Braviax, figaro.sys, your computer is infected

**Posty:** 20 · przez **m-daria** 15 Sie 2009, 11:56

Witam,
otóż mam problem od wczorajszego popołudnia - niespodziewanie wkradł się wirus, Avast sobie z nim nie radzi. Usuwanie go zdalnie nie pomaga. Pokazuje informacje o pojawieniu się konia trojańskiego "C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\0H2VS5AB\Install[1].exe", figaro.sys, braviax.exe. Po czym pojawia się kolejny jakiś zawirusowany plik windstr.exe. żadne usuwanie nie pomaga na to dziadostwo, a komp drastycznie zwolnił swoje obroty. I pojawia się to okno Your computer is infected. jeśli to coś zmieni to mam na dysku ghost.tib w czasu kiedy po raz pierwszy był postawiony system.

a jak chce zrobić log'a to program zawisa w pewnym momencie...i nie idzie dalej.

proszę o pomoc.

**Posty:** 8001 · przez **Okocza** 15 Sie 2009, 11:57

m-daria, daj log z OTL, RSIT lub DSS

**Posty:** 20 · przez **m-daria** 15 Sie 2009, 12:18

musiałam zrobić log'a na awaryjnym bo inaczej nie dało rady.

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by Microsoft XP at 2009-08-15 12:12:43 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 43 GB (31%) free of 140 GB Total RAM: 1023 MB (78% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:12:51, on 2009-08-15 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Microsoft XP\Pulpit\RSIT.exe C:\Program Files\trend micro\Microsoft XP.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [rts] C:\WINDOWS\rts.exe O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\Microsoft XP\msword98.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ikowin32.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172769361156 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: cru629.dat O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: hpdj - HP - C:\DOCUME~1\MICROS~1\USTAWI~1\Temp\hpdj.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing) -- End of file - 5849 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=NvMCTray.dll,NvTaskbarInit [] "KBDriver"=C:\Program Files\Keyboard Driver\OEMDriver.exe [2004-07-28 151552] "RemoteControl"=C:\WINDOWS\system32\rmctrl.exe [2000-10-16 32768] "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [2003-05-16 172032] "SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-09-20 132624] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888] "msword98"=C:\WINDOWS\system32\msword98.exe [2009-08-14 27004] "Regedit32"=C:\WINDOWS\system32\regedit.exe [] "rts"=C:\WINDOWS\rts.exe [2009-08-14 50688] "PC Antispyware 2010"=C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe [2009-08-14 589913] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-07-02 23237416] "PowerBar"=C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [2004-04-21 86016] "Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008] "Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-07-27 10719848] "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent [] "msword98"=C:\Documents and Settings\Microsoft XP\msword98.exe [2009-08-14 27004] "braviax"= [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5] C:\Program Files\Gizmo5\Gizmo5.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] C:\Program Files\Tlen.pl\tlen.exe [2007-11-07 6234624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avast! Mail Scanner"=3 C:\Documents and Settings\Microsoft XP\Menu Start\Programy\Autostart ikowin32.exe OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="cru629.dat" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Disabled:Torrent P2P application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\Microsoft XP\Pulpit\eMule0.47c\eMule0.47c\emule.exe"="C:\Documents and Settings\Microsoft XP\Pulpit\eMule0.47c\eMule0.47c\emule.exe:*:Enabled:eMule" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\sandra.exe:*:Enabled:SiSoftware Sandra Lite" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed" "C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent" "C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Disabled:DC++" "C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player" "C:\Program Files\Gizmo5\Gizmo5.exe"="C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5" "C:\Program Files\Tlen.pl\tlen.exe"="C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Documents and Settings\Microsoft XP\Pulpit\utorrent-1.8.2.upx.exe"="C:\Documents and Settings\Microsoft XP\Pulpit\utorrent-1.8.2.upx.exe:*:Enabled:µTorrent" "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\Gizmo5\mDNSResponder.exe"="C:\Program Files\Gizmo5\mDNSResponder.exe:*:Disabled:Bonjour" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\sandra.exe:*:Enabled:SiSoftware Sandra Lite" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite" ======List of files/folders created in the last 1 months====== 2009-08-15 12:03:48 ----D---- C:\Program Files\trend micro 2009-08-15 11:51:04 ----D---- C:\rsit 2009-08-15 02:35:08 ----A---- C:\WINDOWS\system32\orami.vbs 2009-08-15 02:35:08 ----A---- C:\WINDOWS\ahihexobof.bat 2009-08-15 02:34:56 ----D---- C:\PC_Antispyware2010 2009-08-15 02:34:54 ----D---- C:\Program Files\PC_Antispyware2010 2009-08-14 22:33:33 ----A---- C:\WINDOWS\braviax.exe 2009-08-14 21:54:42 ----D---- C:\Program Files\Kaspersky Lab 2009-08-14 21:54:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2009-08-14 21:50:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-08-14 16:28:39 ----A---- C:\WINDOWS\system32\wisdstr.exe 2009-08-14 16:12:21 ----A---- C:\WINDOWS\system32\braviax.exe 2009-08-14 16:11:36 ----A---- C:\WINDOWS\system32\delself.bat 2009-08-14 16:08:18 ----D---- C:\WINDOWS\temp01 2009-08-14 16:03:12 ----A---- C:\WINDOWS\rts.exe 2009-08-14 15:46:20 ----A---- C:\WINDOWS\system32\msword98.exe 