Loopezik utworzono 17 maja 2012 utworzono 17 maja 2012 (edytowane) Witam. Nie bijcie, jeżeli post nie w tym dziale. Komputer uruchamia mi się do momentu ukazania tapety, brak ikon i paska, nie działają skróty. Po uruchomieniu MZ i wpisaniu polecenia c: wyskakuje komunikat, że Windows nie może odnaleźć pliku "/idlist(nr)c:\", czy coś takiego, po chwili komunikat, że iexplore.exe napotkał błąd i musi zostać zamknięty i restart kompa. Po c: pojawiają się ikony i pasek, ale później reset. Wczoraj udało mi się podziałać trochę (nie było resetu), zainstalowałem combofixa (ale skan trwał stanowczo zbyt długo, więc nie mam loga), HIJackThis (log poniżej), ale dzisiaj już nic nie mogę zrobić. [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:54:28, on 2012-05-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system\wupdmgr.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\sistray.EXE C:\WINDOWS\system32\keyhook.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\EXPLORER.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe" F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> O1 - Hosts: <html lang='en'> O1 - Hosts: <head> O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel."> O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css"> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css"> O1 - Hosts: <style> O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;} O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em} O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em} O1 - Hosts: .services { font-size:116%; padding-bottom:20px } O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px} O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px} O1 - Hosts: p {margin:20px;font-size:1em;} O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;} O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;} O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;} O1 - Hosts: </style> O1 - Hosts: </head> O1 - Hosts: <body> O1 - Hosts: <!-- following code added by server. PLEASE REMOVE --> O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --> O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px"> O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px"> O1 - Hosts: <div class="ez-box"> O1 - Hosts: <link type="text/css" rel="stylesheet" href="http://l.yimg.com/a/lib/uh/15/css/uh-1.0.28.css"> O1 - Hosts: <style type="text/css"> O1 - Hosts: div#headerblock div{font-family:arial;} O1 - Hosts: </style> O1 - Hosts: <div id="ygma"><div id="ygmaheader"><div class="bd sp"><div id="ymenu" class="ygmaclr"><div id="mepanel"><ul id="mepanel-nav"><li class="me1"><em>New User? <a class="ygmasignup" title="Sign Up" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=2/SIG=13j8rdsqp/*https://edit.yahoo.com/config/eval_register?.done=http://smallbusiness.yahoo.com%2findex.html&.src=smbiz&.intl=us">Sign Up</a></em></li><li class="me2"><a title="Sign In" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=3/SIG=13cm6p12o/*https://login.yahoo.com/config/login?.done=http://geocities.yahoo.com&.src=smbiz&.intl=us">Sign In</a></li> O1 - Hosts: <li class="me3"><a href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=7/SIG=11hjute28/*http://help.yahoo.com/l/us/yahoo/geocities/" target="_top" title="Yahoo! Help Central">Help</a></li> O1 - Hosts: </ul></div><div id="ygmapromo"><a style="font-weight:bold;" id="ygmaie8" href="http://us.ard.yahoo.com/SIG=15vud5jbf/M=650008.13445975.13532322.12832737/D=smallbiz/S=2023010636:HPRM2/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=0Qw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5706923/R=0/SIG=117bakia1/*http://toolbar.yahoo.com/?.cpdl=ushdl" target="_top">Get Yahoo! Toolbar<abbr title="Yahoo! Toolbar"></abbr></a> O1 - Hosts: <script language=javascript> O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object(); O1 - Hosts: window.yzq_d['0Qw4Atj8a20-']='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1'; O1 - Hosts: </script> O1 - Hosts: <noscript><img width=1 height=1 alt="" src="http://us.bc.yahoo.com/b?P=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48&T=144j596l3%2fX%3d1252090825%2fE%3d2023010636%2fR%3dsmallbiz%2fK%3d5%2fV%3d2.1%2fW%3dH%2fY%3dYAHOO%2fF%3d1861688409%2fQ%3d-1%2fS%3d1%2fJ%3d8B68FCD8&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1"></noscript></div> O1 - Hosts: <div id="pa"><div id="pa-wrapper"><ul id="pa2-nav" class="sp"><li class="pa1 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=8/SIG=10jmd0d5u/*http://yahoo.com/" title="Yahoo!" target="_top">Yahoo!</a></li><li class="pa2 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=9/SIG=10n3m6b64/*http://mail.yahoo.com" title="Yahoo! Mail" target="_top">Mail</a></li></ul><div id="pa-left" class="sp"></div><ul id="pa-nav" class="sp"><li class="pa3 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252 O1 - Hosts: <script language=javascript> O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object(); O1 - Hosts: window.yzq_d['zgw4Atj8a20-']='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1'; O1 - Hosts: </script> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: <div class="ez-wr" style="width:898px;margin-top:1.5em"> O1 - Hosts: <Div class="ez-l2a" id="wrapper"> O1 - Hosts: <div class="ez-l2a-1 " style="width:898px"> O1 - Hosts: <div class="ez-box"> O1 - Hosts: <div class="ez-wr" > O1 - Hosts: <div class="ez-box" style="width:898px"> O1 - Hosts: <h1>Sorry, the GeoCities web site you were trying to reach is no longer available.</h1> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: <div class="ez-wr"> O1 - Hosts: <div class="ez-box" id="boxyahoourls"> O1 - Hosts: <p> GeoCities has closed, but there's a lot more to explore on Yahoo!</p> O1 - Hosts: <h2>Visit one of these popular Yahoo! sites:</h2> O1 - Hosts: <ul class= "services"> O1 - Hosts: <li><a href="http://mail.yahoo.com">Yahoo! Mail</a></li> O1 - Hosts: <li><a href="http://smallbusiness.yahoo.com/webhosting">Web Hosting</a></li> O1 - Hosts: <li><a href="http://news.yahoo.com">News</a></li> O1 - Hosts: <li><a href="http://games.yahoo.com">Games</a></li> O1 - Hosts: <li><a href="http://sports.yahoo.com/">Sports</a> </li> O1 - Hosts: <li><a href="http://movies.yahoo.com">Movies</a></li> O1 - Hosts: <li><a href="http://finance.yahoo.com">Finance</a></li> O1 - Hosts: <li><a href="http://maps.yahoo.com">Maps</a></li> O1 - Hosts: </ul> O1 - Hosts: </div> O1 - Hosts: <li class="rule"><!----></li> O1 - Hosts: <p>The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, <a href="http://www.archive.org/web/web.php" target="_blank">visit Archive.org</a> and enter the site's web address in the field provided.</p> O1 - Hosts: <li class="rule"><!----></li> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: <div class="ez-wr"> O1 - Hosts: <div class="ez-box" style="text-align:center; margin-top:25px;"> O1 - Hosts: <font size="-2" face="verdana">Copyright © 2009 <a href="http://yahoo.com/">Yahoo!</a> Inc. All rights reserved. O1 - Hosts: <ul> O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a></li> - O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a></li> - O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a O1 - Hosts: ></li> - O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://smallbusiness.yahoo.com/tos/tos.php">Terms of Service O1 - Hosts: </a></li> - O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://help.yahoo.com/help/us/geo/">Help</a></li> O1 - Hosts: </ul> O1 - Hosts: </font> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: </body> O1 - Hosts: </html> O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet> O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1337199254&f=us-w8" ALT=1 WIDTH=1 HEIGHT=1> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Empty.pif = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Komputer/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 12300 bytes[/log]
Igorrodz komentarz 17 maja 2012 komentarz 17 maja 2012 Wykonaj raczej logi z OTL i RIST wg tego - http://www.forumpc.pl/index.php?showtopic=104338
Loopezik komentarz 18 maja 2012 Autor komentarz 18 maja 2012 No właśnie problem w tym, że już nic nie mogę uruchomić, ponieważ nie mogę wejść na dysk twardy/pendrive'a, natomiast po uruchomieniu np.: c: ikony i pasek się pojawiają, ale od razu startuje procedura restartu. Ledwie zdążyłem przesłać log z HijackThis do pendrive'a, żeby go tu zamieścić.
