Szeldas utworzono 21 listopada 2010 utworzono 21 listopada 2010 (edytowane) Witam. Mam problem podejrzewam że jakieś wirusy. Komputer muli, pojawili się na dyskach c,d,e jakis plik autorun.inf ktorego nie można usunąć a avira ciągle go blokuje.Nie znam się na tym i proszę was o pomoc. Nie chciałbym robić formaty bo za dużo danych mam na komputerze. [log]OTL logfile created on: 2010-11-21 09:31:40 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\grzesiek\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 98,00 Mb Available Physical Memory | 19,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 2048 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 51,37 Gb Total Space | 27,26 Gb Free Space | 53,06% Space Free | Partition Type: NTFS Drive D: | 48,83 Gb Total Space | 43,89 Gb Free Space | 89,88% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 41,86 Gb Free Space | 85,73% Space Free | Partition Type: NTFS Drive N: | 3,68 Gb Total Space | 3,04 Gb Free Space | 82,57% Space Free | Partition Type: FAT32 Computer Name: FENIX | User Name: grzesiek | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-11-21 09:30:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grzesiek\Pulpit\OTL.exe PRC - [2010-10-28 21:51:07 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-10-28 21:51:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-10-14 20:13:03 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\grzesiek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2010-10-11 16:49:48 | 014,940,040 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2010-09-15 04:50:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-08-02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010-08-02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010-08-02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010-05-14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2007-04-16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2006-09-13 18:20:26 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2006-09-13 17:22:36 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2006-07-21 23:46:54 | 000,167,936 | ---- | M] (FarStone Technology Inc.) -- E:\Program Files\FarStone\GameDrive\GDP\gdtask.exe PRC - [2005-01-28 13:44:28 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2004-08-04 01:44:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2004-08-04 01:44:28 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2004-08-04 01:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-04 01:44:24 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msdtc.exe PRC - [2004-08-04 01:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-08-04 01:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2004-08-04 01:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2004-08-04 01:44:20 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe PRC - [2004-08-04 01:44:18 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2004-08-04 01:44:18 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-11-21 09:30:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grzesiek\Pulpit\OTL.exe MOD - [2010-11-21 08:50:53 | 000,117,760 | RHS- | M] () -- C:\Documents and Settings\grzesiek\Ustawienia lokalne\Temp\apiqq0.dll MOD - [2006-09-13 17:35:43 | 008,486,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2006-09-13 17:32:56 | 001,013,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2006-09-13 17:30:33 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2006-09-13 17:30:21 | 001,286,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2006-09-13 17:29:48 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2006-09-13 17:21:29 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2006-06-23 12:27:02 | 000,667,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2006-06-23 12:27:02 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2006-05-03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll MOD - [2004-08-04 01:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2004-08-04 01:44:16 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2004-08-04 01:44:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll MOD - [2004-08-04 01:44:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll MOD - [2004-08-04 01:44:14 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2004-08-04 01:44:14 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2004-08-04 01:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2004-08-04 01:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2004-08-04 01:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2004-08-04 01:44:10 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2004-08-04 01:44:10 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2004-08-04 01:44:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2004-08-04 01:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2004-08-04 01:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2004-08-04 01:44:08 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2004-08-04 01:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2004-08-04 01:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2004-08-04 01:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2004-08-04 01:44:04 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll MOD - [2004-08-04 01:43:56 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2004-08-04 01:43:56 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll MOD - [2004-08-04 01:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2004-08-04 01:43:52 