15 -------- d-----w- c:\program files\Ahead 2010-04-17 20:51 . 2010-04-17 20:51 -------- d--h--w- c:\windows\$hf_mig$ 2010-04-17 18:42 . 2010-04-17 18:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-04-17 17:48 . 2010-04-17 17:48 23 --sha-w- c:\windows\system32\edacded0.dat . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-08 08:16 . 2009-04-01 14:46 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Skype 2010-05-07 18:58 . 2010-05-07 18:58 7692288 ----a-w- c:\documents and settings\anka\ntuser.tmp 2010-05-02 22:52 . 2009-03-20 22:55 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-26 16:05 . 2009-03-20 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-17 20:45 . 2009-03-24 20:28 -------- d-----w- c:\program files\Windows Live 2010-04-17 18:42 . 2009-08-30 11:06 -------- d-----w- c:\program files\Common Files\Ulead Systems 2010-04-17 18:08 . 2009-12-04 18:21 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\IMVU 2010-04-16 22:16 . 2010-03-20 18:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-28 20:22 . 2009-05-30 16:23 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Audacity 2010-03-28 14:52 . 2001-10-26 16:15 82010 ----a-w- c:\windows\system32\perfc015.dat 2010-03-28 14:52 . 2001-10-26 16:15 484634 ----a-w- c:\windows\system32\perfh015.dat 2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AdobeARM.exe 2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AdobeExtractFiles.dll 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\ReaderUpdater.exe 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AcrobatUpdater.exe 2010-03-20 19:27 . 2009-03-20 19:41 56856 -c--a-w- c:\documents and settings\anka\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-03-20 18:17 . 2010-03-20 18:17 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Malwarebytes 2010-03-20 18:17 . 2010-03-20 18:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2010-03-20 16:57 . 2010-03-20 16:57 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe 2010-03-20 15:43 . 2010-03-20 15:43 -------- d-----w- c:\program files\CCleaner 2010-03-20 14:50 . 2009-04-18 10:30 -------- d-----w- c:\program files\Common Files\Macromedia 2010-03-07 15:17 . 2010-03-07 15:17 503808 ----a-w- c:\documents and settings\daedd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47e56b87-n\msvcp71.dll 2010-03-07 15:17 . 2010-03-07 15:17 499712 ----a-w- c:\documents and settings\daedd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47e56b87-n\jmc.dll 2010-03-07 15:17 . 2010-03-07 15:17 348160 ----a-w- c:\documents and settings\daedd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47e56b87-n\msvcr71.dll 2010-03-07 15:17 . 2010-03-07 15:17 61440 ----a-w- c:\documents and settings\daedd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-31a2c574-n\decora-sse.dll 2010-03-07 15:17 . 2010-03-07 15:17 12800 ----a-w- c:\documents and settings\daedd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-31a2c574-n\decora-d3d.dll 2010-02-28 14:43 . 2010-02-27 16:58 0 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-02-27 16:44 . 2010-02-27 16:44 12 ----a-w- c:\documents and settings\anka\Dane aplikacji\rbuwzv.dat 2010-02-26 19:33 . 2010-02-26 19:33 503808 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a18954-n\msvcp71.dll 2010-02-26 19:33 . 2010-02-26 19:33 499712 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a18954-n\jmc.dll 2010-02-26 19:33 . 2010-02-26 19:33 348160 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-25a18954-n\msvcr71.dll 2010-02-26 19:33 . 2010-02-26 19:33 61440 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e360387-n\decora-sse.dll 2010-02-26 19:33 . 2010-02-26 19:33 12800 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6e360387-n\decora-d3d.dll 2010-02-24 17:35 . 2009-10-28 13:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-20 19:44 . 2009-04-16 19:55 5 -c--a-w- c:\windows\system32\SySmp3con.dat . ------- Sigcheck ------- [-] 2008-04-14 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [7] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe [7] 2004-08-03 . 0344407089B08548D4FEBA62BB0F32D0 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2008-04-14 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll [7] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll [7] 2004-08-03 . D38C710AAC3A0D16AF7DF6770C9F6CBB . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [7] 2008-12-12 . 604D8F71620CC6353D7C3E89BC70090C . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll [-] 2008-12-12 . 14307EB37130BCAC7D1B6EFBEF5AC75D . 3481600 . . [6.00.2900.5726] . . c:\windows\ServicePackFiles\i386\mshtml.dll [-] 2008-12-12 . 14307EB37130BCAC7D1B6EFBEF5AC75D . 3481600 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll [7] 2008-12-12 . 925E22521441829F4889B3A2C4015EDB . 3088896 . . [6.00.2900.5726] . . c:\windows\VistaMizer\old\mshtml.dll [7] 2008-10-16 . 401C51E3479F1CCBA29E5A374C8F2688 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll [7] 2004-08-03 . 687FF56421840ACD46B7A3939ED581E7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll [7] 2008-08-14 . DCDD970025463DFC9676EBE18ABD6A86 . 2190464 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2008-08-14 . F8071DEDC9217DBD6B8C0753868AA087 . 2447744 . . [5.1.2600.5657] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2008-08-14 . F8071DEDC9217DBD6B8C0753868AA087 . 2447744 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe [7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntoskrnl.exe [7] 2004-08-03 . DCF53422B7EDDED3B7431FBAE4A7EE3F . 2182272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2008-04-14 . FA1E2372F554782332A8504A58300D15 . 589312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . FA1E2372F554782332A8504A58300D15 . 589312 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [7] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll [7] 2004-08-03 . 0C81764F50F32D376E6E4B9E9F4B01A0 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll [7] 2008-10-16 . D9A313E9E938FCD9C63EFD544C997183 . 669696 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll [-] 2008-10-16 . CA192C1BCB96422A5DAD5FF9BF0F27AB . 813568 . . [6.00.2900.5694] . . c:\windows\ServicePackFiles\i386\wininet.dll [-] 2008-10-16 . CA192C1BCB96422A5DAD5FF9BF0F27AB . 813568 . . [6.00.2900.5694] . . c:\windows\system32\wininet.dll [7] 2008-10-16 . 81AB7E7CEBEB09BCFB8C4AE1074E1CC1 . 668672 . . [6.00.2900.5694] . . c:\windows\VistaMizer\old\wininet.dll [7] 2004-08-03 . D37DAFB534AC8343D59A1B501ABE852C . 658944 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll [-] 2008-04-14 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [7] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe [7] 2004-08-03 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2008-04-14 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [7] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe [7] 2004-08-03 . CBFA30492D70CE3938D8A7783D0C0436 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [7] 2008-08-14 . 638346856E53887B0C3DA62A9AB2C203 . 2067328 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2008-08-14 . BCDA6410B3A89805ECEB57020621C6FC . 2324608 . . [5.1.2600.5657] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2008-08-14 . BCDA6410B3A89805ECEB57020621C6FC . 2324608 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe [7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntkrnlpa.exe [7] 2004-08-03 . 44D1BC1B05E0C7C82E81687B79C653C7 . 2058112 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352] [HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}] 2007-07-17 14:59 1379352 ----a-w- c:\program files\Wisdom-soft\tbWisd.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352] [HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352] [HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 5.1 Free"="0" [X] "ALLUpdate"="e:\programy\ALLPlayer\ALLUpdate.exe" [2009-11-11 870400] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=xgusb.cpl "midi2"=xgusb.cpl [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] 2009-11-17 14:18 6807552 ----a-w- e:\programy\AQQ\WAPSTE~1\AQQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2003-06-25 10:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "e:\\PROGRAMY\\eMule\\emule.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"= "e:\\PROGRAMY\\AQQ\\WapSter AQQ\\AQQ.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21708:TCP"= 21708:TCP:*:Disabled:BitComet 21708 TCP "21708:UDP"= 21708:UDP:*:Disabled:BitComet 21708 UDP R3 FPLY;FPLY;c:\docume~1\anka\USTAWI~1\Temp\FPLY.exe [x] R3 GPU-Z;GPU-Z;c:\docume~1\anka\USTAWI~1\Temp\GPU-Z.sys [x] R3 IYMRQEK;IYMRQEK;c:\docume~1\anka\USTAWI~1\Temp\IYMRQEK.exe [x] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\D.tmp [x] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x] R3 TRMOJTKIOK;TRMOJTKIOK;c:\docume~1\anka\USTAWI~1\Temp\TRMOJTKIOK.exe [x] R3 XOOOKHKUL;XOOOKHKUL;c:\docume~1\anka\USTAWI~1\Temp\XOOOKHKUL.exe [x] R3 zlportio;zlportio;c:\program files\UltraStar Deluxe\zlportio.sys [x] S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uInternet Settings,ProxyOverride = *.local IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk FF - ProfilePath - c:\documents and settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2243755&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - IMVUspace Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - FF - plugin: c:\documents and settings\anka\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: e:\programy\Real Alternative\browser\plugins\nppl3260.dll FF - plugin: e:\programy\Real Alternative\browser\plugins\nprpjplug.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe AddRemove-Adobe_8d0dc9390f2c596455e1446b5918a40 - c:\program files\Common Files\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\Setup.exe AddRemove-ALLConverter to PSP_is1 - c:\program files\ALLConverter\PSP\unins000.exe AddRemove-eBay Icon - c:\documents and settings\anka\Dane aplikacji\Desktopicon\uninst.exe AddRemove-Guild Wars - e:\gry\x1\Gw.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-05-08 13:22 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\D.tmp" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(524) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(580) c:\windows\system32\setupapi.dll c:\windows\system32\scecli.dll c:\windows\system32\psbase.dll . Czas ukończenia: 2010-05-08 13:25:02 ComboFix-quarantined-files.txt 2010-05-08 11:24 Przed: 1 280 188 416 bajtów wolnych Po: 2 280 914 944 bajtów wolnych - - End Of File - - 6D1238A425125DAEEE226F0F890EA932[/log] Prosze oto logi
sebus1989 komentarz 8 maja 2010 komentarz 8 maja 2010 (edytowane) witam, napisz cos wiecej o swoim problemie, co znaczy nic nie robic? w nic kliknac? nie ruszyc myszą?
