x-kom hosting

Win XP SP2 Uruchamia się tylko do tapety, brak ikon i paska.

Loopezik
utworzono
utworzono (edytowane)

Witam. Nie bijcie, jeżeli post nie w tym dziale.
Komputer uruchamia mi się do momentu ukazania tapety, brak ikon i paska, nie działają skróty. Po uruchomieniu MZ i wpisaniu polecenia c: wyskakuje komunikat, że Windows nie może odnaleźć pliku "/idlist(nr)c:\", czy coś takiego, po chwili komunikat, że iexplore.exe napotkał błąd i musi zostać zamknięty i restart kompa. Po c: pojawiają się ikony i pasek, ale później reset.
Wczoraj udało mi się podziałać trochę (nie było resetu), zainstalowałem combofixa (ale skan trwał stanowczo zbyt długo, więc nie mam loga), HIJackThis (log poniżej), ale dzisiaj już nic nie mogę zrobić.

[log]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:28, on 2012-05-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\wupdmgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\EXPLORER.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css">
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts: .services { font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <link type="text/css" rel="stylesheet" href="http://l.yimg.com/a/lib/uh/15/css/uh-1.0.28.css">
O1 - Hosts: <style type="text/css">
O1 - Hosts: div#headerblock div{font-family:arial;}
O1 - Hosts: </style>
O1 - Hosts: <div id="ygma"><div id="ygmaheader"><div class="bd sp"><div id="ymenu" class="ygmaclr"><div id="mepanel"><ul id="mepanel-nav"><li class="me1"><em>New User? <a class="ygmasignup" title="Sign Up" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=2/SIG=13j8rdsqp/*https://edit.yahoo.com/config/eval_register?.done=http://smallbusiness.yahoo.com%2findex.html&.src=smbiz&.intl=us">Sign Up</a></em></li><li class="me2"><a title="Sign In" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=3/SIG=13cm6p12o/*https://login.yahoo.com/config/login?.done=http://geocities.yahoo.com&.src=smbiz&.intl=us">Sign In</a></li>
O1 - Hosts: <li class="me3"><a href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=7/SIG=11hjute28/*http://help.yahoo.com/l/us/yahoo/geocities/" target="_top" title="Yahoo! Help Central">Help</a></li>
O1 - Hosts: </ul></div><div id="ygmapromo"><a style="font-weight:bold;" id="ygmaie8" href="http://us.ard.yahoo.com/SIG=15vud5jbf/M=650008.13445975.13532322.12832737/D=smallbiz/S=2023010636:HPRM2/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=0Qw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5706923/R=0/SIG=117bakia1/*http://toolbar.yahoo.com/?.cpdl=ushdl" target="_top">Get Yahoo! Toolbar<abbr title="Yahoo! Toolbar"></abbr></a>
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['0Qw4Atj8a20-']='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: <noscript><img width=1 height=1 alt="" src="http://us.bc.yahoo.com/b?P=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48&T=144j596l3%2fX%3d1252090825%2fE%3d2023010636%2fR%3dsmallbiz%2fK%3d5%2fV%3d2.1%2fW%3dH%2fY%3dYAHOO%2fF%3d1861688409%2fQ%3d-1%2fS%3d1%2fJ%3d8B68FCD8&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1"></noscript></div>
O1 - Hosts: <div id="pa"><div id="pa-wrapper"><ul id="pa2-nav" class="sp"><li class="pa1 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=8/SIG=10jmd0d5u/*http://yahoo.com/" title="Yahoo!" target="_top">Yahoo!</a></li><li class="pa2 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=9/SIG=10n3m6b64/*http://mail.yahoo.com" title="Yahoo! Mail" target="_top">Mail</a></li></ul><div id="pa-left" class="sp"></div><ul id="pa-nav" class="sp"><li class="pa3 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['zgw4Atj8a20-']='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr" style="width:898px;margin-top:1.5em">
O1 - Hosts: <Div class="ez-l2a" id="wrapper">
O1 - Hosts: <div class="ez-l2a-1 " style="width:898px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <div class="ez-wr" >
O1 - Hosts: <div class="ez-box" style="width:898px">
O1 - Hosts: <h1>Sorry, the GeoCities web site you were trying to reach is no longer available.</h1>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" id="boxyahoourls">
O1 - Hosts: <p> GeoCities has closed, but there's a lot more to explore on Yahoo!</p>
O1 - Hosts: <h2>Visit one of these popular Yahoo! sites:</h2>
O1 - Hosts: <ul class= "services">
O1 - Hosts: <li><a href="http://mail.yahoo.com">Yahoo! Mail</a></li>
O1 - Hosts: <li><a href="http://smallbusiness.yahoo.com/webhosting">Web Hosting</a></li>
O1 - Hosts: <li><a href="http://news.yahoo.com">News</a></li>
O1 - Hosts: <li><a href="http://games.yahoo.com">Games</a></li>
O1 - Hosts: <li><a href="http://sports.yahoo.com/">Sports</a> </li>
O1 - Hosts: <li><a href="http://movies.yahoo.com">Movies</a></li>
O1 - Hosts: <li><a href="http://finance.yahoo.com">Finance</a></li>
O1 - Hosts: <li><a href="http://maps.yahoo.com">Maps</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </div>
O1 - Hosts: <li class="rule"><!----></li>
O1 - Hosts: <p>The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, <a href="http://www.archive.org/web/web.php" target="_blank">visit Archive.org</a> and enter the site's web address in the field provided.</p>
O1 - Hosts: <li class="rule"><!----></li>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" style="text-align:center; margin-top:25px;">
O1 - Hosts: <font size="-2" face="verdana">Copyright &copy; 2009 <a href="http://yahoo.com/">Yahoo!</a> Inc. All rights reserved.
O1 - Hosts: <ul>
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a
O1 - Hosts: ></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://smallbusiness.yahoo.com/tos/tos.php">Terms of Service
O1 - Hosts: </a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://help.yahoo.com/help/us/geo/">Help</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </font>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1337199254&f=us-w8" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Empty.pif = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Komputer/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 12300 bytes[/log]

Igorrodz
komentarz
komentarz

Wykonaj raczej logi z OTL i RIST wg tego - http://www.forumpc.pl/index.php?showtopic=104338

Loopezik
komentarz
komentarz

No właśnie problem w tym, że już nic nie mogę uruchomić, ponieważ nie mogę wejść na dysk twardy/pendrive'a, natomiast po uruchomieniu np.: c: ikony i pasek się pojawiają, ale od razu startuje procedura restartu. Ledwie zdążyłem przesłać log z HijackThis do pendrive'a, żeby go tu zamieścić.