2009-08-12 10:28:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-12 10:28:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-12 10:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-12 10:28:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-12 10:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-12 10:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-12 10:27:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-12 10:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-12 10:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-10 23:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-10 03:05:12 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-10 03:05:04 ----D---- C:\WINDOWS\system32\en-US 2009-08-10 03:04:56 ----D---- C:\Program Files\Reference Assemblies 2009-08-10 03:04:26 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-10 03:04:26 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-10 03:04:26 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-10 03:04:25 ----D---- C:\cc848a8d0bb74855a17bde3280 2009-08-10 03:02:06 ----SHD---- C:\Config.Msi 2009-08-02 19:27:23 ----A---- C:\WINDOWS\system32\javaws.exe 2009-08-02 19:27:23 ----A---- C:\WINDOWS\system32\javaw.exe 2009-08-02 19:27:23 ----A---- C:\WINDOWS\system32\java.exe 2009-08-02 19:26:31 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\McAfee 2009-08-01 09:41:44 ----D---- C:\Program Files\TryMedia 2009-08-01 09:41:34 ----D---- C:\Program Files\Alawar 2009-07-29 09:35:41 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$ 2009-07-21 20:26:09 ----D---- C:\Program Files\AC3Filter 2009-07-18 14:04:04 ----D---- C:\Documents and Settings\Microsoft XP\Dane aplikacji\cenzura! Culture Foundation 2009-07-18 14:03:06 ----D---- C:\Program Files\cenzura! Culture Foundation 2009-07-16 08:32:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-16 08:31:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-16 08:29:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ ======List of files/folders modified in the last 1 months====== 2009-08-15 12:12:35 ----A---- C:\WINDOWS\ntbtlog.txt 2009-08-15 12:11:19 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-15 12:11:18 ----D---- C:\WINDOWS\Temp 2009-08-15 12:03:48 ----RD---- C:\Program Files 2009-08-15 12:02:52 ----D---- C:\Program Files\Mozilla Firefox 2009-08-15 11:43:22 ----D---- C:\Documents and Settings\Microsoft XP\Dane aplikacji\Skype 2009-08-15 02:35:08 ----D---- C:\WINDOWS\system32 2009-08-15 02:35:08 ----D---- C:\WINDOWS 2009-08-15 02:35:08 ----D---- C:\Program Files\Common Files 2009-08-14 22:03:43 ----D---- C:\WINDOWS\system32\drivers 2009-08-14 22:03:42 ----HD---- C:\WINDOWS\inf 2009-08-14 21:55:20 ----SHD---- C:\WINDOWS\Installer 2009-08-14 21:46:46 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-14 16:32:14 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-14 16:08:58 ----D---- C:\WINDOWS\Prefetch 2009-08-14 16:02:25 ----D---- C:\Documents and Settings\Microsoft XP\Dane aplikacji\uTorrent 2009-08-12 22:38:58 ----D---- C:\Filmy 2009-08-12 10:28:26 ----A---- C:\WINDOWS\imsins.BAK 2009-08-12 10:28:10 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-12 10:27:55 ----D---- C:\Program Files\Outlook Express 2009-08-10 23:58:40 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-10 03:25:48 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-10 03:25:47 ----RSD---- C:\WINDOWS\assembly 2009-08-10 03:09:03 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-10 03:08:39 ----D---- C:\WINDOWS\WinSxS 2009-08-10 03:05:07 ----D---- C:\Program Files\MSBuild 2009-08-10 03:05:03 ----RSD---- C:\WINDOWS\Fonts 2009-08-10 03:04:42 ----D---- C:\WINDOWS\system32\spool 2009-08-10 03:02:25 ----D---- C:\WINDOWS\system32\mui 2009-08-10 03:02:25 ----D---- C:\Program Files\Internet Explorer 2009-08-05 11:01:12 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-08-02 19:27:21 ----D---- C:\Program Files\Java 2009-08-01 09:40:19 ----D---- C:\Program Files\Tetris 2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe 2009-07-29 08:54:26 ----D---- C:\Program Files\Nowe Gadu-Gadu 2009-07-18 18:05:06 ----A---- C:\WINDOWS\system32\shdocvw.dll 2009-07-18 18:05:06 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-07-17 21:04:02 ----A---- C:\WINDOWS\system32\atl.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-09-18 250240] S1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] S1 is-F4S11drv;is-F4S11drv; C:\WINDOWS\system32\DRIVERS\26377542.sys [2008-07-08 148496] S1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-14 227344] S2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys [] S2 vacnht73w40;vacnht73w40; \??\C:\WINDOWS\system32\drivers\vacnht73w40.sys [] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024] S3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-03-20 47360] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbser;Motorola A1000 USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 V0260VID;Live! Cam Vista IM; C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 178913] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088] S2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341] S2 hpdj;hpdj; C:\DOCUME~1\MICROS~1\USTAWI~1\Temp\hpdj.exe [2003-05-16 266240] S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984] S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] S2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [] S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SandraDataSrv;Sandra Data Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe [2006-06-05 117288] S3 SandraTheSrv;Sandra Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe [2006-06-05 1129000] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