GnijCie komentarz 8 maja 2010 Autor komentarz 8 maja 2010 moge ruszac myszka i robic wszystko ale tylko na pulpicie a np na pasku czy na start kliknac nie da rady bo sie cos laduje dopiero jak avast aktualizacja wyskoczy ze zostal zaktualizowany to jest normalnie juz
sebus1989 komentarz 9 maja 2010 komentarz 9 maja 2010 odlacz internet, odinstaluj avasta, przeczysc ccleaner wszystko, podlacz internet, sciagnij http://www.dobreprogramy.pl/Windows-Worms-Doors-Cleaner,Program,Windows,11744.html , przy RPC Locator , Enable UPNP i Enable Msg maja byc zielone znaczki. zrestartuj komputer sciagnij najnowsza wersje avasta
GnijCie komentarz 19 czerwca 2010 Autor komentarz 19 czerwca 2010 sebus1989 zrobilem wszystko tak jak napisales ale to nic nie pomoglo jedynie na co czekam , to skanuje system przez najnowszego avasta,ale i tak wielkie dzieki za pomoc jak cos bedzie to dam znac
Tomek01 komentarz 19 czerwca 2010 komentarz 19 czerwca 2010 (edytowane) Komputer jest zainfekowany. Poproszę jeszcze logi OTL i RSIT. Do notatnika wklej: [code]Driver:: MEMSWEEP2 XOOOKHKUL TRMOJTKIOK IYMRQEK FPLY File:: c:\windows\system32\drivers\lbrtfdc.sys c:\documents and settings\anka\Dane aplikacji\rbuwzv.dat c:\docume~1\anka\USTAWI~1\Temp\FPLY.exe c:\docume~1\anka\USTAWI~1\Temp\IYMRQEK.exe c:\windows\system32\D.tmp c:\docume~1\anka\USTAWI~1\Temp\TRMOJTKIOK.exe c:\docume~1\anka\USTAWI~1\Temp\XOOOKHKUL.exe c:\program files\Wisdom-soft\tbWisd.dll Folder:: c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] {6dfc55bb-bfff-485a-9709-90c3fdf6db58}"=- [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"=-[/code] Zapisz jako CFScript.txt, przeciągnij i upuść na na ikonę Combofix'a. Załącz powstały log.
GnijCie komentarz 20 czerwca 2010 Autor komentarz 20 czerwca 2010 (edytowane) a możesz mi troszke wytłumaczyć jak zrobić logi z OTL i RSIT? a oto log o który prosiłeś ten który z notatnika przeciagnalem na ComboFix'a [log]ComboFix 10-06-19.03 - anka 2010-06-20 12:49:13.5.1 - x86 Uruchomiony z: E:\ComboFix.exe Użyto następujących komend :: c:\documents and settings\anka\Pulpit\CFScript.txt FILE :: "c:\docume~1\anka\USTAWI~1\Temp\FPLY.exe" "c:\docume~1\anka\USTAWI~1\Temp\IYMRQEK.exe" "c:\docume~1\anka\USTAWI~1\Temp\TRMOJTKIOK.exe" "c:\docume~1\anka\USTAWI~1\Temp\XOOOKHKUL.exe" "c:\documents and settings\anka\Dane aplikacji\rbuwzv.dat" "c:\program files\Wisdom-soft\tbWisd.dll" "c:\windows\system32\D.tmp" "c:\windows\system32\drivers\lbrtfdc.sys" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\anka\Dane aplikacji\rbuwzv.dat c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\AAAAAAAA2 c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\AAAAAAAA2M c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\BAAAAAAA2 c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\BAAAAAAA2M c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\CAAAAAAA2 c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\CAAAAAAA2M c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\DAAAAAAA2 c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\DAAAAAAA2M c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\EAAAAAAA2 c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\EAAAAAAA2M c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\FAAAAAAA2 c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\FAAAAAAA2M c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\GAAAAAAA2 c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\GAAAAAAA2M c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\HAAAAAAA2 c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\HAAAAAAA2M c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\IAAAAAAA2 c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\IAAAAAAA2M c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\index.dat c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\JAAAAAAA2 c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\JAAAAAAA2M c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\KAAAAAAA2 c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE\KAAAAAAA2M c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings CE\Actions Palette.psp c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings CE\Adobe Photoshop 7.0 Prefs.psp c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings CE\Brushes.psp c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings CE\PluginCache.psp c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings\Recently Used Optimizations.irs c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Common Files\Adobe\Color\ACE1Cache.lst c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Common Files\Adobe\TypeSpt\AdobeFnt06.lst c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Photoshop 7.0 CE\Photoshop.fon c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Photoshop 7.0 CE\Required PL\ADMUI3.fon c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\1000000600002i\svchost.exe c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\1000000b00002i\rundll32.exe c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\Registry.rw.lck c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\Registry.rw.tvr c:\documents and settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\Registry.tvr.backup c:\program files\Wisdom-soft\tbWisd.dll c:\windows\system32\drivers\lbrtfdc.sys . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FPLY -------\Legacy_IYMRQEK -------\Legacy_MEMSWEEP2 -------\Legacy_TRMOJTKIOK -------\Legacy_XOOOKHKUL -------\Service_FPLY -------\Service_IYMRQEK -------\Service_MEMSWEEP2 -------\Service_TRMOJTKIOK -------\Service_XOOOKHKUL ((((((((((((((((((((((((( Pliki utworzone od 2010-05-20 do 2010-06-20 ))))))))))))))))))))))))))))))) . 2010-06-19 11:41 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-06-19 11:41 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-06-19 11:41 . 2010-04-14 16:37 297552 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2010-06-19 11:41 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-06-19 11:41 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-20 11:00 . 2009-12-04 18:21 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\IMVU 2010-06-20 10:54 . 2010-05-02 23:11 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Thinstall 2010-06-20 10:53 . 2010-02-08 22:50 -------- d-----w- c:\program files\Wisdom-soft 2010-06-19 11:40 . 2010-06-19 11:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software 2010-06-19 11:40 . 2009-03-20 19:29 -------- d-----w- c:\program files\Alwil Software 2010-06-18 22:14 . 2010-06-18 21:44 -------- d-----w- c:\program files\StepMania 2010-06-15 20:21 . 2010-06-15 20:21 -------- d-----w- c:\program files\ChomikBox 2010-06-15 20:16 . 2010-05-05 22:12 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Ahead 2010-06-15 18:48 . 2009-04-01 14:46 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Skype 2010-06-02 17:27 . 2010-06-02 17:27 -------- d-----w- c:\program files\Lavalys 2010-05-30 18:52 . 2010-05-30 18:51 -------- d-----w- c:\program files\Realtek AC97 2010-05-28 20:34 . 2010-05-28 20:34 61440 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6d15eac8-n\decora-sse.dll 2010-05-28 20:34 . 2010-05-28 20:34 12800 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6d15eac8-n\decora-d3d.dll 2010-05-28 20:34 . 2010-05-28 20:34 348160 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1953a81a-n\msvcr71.dll 2010-05-28 20:34 . 2010-05-28 20:34 503808 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1953a81a-n\msvcp71.dll 2010-05-28 20:34 . 2010-05-28 20:34 499712 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1953a81a-n\jmc.dll 2010-05-16 10:50 . 2010-05-16 10:50 56856 ----a-w- c:\documents and settings\daedd\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-05-15 18:53 . 2009-05-30 16:23 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Audacity 2010-05-11 18:02 . 2010-05-11 18:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\3AEA 2010-05-08 19:10 . 2010-05-08 19:10 76782 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\Uninstall.exe 2010-05-08 19:10 . 2010-05-08 19:10 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\IMVUClient 2010-05-08 18:44 . 2010-05-08 18:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\F8C 2010-05-05 22:12 . 2010-05-05 22:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ahead 2010-05-05 22:10 . 2010-05-05 22:06 -------- d-----w- c:\program files\Common Files\Ahead 2010-05-05 22:06 . 2010-05-05 22:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero 2010-05-05 22:06 . 2010-05-05 22:06 -------- d-----w- c:\program files\Nero 2010-05-05 18:15 . 2010-04-17 21:13 -------- d-----w- c:\program files\Ahead 2010-05-03 16:24 . 2010-05-03 16:24 92312 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\IMVUupdater.exe 2010-05-03 16:24 . 2010-05-03 16:24 21760 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe 2010-05-03 16:24 . 2010-05-03 16:24 52992 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\IMVUClient.exe 2010-05-03 16:21 . 2010-05-03 16:21 121856 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\WriteMiniDump.exe 2010-05-03 16:18 . 2010-05-03 16:18 46592 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\ui\plugins\npvivoxproxy.dll 2010-05-03 16:18 . 2010-05-03 16:18 54784 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\ui\plugins\nphwndproxy.dll 2010-05-03 16:18 . 2010-05-03 16:18 1263616 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\SceneWindow.dll 2010-05-03 16:17 . 2010-05-03 16:17 16896 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\MemoryHook.dll 2010-05-03 16:16 . 2010-05-03 16:16 320000 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\cal3d.dll 2010-05-03 16:15 . 2010-05-03 16:15 202752 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\boost_python.dll 2010-05-03 16:15 . 2010-05-03 16:15 29184 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\CallStack.dll 2010-05-03 12:18 . 2010-05-01 12:25 -------- d-----w- c:\program files\Unlocker 2010-05-02 22:52 . 2009-03-20 22:55 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-02 15:08 . 2010-05-02 15:08 -------- d-----w- c:\program files\Steinberg 2010-05-01 22:10 . 2010-05-01 22:10 3584 ----a-r- c:\documents and settings\anka\Dane aplikacji\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2010-05-01 22:10 . 2010-05-01 22:10 -------- d-----w- c:\program files\Windows Installer Clean Up 2010-05-01 22:10 . 