Gość
komentarz
komentarz

Startuj do trybu awaryjnego idaj logi z OTL. Jest tu infekcja Brontok.
instrukcja [url="http://www.fixitpc.pl/topic/61-diagnostyka-ogolne-raporty-systemowe/#1"]Diagnostyka: ogólne raporty systemowe - Fixitpc.pl[/url]

Loopezik
komentarz
komentarz

Ok, dopiero jestem. Zamieszczam logi:
[log]OTL logfile created on: 2012-05-21 16:53:24 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

191,48 Mb Total Physical Memory | 25,59 Mb Available Physical Memory | 13,36% Memory free
466,90 Mb Paging File | 291,62 Mb Available in Paging File | 62,46% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,85 Gb Total Space | 3,49 Gb Free Space | 27,15% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 20,99 Gb Free Space | 85,99% Space Free | Partition Type: FAT32

Computer Name: 9CE33E0FBA90427 | User Name: Komputer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-05-21 16:49:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2012-04-21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-01-01 16:38:18 | 000,057,344 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EXPLORER.EXE
PRC - [2004-08-04 02:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-04-21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-04-21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2007-11-06 00:37:26 | 000,129,368 | RHS- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system\svchost.exe -- (CreateProcess)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010-03-06 14:57:05 | 000,427,776 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2010-03-06 14:57:05 | 000,011,264 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010-03-06 14:54:55 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2010-03-06 14:53:38 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2004-08-04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-05-21 16:46:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-05-21 16:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Extensions
[2012-05-21 16:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-04-21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-04-21 04:18:44 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-04-21 04:18:44 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-04-21 04:18:44 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-04-21 04:18:44 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-04-21 04:18:44 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-04-21 04:18:44 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-05-16 22:16:24 | 000,012,393 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css">
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts: .services { font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: 90 more lines...
O4 - HKLM..\Run: [Bron-Spizaetus] C:\WINDOWS\ShellNew\sempalong.exe ()
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [Tok-Cirrhatus] C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe ()
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [wsctf.exe] wsctf.exe File not found
O4 - Startup: C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\Empty.pif ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AC22B73-E65A-42A3-A3C5-EF185BA5147D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\eksplorasi.exe") - C:\WINDOWS\eksplorasi.exe ()
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Komputer/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-05-21 16:40:46 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-05-11 08:56:16 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-05-11 08:56:18 | 000,000,035 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\Shell\explore\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\Shell\open\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{0c479ecc-261f-11e1-b398-0019664a8c72}\Shell - "" = AutoRun
O33 - MountPoints2\{0c479ecc-261f-11e1-b398-0019664a8c72}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{7a018769-1f23-11e1-b390-0019664a8c72}\Shell - "" = AutoRun
O33 - MountPoints2\{7a018769-1f23-11e1-b390-0019664a8c72}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\Shell\explore\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\Shell\open\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\Shell\explore\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\Shell\open\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\Shell - "" = AutoRun
O33 - MountPoints2\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\C\Shell - "" = AutoRun
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-05-21 16:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie
[2012-05-21 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Mozilla
[2012-05-21 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla
[2012-05-21 16:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012-05-21 16:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla
[2012-05-21 16:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-05-21 16:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-21
[2012-05-17 16:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan
[2012-05-17 16:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2012-05-17 16:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-17
[2012-05-16 22:58:19 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-05-16 22:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HijackThis
[2012-05-16 22:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-05-16 22:31:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-05-16 22:28:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-05-16 22:28:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-05-16 22:28:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-05-16 22:28:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-05-16 22:28:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-16 22:28:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-05-16 22:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Komputer\Menu Start\Programy\Narzędzia administracyjne
[2012-05-16 22:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Moje wideo
[2012-05-16 21:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-16
[2012-05-16 21:42:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Komputer\UserData
[2012-05-16 20:42:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-05-16 20:37:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2012-05-16 20:37:50 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2012-05-16 20:37:46 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2012-04-23 10:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
[2012-04-23 10:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok
[2012-04-23 10:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-23
[2012-04-23 09:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\fotki
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-05-21 16:46:08 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2012-05-21 16:42:13 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\olemdb32.dll
[2012-05-21 16:41:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-05-21 16:40:53 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System\win32out.dll
[2012-05-21 16:40:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System\win32in.dll
[2012-05-21 16:40:46 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2012-05-21 16:38:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-17 17:45:58 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Update.12.Bron.Tok.bin
[2012-05-16 22:53:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\HijackThis.lnk
[2012-05-16 22:31:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-05-16 22:27:07 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
[2012-05-16 22:16:24 | 000,012,393 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-05-21 16:46:08 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2012-05-21 16:46:08 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2012-05-21 16:42:13 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\olemdb32.dll
[2012-05-17 17:45:58 | 000,012,393 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Update.12.Bron.Tok.bin
[2012-05-16 22:53:24 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\HijackThis.lnk
[2012-05-16 22:31:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-05-16 22:31:20 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2012-05-16 22:28:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-05-16 22:28:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-05-16 22:28:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-05-16 22:28:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-05-16 22:28:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-05-16 22:27:07 | 000,012,393 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
[2012-03-29 08:18:39 | 000,000,277 | ---- | C] () -- C:\WINDOWS\madagascar.ini
[2012-01-03 13:15:08 | 000,042,667 | -H-- | C] () -- C:\WINDOWS\eksplorasi.exe
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\winlogon.exe
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\services.exe
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\lsass.exe
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\inetinfo.exe
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\csrss.exe
[2011-10-10 08:15:43 | 000,001,067 | ---- | C] () -- C:\WINDOWS\disney.ini
[2011-10-10 08:15:37 | 000,000,191 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2011-05-11 08:57:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-05-11 08:56:57 | 000,137,729 | ---- | C] () -- C:\WINDOWS\System32\explorxp.exe
[2011-05-11 08:56:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll

[color=#E56717]========== LOP Check ==========[/color]

[2012-05-17 16:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan
[2012-03-30 09:09:44 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\Chromeflower
[2012-03-30 09:09:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\CrystalSpace

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

[/log]

[log]OTL Extras logfile created on: 2012-05-21 16:53:24 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