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2004-08-04 01:43:48 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2004-08-04 01:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2004-08-04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\sshnas21.dll -- (SSHNAS) SRV - [2010-08-02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010-08-02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010-06-20 16:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\grzesiek\USTAWI~1\Temp\Rar$EX01.335\xqz ring0 by dedi\injectDLL.sys -- (injectDLL) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2010-08-02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010-08-02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-06-17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010-06-17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010-01-03 10:32:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-12-01 14:49:54 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2008-12-26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM) DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2006-10-22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006-09-13 19:19:10 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2006-08-05 05:20:36 | 000,071,680 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fgxscsi.sys -- (FGXSCSI) DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006-07-12 05:17:06 | 000,011,520 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fgdxbus.sys -- (fgdxbus) DRV - [2004-11-14 12:01:02 | 000,006,852 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Vcs.sys -- (Vcs) DRV - [2004-08-04 00:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2001-08-18 00:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001-08-18 00:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1960408961-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1960408961-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15161&l=dis IE - HKU\S-1-5-21-1960408961-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1960408961-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1960408961-1343024091-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Reganam Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1601497&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "wwww.google.pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {104cba90-6fb2-11df-be2b-0800200c9a66}:1.2 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1601497&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-31 14:30:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-01 22:06:29 | 000,000,000 | ---D | M] [2010-01-01 17:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Mozilla\Extensions [2010-11-21 08:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Mozilla\Firefox\Profiles\2nork7y5.default\extensions [2010-08-03 12:42:23 | 000,000,000 | ---D | M] (TV.wrzuc.to) -- C:\Documents and Settings\grzesiek\Dane aplikacji\Mozilla\Firefox\Profiles\2nork7y5.default\extensions\{104cba90-6fb2-11df-be2b-0800200c9a66} [2010-11-03 23:16:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\grzesiek\Dane aplikacji\Mozilla\Firefox\Profiles\2nork7y5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-11-03 23:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Mozilla\Firefox\Profiles\2nork7y5.default\extensions\personas@christopher.beard [2010-08-02 22:03:18 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\grzesiek\Dane aplikacji\Mozilla\Firefox\Profiles\2nork7y5.default\searchplugins\askcom.xml [2010-10-22 10:20:26 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\grzesiek\Dane aplikacji\Mozilla\Firefox\Profiles\2nork7y5.default\searchplugins\conduit.xml [2010-11-21 08:04:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-11-01 22:06:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010-06-28 12:05:33 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-06-28 12:05:33 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-06-28 12:05:33 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-06-28 12:05:33 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-06-28 12:05:33 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-06-28 12:05:33 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-01-01 20:51:45 | 000,371,241 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 12798 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKU\S-1-5-21-1960408961-1343024091-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-1960408961-1343024091-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [GameDrive] E:\Program Files\FarStone\GameDrive\GDP\GDTask.exe (FarStone Technology Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-21-1960408961-1343024091-839522115-1003..\Run: [api32] C:\Documents and Settings\grzesiek\Ustawienia lokalne\Temp\apiqq.exe () O4 - HKU\S-1-5-21-1960408961-1343024091-839522115-1003..\Run: [Gadu-Gadu] D:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKU\S-1-5-21-1960408961-1343024091-839522115-1003..\Run: [Steam] D:\program files\steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1960408961-1343024091-839522115-1003..\Run: [XBV6RD5SZF] C:\DOCUME~1\grzesiek\USTAWI~1\Temp\Is0.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [nlpo_03] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [nlpo_04] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [nlpo_03] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [nlpo_04] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 4096 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1960408961-1343024091-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 194.204.152.34 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Program Files\Steam\UnDead.Injector.exe) - C:\Program Files\Steam\UnDead.Injector.exe File not found O24 - Desktop Components:0 () - http://www.iv.pl/images/17272099318751432435.