2010-05-01 22:10 -------- d-----w- c:\program files\MSECACHE 2010-04-26 23:14 . 2010-04-26 23:14 224768 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\audiere.dll 2010-04-26 16:05 . 2009-03-20 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-24 16:17 . 2010-04-24 16:17 -------- d-----w- c:\program files\Rockstar Games 2010-04-22 04:44 . 2010-04-22 04:44 7506576 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\1VivoxVoice.exe 2010-04-22 04:44 . 2010-04-22 04:44 4792976 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\vivoxsdk.dll 2010-04-22 04:44 . 2010-04-22 04:44 330896 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\libsndfile-1.dll 2010-04-22 04:44 . 2010-04-22 04:44 266384 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\npvivoxvoiceplugin.dll 2010-04-22 04:44 . 2010-04-22 04:44 246416 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\ortp.dll 2010-04-22 04:44 . 2010-04-22 04:44 275088 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\vivoxoal.dll 2010-04-22 04:44 . 2010-04-22 04:44 1034896 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\dbghelp.dll 2010-04-17 21:49 . 2010-04-17 21:49 10134 ----a-r- c:\documents and settings\anka\Dane aplikacji\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2010-04-17 17:48 . 2010-04-17 17:48 23 --sha-w- c:\windows\system32\edacded0.dat 2010-04-16 18:18 . 2010-04-16 18:18 3771296 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\ui\plugins\NPSWF32.dll 2010-04-16 18:18 . 2010-04-16 18:18 184832 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\ssleay32.dll 2010-04-16 18:18 . 2010-04-16 18:18 1006080 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\libeay32.dll 2010-04-16 18:13 . 2010-04-16 18:13 271929 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\pixomatic.dll 2010-04-16 18:10 . 2010-04-16 18:10 49664 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\w9xpopen.exe 2010-04-16 18:10 . 2010-04-16 18:10 353280 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\pythoncom26.dll 2010-04-16 18:10 . 2010-04-16 18:10 2251264 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\python26.dll 2010-04-16 18:10 . 2010-04-16 18:10 110080 ----a-w- c:\documents and settings\anka\Dane aplikacji\IMVUClient\pywintypes26.dll 2010-04-14 16:47 . 2010-06-19 11:40 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-04-14 16:47 . 2010-06-19 11:40 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-04-14 16:31 . 2010-06-19 11:41 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-04-14 16:31 . 2010-06-19 11:41 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-04-14 16:30 . 2010-06-19 11:41 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-03-28 14:52 . 2001-10-26 16:15 82010 ----a-w- c:\windows\system32\perfc015.dat 2010-03-28 14:52 . 2001-10-26 16:15 484634 ----a-w- c:\windows\system32\perfh015.dat 2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AdobeARM.exe 2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AdobeExtractFiles.dll 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\ReaderUpdater.exe 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AcrobatUpdater.exe . ------- Sigcheck ------- [-] 2008-04-14 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [7] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe [7] 2004-08-03 . 0344407089B08548D4FEBA62BB0F32D0 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2008-04-14 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll [7] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll [7] 2004-08-03 . D38C710AAC3A0D16AF7DF6770C9F6CBB . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [7] 2008-12-12 . 604D8F71620CC6353D7C3E89BC70090C . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll [-] 2008-12-12 . 14307EB37130BCAC7D1B6EFBEF5AC75D . 3481600 . . [6.00.2900.5726] . . c:\windows\ServicePackFiles\i386\mshtml.dll [-] 2008-12-12 . 14307EB37130BCAC7D1B6EFBEF5AC75D . 3481600 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll [7] 2008-12-12 . 925E22521441829F4889B3A2C4015EDB . 3088896 . . [6.00.2900.5726] . . c:\windows\VistaMizer\old\mshtml.dll [7] 2008-10-16 . 401C51E3479F1CCBA29E5A374C8F2688 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll [7] 2004-08-03 . 687FF56421840ACD46B7A3939ED581E7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll [7] 2008-08-14 . DCDD970025463DFC9676EBE18ABD6A86 . 2190464 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2008-08-14 . F8071DEDC9217DBD6B8C0753868AA087 . 2447744 . . [5.1.2600.5657] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2008-08-14 . F8071DEDC9217DBD6B8C0753868AA087 . 2447744 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe [7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntoskrnl.exe [7] 2004-08-03 . DCF53422B7EDDED3B7431FBAE4A7EE3F . 2182272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2008-04-14 . FA1E2372F554782332A8504A58300D15 . 589312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . FA1E2372F554782332A8504A58300D15 . 589312 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [7] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll [7] 2004-08-03 . 0C81764F50F32D376E6E4B9E9F4B01A0 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll [7] 2008-10-16 . D9A313E9E938FCD9C63EFD544C997183 . 669696 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll [-] 2008-10-16 . CA192C1BCB96422A5DAD5FF9BF0F27AB . 813568 . . [6.00.2900.5694] . . c:\windows\ServicePackFiles\i386\wininet.dll [-] 2008-10-16 . CA192C1BCB96422A5DAD5FF9BF0F27AB . 813568 . . [6.00.2900.5694] . . c:\windows\system32\wininet.dll [7] 2008-10-16 . 81AB7E7CEBEB09BCFB8C4AE1074E1CC1 . 668672 . . [6.00.2900.5694] . . c:\windows\VistaMizer\old\wininet.dll [7] 2004-08-03 . D37DAFB534AC8343D59A1B501ABE852C . 658944 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll [-] 2008-04-14 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [7] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe [7] 2004-08-03 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2008-04-14 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [7] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe [7] 2004-08-03 . CBFA30492D70CE3938D8A7783D0C0436 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [7] 2008-08-14 . 638346856E53887B0C3DA62A9AB2C203 . 2067328 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2008-08-14 . BCDA6410B3A89805ECEB57020621C6FC . 2324608 . . [5.1.2600.5657] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2008-08-14 . BCDA6410B3A89805ECEB57020621C6FC . 2324608 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe [7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntkrnlpa.exe [7] 2004-08-03 . 44D1BC1B05E0C7C82E81687B79C653C7 . 2058112 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell] @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}" [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}] 2010-04-14 16:33 140288 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 5.1 Free"="0" [X] "ALLUpdate"="e:\programy\ALLPlayer\ALLUpdate.exe" [2009-11-11 870400] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=xgusb.cpl "midi2"=xgusb.cpl [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] 2009-11-17 14:18 6807552 ----a-w- e:\programy\AQQ\WAPSTE~1\AQQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2003-06-25 10:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "e:\\PROGRAMY\\eMule\\emule.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"= "e:\\PROGRAMY\\AQQ\\WapSter AQQ\\AQQ.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\anka\\Dane aplikacji\\IMVUClient\\1VivoxVoice.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21708:TCP"= 21708:TCP:*:Disabled:BitComet 21708 TCP "21708:UDP"= 21708:UDP:*:Disabled:BitComet 21708 UDP R3 GPU-Z;GPU-Z;c:\docume~1\anka\USTAWI~1\Temp\GPU-Z.sys [x] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x] R3 zlportio;zlportio;c:\program files\UltraStar Deluxe\zlportio.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uInternet Settings,ProxyOverride = *.local IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk FF - ProfilePath - c:\documents and settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2243755&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - IMVUspace Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - FF - plugin: c:\documents and settings\anka\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: e:\programy\Real Alternative\browser\plugins\nppl3260.dll FF - plugin: e:\programy\Real Alternative\browser\plugins\nprpjplug.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-20 12:59 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(572) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(628) c:\windows\system32\scecli.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(4072) c:\windows\system32\SHDOCVW.dll c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\LINKINFO.dll c:\windows\system32\ntshrui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\MSVCP60.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\SOUNDMAN.EXE c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\documents and settings\anka\Dane aplikacji\IMVUClient\IMVUClient.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\wdfmgr.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe . ************************************************************************** . Czas ukończenia: 2010-06-20 13:05:13 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-06-20 11:04 ComboFix2.txt 2010-05-08 11:25 Przed: 1 758 957 568 bajtów wolnych Po: 1 846 394 880 bajtów wolnych - - End Of File - - F91DC8115A52DA6B2FF2F6A28661DAAE[/log]
Tomek01 komentarz 20 czerwca 2010 komentarz 20 czerwca 2010 (edytowane) Zdecydowanie do usunięcia jest też: c:\documents and settings\anka\Dane aplikacji\IMVUClient Adobe Acrobat też podejrzanie wygląda. Najlepiej odinstalować i zainstalować ponownie świeżą wersję. Do Avengera wklej: [code]Folders to delete: c:\documents and settings\anka\Dane aplikacji\IMVUClient[/code] Execute... Załącz raport z usuwania oraz logi [url="http://images.malwareremoval.com/random/RSIT.exe"][b][color="#0000FF"]R[/color]andom's [color="#0000FF"]S[/color]ystem [color="#0000FF"]I[/color]nformation [color="#0000FF"]T[/color]ool[/b][/url] oraz [url="http://www.instalki.pl/programy/download_c/13/3138.html"][color="#0000FF"][b]OTL[/b][/color][/url].