191,48 Mb Total Physical Memory | 25,59 Mb Available Physical Memory | 13,36% Memory free
466,90 Mb Paging File | 291,62 Mb Available in Paging File | 62,46% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,85 Gb Total Space | 3,49 Gb Free Space | 27,15% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 20,99 Gb Free Space | 85,99% Space Free | Partition Type: FAT32

Computer Name: 9CE33E0FBA90427 | User Name: Komputer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagaskar (TM)
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A414131-FD7A-42DF-9F5E-79DC17CE4CD6}" = Auta
"{A6B0E526-D1E8-11D5-AA2E-0008C760B784}" = Disney Piotruś Pan Wielki Powrót
"{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish
"{B1EB0284-674E-48BD-9EBF-14954C95668C}" = eduROM Gra edukacyjna Język polski "Czytam i piszę"
"ABC" = ABC z Reksiem
"Bolek_i_Lolek.Język_angielski_dla_najmlodszych._Polish" = Bolek i Lolek - Język angielski dla najmłodszych
"C-Media Audio" = C-Media 3D Audio
"DivX 5.0.1 Pro Bundle" = DivX 5.0.1 Pro Bundle
"HijackThis" = HijackThis 2.0.2
"hp deskjet 3320 series" = hp deskjet 3320 series (Tylko usuń)
"InstallShield_{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagaskar
"Kolory_Ksztatlty_Polish" = Smokule Kolory i Kształty
"Matematyka" = Smokule - Matematyka
"Moja Droga Do Szkoły" = Moja Droga Do Szkoły
"Mozilla Firefox 12.0 (x86 pl)" = Mozilla Firefox 12.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SiS 661FX_760_741_M661FX_M760_M741" = SiS 661FX_760_741_M661FX_M760_M741
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SkanerOnline" = Skaner on-line mks_vir

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-11-25 03:17:45 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2011-11-25 03:18:22 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1004
Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2011-11-28 03:50:53 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2011-11-28 06:56:41 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2011-11-29 04:06:05 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2011-11-29 04:26:04 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1004
Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2011-11-29 04:26:14 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1004
Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2011-11-30 05:14:46 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2011-12-01 02:39:34 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Error - 2011-12-02 02:25:24 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł
powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

[ System Events ]
Error - 2012-05-16 15:00:34 | Computer Name = 9CE33E0FBA90427 | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.204 dla karty sieciowej o adresie 0019664A8C72
został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2012-05-16 15:41:22 | Computer Name = 9CE33E0FBA90427 | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.204 dla karty sieciowej o adresie 0019664A8C72
został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2012-05-16 15:52:09 | Computer Name = 9CE33E0FBA90427 | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.204 dla karty sieciowej o adresie 0019664A8C72
został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2012-05-16 16:13:18 | Computer Name = 9CE33E0FBA90427 | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.204 dla karty sieciowej o adresie 0019664A8C72
został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2012-05-16 16:28:00 | Computer Name = 9CE33E0FBA90427 | Source = Service Control Manager | ID = 7034
Description = Usługa CreateProcess Service niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2012-05-16 16:58:05 | Computer Name = 9CE33E0FBA90427 | Source = Service Control Manager | ID = 7034
Description = Usługa CreateProcess Service niespodziewanie zakończyła pracę. Wystąpiło
to razy: 2.

Error - 2012-05-17 10:18:44 | Computer Name = 9CE33E0FBA90427 | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.204 dla karty sieciowej o adresie 0019664A8C72
został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2012-05-17 11:49:58 | Computer Name = 9CE33E0FBA90427 | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.204 dla karty sieciowej o adresie 0019664A8C72
został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2012-05-21 10:42:32 | Computer Name = 9CE33E0FBA90427 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-05-21 10:43:48 | Computer Name = 9CE33E0FBA90427 | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: AmdK7 Fips


< End of report >

[/log]