a i właśnie firefox zaczął otwierać okna jakie mu się tylko podobają i wyskakuje informacja PC ANtispyware 2010 - warning! PC Antispyware has found 28 useless and unwanted files on your computer.

HELP!!!

**Posty:** 18165 · przez **wojtas** 15 Sie 2009, 13:24

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

**Posty:** 20 · przez **m-daria** 15 Sie 2009, 15:50

jest problem ponieważ już którąś godzinę z rzędu nie mogę odpalić ccombofixa.

**Posty:** 18165 · przez **wojtas** 15 Sie 2009, 20:26

Pobierz OTL i daj z niego loga

**Posty:** 20 · przez **m-daria** 16 Sie 2009, 12:25

log z OTL. robiony również na awaryjnym bo teraz to już nawet net odmawia posłuszeństwa.

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2009-08-16 12:16:11 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Microsoft XP\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 794,58 Mb Available Physical Memory | 77,63% Memory free 2,40 Gb Paging File | 2,32 Gb Available in Paging File | 96,78% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 136,71 Gb Total Space | 41,83 Gb Free Space | 30,59% Space Free | Partition Type: NTFS Drive D: | 49,59 Gb Total Space | 6,03 Gb Free Space | 12,16% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 974,06 Mb Total Space | 973,54 Mb Free Space | 99,95% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: MICROSOFT Current User Name: Microsoft XP Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "15785:TCP" = 15785:TCP:*:Disabled:BitComet 15785 TCP "15785:UDP" = 15785:UDP:*:Disabled:BitComet 15785 UDP "14148:TCP" = 14148:TCP:*:Disabled:BitComet 14148 TCP "14148:UDP" = 14148:UDP:*:Disabled:BitComet 14148 UDP [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\sandra.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\sandra.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware) "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware) "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- File not found "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found "C:\Program Files\BitDownload\BitDownload.exe" = C:\Program Files\BitDownload\BitDownload.exe:*:Disabled:Torrent P2P application -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Documents and Settings\Microsoft XP\Pulpit\eMule0.47c\eMule0.47c\emule.exe" = C:\Documents and Settings\Microsoft XP\Pulpit\eMule0.47c\eMule0.47c\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net) "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\sandra.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\sandra.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware) "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware) "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware) "C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe" = C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed -- File not found "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- File not found "C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found "C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found "C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client -- File not found "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found "C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Disabled:DC++ -- File not found "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Program Files\Gizmo5\Gizmo5.exe" = C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5 -- File not found "C:\Program Files\Tlen.pl\tlen.exe" = C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl -- (o2.pl Sp. z o.o.) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Documents and Settings\Microsoft XP\Pulpit\utorrent-1.8.2.upx.exe" = C:\Documents and Settings\Microsoft XP\Pulpit\utorrent-1.8.2.upx.exe:*:Enabled:µTorrent -- File not found "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" = C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- (Gabest) "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\Gizmo5\mDNSResponder.exe" = C:\Program Files\Gizmo5\mDNSResponder.exe:*:Disabled:Bonjour -- File not found "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- (Skype Technologies S.A.