GnijCie komentarz 21 czerwca 2010 Autor komentarz 21 czerwca 2010 (edytowane) probowalem usunac adobe acrobat ale nie bylo go w dodaj/usun musialem zrobic to recznie przy czym nie idzie usunac folderu z AA w ktorym jest niejaki ActiveX reszte zrobie jutro i zdam z tego raport ;d oto raport z usuwania (Avenger) [log]////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Dodatek Service Pack 3) Mon Jun 21 17:57:08 2010 17:57:08: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Dodatek Service Pack 3) Mon Jun 21 17:57:18 2010 17:57:18: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Folder "c:\documents and settings\anka\Dane aplikacji\IMVUClient" deleted successfully. Completed script processing. ******************* Finished! Terminate.[/log] logi Random's System Information Tool [log]Logfile of random's system information tool 1.07 (written by random/random) Run by anka at 2010-06-21 18:03:37 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 2 GB (17%) free of 10 GB Total RAM: 767 MB (65% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:05:43, on 2010-06-21 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe E:\RSIT.exe C:\Program Files\trend micro\anka.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [ALLUpdate] "E:\PROGRAMY\ALLPlayer\ALLUpdate.exe" "sleep" O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: IMVU.lnk = C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O24 - Desktop Component 0: (no name) - http://img.mtv3.fi/mn_kuvat/mtv3/viihde/555_px_kuvia_2009/652910.jpg O24 - Desktop Component 1: (no name) - http://userserve-ak.last.fm/serve/_/39278155/Marco+Hietala+11131_193809267809_19379332280.jpg -- End of file - 6406 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Pomocnik rejestracji usługi Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=NvMCTray.dll,NvTaskbarInit [] "HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-10-23 233472] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ALLUpdate"=E:\PROGRAMY\ALLPlayer\ALLUpdate.exe [2009-11-11 870400] "Wisdom-soft ScreenHunter 5.1 Free"=0 [] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] E:\PROGRAMY\AQQ\WAPSTE~1\AQQ.exe [2009-11-17 6807552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152] C:\Documents and Settings\anka\Menu Start\Programy\Autostart IMVU.lnk - C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 "RestrictRun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= "RestrictRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "E:\PROGRAMY\eMule\emule.exe"="E:\PROGRAMY\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Java\jre6\launch4j-tmp\wowd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\wowd.exe:*:Enabled:Java(TM) Platform SE binary" "E:\PROGRAMY\AQQ\WapSter AQQ\AQQ.exe"="E:\PROGRAMY\AQQ\WapSter AQQ\AQQ.exe:*:Enabled:AQQ Communicator" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour" "C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\1VivoxVoice.exe"="C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======File associations====== .js - edit - .txt - open - notepad.exe %1 ======List of files/folders created in the last 3 months====== 2010-06-21 18:03:37 ----D---- C:\rsit 2010-06-21 18:03:37 ----D---- C:\Program Files\trend micro 2010-06-21 17:59:27 ----D---- C:\Avenger 2010-06-21 17:57:08 ----A---- C:\avenger.txt 2010-06-20 22:44:29 ----D---- C:\32788R22FWJFW 2010-06-20 21:41:25 ----SHD---- C:\RECYCLER 2010-06-20 13:05:14 ----A---- C:\ComboFix.txt 2010-06-20 12:46:37 ----D---- C:\ComboFix 2010-06-19 13:40:56 ----A---- C:\WINDOWS\system32\aswBoot.exe 2010-06-19 13:40:45 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software 2010-06-18 23:44:46 ----D---- C:\Program Files\StepMania 2010-06-15 22:21:16 ----D---- C:\Program Files\ChomikBox 2010-06-12 01:06:14 ----A---- C:\WINDOWS\PhotoSnapViewer.INI 2010-06-02 19:27:11 ----D---- C:\Program Files\Lavalys 2010-05-30 20:51:55 ----D---- C:\Program Files\Realtek AC97 2010-05-11 20:02:58 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\3AEA 2010-05-08 20:44:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\F8C 2010-05-07 20:46:29 ----A---- C:\WINDOWS\NIRCMD.exe 2010-05-07 20:46:28 ----A---- C:\WINDOWS\zip.exe 2010-05-07 20:46:28 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-05-07 20:46:28 ----A---- C:\WINDOWS\SWSC.exe 2010-05-07 20:46:28 ----A---- C:\WINDOWS\SWREG.exe 2010-05-07 20:46:28 ----A---- C:\WINDOWS\sed.exe 2010-05-07 20:46:28 ----A---- C:\WINDOWS\grep.exe 2010-05-07 20:45:54 ----D---- C:\Qoobox 2010-05-06 00:12:56 ----D---- C:\Documents and Settings\anka\Dane aplikacji\Ahead 2010-05-06 00:12:05 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ahead 2010-05-06 00:06:05 ----D---- C:\Program Files\Nero 2010-05-06 00:06:05 ----D---- C:\Program Files\Common Files\Ahead 2010-05-06 00:06:05 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Nero 2010-05-06 00:04:38 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2010-05-06 00:04:30 ----A---- C:\WINDOWS\system32\d3dx9_28.dll 2010-05-03 01:11:01 ----D---- C:\Documents and Settings\anka\Dane aplikacji\Thinstall 2010-05-02 17:08:39 ----D---- C:\Program Files\Steinberg 2010-05-02 00:10:46 ----D---- C:\Program Files\Windows Installer Clean Up 2010-05-02 00:10:13 ----D---- C:\Program Files\MSECACHE 2010-05-01 14:25:32 ----D---- C:\Program Files\Unlocker 2010-04-24 18:17:14 ----D---- C:\Program Files\Rockstar Games 2010-04-17 23:49:52 ----D---- C:\Program Files\Microsoft WSE 2010-04-17 23:49:21 ----A---- C:\WINDOWS\system32\d3dx9_31.dll 2010-04-17 23:13:24 ----D---- C:\Program Files\Ahead 2010-04-17 23:02:34 ----D---- C:\Program Files\Adobe 2010-04-17 22:58:35 ----D---- C:\Program Files\Common Files\Services 2010-04-17 22:51:31 ----HD---- C:\WINDOWS\$hf_mig$ 2010-04-17 22:49:15 ----HD---- C:\WINDOWS\$NtServicePackUninstall$ 2010-04-17 20:42:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2010-03-23 23:22:24 ----D---- C:\WINDOWS\Logs ======List of files/folders modified in the last 3 months====== 2010-06-21 18:03:37 ----RD---- C:\Program Files 2010-06-21 18:02:27 ----D---- C:\WINDOWS\Temp 2010-06-21 17:59:27 ----D---- C:\WINDOWS\system32\drivers 2010-06-21 17:59:27 ----D---- C:\WINDOWS\system32 2010-06-21 17:58:57 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-06-21 17:10:28 ----D---- C:\Documents and Settings\anka\Dane aplikacji\IMVU 2010-06-21 16:41:57 ----D---- C:\Program Files\Mozilla Firefox 2010-06-20 22:59:34 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2010-06-20 22:37:18 ----D---- C:\WINDOWS 2010-06-20 22:36:16 ----D---- C:\Documents and Settings\anka\Dane aplikacji\Adobe 2010-06-20 13:02:42 ----D---- C:\WINDOWS\system32\CatRoot2 2010-06-20 12:58:20 ----A---- C:\WINDOWS\system.ini 2010-06-20 12:55:01 ----D---- C:\WINDOWS\system32\config 2010-06-20 12:54:49 ----D---- C:\WINDOWS\ERDNT 2010-06-20 12:54:10 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-06-20 12:53:57 ----D---- C:\Program Files\Wisdom-soft 2010-06-20 12:51:58 ----D---- C:\WINDOWS\AppPatch 2010-06-20 12:51:56 ----D---- C:\Program Files\Common Files 2010-06-20 12:44:46 ----D---- C:\WINDOWS\Prefetch 2010-06-19 13:41:05 ----SHD---- C:\WINDOWS\Installer 2010-06-19 13:41:04 ----D---- C:\WINDOWS\WinSxS 2010-06-19 13:40:45 ----D---- C:\Program Files\Alwil Software 2010-06-15 22:22:25 ----A---- C:\WINDOWS\NeroDigital.ini 2010-06-15 20:48:59 ----D---- C:\Documents and Settings\anka\Dane aplikacji\Skype 2010-05-30 20:52:14 ----HD---- C:\WINDOWS\inf 2010-05-30 20:52:11 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-05-15 20:53:11 ----D---- C:\Documents and Settings\anka\Dane aplikacji\Audacity 2010-05-06 00:04:39 ----D---- C:\WINDOWS\system32\DirectX 2010-05-03 00:52:16 ----D---- C:\Program Files\Common Files\Adobe 2010-05-02 23:55:12 ----RSD---- C:\WINDOWS\Fonts 2010-04-26 18:05:25 ----HD---- C:\Program Files\InstallShield Installation Information 2010-04-26 15:58:12 ----A---- C:\WINDOWS\PEV.exe 2010-04-17 23:49:53 ----RSD---- C:\WINDOWS\assembly 2010-04-17 22:45:49 ----D---- C:\Program Files\Windows Live 2010-04-17 21:25:59 ----D---- C:\Program Files\Microsoft Office 2010-04-17 20:42:34 ----D---- C:\Program Files\Common Files\Ulead Systems 2010-04-17 19:31:29 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-04-17 00:16:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-04-16 16:52:28 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2010-03-28 16:52:24 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-03-22 19:03:26 ----D---- C:\WINDOWS\Debug ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880] R1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2010-04-14 297552] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024] R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 GPU-Z;GPU-Z; \??\C:\DOCUME~1\anka\USTAWI~1\Temp\GPU-Z.sys [] S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 YMIDUSB;YAMAHA Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2005-07-25 14464] S3 zlportio;zlportio; \??\C:\Program Files\UltraStar Deluxe\zlportio.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-11 654848] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF-----------------[/log] oraz OTL [log]OTL logfile created on: 2010-06-21 18:06:58 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = E:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 767,00 Mb Total Physical Memory | 504,00 Mb Available Physical Memory | 66,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 1024 2560 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 10,00 Gb Total Space | 1,72 Gb Free Space | 17,16% Space Free | Partition Type: NTFS Drive D: | 2,00 Gb Total Space | 0,07 Gb Free Space | 3,53% Space Free | Partition Type: NTFS Drive E: | 62,52 Gb Total Space | 3,97 Gb Free Space | 6,35% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOMOWY Current User Name: anka Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-06-20 22:55:15 | 000,572,416 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2010-04-14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2008-04-14 23:51:18 | 001,553,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-06-27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007-06-27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007-04-16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-06-20 22:55:15 | 000,572,416 | ---- | M] (OldTimer Tools) -- E:\OTL.exe MOD - [2010-04-14 18:36:14 | 000,140,800 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxBorder.dll MOD - [2010-04-14 18:33:44 | 000,140,288 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxPlugins.dll MOD - [2008-04-14 23:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009-07-11 22:42:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-11-11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-04-14 18:37:13 | 000,297,552 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx) DRV - [2010-04-14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-04-14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2010-04-14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-04-14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-04-14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-04-14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006-10-22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006-10-17 21:22:26 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32) DRV - [2005-07-25 08:13:00 | 000,014,464 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB) DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "IMVUspace Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2243755&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "IMVUspace Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-17 19:30:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-28 18:24:23 | 000,000,000 | ---D | M] [2009-12-04 20:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Extensions [2009-12-04 20:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Extensions\IMVUClientXUL@imvu.com [2010-06-20 22:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\extensions [2010-02-08 20:58:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009-08-24 12:47:54 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\searchplugins\askcom.xml [2009-12-16 15:50:30 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\searchplugins\conduit.xml [2010-06-20 22:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008-01-23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2009-07-31 00:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-07-31 00:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-07-31 00:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-07-31 00:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-07-31 00:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-07-31 00:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-06-20 12:58:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [ALLUpdate] E:\PROGRAMY\ALLPlayer\ALLUpdate.