Gość komentarz 18 maja 2012 komentarz 18 maja 2012 Startuj do trybu awaryjnego idaj logi z OTL. Jest tu infekcja Brontok. instrukcja [url="http://www.fixitpc.pl/topic/61-diagnostyka-ogolne-raporty-systemowe/#1"]Diagnostyka: ogólne raporty systemowe - Fixitpc.pl[/url]
Loopezik komentarz 21 maja 2012 Autor komentarz 21 maja 2012 Ok, dopiero jestem. Zamieszczam logi: [log]OTL logfile created on: 2012-05-21 16:53:24 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 191,48 Mb Total Physical Memory | 25,59 Mb Available Physical Memory | 13,36% Memory free 466,90 Mb Paging File | 291,62 Mb Available in Paging File | 62,46% Paging File free Paging file location(s): C:\pagefile.sys 288 576 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 12,85 Gb Total Space | 3,49 Gb Free Space | 27,15% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 20,99 Gb Free Space | 85,99% Space Free | Partition Type: FAT32 Computer Name: 9CE33E0FBA90427 | User Name: Komputer | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-05-21 16:49:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie\OTL.exe PRC - [2012-04-21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-01-01 16:38:18 | 000,057,344 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EXPLORER.EXE PRC - [2004-08-04 02:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-04-21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012-04-21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2007-11-06 00:37:26 | 000,129,368 | RHS- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system\svchost.exe -- (CreateProcess) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2010-03-06 14:57:05 | 000,427,776 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315) DRV - [2010-03-06 14:57:05 | 000,011,264 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp) DRV - [2010-03-06 14:54:55 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2010-03-06 14:53:38 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP) DRV - [2004-08-04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-05-21 16:46:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-21 16:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Extensions [2012-05-21 16:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-04-21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-04-21 04:18:44 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-04-21 04:18:44 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-04-21 04:18:44 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-04-21 04:18:44 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-04-21 04:18:44 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-04-21 04:18:44 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-05-16 22:16:24 | 000,012,393 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> O1 - Hosts: <html lang='en'> O1 - Hosts: <head> O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel."> O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css"> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css"> O1 - Hosts: <style> O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;} O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em} O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em} O1 - Hosts: .services { font-size:116%; padding-bottom:20px } O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px} O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px} O1 - Hosts: p {margin:20px;font-size:1em;} O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;} O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;} O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;} O1 - Hosts: </style> O1 - Hosts: </head> O1 - Hosts: <body> O1 - Hosts: <!-- following code added by server. PLEASE REMOVE --> O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --> O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px"> O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px"> O1 - Hosts: 90 more lines... O4 - HKLM..\Run: [Bron-Spizaetus] C:\WINDOWS\ShellNew\sempalong.exe () O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP) O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.) O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [Tok-Cirrhatus] C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe () O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [wsctf.exe] wsctf.exe File not found O4 - Startup: C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\Empty.pif () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AC22B73-E65A-42A3-A3C5-EF185BA5147D}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\eksplorasi.exe") - C:\WINDOWS\eksplorasi.exe () O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Komputer/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-05-21 16:40:46 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011-05-11 08:56:16 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011-05-11 08:56:18 | 000,000,035 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\Shell\explore\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\Shell\open\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{0c479ecc-261f-11e1-b398-0019664a8c72}\Shell - "" = AutoRun O33 - MountPoints2\{0c479ecc-261f-11e1-b398-0019664a8c72}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{7a018769-1f23-11e1-b390-0019664a8c72}\Shell - "" = AutoRun O33 - MountPoints2\{7a018769-1f23-11e1-b390-0019664a8c72}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\Shell\explore\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\Shell\open\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\Shell\explore\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\Shell\open\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\Shell - "" = AutoRun O33 - MountPoints2\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\C\Shell - "" = AutoRun O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-05-21 16:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie [2012-05-21 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Mozilla [2012-05-21 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla [2012-05-21 16:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012-05-21 16:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla [2012-05-21 16:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012-05-21 16:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-21 [2012-05-17 16:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan [2012-05-17 16:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2012-05-17 16:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-17 [2012-05-16 22:58:19 | 000,000,000 | --SD | C] -- C:\ComboFix [2012-05-16 22:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HijackThis [2012-05-16 22:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012-05-16 22:31:16 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012-05-16 22:28:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-05-16 22:28:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-05-16 22:28:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-05-16 22:28:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-05-16 22:28:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012-05-16 22:28:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-05-16 22:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Komputer\Menu Start\Programy\Narzędzia administracyjne [2012-05-16 22:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Moje wideo [2012-05-16 21:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-16 [2012-05-16 21:42:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Komputer\UserData [2012-05-16 20:42:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012-05-16 20:37:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2012-05-16 20:37:50 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys [2012-05-16 20:37:46 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys [2012-04-23 10:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok [2012-04-23 10:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok [2012-04-23 10:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-23 [2012-04-23 09:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\fotki [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-05-21 16:46:08 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-05-21 16:42:13 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\olemdb32.dll [2012-05-21 