[log]Logfile of random's system information tool 1.09 (written by random/random)
Run by Komputer at 2012-05-21 16:59:44
Microsoft Windows XP Professional Dodatek Service Pack 2
System drive C: has 4 GB (27%) free of 13 GB
Total RAM: 191 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:59:53, on 2012-05-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\EXPLORER.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie\RSIT.exe
C:\Program Files\trend micro\Komputer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css">
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts: .services { font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <link type="text/css" rel="stylesheet" href="http://l.yimg.com/a/lib/uh/15/css/uh-1.0.28.css">
O1 - Hosts: <style type="text/css">
O1 - Hosts: div#headerblock div{font-family:arial;}
O1 - Hosts: </style>
O1 - Hosts: <div id="ygma"><div id="ygmaheader"><div class="bd sp"><div id="ymenu" class="ygmaclr"><div id="mepanel"><ul id="mepanel-nav"><li class="me1"><em>New User? <a class="ygmasignup" title="Sign Up" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=2/SIG=13j8rdsqp/*https://edit.yahoo.com/config/eval_register?.done=http://smallbusiness.yahoo.com%2findex.html&.src=smbiz&.intl=us">Sign Up</a></em></li><li class="me2"><a title="Sign In" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=3/SIG=13cm6p12o/*https://login.yahoo.com/config/login?.done=http://geocities.yahoo.com&.src=smbiz&.intl=us">Sign In</a></li>
O1 - Hosts: <li class="me3"><a href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=7/SIG=11hjute28/*http://help.yahoo.com/l/us/yahoo/geocities/" target="_top" title="Yahoo! Help Central">Help</a></li>
O1 - Hosts: </ul></div><div id="ygmapromo"><a style="font-weight:bold;" id="ygmaie8" href="http://us.ard.yahoo.com/SIG=15vud5jbf/M=650008.13445975.13532322.12832737/D=smallbiz/S=2023010636:HPRM2/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=0Qw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5706923/R=0/SIG=117bakia1/*http://toolbar.yahoo.com/?.cpdl=ushdl" target="_top">Get Yahoo! Toolbar<abbr title="Yahoo! Toolbar"></abbr></a>
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['0Qw4Atj8a20-']='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: <noscript><img width=1 height=1 alt="" src="http://us.bc.yahoo.com/b?P=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48&T=144j596l3%2fX%3d1252090825%2fE%3d2023010636%2fR%3dsmallbiz%2fK%3d5%2fV%3d2.1%2fW%3dH%2fY%3dYAHOO%2fF%3d1861688409%2fQ%3d-1%2fS%3d1%2fJ%3d8B68FCD8&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1"></noscript></div>
O1 - Hosts: <div id="pa"><div id="pa-wrapper"><ul id="pa2-nav" class="sp"><li class="pa1 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=8/SIG=10jmd0d5u/*http://yahoo.com/" title="Yahoo!" target="_top">Yahoo!</a></li><li class="pa2 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=9/SIG=10n3m6b64/*http://mail.yahoo.com" title="Yahoo! Mail" target="_top">Mail</a></li></ul><div id="pa-left" class="sp"></div><ul id="pa-nav" class="sp"><li class="pa3 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['zgw4Atj8a20-']='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr" style="width:898px;margin-top:1.5em">
O1 - Hosts: <Div class="ez-l2a" id="wrapper">
O1 - Hosts: <div class="ez-l2a-1 " style="width:898px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <div class="ez-wr" >
O1 - Hosts: <div class="ez-box" style="width:898px">
O1 - Hosts: <h1>Sorry, the GeoCities web site you were trying to reach is no longer available.</h1>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" id="boxyahoourls">
O1 - Hosts: <p> GeoCities has closed, but there's a lot more to explore on Yahoo!</p>
O1 - Hosts: <h2>Visit one of these popular Yahoo! sites:</h2>
O1 - Hosts: <ul class= "services">
O1 - Hosts: <li><a href="http://mail.yahoo.com">Yahoo! Mail</a></li>
O1 - Hosts: <li><a href="http://smallbusiness.yahoo.com/webhosting">Web Hosting</a></li>
O1 - Hosts: <li><a href="http://news.yahoo.com">News</a></li>
O1 - Hosts: <li><a href="http://games.yahoo.com">Games</a></li>
O1 - Hosts: <li><a href="http://sports.yahoo.com/">Sports</a> </li>
O1 - Hosts: <li><a href="http://movies.yahoo.com">Movies</a></li>
O1 - Hosts: <li><a href="http://finance.yahoo.com">Finance</a></li>
O1 - Hosts: <li><a href="http://maps.yahoo.com">Maps</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </div>
O1 - Hosts: <li class="rule"><!----></li>
O1 - Hosts: <p>The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, <a href="http://www.archive.org/web/web.php" target="_blank">visit Archive.org</a> and enter the site's web address in the field provided.</p>
O1 - Hosts: <li class="rule"><!----></li>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" style="text-align:center; margin-top:25px;">
O1 - Hosts: <font size="-2" face="verdana">Copyright &copy; 2009 <a href="http://yahoo.com/">Yahoo!</a> Inc. All rights reserved.
O1 - Hosts: <ul>
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a
O1 - Hosts: ></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://smallbusiness.yahoo.com/tos/tos.php">Terms of Service
O1 - Hosts: </a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://help.yahoo.com/help/us/geo/">Help</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </font>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1337199254&f=us-w8" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe
O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Empty.pif = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Komputer/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 12738 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Firefox\Profiles\ls7eh7ff.default
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
allegro-pl.xml
fbc-pl.xml
google.xml
merlin-pl.xml
pwn-pl.xml
wikipedia-pl.xml
wp-pl.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2010-03-06 126976]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"SiS Tray"=C:\WINDOWS\system32\sistray.EXE [2003-10-30 688128]
"SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2003-10-30 270336]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-07-10 208896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"Bron-Spizaetus"=C:\WINDOWS\ShellNew\sempalong.exe [2006-09-07 42667]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 35840]
"wsctf.exe"=wsctf.exe []
"EXPLORER.EXE"=C:\WINDOWS\system32\EXPLORER.EXE [2008-01-01 57344]
"Tok-Cirrhatus"=C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe [2006-09-07 42667]

C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart
Empty.pif

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoFolderOptions"=1
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.DIVX"=DivX.dll

======List of files/folders created in the last 1 month======

2012-05-21 16:59:44 ----D---- C:\rsit
2012-05-21 16:46:13 ----D---- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla
2012-05-21 16:46:06 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-05-21 16:46:06 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla
2012-05-21 16:46:01 ----D---- C:\Program Files\Mozilla Firefox
2012-05-21 16:42:13 ----A---- C:\WINDOWS\system32\olemdb32.dll
2012-05-17 16:53:53 ----D---- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan
2012-05-17 16:49:12 ----D---- C:\Program Files\SkanerOnline
2012-05-16 22:58:19 ----SD---- C:\ComboFix
2012-05-16 22:53:23 ----D---- C:\Program Files\Trend Micro
2012-05-16 22:31:21 ----A---- C:\Boot.bak
2012-05-16 22:31:16 ----RASHD---- C:\cmdcons
2012-05-16 22:28:29 ----A---- C:\WINDOWS\zip.exe
2012-05-16 22:28:29 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-05-16 22:28:29 ----A---- C:\WINDOWS\SWSC.exe
2012-05-16 22:28:29 ----A---- C:\WINDOWS\SWREG.exe
2012-05-16 22:28:29 ----A---- C:\WINDOWS\sed.exe
2012-05-16 22:28:29 ----A---- C:\WINDOWS\PEV.exe
2012-05-16 22:28:29 ----A---- C:\WINDOWS\NIRCMD.exe
2012-05-16 22:28:29 ----A---- C:\WINDOWS\MBR.exe
2012-05-16 22:28:29 ----A---- C:\WINDOWS\grep.exe
2012-05-16 22:28:22 ----D---- C:\WINDOWS\ERDNT
2012-05-16 22:28:14 ----D---- C:\Qoobox
2012-05-16 21:00:31 ----ASH---- C:\pagefile.sys
2012-05-16 20:42:16 ----SHD---- C:\WINDOWS\CSC
2012-05-16 20:37:56 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2012-05-16 20:37:50 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2012-05-16 20:37:46 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2012-04-26 07:41:59 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 month======

2012-05-21 16:59:50 ----D---- C:\WINDOWS\system32\drivers\etc
2012-05-21 16:46:06 ----RD---- C:\Program Files
2012-05-21 16:42:13 ----D---- C:\WINDOWS\system32
2012-05-21 16:41:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-05-21 16:40:46 ----SH---- C:\AUTOEXEC.BAT
2012-05-21 16:40:22 ----D---- C:\WINDOWS\system32\CatRoot2
2012-05-17 17:52:02 ----D---- C:\WINDOWS\Temp
2012-05-17 16:49:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-05-17 16:25:20 ----A---- C:\WINDOWS\system.ini
2012-05-16 22:31:21 ----RASH---- C:\boot.ini
2012-05-16 22:28:29 ----D---- C:\WINDOWS
2012-05-16 22:28:15 ----D---- C:\WINDOWS\system32\drivers
2012-05-16 22:28:12 ----D---- C:\WINDOWS\Prefetch
2012-05-16 21:06:25 ----SD---- C:\Documents and Settings\Komputer\Dane aplikacji\Microsoft
2012-05-16 20:42:23 ----D---- C:\Documents and Settings
2012-05-16 20:38:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-04-23 10:42:31 ----D---- C:\WINDOWS\SHELLNEW