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Free] File not found O4 - Startup: C:\Documents and Settings\anka\Menu Start\Programy\Autostart\IMVU.lnk = C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0 O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 () - http://img.mtv3.fi/mn_kuvat/mtv3/viihde/555_px_kuvia_2009/652910.jpg O24 - Desktop Components:1 () - http://userserve-ak.last.fm/serve/_/39278155/Marco+Hietala+11131_193809267809_19379332280.jpg O24 - Desktop Components:2 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\anka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\anka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-03-20 21:14:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-06-21 18:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-06-21 18:03:37 | 000,000,000 | ---D | C] -- C:\rsit [2010-06-21 17:59:27 | 000,000,000 | ---D | C] -- C:\Avenger [2010-06-20 22:44:29 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010-06-20 21:41:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-06-20 12:46:37 | 000,000,000 | ---D | C] -- C:\ComboFix [2010-06-19 13:41:16 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-06-19 13:41:16 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-06-19 13:41:15 | 000,297,552 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2010-06-19 13:41:15 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-06-19 13:41:14 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-06-19 13:41:14 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-06-19 13:41:14 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-06-19 13:41:13 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-06-19 13:40:56 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-06-19 13:40:56 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010-06-19 13:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-06-19 13:07:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\anka\Recent [2010-06-18 23:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\StepMania [2010-06-15 22:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\ChomikBox [2010-06-02 19:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-05-30 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97 [2010-05-28 21:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-06-21 18:01:37 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-06-21 18:01:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-06-21 18:01:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-06-21 18:01:11 | 804,835,328 | -HS- | M] () -- C:\hiberfil.sys [2010-06-21 17:59:02 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\anka\NTUSER.DAT [2010-06-21 17:58:49 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\anka\ntuser.ini [2010-06-21 17:58:24 | 000,267,776 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\wylanczanie zintegrowanej karty dzwiekowej, instalacja nowiusienkiej.doc [2010-06-21 16:46:37 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\anka\Menu Start\Programy\Autostart\IMVU.lnk [2010-06-20 12:58:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-06-20 12:58:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-06-19 22:59:13 | 000,000,068 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Reinkarnacja.URL [2010-06-19 22:41:27 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\LIST MOTYWACYJNY.doc [2010-06-19 21:30:45 | 000,000,073 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Podłączenie nowej karty dźwiękowej. Wyłączenie zintegrowanej karty dźwiękowej w BIOS-ie. Hotfix - Aktualności i porady kompu.URL [2010-06-19 13:41:14 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-06-16 23:21:02 | 000,070,870 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\untitled.JPG [2010-06-16 21:04:55 | 000,055,716 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\pub6.jpg [2010-06-16 19:09:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-06-15 23:00:19 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\anka\default.pls [2010-06-15 22:22:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-06-13 15:27:17 | 000,000,081 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Todd Lockwood - Planetar81 - Chomikuj.pl.URL [2010-06-12 01:09:17 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-06-07 21:20:04 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Ozzy Scare at Madame Tussauds Wax Museum.URL [2010-06-07 20:24:44 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\jelenaabbouui4.jpg (Obrazek JPEG, 450x694 pikseli).URL [2010-06-07 18:53:05 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\ARCANA XV - Tarot Favole.URL [2010-06-06 00:08:14 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Tarot Snów (Tarot of Dreams) Ciro Marchetti.URL [2010-05-30 23:29:16 | 000,028,428 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\angels_n_devils_cd.jpg [2010-05-29 23:39:05 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Guild Wars.lnk [2010-05-29 22:13:24 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\Twój sposób na podryw.doc [2010-05-25 22:03:33 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\PRZEPIS NA CHLEB PSZENNO.doc [2010-05-24 19:09:44 | 000,000,070 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Wielkie Żarcie - Przepis - milkshake czyli prawdziwy shake z mc donald.URL [2010-05-24 19:09:08 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Kod Mojżesza.avi - creativi - Chomikuj.pl.URL [2010-05-23 22:16:38 | 000,000,091 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Ranga w głosie - Forum dyskusyjne - iSing.URL [2010-05-23 00:54:06 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Rise Against - Savior.URL [2010-05-22 22:29:08 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\Poleca się by jeść 20.doc [2010-05-22 22:12:22 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\Zasadotwórcza Żywność.doc [2010-05-22 21:04:27 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\Ditea Uszatki.doc [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-06-20 22:02:12 | 000,267,776 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\wylanczanie zintegrowanej karty dzwiekowej, instalacja nowiusienkiej.doc [2010-06-19 22:59:13 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Reinkarnacja.URL [2010-06-19 22:41:26 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\LIST MOTYWACYJNY.doc [2010-06-19 21:30:45 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Podłączenie nowej karty dźwiękowej. Wyłączenie zintegrowanej karty dźwiękowej w BIOS-ie. Hotfix - Aktualności i porady kompu.URL [2010-06-16 23:20:58 | 000,070,870 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\untitled.JPG [2010-06-16 21:04:50 | 000,055,716 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\pub6.jpg [2010-06-15 22:18:46 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\anka\default.pls [2010-06-13 15:27:17 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Todd Lockwood - Planetar81 - Chomikuj.pl.URL [2010-06-12 01:06:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-06-11 19:49:46 | 000,117,018 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\298583087.jpg [2010-06-07 21:20:04 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Ozzy Scare at Madame Tussauds Wax Museum.URL [2010-06-07 20:24:44 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\jelenaabbouui4.jpg (Obrazek JPEG, 450x694 pikseli).URL [2010-06-07 18:53:05 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\ARCANA XV - Tarot Favole.URL [2010-06-06 00:08:14 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Tarot Snów (Tarot of Dreams) Ciro Marchetti.URL [2010-05-30 23:29:15 | 000,028,428 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\angels_n_devils_cd.jpg [2010-05-29 22:13:22 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\Twój sposób na podryw.doc [2010-05-28 21:16:50 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Guild Wars.lnk [2010-05-25 22:03:32 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\PRZEPIS NA CHLEB PSZENNO.doc [2010-05-24 19:09:44 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Wielkie Żarcie - Przepis - milkshake czyli prawdziwy shake z mc donald.URL [2010-05-24 19:09:08 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Kod Mojżesza.avi - creativi - Chomikuj.pl.URL [2010-05-23 22:16:38 | 000,000,091 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Ranga w głosie - Forum dyskusyjne - iSing.URL [2010-05-23 00:54:06 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Rise Against - Savior.URL [2010-05-22 22:26:40 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\Poleca się by jeść 20.doc [2010-05-22 22:12:22 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\Zasadotwórcza Żywność.doc [2010-05-22 21:04:26 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\Ditea Uszatki.doc [2009-08-30 13:09:56 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009-08-30 13:09:56 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009-08-30 13:09:56 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009-08-30 13:09:56 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009-08-30 13:09:56 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009-08-30 13:09:56 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009-06-26 20:46:27 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\VBUTILLight.dll [2009-06-26 20:46:23 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll [2009-04-16 22:00:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini [2009-04-16 21:55:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2009-03-27 14:53:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-03-24 20:29:50 | 000,010,197 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini [2009-03-21 00:54:08 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-03-21 00:00:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-03-21 00:00:37 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-03-21 00:00:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-03-21 00:00:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-03-21 00:00:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-03-20 22:30:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-03-20 21:26:33 | 000,002,457 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2008-11-26 22:28:48 | 000,000,272 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006-10-22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2002-03-17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000088.DLL [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010-06-16 23:20:48 | 000,000,257 | ---- | M] ()(C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url) -- C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url [2010-06-16 23:20:48 | 000,000,257 | ---- | C] ()(C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url) -- C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url [2010-05-23 22:30:49 | 000,000,068 | ---- | M] ()(C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL) -- C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL [2010-05-23 22:30:49 | 000,000,068 | ---- | C] ()(C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL) -- C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4BF2F6B5 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:888AFB86 < End of report >[/log]
Tomek01 komentarz 21 czerwca 2010 komentarz 21 czerwca 2010 (edytowane) Kroki końcowe. Odinstaluj Combofix'a: Start >>> Uruchom >>> combofix /u [i naciskasz OK] W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe :Reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 5.1 Free"=- :OTL FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "IMVUspace Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2243755&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "IMVUspace Customized Web Search" [2009-12-04 20:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Extensions\IMVUClientXUL@imvu.com[2009-08-24 12:47:54 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\searchplugins\askcom.xml [2009-12-16 15:50:30 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\searchplugins\conduit.xml O4 - Startup: C:\Documents and Settings\anka\Menu Start\Programy\Autostart\IMVU.lnk = C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe File not found O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk ()O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4BF2F6B5 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:888AFB86 :Files C:\Documents and Settings\anka\Menu Start\Programy\Autostart\IMVU.lnk C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe C:\Documents and Settings\anka\Dane aplikacji\IMVU C:\Qoobox :Commands [emptytemp] [start explorer] [Reboot][/code] Klikasz run fix, komputer uruchamia się ponownie. Załącz log z usuwania oraz nowy log OTL.