16:41:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-05-21 16:40:53 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System\win32out.dll [2012-05-21 16:40:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System\win32in.dll [2012-05-21 16:40:46 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT [2012-05-21 16:38:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-05-17 17:45:58 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Update.12.Bron.Tok.bin [2012-05-16 22:53:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\HijackThis.lnk [2012-05-16 22:31:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012-05-16 22:27:07 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin [2012-05-16 22:16:24 | 000,012,393 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-05-21 16:46:08 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk [2012-05-21 16:46:08 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-05-21 16:42:13 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\olemdb32.dll [2012-05-17 17:45:58 | 000,012,393 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Update.12.Bron.Tok.bin [2012-05-16 22:53:24 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\HijackThis.lnk [2012-05-16 22:31:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012-05-16 22:31:20 | 000,262,400 | RHS- | C] () -- C:\cmldr [2012-05-16 22:28:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-05-16 22:28:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-05-16 22:28:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-05-16 22:28:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-05-16 22:28:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-05-16 22:27:07 | 000,012,393 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin [2012-03-29 08:18:39 | 000,000,277 | ---- | C] () -- C:\WINDOWS\madagascar.ini [2012-01-03 13:15:08 | 000,042,667 | -H-- | C] () -- C:\WINDOWS\eksplorasi.exe [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\winlogon.exe [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\services.exe [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\lsass.exe [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\inetinfo.exe [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\csrss.exe [2011-10-10 08:15:43 | 000,001,067 | ---- | C] () -- C:\WINDOWS\disney.ini [2011-10-10 08:15:37 | 000,000,191 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2011-05-11 08:57:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-05-11 08:56:57 | 000,137,729 | ---- | C] () -- C:\WINDOWS\System32\explorxp.exe [2011-05-11 08:56:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll [color=#E56717]========== LOP Check ==========[/color] [2012-05-17 16:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan [2012-03-30 09:09:44 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\Chromeflower [2012-03-30 09:09:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\CrystalSpace [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] [log]OTL Extras logfile created on: 2012-05-21 16:53:24 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 191,48 Mb Total Physical Memory | 25,59 Mb Available Physical Memory | 13,36% Memory free 466,90 Mb Paging File | 291,62 Mb Available in Paging File | 62,46% Paging File free Paging file location(s): C:\pagefile.sys 288 576 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 12,85 Gb Total Space | 3,49 Gb Free Space | 27,15% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 20,99 Gb Free Space | 85,99% Space Free | Partition Type: FAT32 Computer Name: 9CE33E0FBA90427 | User Name: Komputer | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagaskar (TM) "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9A414131-FD7A-42DF-9F5E-79DC17CE4CD6}" = Auta "{A6B0E526-D1E8-11D5-AA2E-0008C760B784}" = Disney Piotruś Pan Wielki Powrót "{AC76BA86-7AD7-1045-7B44-A94000000001}" = Adobe Reader 9.4.0 - Polish "{B1EB0284-674E-48BD-9EBF-14954C95668C}" = eduROM Gra edukacyjna Język polski "Czytam i piszę" "ABC" = ABC z Reksiem "Bolek_i_Lolek.Język_angielski_dla_najmlodszych._Polish" = Bolek i Lolek - Język angielski dla najmłodszych "C-Media Audio" = C-Media 3D Audio "DivX 5.0.1 Pro Bundle" = DivX 5.0.1 Pro Bundle "HijackThis" = HijackThis 2.0.2 "hp deskjet 3320 series" = hp deskjet 3320 series (Tylko usuń) "InstallShield_{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagaskar "Kolory_Ksztatlty_Polish" = Smokule Kolory i Kształty "Matematyka" = Smokule - Matematyka "Moja Droga Do Szkoły" = Moja Droga Do Szkoły "Mozilla Firefox 12.0 (x86 pl)" = Mozilla Firefox 12.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "SiS 661FX_760_741_M661FX_M760_M741" = SiS 661FX_760_741_M661FX_M760_M741 "SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver "SkanerOnline" = Skaner on-line mks_vir [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-11-25 03:17:45 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2011-11-25 03:18:22 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1004 Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2011-11-28 03:50:53 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2011-11-28 06:56:41 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2011-11-29 04:06:05 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2011-11-29 04:26:04 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1004 Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2011-11-29 04:26:14 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1004 Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2011-11-30 05:14:46 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2011-12-01 02:39:34 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Error - 2011-12-02 02:25:24 | Computer Name = 9CE33E0FBA90427 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. [ System Events ] Error - 2012-05-16 15:00:34 | Computer Name = 9CE33E0FBA90427 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.204 dla karty sieciowej o adresie 0019664A8C72 został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-05-16 15:41:22 | Computer Name = 9CE33E0FBA90427 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.204 dla karty sieciowej o adresie 0019664A8C72 został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-05-16 15:52:09 | Computer Name = 9CE33E0FBA90427 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.204 dla karty sieciowej o adresie 0019664A8C72 został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-05-16 16:13:18 | Computer Name = 9CE33E0FBA90427 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.204 dla karty sieciowej o adresie 0019664A8C72 został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-05-16 16:28:00 | Computer Name = 9CE33E0FBA90427 | Source = Service Control Manager | ID = 7034 Description = Usługa CreateProcess Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2012-05-16 16:58:05 | Computer Name = 9CE33E0FBA90427 | Source = Service Control Manager | ID = 7034 Description = Usługa CreateProcess Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. Error - 2012-05-17 10:18:44 | Computer Name = 9CE33E0FBA90427 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.204 dla karty sieciowej o adresie 0019664A8C72 został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-05-17 11:49:58 | Computer Name = 9CE33E0FBA90427 | Source = Dhcp | ID = 1002 Description = Adres IP połączenia 192.168.1.204 dla karty sieciowej o adresie 0019664A8C72 został zabroniony przez serwer DHCP 0.0.0.0 (Serwer DHCP wysłał komunikat DHCPNACK). Error - 2012-05-21 10:42:32 | Computer Name = 9CE33E0FBA90427 | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2012-05-21 10:43:48 | Computer Name = 9CE33E0FBA90427 | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AmdK7 Fips < End of report > [/log] [log]Logfile of random's system information tool 1.09 (written by random/random) Run by Komputer at 2012-05-21 16:59:44 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 4 GB (27%) free of 13 GB Total RAM: 191 MB (15% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:59:53, on 2012-05-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\EXPLORER.EXE C:\WINDOWS\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie\RSIT.exe C:\Program Files\trend micro\Komputer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe" F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> O1 - Hosts: <html lang='en'> O1 - Hosts: <head> O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel."> O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css"> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css"> O1 - Hosts: <style> O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;} O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em} O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em} O1 - Hosts: .services { font-size:116%; padding-bottom:20px } O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px} O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px} O1 - Hosts: p {margin:20px;font-size:1em;} O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;} O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;} O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;} O1 - Hosts: </style> O1 - Hosts: </head> O1 - Hosts: <body> O1 - Hosts: <!-- following code added by server. PLEASE REMOVE --> O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --> O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px"> O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px"> O1 - Hosts: <div class="ez-box"> O1 - Hosts: <link type="text/css" rel="stylesheet" href="http://l.yimg.com/a/lib/uh/15/css/uh-1.0.28.css"> O1 - Hosts: <style type="text/css"> O1 - Hosts: div#headerblock div{font-family:arial;} O1 - Hosts: </style> O1 - Hosts: <div id="ygma"><div id="ygmaheader"><div class="bd sp"><div id="ymenu" class="ygmaclr"><div id="mepanel"><ul id="mepanel-nav"><li class="me1"><em>New User? <a class="ygmasignup" title="Sign Up" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=2/SIG=13j8rdsqp/*https://edit.yahoo.com/config/eval_register?.done=http://smallbusiness.yahoo.com%2findex.html&.src=smbiz&.intl=us">Sign Up</a></em></li><li class="me2"><a title="Sign In" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=3/SIG=13cm6p12o/*https://login.yahoo.com/config/login?.done=http://geocities.yahoo.com&.src=smbiz&.intl=us">Sign In</a></li> O1 - Hosts: <li class="me3"><a href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=7/SIG=11hjute28/*http://help.yahoo.com/l/us/yahoo/geocities/" target="_top" title="Yahoo! Help Central">Help</a></li> O1 - Hosts: </ul></div><div id="ygmapromo"><a style="font-weight:bold;" id="ygmaie8" href="http://us.ard.yahoo.com/SIG=15vud5jbf/M=650008.13445975.13532322.12832737/D=smallbiz/S=2023010636:HPRM2/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=0Qw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5706923/R=0/SIG=117bakia1/*http://toolbar.yahoo.com/?.cpdl=ushdl" target="_top">Get Yahoo! Toolbar<abbr title="Yahoo! Toolbar"></abbr></a> O1 - Hosts: <script language=javascript> O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object(); O1 - Hosts: window.yzq_d['0Qw4Atj8a20-']='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1'; O1 - Hosts: </script> O1 - Hosts: <noscript><img width=1 height=1 alt="" src="http://us.bc.yahoo.com/b?P=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48&T=144j596l3%2fX%3d1252090825%2fE%3d2023010636%2fR%3dsmallbiz%2fK%3d5%2fV%3d2.1%2fW%3dH%2fY%3dYAHOO%2fF%3d1861688409%2fQ%3d-1%2fS%3d1%2fJ%3d8B68FCD8&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1"></noscript></div> O1 - Hosts: <div id="pa"><div id="pa-wrapper"><ul id="pa2-nav" class="sp"><li class="pa1 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=8/SIG=10jmd0d5u/*http://yahoo.com/" title="Yahoo!" target="_top">Yahoo!</a></li><li class="pa2 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=9/SIG=10n3m6b64/*http://mail.yahoo.com" title="Yahoo! Mail" target="_top">Mail</a></li></ul><div id="pa-left" class="sp"></div><ul id="pa-nav" class="sp"><li class="pa3 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252 O1 - Hosts: <script language=javascript> O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object(); O1 - Hosts: window.yzq_d['zgw4Atj8a20-']='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1'; O1 - Hosts: </script> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: <div class="ez-wr" style="width:898px;margin-top:1.5em"> O1 - Hosts: <Div class="ez-l2a" id="wrapper"> O1 - Hosts: <div class="ez-l2a-1 " style="width:898px"> O1 - Hosts: <div class="ez-box"> O1 - Hosts: <div class="ez-wr" > O1 - Hosts: <div class="ez-box" style="width:898px"> O1 - Hosts: <h1>Sorry, the GeoCities web site you were trying to reach is no longer available.</h1> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: <div class="ez-wr"> O1 - Hosts: <div class="ez-box" id="boxyahoourls"> O1 - Hosts: <p> GeoCities has closed, but there's a lot more to explore on Yahoo!</p> O1 - Hosts: <h2>Visit one of these popular Yahoo! sites:</h2> O1 - Hosts: <ul class= "services"> O1 - Hosts: <li><a href="http://mail.yahoo.com">Yahoo! Mail</a></li> O1 - Hosts: <li><a href="http://smallbusiness.yahoo.com/webhosting">Web Hosting</a></li> O1 - Hosts: <li><a href="http://news.yahoo.com">News</a></li> O1 - Hosts: <li><a href="http://games.yahoo.com">Games</a></li> O1 - Hosts: <li><a href="http://sports.yahoo.com/">Sports</a> </li> O1 - Hosts: <li><a href="http://movies.yahoo.com">Movies</a></li> O1 - Hosts: <li><a href="http://finance.yahoo.com">Finance</a></li> O1 - Hosts: <li><a href="http://maps.yahoo.com">Maps</a></li> O1 - Hosts: </ul> O1 - Hosts: </div> O1 - Hosts: <li class="rule"><!----></li> O1 - Hosts: <p>The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, <a href="http://www.archive.org/web/web.php" target="_blank">visit Archive.org</a> and enter the site's web address in the field provided.</p> O1 - Hosts: <li class="rule"><!----></li> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: <div class="ez-wr"> O1 - Hosts: <div class="ez-box" style="text-align:center; margin-top:25px;"> O1 - Hosts: <font size="-2" face="verdana">Copyright © 2009 <a href="http://yahoo.com/">Yahoo!</a> Inc. All rights reserved. O1 - Hosts: <ul> O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a></li> - O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a></li> - O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a O1 - Hosts: ></li> - O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://smallbusiness.yahoo.com/tos/tos.php">Terms of Service O1 - Hosts: </a></li> - O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://help.yahoo.com/help/us/geo/">Help</a></li> O1 - Hosts: </ul> O1 - Hosts: </font> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: </body> O1 - Hosts: </html> O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet> O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1337199254&f=us-w8" ALT=1 WIDTH=1 HEIGHT=1> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [wsctf.exe] wsctf.exe O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Empty.pif = ? O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Komputer/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg -- End of file - 12738 bytes =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Firefox\Profiles\ls7eh7ff.default C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files\Mozilla Firefox\searchplugins\ allegro-pl.xml fbc-pl.xml google.xml merlin-pl.xml pwn-pl.xml wikipedia-pl.xml wp-pl.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2010-03-06 126976] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd [] "SiS Tray"=C:\WINDOWS\system32\sistray.EXE [2003-10-30 688128] "SiS Windows KeyHook"=C:\WINDOWS\system32\keyhook.exe [2003-10-30 270336] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-07-10 208896] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] "Bron-Spizaetus"=C:\WINDOWS\ShellNew\sempalong.exe [2006-09-07 42667] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 35840] "wsctf.exe"=wsctf.exe [] "EXPLORER.EXE"=C:\WINDOWS\system32\EXPLORER.EXE [2008-01-01 57344] "Tok-Cirrhatus"=C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe [2006-09-07 42667] C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart Empty.pif [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=1 "DisableCMD"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoFolderOptions"=1 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "vidc.DIVX"=DivX.dll ======List of files/folders created in the last 1 month====== 2012-05-21 16:59:44 ----D---- C:\rsit 2012-05-21 16:46:13 ----D---- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla 2012-05-21 16:46:06 ----D---- C:\Program Files\Mozilla Maintenance Service 2012-05-21 16:46:06 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla 2012-05-21 16:46:01 ----D---- C:\Program Files\Mozilla