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\grzesiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\grzesiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-12-31 12:37:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - Unable to obtain root file information for disk C:\ O32 - Unable to obtain root file information for disk D:\ O32 - Unable to obtain root file information for disk E:\ O32 - Unable to obtain root file information for disk N:\ O33 - MountPoints2\{789ee400-ddf2-11df-9a0f-00142a9f45ab}\Shell\AutoRun\command - "" = N:\lpl.exe -- [2010-10-27 05:42:54 | 000,180,224 | RHS- | M] () O33 - MountPoints2\{789ee400-ddf2-11df-9a0f-00142a9f45ab}\Shell\open\Command - "" = N:\lpl.exe -- [2010-10-27 05:42:54 | 000,180,224 | RHS- | M] () O33 - MountPoints2\{942e20f0-6db2-11df-9890-00142a9f45ab}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iqe32.exe O33 - MountPoints2\{942e20f0-6db2-11df-9890-00142a9f45ab}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iqe32.exe O33 - MountPoints2\{af6495d0-de1f-11df-9a10-00142a9f45ab}\Shell\AutoRun\command - "" = N:\9d6resf.exe -- File not found O33 - MountPoints2\{af6495d0-de1f-11df-9a10-00142a9f45ab}\Shell\open\Command - "" = N:\9d6resf.exe -- File not found O33 - MountPoints2\{c551d064-03a3-11df-96b2-00142a9f45ab}\Shell\AutoRun\command - "" = vlvtdflx.exe O33 - MountPoints2\{c551d064-03a3-11df-96b2-00142a9f45ab}\Shell\open\Command - "" = vlvtdflx.exe O33 - MountPoints2\{dc3dd7b6-ec30-11df-9a34-00142a9f45ab}\Shell\AutoRun\command - "" = N:\lpl.exe -- [2010-10-27 05:42:54 | 000,180,224 | RHS- | M] () O33 - MountPoints2\{dc3dd7b6-ec30-11df-9a34-00142a9f45ab}\Shell\open\Command - "" = N:\lpl.exe -- [2010-10-27 05:42:54 | 000,180,224 | RHS- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-11-21 09:30:22 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\grzesiek\Pulpit\OTL.exe [2010-11-21 09:08:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010-11-21 08:56:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010-11-21 08:56:32 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010-11-21 08:56:32 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010-11-21 08:56:31 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010-11-21 08:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira [2010-11-20 20:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Dane aplikacji\skypePM [2010-11-20 20:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2010-11-20 20:53:44 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2010-11-19 22:56:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\3636C9237AD64DE3978A09609AEE8ECF.TMP [2010-11-17 14:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Sierra [2010-11-17 14:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Moje dokumenty\Empire Earth II [2010-11-16 17:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Dane aplikacji\ArcaVirMicroScan [2010-11-13 12:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Pulpit\wywołać [2010-11-07 16:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Pulpit\Nowy folder [2010-11-07 13:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Pulpit\muza [2010-11-01 22:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-11-01 22:06:28 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010-11-01 22:06:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010-11-01 22:06:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010-11-01 22:06:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010-11-01 19:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Moje dokumenty\Pobieranie [2010-10-27 06:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Moje dokumenty\My Games [2010-10-27 05:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Dane aplikacji\FarStone [2010-10-27 05:35:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2010-10-27 05:34:53 | 000,071,680 | ---- | C] (FarStone Inc.) -- C:\WINDOWS\System32\drivers\fgxscsi.sys [2010-10-27 05:34:53 | 000,069,632 | ---- | C] (Far Stone Technology Inc.) -- C:\WINDOWS\GPlay08.exe [2010-10-27 05:34:53 | 000,011,520 | ---- | C] (FarStone Inc.) -- C:\WINDOWS\System32\drivers\fgdxbus.sys [2010-10-27 05:33:33 | 000,126,976 | ---- | C] (Farstone) -- C:\WINDOWS\System32\DVC.dll [2010-10-27 05:33:33 | 000,090,112 | ---- | C] (FarStone) -- C:\WINDOWS\System32\Dversion.dll [2010-10-20 18:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Pulpit\foty [2010-10-19 22:15:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\grzesiek\Moje dokumenty\temp_3 [2010-10-17 20:29:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\grzesiek\Moje dokumenty\temp_2 [2010-10-17 20:11:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\grzesiek\Moje dokumenty\temp_1 [2010-10-15 19:56:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\grzesiek\Moje dokumenty\Moja muzyka [2010-10-13 06:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Moje dokumenty\fddfds [2010-10-11 09:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Moje dokumenty\Activision [2010-10-10 09:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Moje dokumenty\Mount&Blade Savegames [2010-10-09 15:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Adobe [2010-10-03 13:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Pulpit\Wiola [2010-10-03 10:28:19 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll [2010-10-03 10:27:53 | 001,294,336 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm [2010-10-03 10:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line [2010-09-25 16:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Moje dokumenty\gg [2010-09-25 14:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\grzesiek\Dane aplikacji\fltk.org [2010-01-20 20:56:58 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\grzesiek\Dane aplikacji\pcouffin.sys [2004-11-24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-11-21 09:33:48 | 000,000,000 | ---- | M] () -- C:\autorun.inf [2010-11-21 09:30:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\grzesiek\Pulpit\OTL.exe [2010-11-21 09:18:00 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1343024091-839522115-1003UA.job [2010-11-21 08:53:00 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010-11-21 08:51:58 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\grzesiek\UpdateLog.GDZ [2010-11-21 08:51:05 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-11-21 08:50:32 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-11-21 08:42:00 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-11-20 22:40:10 | 000,011,264 | -H-- | M] () -- C:\Documents and Settings\grzesiek\Pulpit\photothumb.db [2010-11-20 21:18:02 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1343024091-839522115-1003Core.job [2010-11-20 20:53:50 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-11-20 20:04:30 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\grzesiek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-11-20 11:46:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-11-17 14:40:53 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Launch Empire Earth II.lnk [2010-11-17 14:37:24 | 000,000,917 | ---- | M] () -- C:\WINDOWS\GTA-SA_Trn_Settings.ini [2010-11-14 14:13:00 | 000,001,723 | ---- | M] () -- C:\WINDOWS\kaillera.ini [2010-11-10 19:50:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-11-07 23:20:06 | 000,002,327 | ---- | M] () -- C:\Documents and Settings\grzesiek\Pulpit\Google Chrome.lnk [2010-11-07 13:18:32 | 000,002,836 | ---- | M] () -- C:\Documents and Settings\grzesiek\.recently-used.xbel [2010-11-06 09:10:01 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll [2010-11-06 09:10:01 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll [2010-11-06 09:10:01 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll [2010-10-31 09:00:53 | 000,490,808 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-10-31 09:00:53 | 000,432,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-10-31 09:00:53 | 000,083,988 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-10-31 09:00:53 | 000,067,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-10-28 13:25:16 | 000,100,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-10-27 05:43:30 | 000,000,074 | ---- | M] () -- C:\WINDOWS\System32\config.ini [2010-10-27 05:42:52 | 000,180,224 | RHS- | M] () -- C:\lpl.exe [2010-10-27 05:35:23 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\GDPersns.dat [2010-10-27 05:33:33 | 000,126,976 | ---- | M] (Farstone) -- C:\WINDOWS\System32\DVC.dll [2010-10-27 05:33:33 | 000,090,112 | ---- | M] (FarStone) -- C:\WINDOWS\System32\Dversion.dll [2010-10-25 18:15:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\grzesiek\Studio Pokój - Coś o Tobie.mp3 [2010-10-25 17:50:34 | 000,139,264 | RHS- | M] () -- C:\r3q63rok.exe [2010-10-22 14:29:26 | 000,162,304 | RHS- | M] () -- C:\9d6resf.exe [2010-10-21 14:06:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL [2010-10-20 18:15:25 | 000,005,396 | ---- | M] () -- C:\Documents and Settings\grzesiek\masks [2010-10-09 18:18:15 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [2010-10-06 18:27:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\grzesiek\peksiorondabeat+newgangstabeat2010.mp3 [2010-10-05 09:47:44 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010-10-03 10:28:46 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\grzesiek\Pulpit\ASIO4ALL v2 Off-Line Settings.lnk [2010-09-30 19:28:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\grzesiek\Peja - Diss na Pelsona.mp3 [2010-09-30 19:20:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\grzesiek\Whip - Tylko Ty.mp3 [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-11-20 20:53:50 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-11-17 14:40:53 | 000,000,489 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Launch Empire Earth II.lnk [2010-11-14 09:38:06 | 000,011,264 | -H-- | C] () -- C:\Documents and Settings\grzesiek\Pulpit\photothumb.db [2010-11-07 13:18:32 | 000,002,836 | ---- | C] () -- C:\Documents and Settings\grzesiek\.recently-used.xbel [2010-11-06 09:10:01 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2010-11-06 09:10:01 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2010-11-06 09:10:01 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2010-11-05 14:49:28 | 000,180,224 | RHS- | C] () -- C:\lpl.exe [2010-10-27 05:43:30 | 000,000,074 | ---- | C] () -- C:\WINDOWS\System32\config.ini [2010-10-27 05:41:18 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\grzesiek\UpdateLog.GDZ [2010-10-27 05:35:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDPersns.dat [2010-10-27 05:34:53 | 000,014,496 | ---- | C] () -- C:\WINDOWS\System32\GDI08X.dat [2010-10-27 05:34:53 | 000,002,238 | ---- | C] () -- C:\WINDOWS\Driver.ico [2010-10-27 