GnijCie komentarz 21 czerwca 2010 Autor komentarz 21 czerwca 2010 oto log z usuwania ComboFixa [log]ComboFix 10-06-19.03 - anka 2010-06-21 19:45:18.7.1 - x86 Uruchomiony z: E:\ComboFix.exe Użyto następujących komend :: /u . ((((((((((((((((((((((((( Pliki utworzone od 2010-05-21 do 2010-06-21 ))))))))))))))))))))))))))))))) . 2010-06-21 16:03 . 2010-06-21 16:05 -------- d-----w- C:\rsit 2010-06-21 16:03 . 2010-06-21 16:05 -------- d-----w- c:\program files\trend micro 2010-06-19 11:41 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-06-19 11:41 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-06-19 11:41 . 2010-04-14 16:37 297552 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2010-06-19 11:41 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-06-19 11:41 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-06-19 11:41 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-06-19 11:41 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-06-19 11:41 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-06-19 11:40 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-06-19 11:40 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-06-19 11:40 . 2010-06-19 11:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software 2010-06-18 21:44 . 2010-06-18 22:14 -------- d-----w- c:\program files\StepMania 2010-06-15 20:21 . 2010-06-15 20:21 -------- d-----w- c:\program files\ChomikBox 2010-06-02 17:27 . 2010-06-02 17:27 -------- d-----w- c:\program files\Lavalys 2010-05-30 18:51 . 2010-05-30 18:52 -------- d-----w- c:\program files\Realtek AC97 2010-05-28 20:34 . 2010-05-28 20:34 61440 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6d15eac8-n\decora-sse.dll 2010-05-28 20:34 . 2010-05-28 20:34 12800 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6d15eac8-n\decora-d3d.dll 2010-05-28 20:34 . 2010-05-28 20:34 348160 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1953a81a-n\msvcr71.dll 2010-05-28 20:34 . 2010-05-28 20:34 503808 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1953a81a-n\msvcp71.dll 2010-05-28 20:34 . 2010-05-28 20:34 499712 ----a-w- c:\documents and settings\anka\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1953a81a-n\jmc.dll 2010-05-28 19:16 . 2010-06-20 19:41 -------- d-----w- c:\documents and settings\All Users\Pulpit . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-21 15:10 . 2009-12-04 18:21 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\IMVU 2010-06-20 10:54 . 2010-05-02 23:11 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Thinstall 2010-06-20 10:53 . 2010-02-08 22:50 -------- d-----w- c:\program files\Wisdom-soft 2010-06-19 11:40 . 2009-03-20 19:29 -------- d-----w- c:\program files\Alwil Software 2010-06-15 20:16 . 2010-05-05 22:12 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Ahead 2010-06-15 18:48 . 2009-04-01 14:46 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Skype 2010-05-16 10:50 . 2010-05-16 10:50 56856 ----a-w- c:\documents and settings\daedd\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-05-15 18:53 . 2009-05-30 16:23 -------- d-----w- c:\documents and settings\anka\Dane aplikacji\Audacity 2010-05-11 18:02 . 2010-05-11 18:02 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\3AEA 2010-05-08 18:44 . 2010-05-08 18:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\F8C 2010-05-05 22:12 . 2010-05-05 22:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ahead 2010-05-05 22:10 . 2010-05-05 22:06 -------- d-----w- c:\program files\Common Files\Ahead 2010-05-05 22:06 . 2010-05-05 22:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero 2010-05-05 22:06 . 2010-05-05 22:06 -------- d-----w- c:\program files\Nero 2010-05-05 18:15 . 2010-04-17 21:13 -------- d-----w- c:\program files\Ahead 2010-05-03 12:18 . 2010-05-01 12:25 -------- d-----w- c:\program files\Unlocker 2010-05-02 22:52 . 2009-03-20 22:55 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-02 15:08 . 2010-05-02 15:08 -------- d-----w- c:\program files\Steinberg 2010-05-01 22:10 . 2010-05-01 22:10 3584 ----a-r- c:\documents and settings\anka\Dane aplikacji\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2010-05-01 22:10 . 2010-05-01 22:10 -------- d-----w- c:\program files\Windows Installer Clean Up 2010-05-01 22:10 . 2010-05-01 22:10 -------- d-----w- c:\program files\MSECACHE 2010-04-26 16:05 . 2009-03-20 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-24 16:17 . 2010-04-24 16:17 -------- d-----w- c:\program files\Rockstar Games 2010-04-17 21:49 . 2010-04-17 21:49 10134 ----a-r- c:\documents and settings\anka\Dane aplikacji\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2010-04-17 17:48 . 2010-04-17 17:48 23 --sha-w- c:\windows\system32\edacded0.dat 2010-03-28 14:52 . 2001-10-26 16:15 82010 ----a-w- c:\windows\system32\perfc015.dat 2010-03-28 14:52 . 2001-10-26 16:15 484634 ----a-w- c:\windows\system32\perfh015.dat 2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AdobeARM.exe 2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\AdobeExtractFiles.dll 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Adobe\Reader\9.3\ARM\15162\ReaderUpdater.exe . ------- Sigcheck ------- [-] 2008-04-14 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [7] 2008-04-14 . 51FD2E13D723857B9CA239AE77150F48 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe [7] 2004-08-03 . 0344407089B08548D4FEBA62BB0F32D0 . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2008-04-14 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . E6C1811BA05F4E4BD4DA437778630489 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll [7] 2008-04-14 . 0BE00656B7CAEDE754AEE4D7AD13B687 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll [7] 2004-08-03 . D38C710AAC3A0D16AF7DF6770C9F6CBB . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [7] 2008-12-12 . 604D8F71620CC6353D7C3E89BC70090C . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll [-] 2008-12-12 . 14307EB37130BCAC7D1B6EFBEF5AC75D . 3481600 . . [6.00.2900.5726] . . c:\windows\ServicePackFiles\i386\mshtml.dll [-] 2008-12-12 . 14307EB37130BCAC7D1B6EFBEF5AC75D . 3481600 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll [7] 2008-12-12 . 925E22521441829F4889B3A2C4015EDB . 3088896 . . [6.00.2900.5726] . . c:\windows\VistaMizer\old\mshtml.dll [7] 2008-10-16 . 401C51E3479F1CCBA29E5A374C8F2688 . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll [7] 2004-08-03 . 687FF56421840ACD46B7A3939ED581E7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll [7] 2008-08-14 . DCDD970025463DFC9676EBE18ABD6A86 . 2190464 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2008-08-14 . F8071DEDC9217DBD6B8C0753868AA087 . 2447744 . . [5.1.2600.5657] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2008-08-14 . F8071DEDC9217DBD6B8C0753868AA087 . 2447744 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe [7] 2008-08-14 . 9CE159C91E076FF6C25D055310EBB259 . 2190464 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntoskrnl.exe [7] 2004-08-03 . DCF53422B7EDDED3B7431FBAE4A7EE3F . 2182272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2008-04-14 . FA1E2372F554782332A8504A58300D15 . 589312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . FA1E2372F554782332A8504A58300D15 . 589312 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [7] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll [7] 2004-08-03 . 0C81764F50F32D376E6E4B9E9F4B01A0 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll [7] 2008-10-16 . D9A313E9E938FCD9C63EFD544C997183 . 669696 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll [-] 2008-10-16 . CA192C1BCB96422A5DAD5FF9BF0F27AB . 813568 . . [6.00.2900.5694] . . c:\windows\ServicePackFiles\i386\wininet.dll [-] 2008-10-16 . CA192C1BCB96422A5DAD5FF9BF0F27AB . 813568 . . [6.00.2900.5694] . . c:\windows\system32\wininet.dll [7] 2008-10-16 . 81AB7E7CEBEB09BCFB8C4AE1074E1CC1 . 668672 . . [6.00.2900.5694] . . c:\windows\VistaMizer\old\wininet.dll [7] 2004-08-03 . D37DAFB534AC8343D59A1B501ABE852C . 658944 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll [-] 2008-04-14 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . A08939AFCDBE68F67E9C35383A4CE62C . 1553408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [7] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe [7] 2004-08-03 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2008-04-14 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 5336D3244305FD884215DAF84D108566 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [7] 2008-04-14 . 1BD41EDA5B869AFC99895C39A8DE36E1 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe [7] 2004-08-03 . CBFA30492D70CE3938D8A7783D0C0436 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [7] 2008-08-14 . 638346856E53887B0C3DA62A9AB2C203 . 2067328 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2008-08-14 . BCDA6410B3A89805ECEB57020621C6FC . 2324608 . . [5.1.2600.5657] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2008-08-14 . BCDA6410B3A89805ECEB57020621C6FC . 2324608 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe [7] 2008-08-14 . 5AB2F07AD3FD76790294DDCCC6E06D46 . 2067328 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntkrnlpa.exe [7] 2004-08-03 . 44D1BC1B05E0C7C82E81687B79C653C7 . 2058112 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe . ((((((((((((((((((((((((((((( SnapShot@2010-05-08_11.22.53 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2010-06-21 16:01 . 2010-06-21 16:01 16384 c:\windows\Temp\Perflib_Perfdata_6e8.dat + 2010-05-30 18:52 . 2008-04-14 21:51 23552 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\wdmaud.drv + 2010-05-30 18:52 . 2008-04-13 23:15 49408 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\stream.sys + 2010-05-30 18:52 . 2008-04-13 23:15 60160 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\drmk.sys + 2004-08-03 23:08 . 2008-04-13 22:15 49408 c:\windows\system32\drivers\stream.sys - 2004-08-03 23:08 . 2008-04-13 23:15 49408 c:\windows\system32\drivers\stream.sys + 2009-03-20 20:30 . 2008-04-13 22:15 60160 c:\windows\system32\drivers\drmk.sys - 2009-03-20 20:30 . 2008-04-13 23:15 60160 c:\windows\system32\drivers\drmk.sys + 2004-08-03 23:08 . 2008-04-13 22:15 49408 c:\windows\system32\dllcache\stream.sys + 2010-02-27 16:58 . 2008-04-13 22:10 34688 c:\windows\system32\dllcache\lbrtfdc.sys + 2009-03-20 20:30 . 2008-04-13 22:15 60160 c:\windows\system32\dllcache\drmk.sys - 2009-03-20 20:31 . 