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 14 "{31BFEC6C-1F27-45B5-839C-BCBAE327993A}" = OpenOffice.org 3.0 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}" = hp deskjet 3600 "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1" = Tetris "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1045-7B44-A70500000002}" = Adobe Reader 7.0.5 - Polish "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.8.193 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F09CFF49-CF9F-11D8-86F6-0050BF6C9337}" = Multimedia Keyboard Driver 1.0 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "AC3Filter_is1" = AC3Filter 1.62b "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALLPlayer V2.2" = ALLPlayer V2.2 "Any Video Converter_is1" = Any Video Converter 2.5.6 "Ashampoo Burning Studio 7_is1" = Ashampoo Burning Studio 7 "Audacity_is1" = Audacity 1.2.6 "CAL" = Canon Camera Access Library "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "Creative Live! Cam Vista IM User's Guide English" = Creative Live! Cam Vista IM User's Guide (English) "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104) "Creative WebCam Center" = Creative WebCam Center "CSCLIB" = Canon Camera Support Core Library "ENTERPRISE" = Microsoft Office Enterprise 2007 "EOS Utility" = Canon Utilities EOS Utility "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.65 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.1 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "NVIDIA Drivers" = NVIDIA Drivers "Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0 "PC_Antispyware2010" = PC Antispyware 2010 "PhotoStitch" = Canon Utilities PhotoStitch "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "Rzeźnik MPEGów 1.1.99_is1" = Rzeźnik MPEGów 1.1.99 "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "SiSoftware Sandra Lite 2007_is1" = SiSoftware Sandra Lite 2007 (Win64/32/CE) "SolveigMM MPEG-2 Requantizer SDK 1.0.703.14" = SolveigMM MPEG-2 Requantizer SDK "SysInfo" = Creative System Information "Tetris 4000" = Tetris 4000 "Tlen.pl" = Tlen.pl "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = The GIMP 2.2.11 "WinGTK-2_is1" = GTK+ 2.4.14 runtime environment "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XnView_is1" = XnView 1.70 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "uTorrent" = µTorrent [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2008-06-23 03:48:02 | Computer Name = MICROSOFT | Source = nview_info | ID = 11141121 Description = Error - 2008-06-23 03:48:07 | Computer Name = MICROSOFT | Source = nview_info | ID = 11141121 Description = Error - 2008-06-23 03:48:07 | Computer Name = MICROSOFT | Source = nview_info | ID = 11141121 Description = Error - 2008-06-23 03:48:08 | Computer Name = MICROSOFT | Source = nview_info | ID = 11141121 Description = Error - 2008-06-23 03:48:08 | Computer Name = MICROSOFT | Source = nview_info | ID = 11141121 Description = Error - 2008-06-23 03:48:08 | Computer Name = MICROSOFT | Source = nview_info | ID = 11141121 Description = Error - 2008-06-23 03:48:08 | Computer Name = MICROSOFT | Source = nview_info | ID = 11141121 Description = Error - 2008-06-23 03:48:08 | Computer Name = MICROSOFT | Source = nview_info | ID = 11141121 Description = Error - 2008-06-23 03:48:09 | Computer Name = MICROSOFT | Source = nview_info | ID = 11141121 Description = Error - 2008-06-24 01:37:49 | Computer Name = MICROSOFT | Source = nview_info | ID = 11141121 Description = [ System Events ] Error - 2009-08-16 06:06:01 | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Kaspersky Internet Security z powodu następującego błędu: %%1053 Error - 2009-08-16 06:06:01 | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi hpdj z powodu następującego błędu: %%1083 Error - 2009-08-16 06:14:48 | Computer Name = MICROSOFT | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 2009-08-16 06:14:54 | Computer Name = MICROSOFT | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 2009-08-16 06:14:55 | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2009-08-16 06:14:55 | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7001 Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2009-08-16 06:14:55 | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7001 Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2009-08-16 06:14:55 | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7001 Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można uruchomić z powodu następującego błędu: %%31 Error - 2009-08-16 06:14:55 | Computer Name = MICROSOFT | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: AFD Fips intelppm IPSec is-F4S11drv kl1 klbg KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error - 2009-08-16 06:15:04 | Computer Name = MICROSOFT | Source = DCOM | ID = 10005 Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811} < End of report >