Firefox 2012-05-21 16:42:13 ----A---- C:\WINDOWS\system32\olemdb32.dll 2012-05-17 16:53:53 ----D---- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan 2012-05-17 16:49:12 ----D---- C:\Program Files\SkanerOnline 2012-05-16 22:58:19 ----SD---- C:\ComboFix 2012-05-16 22:53:23 ----D---- C:\Program Files\Trend Micro 2012-05-16 22:31:21 ----A---- C:\Boot.bak 2012-05-16 22:31:16 ----RASHD---- C:\cmdcons 2012-05-16 22:28:29 ----A---- C:\WINDOWS\zip.exe 2012-05-16 22:28:29 ----A---- C:\WINDOWS\SWXCACLS.exe 2012-05-16 22:28:29 ----A---- C:\WINDOWS\SWSC.exe 2012-05-16 22:28:29 ----A---- C:\WINDOWS\SWREG.exe 2012-05-16 22:28:29 ----A---- C:\WINDOWS\sed.exe 2012-05-16 22:28:29 ----A---- C:\WINDOWS\PEV.exe 2012-05-16 22:28:29 ----A---- C:\WINDOWS\NIRCMD.exe 2012-05-16 22:28:29 ----A---- C:\WINDOWS\MBR.exe 2012-05-16 22:28:29 ----A---- C:\WINDOWS\grep.exe 2012-05-16 22:28:22 ----D---- C:\WINDOWS\ERDNT 2012-05-16 22:28:14 ----D---- C:\Qoobox 2012-05-16 21:00:31 ----ASH---- C:\pagefile.sys 2012-05-16 20:42:16 ----SHD---- C:\WINDOWS\CSC 2012-05-16 20:37:56 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys 2012-05-16 20:37:50 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys 2012-05-16 20:37:46 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys 2012-04-26 07:41:59 ----A---- C:\WINDOWS\ntbtlog.txt ======List of files/folders modified in the last 1 month====== 2012-05-21 16:59:50 ----D---- C:\WINDOWS\system32\drivers\etc 2012-05-21 16:46:06 ----RD---- C:\Program Files 2012-05-21 16:42:13 ----D---- C:\WINDOWS\system32 2012-05-21 16:41:12 ----A---- C:\WINDOWS\SchedLgU.Txt 2012-05-21 16:40:46 ----SH---- C:\AUTOEXEC.BAT 2012-05-21 16:40:22 ----D---- C:\WINDOWS\system32\CatRoot2 2012-05-17 17:52:02 ----D---- C:\WINDOWS\Temp 2012-05-17 16:49:12 ----SD---- C:\WINDOWS\Downloaded Program Files 2012-05-17 16:25:20 ----A---- C:\WINDOWS\system.ini 2012-05-16 22:31:21 ----RASH---- C:\boot.ini 2012-05-16 22:28:29 ----D---- C:\WINDOWS 2012-05-16 22:28:15 ----D---- C:\WINDOWS\system32\drivers 2012-05-16 22:28:12 ----D---- C:\WINDOWS\Prefetch 2012-05-16 21:06:25 ----SD---- C:\Documents and Settings\Komputer\Dane aplikacji\Microsoft 2012-05-16 20:42:23 ----D---- C:\Documents and Settings 2012-05-16 20:38:01 ----RSHDC---- C:\WINDOWS\system32\dllcache 2012-04-23 10:42:31 ----D---- C:\WINDOWS\SHELLNEW ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2010-03-06 36992] R0 uagp35;Filtr AGPv3.5 firmy Microsoft; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-04 44672] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2010-03-06 32256] S1 AmdK7;Sterownik procesora AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41472] S1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2010-03-06 11264] S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2010-03-06 754560] S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2010-03-06 427776] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 CreateProcess;CreateProcess Service; C:\WINDOWS\system\svchost.exe [2007-11-06 129368] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- [/log] [log]info.txt logfile of random's system information tool 1.09 2012-05-21 16:59:55 ======Uninstall list====== -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABC z Reksiem-->e:\Deinstal.exe Adobe Reader 9.4.0 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A94000000001} Auta-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A414131-FD7A-42DF-9F5E-79DC17CE4CD6}\setup.exe" -l0x15 -removeonly Bolek i Lolek - Język angielski dla najmłodszych-->C:\Program Files\AidemMedia\Bolek i Lolek - Język angielski dla najmłodszych\Uninstall.exe C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe Disney Piotruś Pan Wielki Powrót-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6B0E526-D1E8-11D5-AA2E-0008C760B784}\setup.exe" Disney Piotruś Pan Wielki Powrót DivX 5.0.1 Pro Bundle-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log eduROM Gra edukacyjna Język polski "Czytam i piszę"-->"C:\Program Files\InstallShield Installation Information\{B1EB0284-674E-48BD-9EBF-14954C95668C}\Setup.exe" -runfromtemp -l0x0015 -removeonly HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall hp deskjet 3320 series (Tylko usuń)-->C:\Program Files\hp deskjet 3320 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=3320 -huninstall Madagaskar-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0FB261F3-6F16-43FD-A404-F377C169B937} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9} Moja Droga Do Szkoły-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Winfor\Moja Droga Do Szkoły\DeIsL1.isu" -c"C:\Program Files\Winfor\Moja Droga Do Szkoły\_ISREG32.DLL" Mozilla Firefox 12.0 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe" SiS 661FX_760_741_M661FX_M760_M741-->Rundll32 SiSInst.dll,Uninstall VGA,r,0 SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe Skaner on-line mks_vir-->C:\WINDOWS\system32\SkanerOnlineUninstall.exe Smokule - Matematyka-->e:\Deinstall.exe Smokule Kolory i Kształty-->c:\Program Files\AidemMedia\Smokule Kolory i Kształty\Uninstall.exe upapp-->MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8} ======Hosts File====== <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang='en'> <head> <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel."> <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title> <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css"> <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css"> <style> h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;} .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em} ======System event log====== Computer Name: 9CE33E0FBA90427 Event Code: 7036 Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan uruchomienia. Record Number: 8169 Source Name: Service Control Manager Time Written: 20120130114910.000000+060 Event Type: informacje User: Computer Name: 9CE33E0FBA90427 Event Code: 7035 Message: Do usługi Usługa COM nagrywania dysków CD IMAPI został pomyślnie wysłany kod sterowania uruchom. Record Number: 8168 Source Name: Service Control Manager Time Written: 20120130114910.000000+060 Event Type: informacje User: ZARZĄDZANIE NT\SYSTEM Computer Name: 9CE33E0FBA90427 Event Code: 8 Message: Drukarka hp deskjet 3320 series została wyczyszczona. Record Number: 8167 Source Name: Print Time Written: 20120130111238.000000+060 Event Type: ostrzeżenie User: 9CE33E0FBA90427\Komputer Computer Name: 9CE33E0FBA90427 Event Code: 8 Message: Drukarka hp deskjet 3320 series została wyczyszczona. Record Number: 8166 Source Name: Print Time Written: 20120130111153.000000+060 Event Type: ostrzeżenie User: 9CE33E0FBA90427\Komputer Computer Name: 9CE33E0FBA90427 Event Code: 7036 Message: Usługa Usługa COM nagrywania dysków CD IMAPI weszła w stan zatrzymania. Record Number: 8165 Source Name: Service Control Manager Time Written: 20120130110509.000000+060 Event Type: informacje User: =====Application event log===== Computer Name: 9CE33E0FBA90427 Event Code: 1000 Message: Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Record Number: 284 Source Name: Application Error Time Written: 20110517104818.000000+120 Event Type: błąd User: Computer Name: 9CE33E0FBA90427 Event Code: 1800 Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona. Record Number: 283 Source Name: SecurityCenter Time Written: 20110517104618.000000+120 Event Type: informacje User: Computer Name: 9CE33E0FBA90427 Event Code: 4097 Message: Aplikacja C:\Program Files\Internet Explorer\IEXPLORE.EXE wygenerowała błąd aplikacji. Błąd wystąpił na 05/16/2011 @ 11:17:38.062. Wygenerowany wyjątek to c0000005 pod adresem 00000000 (<nosymbols>). Record Number: 282 Source Name: DrWatson Time Written: 20110516111738.000000+120 Event Type: informacje User: Computer Name: 9CE33E0FBA90427 Event Code: 1000 Message: Aplikacja powodująca błąd IEXPLORE.EXE, wersja 6.0.2900.2180, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x00000000. Record Number: 281 Source Name: Application Error Time Written: 20110516111731.000000+120 Event Type: błąd User: Computer Name: 9CE33E0FBA90427 Event Code: 1800 Message: Usługa Centrum zabezpieczeń systemu Windows została uruchomiona. Record Number: 280 Source Name: SecurityCenter Time Written: 20110516111529.000000+120 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0800 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SAFEBOOT_OPTION"=NETWORK -----------------EOF----------------- [/log] Coś jeszcze?