2006-08-01 14:02 49152 c:\windows\system32\ChCfg.exe + 2009-03-20 20:31 . 2006-08-01 13:02 49152 c:\windows\system32\ChCfg.exe + 2010-05-30 18:52 . 2008-04-14 21:50 4096 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ksuser.dll + 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2009-03-20 20:30 . 2006-10-18 00:53 147456 c:\windows\system32\RtlCPAPI.dll - 2009-03-20 20:30 . 2006-10-18 01:53 147456 c:\windows\system32\RtlCPAPI.dll + 2010-05-30 18:52 . 2006-11-17 04:42 577536 c:\windows\system32\ReinstallBackups\0006\DriverFiles\SOUNDMAN.EXE + 2010-05-30 18:52 . 2006-10-18 01:53 147456 c:\windows\system32\ReinstallBackups\0006\DriverFiles\RTLCPAPI.dll + 2010-05-30 18:52 . 2008-04-13 23:49 146048 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\portcls.sys + 2010-05-30 18:52 . 2008-04-13 23:46 141056 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ks.sys + 2010-05-30 18:52 . 2006-07-31 09:27 217088 c:\windows\system32\ReinstallBackups\0006\DriverFiles\Alcrmv.exe + 2009-03-20 20:30 . 2008-04-13 22:49 146048 c:\windows\system32\drivers\portcls.sys - 2009-03-20 20:30 . 2008-04-13 23:49 146048 c:\windows\system32\drivers\portcls.sys + 2004-08-03 23:15 . 2008-04-13 22:46 141056 c:\windows\system32\drivers\ks.sys - 2004-08-03 23:15 . 2008-04-13 23:46 141056 c:\windows\system32\drivers\ks.sys + 2009-03-20 20:30 . 2008-04-13 22:49 146048 c:\windows\system32\dllcache\portcls.sys + 2004-08-03 23:15 . 2008-04-13 22:46 141056 c:\windows\system32\dllcache\ks.sys + 2010-06-19 10:55 . 2010-06-19 10:55 262144 c:\windows\system32\config\systemprofile\NtUser.dat + 2009-03-20 20:30 . 2007-04-16 13:28 577536 c:\windows\soundman.exe - 2009-03-20 20:30 . 2006-11-17 04:42 577536 c:\windows\soundman.exe + 2010-06-19 11:41 . 2010-06-19 11:41 219648 c:\windows\Installer\a6e20.msi + 2009-03-20 20:30 . 2006-07-31 09:19 315392 c:\windows\alcupd.exe - 2009-03-20 20:30 . 2006-07-31 10:19 315392 c:\windows\alcupd.exe - 2009-03-20 20:30 . 2006-07-31 10:27 217088 c:\windows\Alcrmv.exe + 2009-03-20 20:30 . 2006-07-31 09:27 217088 c:\windows\Alcrmv.exe + 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2010-05-30 18:52 . 2007-03-08 13:34 4027840 c:\windows\system32\ReinstallBackups\0006\DriverFiles\ALCXWDM.SYS + 2009-03-20 20:30 . 2008-09-24 08:40 4122368 c:\windows\system32\drivers\alcxwdm.sys - 2009-03-20 20:30 . 2006-12-08 14:20 10528768 c:\windows\system32\RTLCPL.exe + 2009-03-20 20:30 . 2006-12-08 13:20 10528768 c:\windows\system32\RTLCPL.exe + 2010-05-30 18:52 . 2006-12-08 14:20 10528768 c:\windows\system32\ReinstallBackups\0006\DriverFiles\RTLCPL.EXE . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell] @="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}" [HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}] 2010-04-14 16:33 140288 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 5.1 Free"="0" [X] "ALLUpdate"="e:\programy\ALLPlayer\ALLUpdate.exe" [2009-11-11 870400] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2006-10-22 1622016] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=xgusb.cpl "midi2"=xgusb.cpl [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] 2009-11-17 14:18 6807552 ----a-w- e:\programy\AQQ\WAPSTE~1\AQQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2003-06-25 10:24 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "e:\\PROGRAMY\\eMule\\emule.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"= "e:\\PROGRAMY\\AQQ\\WapSter AQQ\\AQQ.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21708:TCP"= 21708:TCP:*:Disabled:BitComet 21708 TCP "21708:UDP"= 21708:UDP:*:Disabled:BitComet 21708 UDP R3 GPU-Z;GPU-Z;c:\docume~1\anka\USTAWI~1\Temp\GPU-Z.sys [x] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [x] R3 zlportio;zlportio;c:\program files\UltraStar Deluxe\zlportio.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uInternet Settings,ProxyOverride = *.local IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk FF - ProfilePath - c:\documents and settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2243755&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - IMVUspace Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - FF - plugin: c:\documents and settings\anka\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: e:\programy\Real Alternative\browser\plugins\nppl3260.dll FF - plugin: e:\programy\Real Alternative\browser\plugins\nprpjplug.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - USUNIĘTO PUSTE WPISY - - - - AddRemove-IMVU Avatar chat client software BETA - c:\documents and settings\anka\Dane aplikacji\IMVUClient\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-21 19:51 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(572) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(628) c:\windows\system32\setupapi.dll c:\windows\system32\scecli.dll c:\windows\system32\psbase.dll - - - - - - - > 'explorer.exe'(2932) c:\windows\system32\SHDOCVW.dll c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\LINKINFO.dll c:\windows\system32\ntshrui.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\msi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\MSVCP60.dll . Czas ukończenia: 2010-06-21 19:53:31 ComboFix-quarantined-files.txt 2010-06-21 17:53 ComboFix2.txt 2010-06-20 11:05 ComboFix3.txt 2010-05-08 11:25 Przed: 1 830 412 288 bajtów wolnych Po: 1 825 046 528 bajtów wolnych - - End Of File - - D0A3EF0CD8A7261B948351EC95BFF2D4[/log] i nowy log OTL [log]All processes killed ========== PROCESSES ========== Process Explorer.exe killed successfully! ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft ScreenHunter 5.1 Free deleted successfully. ========== OTL ========== Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "IMVUspace Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2243755&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "IMVUspace Customized Web Search" removed from browser.search.selectedEngine C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Extensions\IMVUClientXUL@imvu.com folder moved successfully. C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\searchplugins\conduit.xml moved successfully. C:\Documents and Settings\anka\Menu Start\Programy\Autostart\IMVU.lnk moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found. File C:\Documents and Settings\anka\Menu Start\Programy\IMVU\Run IMVU.lnk ()O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll not found. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4BF2F6B5 deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:888AFB86 deleted successfully. ========== FILES ========== File\Folder C:\Documents and Settings\anka\Menu Start\Programy\Autostart\IMVU.lnk not found. File\Folder C:\Documents and Settings\anka\Dane aplikacji\IMVUClient\IMVUQualityAgent.exe not found. C:\Documents and Settings\anka\Dane aplikacji\IMVU\Cache folder moved successfully. C:\Documents and Settings\anka\Dane aplikacji\IMVU folder moved successfully. C:\Qoobox\Quarantine\Registry_backups folder moved successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers folder moved successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32 folder moved successfully. C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully. C:\Qoobox\Quarantine\C\Program Files\Wisdom-soft folder moved successfully. C:\Qoobox\Quarantine\C\Program Files folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\1000000b00002i folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\1000000600002i folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Photoshop 7.0 CE\Required PL folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Photoshop 7.0 CE folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Common Files\Adobe\TypeSpt folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Common Files\Adobe\Color folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Common Files\Adobe folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir%\Common Files folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%ProgramFilesDir% folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings CE folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE\Adobe Photoshop 7.0 Settings folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop\7.0 CE folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\Photoshop folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser\Photoshop7CE folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe\FileBrowser folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData%\Adobe folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE\%AppData% folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall\Adobe Photoshop 7.0 CE folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Thinstall folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\EurekaLog folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji\Desktopicon folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka\Dane aplikacji folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings\anka folder moved successfully. C:\Qoobox\Quarantine\C\Documents and Settings folder moved successfully. C:\Qoobox\Quarantine\C folder moved successfully. C:\Qoobox\Quarantine folder moved successfully. C:\Qoobox\BackEnv folder moved successfully. C:\Qoobox folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: daedd ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 213755 bytes ->FireFox cache emptied: 10581469 bytes ->Flash cache emptied: 564 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: anka ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 87218367 bytes ->Flash cache emptied: 3656 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2134153 bytes %systemroot%\System32 .tmp files removed: 11482 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 96,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06212010_201816 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...[/log]
Tomek01 komentarz 21 czerwca 2010 komentarz 21 czerwca 2010 Ty miałeś odinstalować Combofix'a a nie załączać z niego log. Nowy log miał być z OTL.
GnijCie komentarz 21 czerwca 2010 Autor komentarz 21 czerwca 2010 odinstalowalem go i taki log wyszedl
GnijCie komentarz 21 czerwca 2010 Autor komentarz 21 czerwca 2010 no ale przecież jest podany chyba ze jest jakis bład i go nie widac zaraz pod tym od ComboFixa jest wypisany chyba ze nie o ten chodzi?
Tomek01 komentarz 21 czerwca 2010 komentarz 21 czerwca 2010 Nie, Ty załączyłeś log z usuwania OTL a nie nowy log.