**Posty:** 18165 · przez **wojtas** 16 Sie 2009, 13:52

Pobierz i uruchom narzędzie
The Avenger
Wklej do okienka programu

Files to delete:

C:\WINDOWS\system32\orami.vbs
C:\WINDOWS\ahihexobof.bat
C:\WINDOWS\braviax.exe
C:\WINDOWS\system32\wisdstr.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\delself.bat
C:\WINDOWS\rts.exe
C:\WINDOWS\system32\msword98.exe

Folders to delete:

C:\PC_Antispyware2010
C:\Program Files\PC_Antispyware2010
C:\WINDOWS\temp01

Klikasz Execute, potem sporobuj odpalic combofixa w normalnym a jak nie to loga z RSIT

**Posty:** 20 · przez **m-daria** 16 Sie 2009, 14:26

Przestały się pokazywać niektóre komunikaty, ale nadal ciężko korzystać z kompa.
Log z RSIT (na awaryjnym, bo Combofix nie odpalił się)

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by Microsoft XP at 2009-08-16 14:23:55 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 43 GB (31%) free of 140 GB Total RAM: 1023 MB (78% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:24:04, on 2009-08-16 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Microsoft XP\Pulpit\RSIT.exe C:\Program Files\trend micro\Microsoft XP.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [rts] C:\WINDOWS\rts.exe O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide O4 - HKLM\..\Run: [braviax] braviax.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\Microsoft XP\msword98.exe O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ikowin32.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172769361156 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: cru629.dat O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: hpdj - HP - C:\DOCUME~1\MICROS~1\USTAWI~1\Temp\hpdj.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing) -- End of file - 5768 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=NvMCTray.dll,NvTaskbarInit [] "KBDriver"=C:\Program Files\Keyboard Driver\OEMDriver.exe [2004-07-28 151552] "RemoteControl"=C:\WINDOWS\system32\rmctrl.exe [2000-10-16 32768] "DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [2003-05-16 172032] "SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-09-20 132624] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888] "msword98"=C:\WINDOWS\system32\msword98.exe [] "Regedit32"=C:\WINDOWS\system32\regedit.exe [] "rts"=C:\WINDOWS\rts.exe [] "PC Antispyware 2010"=C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe /hide [] "braviax"=C:\WINDOWS\system32\braviax.exe [2009-08-16 11264] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-07-02 23237416] "PowerBar"=C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [2004-04-21 86016] "Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008] "Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-07-27 10719848] "EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent [] "msword98"=C:\Documents and Settings\Microsoft XP\msword98.exe [2009-08-14 27004] "braviax"=C:\WINDOWS\system32\braviax.exe [2009-08-16 11264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo5] C:\Program Files\Gizmo5\Gizmo5.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] C:\Program Files\Tlen.pl\tlen.exe [2007-11-07 6234624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avast! Mail Scanner"=3 C:\Documents and Settings\Microsoft XP\Menu Start\Programy\Autostart ikowin32.exe OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="cru629.dat" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Disabled:Torrent P2P application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\Microsoft XP\Pulpit\eMule0.47c\eMule0.47c\emule.exe"="C:\Documents and Settings\Microsoft XP\Pulpit\eMule0.47c\eMule0.47c\emule.exe:*:Enabled:eMule" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\sandra.exe:*:Enabled:SiSoftware Sandra Lite" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed" "C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire" "C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent" "C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Disabled:DC++" "C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player" "C:\Program Files\Gizmo5\Gizmo5.exe"="C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5" "C:\Program Files\Tlen.pl\tlen.exe"="C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Documents and Settings\Microsoft XP\Pulpit\utorrent-1.8.2.upx.exe"="C:\Documents and Settings\Microsoft XP\Pulpit\utorrent-1.8.2.upx.exe:*:Enabled:µTorrent" "C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe"="C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\Gizmo5\mDNSResponder.exe"="C:\Program Files\Gizmo5\mDNSResponder.exe:*:Disabled:Bonjour" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\sandra.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\sandra.exe:*:Enabled:SiSoftware Sandra Lite" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite" ======List of files/folders created in the last 1 months====== 2009-08-16 14:14:46 ----A---- C:\WINDOWS\system32\delself.bat 2009-08-16 14:04:49 ----D---- C:\WINDOWS\temp01 2009-08-16 14:04:16 ----D---- C:\Avenger 2009-08-16 14:04:16 ----A---- C:\avenger.txt 2009-08-16 14:03:31 ----A---- C:\zip.exe 2009-08-16 14:03:31 ----A---- C:\cleanup.exe 2009-08-16 14:03:31 ----A---- C:\cleanup.bat 2009-08-16 12:15:57 ----D---- C:\_OTL 2009-08-16 00:36:48 ----A---- C:\WINDOWS\lizej.bat 2009-08-15 12:03:48 ----D---- C:\Program Files\trend micro 2009-08-15 11:51:04 ----D---- C:\rsit 2009-08-14 22:33:33 ----A---- C:\WINDOWS\braviax.exe 2009-08-14 21:54:42 ----D---- C:\Program Files\Kaspersky Lab 2009-08-14 21:54:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2009-08-14 21:50:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-08-14 16:12:21 ----A---- C:\WINDOWS\system32\braviax.exe 2009-08-12 10:28:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-12 10:28:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-12 10:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-12 10:28:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-12 10:28:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-12 10:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-12 10:27:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-12 10:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-12 10:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-10 23:58:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-10 03:05:12 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-10 03:05:04 ----D---- C:\WINDOWS\system32\en-US 2009-08-10 03:04:56 ----D---- C:\Program Files\Reference Assemblies 2009-08-10 03:04:26 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-08-10 03:04:26 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-08-10 03:04:26 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-08-10 03:04:25 ----D---- C:\cc848a8d0bb74855a17bde3280 2009-08-10 03:02:06 ----SHD---- C:\Config.Msi 2009-08-02 19:27:23 ----A---- C:\WINDOWS\system32\javaws.exe 2009-08-02 19:27:23 ----A---- C:\WINDOWS\system32\javaw.exe 2009-08-02 19:27:23 ----A---- C:\WINDOWS\system32\java.exe 2009-08-02 19:26:31 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\McAfee 2009-08-01 09:41:44 ----D---- C:\Program Files\TryMedia 2009-08-01 09:41:34 ----D---- C:\Program Files\Alawar 2009-07-29 09:35:41 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$ 2009-07-21 20:26:09 ----D---- C:\Program Files\AC3Filter 2009-07-18 14:04:04 ----D---- C:\Documents and Settings\Microsoft XP\Dane aplikacji\cenzura! Culture Foundation 2009-07-18 14:03:06 ----D---- C:\Program Files\cenzura! Culture Foundation ======List of files/folders modified in the last 1 months====== 2009-08-16 14:23:22 ----A---- C:\WINDOWS\ntbtlog.txt 2009-08-16 14:14:46 ----D---- C:\WINDOWS\Temp 2009-08-16 14:14:46 ----D---- C:\WINDOWS\system32 2009-08-16 14:09:56 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-16 14:04:49 ----D---- C:\WINDOWS 2009-08-16 14:04:16 ----RD---- C:\Program Files 2009-08-16 14:04:16 ----D---- C:\WINDOWS\system32\drivers 2009-08-16 12:09:21 ----D---- C:\WINDOWS\Prefetch 2009-08-16 12:01:16 ----D---- C:\Documents and Settings\Microsoft XP\Dane aplikacji\Skype 2009-08-15 16:21:16 ----D---- C:\Program Files\Mozilla Firefox 2009-08-15 02:35:08 ----D---- C:\Program Files\Common Files 2009-08-14 22:03:42 ----HD---- C:\WINDOWS\inf 2009-08-14 21:55:20 ----SHD---- C:\WINDOWS\Installer 2009-08-14 21:46:46 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-14 16:32:14 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-14 16:02:25 ----D---- C:\Documents and Settings\Microsoft XP\Dane aplikacji\uTorrent 2009-08-12 22:38:58 ----D---- C:\Filmy 2009-08-12 10:28:26 ----A---- C:\WINDOWS\imsins.BAK 2009-08-12 10:28:10 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-12 10:27:55 ----D---- C:\Program Files\Outlook Express 2009-08-10 23:58:40 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-10 03:25:48 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-10 03:25:47 ----RSD---- C:\WINDOWS\assembly 2009-08-10 03:09:03 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-10 03:08:39 ----D---- C:\WINDOWS\WinSxS 2009-08-10 03:05:07 ----D---- C:\Program Files\MSBuild 2009-08-10 03:05:03 ----RSD---- C:\WINDOWS\Fonts 2009-08-10 03:04:42 ----D---- C:\WINDOWS\system32\spool 2009-08-10 03:02:25 ----D---- C:\WINDOWS\system32\mui 2009-08-10 03:02:25 ----D---- C:\Program Files\Internet Explorer 2009-08-05 11:01:12 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-08-02 19:27:21 ----D---- C:\Program Files\Java 2009-08-01 09:40:19 ----D---- C:\Program Files\Tetris 2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe 2009-07-29 08:54:26 ----D---- C:\Program Files\Nowe Gadu-Gadu 2009-07-18 18:05:06 ----A---- C:\WINDOWS\system32\shdocvw.dll 2009-07-18 18:05:06 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-07-17 21:04:02 ----A---- C:\WINDOWS\system32\atl.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] S1 is-F4S11drv;is-F4S11drv; C:\WINDOWS\system32\DRIVERS\26377542.sys [2008-07-08 148496] S1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-14 227344] S2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys [] S2 vacnht73w40;vacnht73w40; \??\C:\WINDOWS\system32\drivers\vacnht73w40.sys [] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CLPCIID;CLPCIID; \??\C:\Program Files\CyberLink\PowerDVD\clpciid.sys [] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024] S3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-03-20 47360] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbser;Motorola A1000 USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] S3 V0260VID;Live! Cam Vista IM; C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 178913] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-09-18 250240] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088] S2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341] S2 hpdj;hpdj; C:\DOCUME~1\MICROS~1\USTAWI~1\Temp\hpdj.exe [2003-05-16 266240] S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984] S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] S2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [] S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SandraDataSrv;Sandra Data Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe [2006-06-05 117288] S3 SandraTheSrv;Sandra Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe [2006-06-05 1129000] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