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2010-03-06 36992]
R0 uagp35;Filtr AGPv3.5 firmy Microsoft; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-04 44672]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2010-03-06 32256]
S1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41472]
S1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2010-03-06 11264]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2010-03-06 754560]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2010-03-06 427776]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 CreateProcess;CreateProcess Service; C:\WINDOWS\system\svchost.exe [2007-11-06 129368]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

[/log]

[log]info.txt logfile of random's system information tool 1.09 2012-05-21 16:59:55

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABC z Reksiem-->e:\Deinstal.exe
Adobe Reader 9.4.0 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001}
Auta-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A414131-FD7A-42DF-9F5E-79DC17CE4CD6}\setup.exe" -l0x15 -removeonly
Bolek i Lolek - Język angielski dla najmłodszych-->C:\Program Files\AidemMedia\Bolek i Lolek - Język angielski dla najmłodszych\Uninstall.exe
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
Disney Piotruś Pan Wielki Powrót-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6B0E526-D1E8-11D5-AA2E-0008C760B784}\setup.exe" Disney Piotruś Pan Wielki Powrót
DivX 5.0.1 Pro Bundle-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
eduROM Gra edukacyjna Język polski "Czytam i piszę"-->"C:\Program Files\InstallShield Installation Information\{B1EB0284-674E-48BD-9EBF-14954C95668C}\Setup.exe" -runfromtemp -l0x0015 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 3320 series (Tylko usuń)-->C:\Program Files\hp deskjet 3320 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=3320 -huninstall
Madagaskar-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0FB261F3-6F16-43FD-A404-F377C169B937}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9}
Moja Droga Do Szkoły-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Winfor\Moja Droga Do Szkoły\DeIsL1.isu" -c"C:\Program Files\Winfor\Moja Droga Do Szkoły\_ISREG32.DLL"
Mozilla Firefox 12.0 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
SiS 661FX_760_741_M661FX_M760_M741-->Rundll32 SiSInst.dll,Uninstall VGA,r,0
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe
Skaner on-line mks_vir-->C:\WINDOWS\system32\SkanerOnlineUninstall.exe
Smokule - Matematyka-->e:\Deinstall.exe
Smokule Kolory i Kształty-->c:\Program Files\AidemMedia\Smokule Kolory i Kształty\Uninstall.exe
upapp-->MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}

======Hosts File======

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang='en'>
<head>
<meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
<title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
<link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
<link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css">
<style>
h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
.services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}

======System event log======

Computer Name: 9CE33E0FBA90427
Event Code: 7036
Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan uruchomienia.

Record Number: 8169
Source Name: Service Control Manager
Time Written: 20120130114910.000000+060
Event Type: informacje
User:

Computer Name: 9CE33E0FBA90427
Event Code: 7035
Message: Do usługi Usługa COM nagrywania dysków CD IMAPI został pomyślnie wysłany kod sterowania uruchom.

Record Number: 8168
Source Name: Service Control Manager
Time Written: 20120130114910.000000+060
Event Type: informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: 9CE33E0FBA90427
Event Code: 8
Message: Drukarka hp deskjet 3320 series została wyczyszczona.

Record Number: 8167
Source Name: Print
Time Written: 20120130111238.000000+060
Event Type: ostrzeżenie
User: 9CE33E0FBA90427\Komputer

Computer Name: 9CE33E0FBA90427
Event Code: 8
Message: Drukarka hp deskjet 3320 series została wyczyszczona.

Record Number: 8166
Source Name: Print
Time Written: 20120130111153.000000+060
Event Type: ostrzeżenie
User: 9CE33E0FBA90427\Komputer

Computer Name: 9CE33E0FBA90427
Event Code: 7036
Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan zatrzymania.

Record Number: 8165
Source Name: Service Control Manager
Time Written: 20120130110509.000000+060
Event Type: informacje
User:

=====Application event log=====

Computer Name: 9CE33E0FBA90427
Event Code: 1000
Message: Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Record Number: 284
Source Name: Application Error
Time Written: 20110517104818.000000+120
Event Type: błąd
User:

Computer Name: 9CE33E0FBA90427
Event Code: 1800
Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona.

Record Number: 283
Source Name: SecurityCenter
Time Written: 20110517104618.000000+120
Event Type: informacje
User:

Computer Name: 9CE33E0FBA90427
Event Code: 4097
Message: Aplikacja C:\Program Files\Internet Explorer\IEXPLORE.EXE wygenerowała błąd aplikacji.
Błąd wystąpił na 05/16/2011 @ 11:17:38.062.
Wygenerowany wyjątek to c0000005 pod adresem 00000000 (<nosymbols>).

Record Number: 282
Source Name: DrWatson
Time Written: 20110516111738.000000+120
Event Type: informacje
User:

Computer Name: 9CE33E0FBA90427
Event Code: 1000
Message: Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000.

Record Number: 281
Source Name: Application Error
Time Written: 20110516111731.000000+120
Event Type: błąd
User:

Computer Name: 9CE33E0FBA90427
Event Code: 1800
Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona.

Record Number: 280
Source Name: SecurityCenter
Time Written: 20110516111529.000000+120
Event Type: informacje
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0800
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

[/log]

Coś jeszcze?

Gość
komentarz
komentarz

1. Wejdź do trybu awaryjnego Uruchom OTL i w oknie [b]Własne opcje skanowania/ skrypt[/b] wklej:
Po wklejeniu skryptu klikasz w [b][color=#0000ff]Wykonaj skrypt[/color].[/b] Zeby ci nie przyszło do głowy kliknąć w Skanuj.