Gość komentarz 21 maja 2012 komentarz 21 maja 2012 1. Wejdź do trybu awaryjnego Uruchom OTL i w oknie [b]Własne opcje skanowania/ skrypt[/b] wklej: Po wklejeniu skryptu klikasz w [b][color=#0000ff]Wykonaj skrypt[/color].[/b] Zeby ci nie przyszło do głowy kliknąć w Skanuj. [code]:Files C:\cmdcons C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-16 C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-23 C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Update.12.Bron.Tok.bin C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\services.exe C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\lsass.exe C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\inetinfo.exe C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\csrss.exe C:\WINDOWS\System32\explorxp.exe :OTL O4 - HKLM..\Run: [Bron-Spizaetus] C:\WINDOWS\ShellNew\sempalong.exe () O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [Tok-Cirrhatus] C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe () O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [wsctf.exe] wsctf.exe File not found O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\eksplorasi.exe") - C:\WINDOWS\eksplorasi.exe () O33 - MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\Shell\explore\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\Shell\open\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{0c479ecc-261f-11e1-b398-0019664a8c72}\Shell - "" = AutoRun O33 - MountPoints2\{0c479ecc-261f-11e1-b398-0019664a8c72}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{7a018769-1f23-11e1-b390-0019664a8c72}\Shell - "" = AutoRun O33 - MountPoints2\{7a018769-1f23-11e1-b390-0019664a8c72}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\Shell\explore\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\Shell\open\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\Shell\explore\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\Shell\open\Command - "" = F:\EXPLORER.EXE O33 - MountPoints2\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\Shell - "" = AutoRun O33 - MountPoints2\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\C\Shell - "" = AutoRun O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe :Commands [resethosts] [emptytemp] [/code] 2. Po usuwaniu OTL wygeneruje log. Zapisz go i przedstaw. 3. Wykonaj nowy skan OTL i przedstaw raporty.
Loopezik komentarz 21 maja 2012 Autor komentarz 21 maja 2012 Ok, log po restarcie: [log]All processes killed ========== FILES ========== Folder move failed. C:\cmdcons\SYSTEM32 scheduled to be moved on reboot. Folder move failed. C:\cmdcons scheduled to be moved on reboot. C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-16 folder moved successfully. C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok folder moved successfully. C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-23 folder moved successfully. C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin moved successfully. C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Update.12.Bron.Tok.bin moved successfully. C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe moved successfully. C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\services.exe moved successfully. C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\lsass.exe moved successfully. C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\inetinfo.exe moved successfully. C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\csrss.exe moved successfully. C:\WINDOWS\System32\explorxp.exe moved successfully. ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bron-Spizaetus deleted successfully. C:\WINDOWS\SHELLNEW\sempalong.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio deleted successfully. Registry value HKEY_USERS\S-1-5-21-1004336348-2077806209-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus deleted successfully. File C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe not found. Registry value HKEY_USERS\S-1-5-21-1004336348-2077806209-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\WINDOWS\eksplorasi.exe" deleted successfully. C:\WINDOWS\eksplorasi.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bd78a32-35fc-11e1-b3a2-0019664a8c72}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c479ecc-261f-11e1-b398-0019664a8c72}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c479ecc-261f-11e1-b398-0019664a8c72}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c479ecc-261f-11e1-b398-0019664a8c72}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c479ecc-261f-11e1-b398-0019664a8c72}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a018769-1f23-11e1-b390-0019664a8c72}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a018769-1f23-11e1-b390-0019664a8c72}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a018769-1f23-11e1-b390-0019664a8c72}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a018769-1f23-11e1-b390-0019664a8c72}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4978f76-7b9b-11e0-b33d-0019664a8c72}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b89d23c4-05e5-11e1-b378-0019664a8c72}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b89d23c4-05e5-11e1-b378-0019664a8c72}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b89d23c4-05e5-11e1-b378-0019664a8c72}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b89d23c4-05e5-11e1-b378-0019664a8c72}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8e1ab2a-8866-11e1-b3d5-0019664a8c72}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Komputer ->Temp folder emptied: 62278706 bytes ->Temporary Internet Files folder emptied: 145184674 bytes ->FireFox cache emptied: 20685127 bytes ->Flash cache emptied: 977 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 4229168 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 62436 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 222,00 mb OTL by OldTimer - Version 3.2.43.1 log created on 05212012_200917 Files\Folders moved on Reboot... C:\cmdcons\SYSTEM32 folder moved successfully. C:\cmdcons folder moved successfully. Registry entries deleted on Reboot... [/log] I log po skanowaniu: [log]OTL logfile created on: 2012-05-21 20:15:49 - Run 2 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 191,48 Mb Total Physical Memory | 35,36 Mb Available Physical Memory | 18,47% Memory free 466,90 Mb Paging File | 324,99 Mb Available in Paging File | 69,61% Paging File free Paging file location(s): C:\pagefile.sys 288 576 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 12,85 Gb Total Space | 3,83 Gb Free Space | 29,79% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 18,30 Gb Free Space | 74,97% Space Free | Partition Type: FAT32 Computer Name: 9CE33E0FBA90427 | User Name: Komputer | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-05-21 16:49:14 | 000,616,448 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie\OTL.exe PRC - [2012-04-21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-01-01 16:38:18 | 000,057,344 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EXPLORER.EXE PRC - [2004-08-04 02:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-05-21 20:10:46 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\olemdb32.dll MOD - [2012-04-21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012-04-21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2007-11-06 00:37:26 | 000,129,368 | RHS- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system\svchost.exe -- (CreateProcess) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2010-03-06 14:57:05 | 000,427,776 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315) DRV - [2010-03-06 14:57:05 | 000,011,264 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp) DRV - [2010-03-06 14:54:55 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2010-03-06 14:53:38 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP) DRV - [2004-08-04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-05-21 16:46:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-21 16:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Extensions [2012-05-21 16:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-04-21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-04-21 04:18:44 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-04-21 04:18:44 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-04-21 04:18:44 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-04-21 04:18:44 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-04-21 04:18:44 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-04-21 04:18:44 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-05-21 20:09:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP) O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.) O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [wsctf.exe] wsctf.exe File not found O4 - Startup: C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\Empty.pif () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AC22B73-E65A-42A3-A3C5-EF185BA5147D}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Komputer/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-05-21 16:40:46 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011-05-11 08:56:16 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011-05-11 08:56:18 | 000,000,035 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-05-21 20:09:17 | 000,000,000 | ---D | C] -- C:\_OTL [2012-05-21 16:59:44 | 000,000,000 | ---D | C] -- C:\rsit [2012-05-21 16:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie [2012-05-21 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Mozilla [2012-05-21 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla [2012-05-21 16:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012-05-21 16:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla [2012-05-21 16:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012-05-21 16:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-21 [2012-05-17 16:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan [2012-05-17 16:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2012-05-17 16:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-17 [2012-05-16 22:58:19 | 000,000,000 | --SD | C] -- C:\ComboFix [2012-05-16 22:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HijackThis [2012-05-16 22:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012-05-16 22:28:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-05-16 22:28:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-05-16 22:28:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-05-16 22:28:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-05-16 22:28:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012-05-16 22:28:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-05-16 22:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Komputer\Menu Start\Programy\Narzędzia administracyjne [2012-05-16 22:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Moje wideo [2012-05-16 21:42:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Komputer\UserData [2012-05-16 20:42:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012-05-16 20:37:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2012-05-16 20:37:50 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys [2012-05-16 20:37:46 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys [2012-04-23 10:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok [2012-04-23 09:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\fotki [2 C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-05-21 20:10:46 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\olemdb32.dll [2012-05-21 20:10:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-05-21 20:09:20 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2012-05-21 16:46:08 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-05-21 16:40:53 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System\win32out.dll [2012-05-21 16:40:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System\win32in.dll [2012-05-21 16:40:46 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT [2012-05-21 16:38:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-05-16 22:53:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\HijackThis.lnk [2012-05-16 22:31:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2 C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-05-21 20:10:46 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\olemdb32.dll [2012-05-21 16:46:08 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk [2012-05-21 16:46:08 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-05-16 22:53:24 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\HijackThis.lnk [2012-05-16 22:31:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012-05-16 22:31:20 | 000,262,400 | RHS- | C] () -- C:\cmldr [2012-05-16 22:28:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-05-16 22:28:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-05-16 22:28:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-05-16 22:28:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-05-16 22:28:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-03-29 08:18:39 | 000,000,277 | ---- | C] () -- C:\WINDOWS\madagascar.ini [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\winlogon.exe [2011-10-10 08:15:43 | 000,001,067 | ---- | C] () -- C:\WINDOWS\disney.ini [2011-10-10 08:15:37 | 000,000,191 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2011-05-11 08:57:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-05-11 08:56:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll [color=#E56717]========== LOP Check ==========[/color] [2012-05-17 16:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan [2012-03-30 09:09:44 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\Chromeflower [2012-03-30 09:09:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\CrystalSpace [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] Co dalej?