05:32:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\RemFarStone.exe [2010-10-25 18:15:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\grzesiek\Studio Pokój - Coś o Tobie.mp3 [2010-10-25 17:51:04 | 000,139,264 | RHS- | C] () -- C:\r3q63rok.exe [2010-10-22 22:03:16 | 000,162,304 | RHS- | C] () -- C:\9d6resf.exe [2010-10-22 22:03:16 | 000,000,000 | ---- | C] () -- C:\autorun.inf [2010-10-09 18:02:15 | 000,000,570 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [2010-10-06 18:27:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\grzesiek\peksiorondabeat+newgangstabeat2010.mp3 [2010-10-03 10:28:46 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\grzesiek\Pulpit\ASIO4ALL v2 Off-Line Settings.lnk [2010-09-30 19:28:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\grzesiek\Peja - Diss na Pelsona.mp3 [2010-09-30 19:20:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\grzesiek\Whip - Tylko Ty.mp3 [2010-09-25 14:38:57 | 000,001,723 | ---- | C] () -- C:\WINDOWS\kaillera.ini [2010-09-10 22:45:27 | 000,000,917 | ---- | C] () -- C:\WINDOWS\GTA-SA_Trn_Settings.ini [2010-08-25 11:39:43 | 000,006,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vcs.sys [2010-07-28 21:29:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010-06-01 17:26:08 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI [2010-04-25 14:45:32 | 000,065,144 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-04-13 22:10:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2010-04-12 06:18:07 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-04-12 06:18:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-03-07 10:32:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL [2010-02-14 12:49:41 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2010-01-21 21:23:42 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI [2010-01-20 20:57:10 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\grzesiek\Dane aplikacji\pcouffin.log [2010-01-20 20:56:58 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\grzesiek\Dane aplikacji\inst.exe [2010-01-20 20:56:58 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\grzesiek\Dane aplikacji\pcouffin.cat [2010-01-20 20:56:58 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\grzesiek\Dane aplikacji\pcouffin.inf [2010-01-17 12:46:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt [2010-01-17 12:41:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010-01-16 22:09:54 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\grzesiek\Dane aplikacji\PnkBstrK.sys [2010-01-16 21:38:03 | 000,000,112 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010-01-03 10:32:37 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-01-02 00:59:39 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\grzesiek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-01-01 17:40:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-12-31 10:41:59 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008-12-19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008-12-17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008-12-17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008-12-17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-12-17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008-12-17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2006-10-22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006-07-12 05:17:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VDExt800.dll [2006-07-12 05:17:28 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExt712.dll [2006-07-12 05:17:24 | 000,006,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCdx.sys [2006-07-12 05:17:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GDExt800.dll [2006-07-12 05:17:10 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExt712.dll [2004-10-03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2004-08-04 01:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2003-03-05 20:43:42 | 000,140,520 | ---- | C] () -- C:\WINDOWS\System32\CModule.dll [color=#E56717]========== LOP Check ==========[/color] [2010-01-03 10:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-07-01 18:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FarmFrenzy2 [2010-06-29 09:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-01-01 23:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-11-18 19:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-04-28 05:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit [2010-04-28 05:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-07-26 17:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TrackMania [2010-11-18 19:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grzegorz\Dane aplikacji\FarStone [2010-07-31 14:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grzegorz\Dane aplikacji\Gadu-Gadu 10 [2010-08-03 10:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grzegorz\Dane aplikacji\GHISLER [2010-08-01 23:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Grzegorz\Dane aplikacji\uTorrent [2010-11-16 17:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\ArcaVirMicroScan [2010-08-25 10:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Avnex [2010-04-11 17:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\BESTplayer [2010-01-03 13:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\DAEMON Tools Lite [2010-07-27 20:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\FarmingSimulator2008 [2010-10-27 05:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\FarStone [2010-06-20 12:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\fizzy [2010-09-25 14:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\fltk.org [2010-01-01 21:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Gadu-Gadu [2010-10-05 22:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Gadu-Gadu 10 [2010-09-09 16:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\GG Tools [2010-05-08 21:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\GHISLER [2010-11-07 13:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\gtk-2.0 [2010-07-02 14:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\ipla [2010-10-11 11:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Mount&Blade [2010-01-02 12:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\OpenFM [2010-04-24 20:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Samsung [2010-09-21 16:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Screaming Bee [2010-11-17 14:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Sierra [2010-07-23 17:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Spore [2010-07-07 09:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\TS3Client [2010-11-06 08:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\uTorrent [2010-01-20 21:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grzesiek\Dane aplikacji\Vso [2010-11-21 08:53:00 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:010ADD2C < End of report > [/log]
Tomek01 komentarz 21 listopada 2010 komentarz 21 listopada 2010 Duże zużycie procesora mnie nie dziwi z uwagi na gigantycznie rozrośnięty plik Hosts: O1 - Hosts: 12798 more lines... Otwierasz notatnik, wklepujesz C:\windows\System32\drivers\etc\Hosts - enter. Usuwasz wszystko poza prawidłowym wpisem 127.0.0.1 localhost. Zapisujesz zmiany. Pamiętaj aby nie skojarzyć go na stałe z Notatnikiem ! Odinstaluj Asktoolbar. Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm czy innymi pamięciami USB. W OTL, w oknie Custom scan/fixes wklej: [code]:Processes Explorer.exe MOD - [2010-11-21 08:50:53 | 000,117,760 | RHS- | M] () -- C:\Documents and Settings\grzesiek\Ustawienia lokalne\Temp\apiqq0.dll SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\sshnas21.dll -- (SSHNAS) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\grzesiek\USTAWI~1\Temp\Rar$EX01.335\xqz ring0 by dedi\injectDLL.sys -- (injectDLL) IE - HKU\S-1-5-21-1960408961-1343024091-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15161&l=dis FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Reganam Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1601497&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1601497&q=" [2010-08-02 22:03:18 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\grzesiek\Dane aplikacji\Mozilla\Firefox\Profiles\2nork7y5.default\searchplugins\askcom.xml [2010-10-22 10:20:26 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\grzesiek\Dane aplikacji\Mozilla\Firefox\Profiles\2nork7y5.default\searchplugins\conduit.xml O4 - HKU\S-1-5-21-1960408961-1343024091-839522115-1003..\Run: [api32] C:\Documents and Settings\grzesiek\Ustawienia lokalne\Temp\apiqq.exe () O4 - HKU\S-1-5-21-1960408961-1343024091-839522115-1003..\Run: [XBV6RD5SZF] C:\DOCUME~1\grzesiek\USTAWI~1\Temp\Is0.exe File not found O33 - MountPoints2\{789ee400-ddf2-11df-9a0f-00142a9f45ab}\Shell\AutoRun\command - "" = N:\lpl.exe -- [2010-10-27 05:42:54 | 000,180,224 | RHS- | M] () O33 - MountPoints2\{789ee400-ddf2-11df-9a0f-00142a9f45ab}\Shell\open\Command - "" = N:\lpl.exe -- [2010-10-27 05:42:54 | 000,180,224 | RHS- | M] () O33 - MountPoints2\{942e20f0-6db2-11df-9890-00142a9f45ab}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iqe32.exe O33 - MountPoints2\{942e20f0-6db2-11df-9890-00142a9f45ab}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iqe32.exe O33 - MountPoints2\{af6495d0-de1f-11df-9a10-00142a9f45ab}\Shell\AutoRun\command - "" = N:\9d6resf.exe -- File not found O33 - MountPoints2\{af6495d0-de1f-11df-9a10-00142a9f45ab}\Shell\open\Command - "" = N:\9d6resf.exe -- File not found O33 - MountPoints2\{c551d064-03a3-11df-96b2-00142a9f45ab}\Shell\AutoRun\command - "" = vlvtdflx.exe O33 - MountPoints2\{c551d064-03a3-11df-96b2-00142a9f45ab}\Shell\open\Command - "" = vlvtdflx.exe O33 - MountPoints2\{dc3dd7b6-ec30-11df-9a34-00142a9f45ab}\Shell\AutoRun\command - "" = N:\lpl.exe -- [2010-10-27 05:42:54 | 000,180,224 | RHS- | M] () O33 - MountPoints2\{dc3dd7b6-ec30-11df-9a34-00142a9f45ab}\Shell\open\Command - "" = N:\lpl.exe -- [2010-10-27 05:42:54 | 000,180,224 | RHS- | M] () @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:010ADD2C :Files C:\lpl.exe C:\r3q63rok.exe C:\9d6resf.exe C:\autorun.inf D:\lpl.exe D:\r3q63rok.exe D:\9d6resf.exe D:\autorun.inf E:\lpl.exe E:\r3q63rok.exe E:\9d6resf.exe E:\autorun.inf C:\WINDOWS\System32\sshnas21.dll C:\Documents and Settings\grzesiek\Dane aplikacji\inst.exe C:\Documents and Settings\grzesiek\Dane aplikacji\pcouffin.cat C:\Documents and Settings\grzesiek\Dane aplikacji\pcouffin.inf C:\Documents and Settings\grzesiek\Ustawienia lokalne\Temp\apiqq0.dll C:\Documents and Settings\grzesiek\Ustawienia lokalne\Temp\Rar$EX01.335\xqz ring0 by dedi\injectDLL.sys r3q63rok.exe\alldrivers 9d6resf.exe\alldrivers vlvtdflx.exe\alldrivers lpl.exe\alldrivers C:\RECYCLER C:\Recycled :Services SSHNAS injectDLL XBV6RD5SZF :Commands [emptytemp] [start explorer] [Reboot] [/code] Klikasz run fix, komputer uruchamia się ponownie. Wrzuć log z usuwania oraz nowe logi: OTL i RSIT. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki pokaż na forum.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.