[code]:Files
C:\cmdcons
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-16
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-23
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Update.12.Bron.Tok.bin
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\services.exe
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\lsass.exe
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\inetinfo.exe
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\csrss.exe
C:\WINDOWS\System32\explorxp.exe

:OTL
O4 - HKLM..\Run: [Bron-Spizaetus] C:\WINDOWS\ShellNew\sempalong.exe ()
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [Tok-Cirrhatus] C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe ()
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [wsctf.exe] wsctf.exe File not found
O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\eksplorasi.exe") - C:\WINDOWS\eksplorasi.exe ()
O33 - MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\Shell\explore\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\Shell\open\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{0c479ecc-261f-11e1-b398-0019664a8c72}\Shell - "" = AutoRun
O33 - MountPoints2\{0c479ecc-261f-11e1-b398-0019664a8c72}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{7a018769-1f23-11e1-b390-0019664a8c72}\Shell - "" = AutoRun
O33 - MountPoints2\{7a018769-1f23-11e1-b390-0019664a8c72}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\Shell\explore\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\Shell\open\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\Shell\explore\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\Shell\open\Command - "" = F:\EXPLORER.EXE
O33 - MountPoints2\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\Shell - "" = AutoRun
O33 - MountPoints2\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\C\Shell - "" = AutoRun
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe

:Commands
[resethosts]
[emptytemp]
[/code]

2. Po usuwaniu OTL wygeneruje log. Zapisz go i przedstaw.

3. Wykonaj nowy skan OTL i przedstaw raporty.

Loopezik
komentarz
komentarz

Ok, log po restarcie:
[log]All processes killed
========== FILES ==========
Folder move failed. C:\cmdcons\SYSTEM32 scheduled to be moved on reboot.
Folder move failed. C:\cmdcons scheduled to be moved on reboot.
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-16 folder moved successfully.
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok folder moved successfully.
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-23 folder moved successfully.
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin moved successfully.
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Update.12.Bron.Tok.bin moved successfully.
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe moved successfully.
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\services.exe moved successfully.
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\lsass.exe moved successfully.
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\inetinfo.exe moved successfully.
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\csrss.exe moved successfully.
C:\WINDOWS\System32\explorxp.exe moved successfully.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bron-Spizaetus deleted successfully.
C:\WINDOWS\SHELLNEW\sempalong.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1004336348-2077806209-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus deleted successfully.
File C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-2077806209-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\WINDOWS\eksplorasi.exe" deleted successfully.
C:\WINDOWS\eksplorasi.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\ not found.
File F:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\ not found.
File F:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\ not found.
File F:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c479ecc-261f-11e1-b398-0019664a8c72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c479ecc-261f-11e1-b398-0019664a8c72}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c479ecc-261f-11e1-b398-0019664a8c72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c479ecc-261f-11e1-b398-0019664a8c72}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a018769-1f23-11e1-b390-0019664a8c72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a018769-1f23-11e1-b390-0019664a8c72}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a018769-1f23-11e1-b390-0019664a8c72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a018769-1f23-11e1-b390-0019664a8c72}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\ not found.
File F:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\ not found.
File F:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\ not found.
File F:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b89d23c4-05e5-11e1-b378-0019664a8c72}\ not found.
File F:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b89d23c4-05e5-11e1-b378-0019664a8c72}\ not found.
File F:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b89d23c4-05e5-11e1-b378-0019664a8c72}\ not found.
File F:\EXPLORER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Komputer
->Temp folder emptied: 62278706 bytes
->Temporary Internet Files folder emptied: 145184674 bytes
->FireFox cache emptied: 20685127 bytes
->Flash cache emptied: 977 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4229168 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62436 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 222,00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05212012_200917

Files\Folders moved on Reboot...
C:\cmdcons\SYSTEM32 folder moved successfully.
C:\cmdcons folder moved successfully.

Registry entries deleted on Reboot...

[/log]

I log po skanowaniu:
[log]OTL logfile created on: 2012-05-21 20:15:49 - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

191,48 Mb Total Physical Memory | 35,36 Mb Available Physical Memory | 18,47% Memory free
466,90 Mb Paging File | 324,99 Mb Available in Paging File | 69,61% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,85 Gb Total Space | 3,83 Gb Free Space | 29,79% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 18,30 Gb Free Space | 74,97% Space Free | Partition Type: FAT32

Computer Name: 9CE33E0FBA90427 | User Name: Komputer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-05-21 16:49:14 | 000,616,448 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2012-04-21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-01-01 16:38:18 | 000,057,344 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EXPLORER.EXE
PRC - [2004-08-04 02:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-05-21 20:10:46 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\olemdb32.dll
MOD - [2012-04-21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-04-21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2007-11-06 00:37:26 | 000,129,368 | RHS- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system\svchost.exe -- (CreateProcess)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010-03-06 14:57:05 | 000,427,776 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2010-03-06 14:57:05 | 000,011,264 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010-03-06 14:54:55 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2010-03-06 14:53:38 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2004-08-04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-05-21 16:46:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-05-21 16:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Extensions
[2012-05-21 16:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-04-21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-04-21 04:18:44 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-04-21 04:18:44 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-04-21 04:18:44 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-04-21 04:18:44 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-04-21 04:18:44 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-04-21 04:18:44 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-05-21 20:09:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [wsctf.exe] wsctf.exe File not found
O4 - Startup: C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\Empty.pif ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AC22B73-E65A-42A3-A3C5-EF185BA5147D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Komputer/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-05-21 16:40:46 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-05-11 08:56:16 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-05-11 08:56:18 | 000,000,035 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-05-21 20:09:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-05-21 16:59:44 | 000,000,000 | ---D | C] -- C:\rsit
[2012-05-21 16:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie
[2012-05-21 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Mozilla
[2012-05-21 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla
[2012-05-21 16:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012-05-21 16:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla
[2012-05-21 16:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-05-21 16:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-21
[2012-05-17 16:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan
[2012-05-17 16:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2012-05-17 16:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-17
[2012-05-16 22:58:19 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-05-16 22:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HijackThis
[2012-05-16 22:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-05-16 22:28:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-05-16 22:28:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-05-16 22:28:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-05-16 22:28:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-05-16 22:28:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-16 22:28:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-05-16 22:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Komputer\Menu Start\Programy\Narzędzia administracyjne
[2012-05-16 22:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Moje wideo
[2012-05-16 21:42:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Komputer\UserData
[2012-05-16 20:42:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-05-16 20:37:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2012-05-16 20:37:50 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2012-05-16 20:37:46 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2012-04-23 10:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
[2012-04-23 09:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\fotki
[2 C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-05-21 20:10:46 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\olemdb32.dll
[2012-05-21 20:10:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-05-21 20:09:20 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012-05-21 16:46:08 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2012-05-21 16:40:53 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System\win32out.dll
[2012-05-21 16:40:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System\win32in.dll
[2012-05-21 16:40:46 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2012-05-21 16:38:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-16 22:53:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\HijackThis.lnk
[2012-05-16 22:31:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2 C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-05-21 20:10:46 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\olemdb32.dll
[2012-05-21 16:46:08 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2012-05-21 16:46:08 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2012-05-16 22:53:24 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\HijackThis.lnk
[2012-05-16 22:31:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-05-16 22:31:20 | 000,262,400 | RHS- | C] () -- C:\cmldr
[2012-05-16 22:28:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-05-16 22:28:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-05-16 22:28:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-05-16 22:28:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-05-16 22:28:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-03-29 08:18:39 | 000,000,277 | ---- | C] () -- C:\WINDOWS\madagascar.ini
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\winlogon.exe
[2011-10-10 08:15:43 | 000,001,067 | ---- | C] () -- C:\WINDOWS\disney.ini
[2011-10-10 08:15:37 | 000,000,191 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2011-05-11 08:57:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-05-11 08:56:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll

[color=#E56717]========== LOP Check ==========[/color]

[2012-05-17 16:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan
[2012-03-30 09:09:44 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\Chromeflower
[2012-03-30 09:09:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\CrystalSpace

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

[/log]

Co dalej?

Gość
komentarz
komentarz (edytowane)

W zasadzie infekcja usunieta.
W logu OTL widąć że stososwałeś [b]Combofix[/b]. Znajdź na dysku C plik [b]Combofix.txt[/b] i go przedstaw.

Loopezik
komentarz
komentarz

Combofixa odpalałem, ale skanowanie było zbyt długie i loga nie uzyskałem. Spróbować teraz?

Gość
komentarz
komentarz

[quote]Spróbować teraz? [/quote]

Nie. Damy sobie radę bez Combofix. Podaj mi tylko gdzie leży instalaka programu? Potrzebna dokładna ścieżka

Loopezik
komentarz
komentarz (edytowane)

Chyba c:\combofix
Tylko tam znalazłem.

Gość
komentarz
komentarz

[quote]Tylko tam znalazłem. [/quote]

tam jest instalka Combofix? Potwierdź.

Loopezik
komentarz
komentarz (edytowane)

Teraz mi wynajduje od cholery plików combofixa.
Generalnie c:\combofix to ikona jak "mój komputer", a po dwukliku wraca do pozycji, jak bym właśnie "mój komputer" kliknął i ciągle wynajduje.
Możliwe, że instalkę miałem na pendrivie, ale teraz go nie mam.

Znajduje mi:
combofix na c:\ jako folder,
combofix.exe-3445d8c5.pf w c:\windows\prefetch jako "plik pf"
i combofix na c:\documents and settings\komputer\pulpit jako obraz JPEG.
Coś chyba nie halo?

Gość
komentarz
komentarz

[quote]Generalnie c:\combofix to ikona jak "mój komputer"[/quote]
Zostawmy teraz Combofixa.

uruchom OTL ( tryb normalny Windows) w oknie [b]Własne opcje skanowania /skrypt[/b] wklej

[code]:Files
C:\cmldr
C:\WINDOWS\system32\EXPLORER.EXE
C:\WINDOWS\CSC

:OTL
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [wsctf.exe] wsctf.exe File not found
O4 - Startup: C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\Empty.pif ()
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Komputer/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)

:Commands
[emptyflash]
[emptytemp][/code]

Klinij w Wykonaj skrypt.

Przedstaw log z usuwania. Wykonaj nowy skan OTL.

Sformatuj pendraiwy jesli masz bo na nich jest infekcja

Loopezik
komentarz
komentarz (edytowane)

Coś chyba nie tak.
Komp się zresetował, przy starcie musiałem kliknąć F4, żeby second drive czy coś takiego nie szukał, po starcie znowu brak ikon i problem z iexplore.exe. Po "uruchom c:\" komunikat, ze brak tego pliku idlist.

Gość
komentarz
komentarz

[quote]Znajduje mi:
combofix na c:\ jako folder,
combofix.exe-3445d8c5.pf w c:\windows\prefetch jako "plik pf"
i combofix na c:\documents and settings\komputer\pulpit jako obraz JPEG.[/quote]

Chodzi mi o plik ComboFix.exe. Gdzie to jest?

Loopezik
komentarz
komentarz (edytowane)

W kolko odnajduje mi tylko ten plik, ale wiele razy: combofix.exe-3445d8c5.pf w c:\windows\prefetch, samego combofix.exe nie znajduje.
A plik w katalogu jest tylko 1.

Gość
komentarz
komentarz

Uruchom OTL i w oknie Własne opcje skanowania/skrypt wklej:

[code]:Files
C:\WINDOWS\system32\EXPLORER.EXE
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-21
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-17
C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
C:\cmldr

:OTL
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [wsctf.exe] wsctf.exe File not found
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\Empty.pif ()

:Commands
[emptytemp][/code]


Klikasz w [b]Wykonaj skrypt.[/b]

2. Robisz nowy skan OTL i przedstawiasz raport.

3. W katalogu [b]C:\Qoobox[/b] powinien zanjdować się raport z działania Combofixa. Sprawdź

Loopezik
komentarz
komentarz

Jak wrócę do domu, to zadziałam.
Mogę zrobić format tego pena na TYM kompie?

Gość
komentarz
komentarz

[quote]Mogę zrobić format tego pena na TYM kompie? [/quote]

najpierw uporajmy sie z infekcją w systemie.

Loopezik
komentarz
komentarz (edytowane)

Po wykonaniu skryptu znowu nastąpił reset. W katalogu znalazłem tylko 1 plik txt, ale po dwukliku też nastąpił reset. Mam to robić w trybie normalnym? Czy opcja "pomiń znane dobre pliki" ma być "zaptaszkowana"?
Oto log z OTLa:
[log]OTL logfile created on: 2012-05-22 21:36:30 - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

191,48 Mb Total Physical Memory | 28,55 Mb Available Physical Memory | 14,91% Memory free
466,90 Mb Paging File | 221,05 Mb Available in Paging File | 47,34% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12,85 Gb Total Space | 3,61 Gb Free Space | 28,10% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 18,30 Gb Free Space | 74,97% Space Free | Partition Type: FAT32