Gość komentarz 21 maja 2012 komentarz 21 maja 2012 (edytowane) W zasadzie infekcja usunieta. W logu OTL widąć że stososwałeś [b]Combofix[/b]. Znajdź na dysku C plik [b]Combofix.txt[/b] i go przedstaw.
Loopezik komentarz 21 maja 2012 Autor komentarz 21 maja 2012 Combofixa odpalałem, ale skanowanie było zbyt długie i loga nie uzyskałem. Spróbować teraz?
Gość komentarz 21 maja 2012 komentarz 21 maja 2012 [quote]Spróbować teraz? [/quote] Nie. Damy sobie radę bez Combofix. Podaj mi tylko gdzie leży instalaka programu? Potrzebna dokładna ścieżka
Loopezik komentarz 21 maja 2012 Autor komentarz 21 maja 2012 (edytowane) Chyba c:\combofix Tylko tam znalazłem.
Gość komentarz 21 maja 2012 komentarz 21 maja 2012 [quote]Tylko tam znalazłem. [/quote] tam jest instalka Combofix? Potwierdź.
Loopezik komentarz 21 maja 2012 Autor komentarz 21 maja 2012 (edytowane) Teraz mi wynajduje od cholery plików combofixa. Generalnie c:\combofix to ikona jak "mój komputer", a po dwukliku wraca do pozycji, jak bym właśnie "mój komputer" kliknął i ciągle wynajduje. Możliwe, że instalkę miałem na pendrivie, ale teraz go nie mam. Znajduje mi: combofix na c:\ jako folder, combofix.exe-3445d8c5.pf w c:\windows\prefetch jako "plik pf" i combofix na c:\documents and settings\komputer\pulpit jako obraz JPEG. Coś chyba nie halo?
Gość komentarz 21 maja 2012 komentarz 21 maja 2012 [quote]Generalnie c:\combofix to ikona jak "mój komputer"[/quote] Zostawmy teraz Combofixa. uruchom OTL ( tryb normalny Windows) w oknie [b]Własne opcje skanowania /skrypt[/b] wklej [code]:Files C:\cmldr C:\WINDOWS\system32\EXPLORER.EXE C:\WINDOWS\CSC :OTL O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [wsctf.exe] wsctf.exe File not found O4 - Startup: C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\Empty.pif () O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Komputer/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) :Commands [emptyflash] [emptytemp][/code] Klinij w Wykonaj skrypt. Przedstaw log z usuwania. Wykonaj nowy skan OTL. Sformatuj pendraiwy jesli masz bo na nich jest infekcja
Loopezik komentarz 21 maja 2012 Autor komentarz 21 maja 2012 (edytowane) Coś chyba nie tak. Komp się zresetował, przy starcie musiałem kliknąć F4, żeby second drive czy coś takiego nie szukał, po starcie znowu brak ikon i problem z iexplore.exe. Po "uruchom c:\" komunikat, ze brak tego pliku idlist.
Gość komentarz 21 maja 2012 komentarz 21 maja 2012 [quote]Znajduje mi: combofix na c:\ jako folder, combofix.exe-3445d8c5.pf w c:\windows\prefetch jako "plik pf" i combofix na c:\documents and settings\komputer\pulpit jako obraz JPEG.[/quote] Chodzi mi o plik ComboFix.exe. Gdzie to jest?
Loopezik komentarz 21 maja 2012 Autor komentarz 21 maja 2012 (edytowane) W kolko odnajduje mi tylko ten plik, ale wiele razy: combofix.exe-3445d8c5.pf w c:\windows\prefetch, samego combofix.exe nie znajduje. A plik w katalogu jest tylko 1.
Gość komentarz 22 maja 2012 komentarz 22 maja 2012 Uruchom OTL i w oknie Własne opcje skanowania/skrypt wklej: [code]:Files C:\WINDOWS\system32\EXPLORER.EXE C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-21 C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-17 C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok C:\cmldr :OTL O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [wsctf.exe] wsctf.exe File not found O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\Empty.pif () :Commands [emptytemp][/code] Klikasz w [b]Wykonaj skrypt.[/b] 2. Robisz nowy skan OTL i przedstawiasz raport. 3. W katalogu [b]C:\Qoobox[/b] powinien zanjdować się raport z działania Combofixa. Sprawdź
Loopezik komentarz 22 maja 2012 Autor komentarz 22 maja 2012 Jak wrócę do domu, to zadziałam. Mogę zrobić format tego pena na TYM kompie?
Gość komentarz 22 maja 2012 komentarz 22 maja 2012 [quote]Mogę zrobić format tego pena na TYM kompie? [/quote] najpierw uporajmy sie z infekcją w systemie.