GnijCie komentarz 21 czerwca 2010 Autor komentarz 21 czerwca 2010 kurde to ja juz nic nie rozumiem OTL mam dalej na dysku. Wszysto co zrobilem, to wkleilem to co podales do tego okienka w otl i dalem na run fix i taki log wyszedl tak ponoc mialo byc. To mam teraz wlaczyc OTL od nowa i dac na zwykle skanowanie??
Tomek01 komentarz 21 czerwca 2010 komentarz 21 czerwca 2010 Dokładnie tak. Muszę sprawdzić czy nie powróciły pewne wpisy.
GnijCie komentarz 21 czerwca 2010 Autor komentarz 21 czerwca 2010 oto i on [log]OTL logfile created on: 2010-06-21 22:31:20 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = E:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 767,00 Mb Total Physical Memory | 466,00 Mb Available Physical Memory | 61,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 1024 2560 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 10,00 Gb Total Space | 1,94 Gb Free Space | 19,41% Space Free | Partition Type: NTFS Drive D: | 2,00 Gb Total Space | 0,07 Gb Free Space | 3,53% Space Free | Partition Type: NTFS Drive E: | 62,52 Gb Total Space | 3,80 Gb Free Space | 6,07% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOMOWY Current User Name: anka Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-06-20 22:55:15 | 000,572,416 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2010-04-14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2008-04-14 23:51:18 | 001,553,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-06-27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007-06-27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007-04-16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-06-20 22:55:15 | 000,572,416 | ---- | M] (OldTimer Tools) -- E:\OTL.exe MOD - [2010-04-14 18:36:14 | 000,140,800 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxBorder.dll MOD - [2010-04-14 18:33:44 | 000,140,288 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxPlugins.dll MOD - [2008-04-14 23:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009-07-11 22:42:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-11-11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-04-14 18:37:13 | 000,297,552 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx) DRV - [2010-04-14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-04-14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2010-04-14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-04-14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-04-14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-04-14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006-10-22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006-10-17 21:22:26 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32) DRV - [2005-07-25 08:13:00 | 000,014,464 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB) DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-17 19:30:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-28 18:24:23 | 000,000,000 | ---D | M] [2010-06-21 20:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Extensions [2010-06-20 22:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\extensions [2010-02-08 20:58:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009-08-24 12:47:54 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\anka\Dane aplikacji\Mozilla\Firefox\Profiles\z597srzs.default\searchplugins\askcom.xml [2010-06-20 22:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008-01-23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2009-07-31 00:44:16 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-07-31 00:44:16 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-07-31 00:44:16 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-07-31 00:44:16 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-07-31 00:44:16 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-07-31 00:44:16 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-06-20 12:58:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [ALLUpdate] E:\PROGRAMY\ALLPlayer\ALLUpdate.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 () - http://img.mtv3.fi/mn_kuvat/mtv3/viihde/555_px_kuvia_2009/652910.jpg O24 - Desktop Components:1 () - http://userserve-ak.last.fm/serve/_/39278155/Marco+Hietala+11131_193809267809_19379332280.jpg O24 - Desktop Components:2 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\anka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\anka\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-03-20 21:14:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-06-21 20:12:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-06-21 18:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-06-21 18:03:37 | 000,000,000 | ---D | C] -- C:\rsit [2010-06-21 17:59:27 | 000,000,000 | ---D | C] -- C:\Avenger [2010-06-19 13:41:16 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-06-19 13:41:16 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-06-19 13:41:15 | 000,297,552 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2010-06-19 13:41:15 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-06-19 13:41:14 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-06-19 13:41:14 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-06-19 13:41:14 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-06-19 13:41:13 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-06-19 13:40:56 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-06-19 13:40:56 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr [2010-06-19 13:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-06-19 13:07:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\anka\Recent [2010-06-18 23:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\StepMania [2010-06-15 22:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\ChomikBox [2010-06-02 19:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-05-30 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97 [2010-05-28 21:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-06-21 21:21:18 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Maskakryczna akcja wege!.URL [2010-06-21 20:25:58 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-06-21 20:25:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-06-21 20:25:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-06-21 20:24:59 | 804,835,328 | -HS- | M] () -- C:\hiberfil.sys [2010-06-21 20:22:23 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\anka\NTUSER.DAT [2010-06-21 20:22:23 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\anka\ntuser.ini [2010-06-21 19:51:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-06-21 17:58:24 | 000,267,776 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\wylanczanie zintegrowanej karty dzwiekowej, instalacja nowiusienkiej.doc [2010-06-20 12:58:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-06-19 22:59:13 | 000,000,068 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Reinkarnacja.URL [2010-06-19 22:41:27 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\LIST MOTYWACYJNY.doc [2010-06-19 21:30:45 | 000,000,073 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Podłączenie nowej karty dźwiękowej. Wyłączenie zintegrowanej karty dźwiękowej w BIOS-ie. Hotfix - Aktualności i porady kompu.URL [2010-06-19 13:41:14 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-06-16 21:04:55 | 000,055,716 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\pub6.jpg [2010-06-16 19:09:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-06-15 23:00:19 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\anka\default.pls [2010-06-15 22:22:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-06-13 15:27:17 | 000,000,081 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Todd Lockwood - Planetar81 - Chomikuj.pl.URL [2010-06-12 01:09:17 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-06-07 20:24:44 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\jelenaabbouui4.jpg (Obrazek JPEG, 450x694 pikseli).URL [2010-06-07 18:53:05 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\ARCANA XV - Tarot Favole.URL [2010-06-06 00:08:14 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Tarot Snów (Tarot of Dreams) Ciro Marchetti.URL [2010-05-29 23:39:05 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Guild Wars.lnk [2010-05-29 22:13:24 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\Twój sposób na podryw.doc [2010-05-25 22:03:33 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\anka\Moje dokumenty\PRZEPIS NA CHLEB PSZENNO.doc [2010-05-24 19:09:44 | 000,000,070 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Wielkie Żarcie - Przepis - milkshake czyli prawdziwy shake z mc donald.URL [2010-05-24 19:09:08 | 000,000,066 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Kod Mojżesza.avi - creativi - Chomikuj.pl.URL [2010-05-23 22:16:38 | 000,000,091 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\Ranga w głosie - Forum dyskusyjne - iSing.URL [2010-05-23 00:54:06 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Rise Against - Savior.URL [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-06-21 21:21:18 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Maskakryczna akcja wege!.URL [2010-06-20 22:02:12 | 000,267,776 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\wylanczanie zintegrowanej karty dzwiekowej, instalacja nowiusienkiej.doc [2010-06-19 22:59:13 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Reinkarnacja.URL [2010-06-19 22:41:26 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\LIST MOTYWACYJNY.doc [2010-06-19 21:30:45 | 000,000,073 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Podłączenie nowej karty dźwiękowej. Wyłączenie zintegrowanej karty dźwiękowej w BIOS-ie. Hotfix - Aktualności i porady kompu.URL [2010-06-16 21:04:50 | 000,055,716 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\pub6.jpg [2010-06-15 22:18:46 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\anka\default.pls [2010-06-13 15:27:17 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Todd Lockwood - Planetar81 - Chomikuj.pl.URL [2010-06-12 01:06:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-06-07 20:24:44 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\jelenaabbouui4.jpg (Obrazek JPEG, 450x694 pikseli).URL [2010-06-07 18:53:05 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\ARCANA XV - Tarot Favole.URL [2010-06-06 00:08:14 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Tarot Snów (Tarot of Dreams) Ciro Marchetti.URL [2010-05-29 22:13:22 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\Twój sposób na podryw.doc [2010-05-28 21:16:50 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Guild Wars.lnk [2010-05-25 22:03:32 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\anka\Moje dokumenty\PRZEPIS NA CHLEB PSZENNO.doc [2010-05-24 19:09:44 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Wielkie Żarcie - Przepis - milkshake czyli prawdziwy shake z mc donald.URL [2010-05-24 19:09:08 | 000,000,066 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Kod Mojżesza.avi - creativi - Chomikuj.pl.URL [2010-05-23 22:16:38 | 000,000,091 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\Ranga w głosie - Forum dyskusyjne - iSing.URL [2010-05-23 00:54:06 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\anka\Pulpit\YouTube - Rise Against - Savior.URL [2009-08-30 13:09:56 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009-08-30 13:09:56 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009-08-30 13:09:56 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009-08-30 13:09:56 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009-08-30 13:09:56 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009-08-30 13:09:56 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009-06-26 20:46:27 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\VBUTILLight.dll [2009-06-26 20:46:23 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll [2009-04-16 22:00:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini [2009-04-16 21:55:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2009-03-27 14:53:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-03-24 20:29:50 | 000,010,197 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini [2009-03-21 00:54:08 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-03-21 00:00:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-03-21 00:00:37 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-03-21 00:00:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-03-21 00:00:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-03-21 00:00:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-03-20 22:30:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-03-20 21:26:33 | 000,002,457 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2008-11-26 22:28:48 | 000,000,272 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006-10-22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2002-03-17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000088.DLL [color=#E56717]========== Files - Unicode (All) ==========[/color] [2010-06-16 23:20:48 | 000,000,257 | ---- | M] ()(C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url) -- C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url [2010-06-16 23:20:48 | 000,000,257 | ---- | C] ()(C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url) -- C:\Documents and Settings\anka\Pulpit\????? ??????? ??????? ?? ???? ????? ?????? ????????? avast! 5.0.507 Final ??????? Antivirus & Internet Security ??? ???? ?? ????? - ??????? ??? ????.url [2010-05-23 22:30:49 | 000,000,068 | ---- | M] ()(C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL) -- C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL [2010-05-23 22:30:49 | 000,000,068 | ---- | C] ()(C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL) -- C:\Documents and Settings\anka\Pulpit\YouTube - Vitas_Opera #2 (??+????).URL < End of report >[/log]
Tomek01 komentarz 21 czerwca 2010 komentarz 21 czerwca 2010 Wygląda czysto. Profilaktycznie Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki podaj na forum.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.