Computer Name: 9CE33E0FBA90427 | User Name: Komputer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012-05-21 16:49:14 | 000,616,448 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2012-04-21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011-05-11 08:56:37 | 000,020,708 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system\wupdmgr.exe
PRC - [2008-01-01 16:38:18 | 000,057,344 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EXPLORER.EXE
PRC - [2007-11-06 00:37:26 | 000,129,368 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system\svchost.exe
PRC - [2006-09-07 18:09:44 | 000,042,667 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\winlogon.exe
PRC - [2006-09-07 18:09:44 | 000,042,667 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\services.exe
PRC - [2006-09-07 18:09:44 | 000,042,667 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\lsass.exe
PRC - [2004-08-04 02:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-10-30 15:10:20 | 000,688,128 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2003-10-30 15:09:36 | 000,270,336 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe
PRC - [2002-07-10 19:02:44 | 000,208,896 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012-05-22 21:33:35 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\olemdb32.dll
MOD - [2012-04-21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2006-09-07 18:09:44 | 000,042,667 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\winlogon.exe
MOD - [2006-09-07 18:09:44 | 000,042,667 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\services.exe
MOD - [2006-09-07 18:09:44 | 000,042,667 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\lsass.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-04-21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2007-11-06 00:37:26 | 000,129,368 | RHS- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system\svchost.exe -- (CreateProcess)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010-03-06 14:57:05 | 000,427,776 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2010-03-06 14:57:05 | 000,011,264 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010-03-06 14:54:55 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2010-03-06 14:53:38 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2004-08-04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-05-21 16:46:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-05-21 16:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Extensions
[2012-05-21 16:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-04-21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-04-21 04:18:44 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-04-21 04:18:44 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-04-21 04:18:44 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-04-21 04:18:44 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-04-21 04:18:44 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-04-21 04:18:44 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2012-05-16 22:16:24 | 000,012,393 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css">
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts: .services { font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: 90 more lines...
O4 - HKLM..\Run: [Bron-Spizaetus] C:\WINDOWS\ShellNew\sempalong.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP)
O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [Tok-Cirrhatus] C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe ()
O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [wsctf.exe] wsctf.exe File not found
O4 - Startup: C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\Empty.pif ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} [url="http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.p...kanerOnline.cab[/url] (MksSkanerOnline Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AC22B73-E65A-42A3-A3C5-EF185BA5147D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\eksplorasi.exe") - C:\WINDOWS\eksplorasi.exe ()
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Komputer/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-05-22 21:34:32 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011-05-11 08:56:16 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-05-11 08:56:18 | 000,000,035 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012-05-22 21:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
[2012-05-22 21:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-22
[2012-05-21 20:52:34 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-05-21 20:52:34 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-05-21 20:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok
[2012-05-21 20:09:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-05-21 16:59:44 | 000,000,000 | ---D | C] -- C:\rsit
[2012-05-21 16:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie
[2012-05-21 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Mozilla
[2012-05-21 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla
[2012-05-21 16:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012-05-21 16:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla
[2012-05-21 16:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-05-17 16:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan
[2012-05-17 16:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2012-05-16 22:58:19 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-05-16 22:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HijackThis
[2012-05-16 22:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012-05-16 22:28:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-05-16 22:28:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-05-16 22:28:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-05-16 22:28:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-05-16 22:28:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-16 22:28:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-05-16 22:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Komputer\Menu Start\Programy\Narzędzia administracyjne
[2012-05-16 22:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Moje wideo
[2012-05-16 21:42:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Komputer\UserData
[2012-05-16 20:42:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-05-16 20:37:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2012-05-16 20:37:50 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2012-05-16 20:37:46 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2012-04-23 09:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\fotki
[2 C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012-05-22 21:40:00 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System\win32out.dll
[2012-05-22 21:40:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System\win32in.dll
[2012-05-22 21:34:32 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2012-05-22 21:33:35 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\olemdb32.dll
[2012-05-22 21:33:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-05-21 21:53:52 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
[2012-05-21 21:18:49 | 000,160,470 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\combofix.JPG
[2012-05-21 20:52:34 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-05-21 20:52:34 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-05-21 16:46:08 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2012-05-21 16:38:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-16 22:53:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\HijackThis.lnk
[2012-05-16 22:31:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-05-16 22:16:24 | 000,012,393 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2 C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012-05-22 21:33:35 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\olemdb32.dll
[2012-05-21 21:53:52 | 000,012,393 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
[2012-05-21 21:18:48 | 000,160,470 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\combofix.JPG
[2012-05-21 16:46:08 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk
[2012-05-21 16:46:08 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2012-05-16 22:53:24 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\HijackThis.lnk
[2012-05-16 22:31:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-05-16 22:28:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-05-16 22:28:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-05-16 22:28:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-05-16 22:28:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-05-16 22:28:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-03-29 08:18:39 | 000,000,277 | ---- | C] () -- C:\WINDOWS\madagascar.ini
[2012-01-03 13:15:08 | 000,042,667 | -H-- | C] () -- C:\WINDOWS\eksplorasi.exe
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\winlogon.exe
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\services.exe
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\lsass.exe
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\inetinfo.exe
[2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\csrss.exe
[2011-10-10 08:15:43 | 000,001,067 | ---- | C] () -- C:\WINDOWS\disney.ini
[2011-10-10 08:15:37 | 000,000,191 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2011-05-11 08:57:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-05-11 08:56:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll

[color=#E56717]========== LOP Check ==========[/color]

[2012-05-17 16:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan
[2012-03-30 09:09:44 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\Chromeflower
[2012-03-30 09:09:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\CrystalSpace

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

[/log]

Gość
komentarz
komentarz

Infekcja wraca. Zmieniamy narzedzie. Pobierz [b]Combofix[/b] http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Uruchom. Po zakończeniu działania będzie raport. Zapisz go i przedstaw.

Loopezik
komentarz
komentarz

Podłączyłem kompa do innego monitora, ale tam nie mam neta. W każdym razie miałem jakiegoś combofixa na pendrivie, ale skanował ponad godzinę i nadal nie wywalił loga? Ten z linku może być lepszy? I czy bezpieczne będzie go przenosić na penie?

Gość
komentarz
komentarz

[quote]Ten z linku może być lepszy? I czy bezpieczne będzie go przenosić na penie? [/quote]

Ten z linku jest oryginalny. Sformatuj pena a potem pobierz instalkę i uruchom. Jak bedą problemy to startuj z Combofixem w awaryjnym.

Loopezik
komentarz
komentarz

Ściągnąłem z neta. To dziadostwo chyba blokuje jakoś combofixa, skanuje już ponad godzinę w awaryjnym i nic, nie ma loga. W normalnym trybie się komp resetuje zaraz po starcie.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.