Loopezik komentarz 22 maja 2012 Autor komentarz 22 maja 2012 (edytowane) Po wykonaniu skryptu znowu nastąpił reset. W katalogu znalazłem tylko 1 plik txt, ale po dwukliku też nastąpił reset. Mam to robić w trybie normalnym? Czy opcja "pomiń znane dobre pliki" ma być "zaptaszkowana"? Oto log z OTLa: [log]OTL logfile created on: 2012-05-22 21:36:30 - Run 3 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 191,48 Mb Total Physical Memory | 28,55 Mb Available Physical Memory | 14,91% Memory free 466,90 Mb Paging File | 221,05 Mb Available in Paging File | 47,34% Paging File free Paging file location(s): C:\pagefile.sys 288 576 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 12,85 Gb Total Space | 3,61 Gb Free Space | 28,10% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 18,30 Gb Free Space | 74,97% Space Free | Partition Type: FAT32 Computer Name: 9CE33E0FBA90427 | User Name: Komputer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-05-21 16:49:14 | 000,616,448 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie\OTL.exe PRC - [2012-04-21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011-05-11 08:56:37 | 000,020,708 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system\wupdmgr.exe PRC - [2008-01-01 16:38:18 | 000,057,344 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EXPLORER.EXE PRC - [2007-11-06 00:37:26 | 000,129,368 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system\svchost.exe PRC - [2006-09-07 18:09:44 | 000,042,667 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\winlogon.exe PRC - [2006-09-07 18:09:44 | 000,042,667 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\services.exe PRC - [2006-09-07 18:09:44 | 000,042,667 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\lsass.exe PRC - [2004-08-04 02:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003-10-30 15:10:20 | 000,688,128 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe PRC - [2003-10-30 15:09:36 | 000,270,336 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe PRC - [2002-07-10 19:02:44 | 000,208,896 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-05-22 21:33:35 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\olemdb32.dll MOD - [2012-04-21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2006-09-07 18:09:44 | 000,042,667 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\winlogon.exe MOD - [2006-09-07 18:09:44 | 000,042,667 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\services.exe MOD - [2006-09-07 18:09:44 | 000,042,667 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\lsass.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012-04-21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2007-11-06 00:37:26 | 000,129,368 | RHS- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system\svchost.exe -- (CreateProcess) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2010-03-06 14:57:05 | 000,427,776 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315) DRV - [2010-03-06 14:57:05 | 000,011,264 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp) DRV - [2010-03-06 14:54:55 | 000,032,256 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2010-03-06 14:53:38 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP) DRV - [2004-08-04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-05-21 16:46:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-21 16:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla\Extensions [2012-05-21 16:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-04-21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-04-21 04:18:44 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-04-21 04:18:44 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-04-21 04:18:44 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-04-21 04:18:44 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-04-21 04:18:44 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-04-21 04:18:44 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-05-16 22:16:24 | 000,012,393 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> O1 - Hosts: <html lang='en'> O1 - Hosts: <head> O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel."> O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css"> O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css"> O1 - Hosts: <style> O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;} O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em} O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em} O1 - Hosts: .services { font-size:116%; padding-bottom:20px } O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px} O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px} O1 - Hosts: p {margin:20px;font-size:1em;} O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;} O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;} O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;} O1 - Hosts: </style> O1 - Hosts: </head> O1 - Hosts: <body> O1 - Hosts: <!-- following code added by server. PLEASE REMOVE --> O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --> O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px"> O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px"> O1 - Hosts: 90 more lines... O4 - HKLM..\Run: [Bron-Spizaetus] C:\WINDOWS\ShellNew\sempalong.exe () O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP) O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.) O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [Tok-Cirrhatus] C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe () O4 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003..\Run: [wsctf.exe] wsctf.exe File not found O4 - Startup: C:\Documents and Settings\Komputer\Menu Start\Programy\Autostart\Empty.pif () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1004336348-2077806209-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} [url="http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.p...kanerOnline.cab[/url] (MksSkanerOnline Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AC22B73-E65A-42A3-A3C5-EF185BA5147D}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKLM Winlogon: Shell - ("C:\WINDOWS\eksplorasi.exe") - C:\WINDOWS\eksplorasi.exe () O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Komputer/USTAWI~1/Temp/msohtml1/01/clip_image002.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-05-22 21:34:32 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011-05-11 08:56:16 | 000,000,035 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011-05-11 08:56:18 | 000,000,035 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-05-22 21:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok [2012-05-22 21:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-22 [2012-05-21 20:52:34 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-05-21 20:52:34 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-05-21 20:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok [2012-05-21 20:09:17 | 000,000,000 | ---D | C] -- C:\_OTL [2012-05-21 16:59:44 | 000,000,000 | ---D | C] -- C:\rsit [2012-05-21 16:49:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Pobieranie [2012-05-21 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Mozilla [2012-05-21 16:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\Mozilla [2012-05-21 16:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012-05-21 16:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla [2012-05-21 16:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012-05-17 16:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan [2012-05-17 16:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2012-05-16 22:58:19 | 000,000,000 | --SD | C] -- C:\ComboFix [2012-05-16 22:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HijackThis [2012-05-16 22:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012-05-16 22:28:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-05-16 22:28:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-05-16 22:28:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-05-16 22:28:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-05-16 22:28:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012-05-16 22:28:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-05-16 22:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Komputer\Menu Start\Programy\Narzędzia administracyjne [2012-05-16 22:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Komputer\Moje dokumenty\Moje wideo [2012-05-16 21:42:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Komputer\UserData [2012-05-16 20:42:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012-05-16 20:37:56 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2012-05-16 20:37:50 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys [2012-05-16 20:37:46 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys [2012-04-23 09:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Komputer\Pulpit\fotki [2 C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-05-22 21:40:00 | 000,000,017 | ---- | M] () -- C:\WINDOWS\System\win32out.dll [2012-05-22 21:40:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System\win32in.dll [2012-05-22 21:34:32 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT [2012-05-22 21:33:35 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\olemdb32.dll [2012-05-22 21:33:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-05-21 21:53:52 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin [2012-05-21 21:18:49 | 000,160,470 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\combofix.JPG [2012-05-21 20:52:34 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-05-21 20:52:34 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-05-21 16:46:08 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-05-21 16:38:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-05-16 22:53:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Komputer\Pulpit\HijackThis.lnk [2012-05-16 22:31:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012-05-16 22:16:24 | 000,012,393 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2 C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Komputer\Moje dokumenty\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-05-22 21:33:35 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\olemdb32.dll [2012-05-21 21:53:52 | 000,012,393 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin [2012-05-21 21:18:48 | 000,160,470 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\combofix.JPG [2012-05-21 16:46:08 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk [2012-05-21 16:46:08 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-05-16 22:53:24 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Komputer\Pulpit\HijackThis.lnk [2012-05-16 22:31:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012-05-16 22:28:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-05-16 22:28:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-05-16 22:28:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-05-16 22:28:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-05-16 22:28:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-03-29 08:18:39 | 000,000,277 | ---- | C] () -- C:\WINDOWS\madagascar.ini [2012-01-03 13:15:08 | 000,042,667 | -H-- | C] () -- C:\WINDOWS\eksplorasi.exe [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\winlogon.exe [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\smss.exe [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\services.exe [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\lsass.exe [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\inetinfo.exe [2012-01-03 13:15:08 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\csrss.exe [2011-10-10 08:15:43 | 000,001,067 | ---- | C] () -- C:\WINDOWS\disney.ini [2011-10-10 08:15:37 | 000,000,191 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2011-05-11 08:57:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Komputer\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-05-11 08:56:57 | 000,001,409 | ---- | C] () -- C:\WINDOWS\System32\settings.dll [color=#E56717]========== LOP Check ==========[/color] [2012-05-17 16:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\ArcaVirMicroScan [2012-03-30 09:09:44 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\Chromeflower [2012-03-30 09:09:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Komputer\Dane aplikacji\CrystalSpace [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log]
Gość komentarz 23 maja 2012 komentarz 23 maja 2012 Infekcja wraca. Zmieniamy narzedzie. Pobierz [b]Combofix[/b] http://download.bleepingcomputer.com/sUBs/ComboFix.exe Uruchom. Po zakończeniu działania będzie raport. Zapisz go i przedstaw.
Loopezik komentarz 23 maja 2012 Autor komentarz 23 maja 2012 Podłączyłem kompa do innego monitora, ale tam nie mam neta. W każdym razie miałem jakiegoś combofixa na pendrivie, ale skanował ponad godzinę i nadal nie wywalił loga? Ten z linku może być lepszy? I czy bezpieczne będzie go przenosić na penie?
Gość komentarz 23 maja 2012 komentarz 23 maja 2012 [quote]Ten z linku może być lepszy? I czy bezpieczne będzie go przenosić na penie? [/quote] Ten z linku jest oryginalny. Sformatuj pena a potem pobierz instalkę i uruchom. Jak bedą problemy to startuj z Combofixem w awaryjnym.
Loopezik komentarz 24 maja 2012 Autor komentarz 24 maja 2012 Ściągnąłem z neta. To dziadostwo chyba blokuje jakoś combofixa, skanuje już ponad godzinę w awaryjnym i nic, nie ma loga. W normalnym trybie się komp resetuje zaraz po starcie.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.