**Posty:** 18165 · przez **wojtas** 16 Sie 2009, 16:44

wklej do notatnika

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"msword98"=-
"Regedit32"=-
"rts"=-
"PC Antispyware 2010"=-
"braviax"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msword98"=-
"braviax"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
"appinit_dlls"=""

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru

uruchom narzędzie
The Avenger
Wklej do okienka programu

Files to delete:

C:\WINDOWS\system32\delself.bat
C:\cleanup.exe
C:\WINDOWS\cru629.dat
C:\cleanup.bat
C:\WINDOWS\lizej.bat
C:\WINDOWS\braviax.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\DRIVERS\26377542.sys
C:\WINDOWS\system32\drivers\vacnht73w40.sys

Folders to delete:

C:\WINDOWS\temp01

Drivers to unload:

is-F4S11drv
vacnht73w40

Klikasz Execute,

wklejasz na forum raport: C:\avenger.txt + log z combofixa... (wylacz antywirusa moze odapli )

**Posty:** 20 · przez **m-daria** 16 Sie 2009, 17:28

Komp teraz sam się restartuje co jakiś czas i nadal pojawia się your computer is infected.

z avangera.

Kod: Zaznacz wszystko: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\system32\orami.vbs" deleted successfully. File "C:\WINDOWS\ahihexobof.bat" deleted successfully. File "C:\WINDOWS\braviax.exe" deleted successfully. File "C:\WINDOWS\system32\wisdstr.exe" deleted successfully. File "C:\WINDOWS\system32\braviax.exe" deleted successfully. File "C:\WINDOWS\system32\delself.bat" deleted successfully. File "C:\WINDOWS\rts.exe" deleted successfully. File "C:\WINDOWS\system32\msword98.exe" deleted successfully. Folder "C:\PC_Antispyware2010" deleted successfully. Folder "C:\Program Files\PC_Antispyware2010" deleted successfully. Folder "C:\WINDOWS\temp01" deleted successfully. Completed script processing. ******************* Finished! Terminate.

combofix nadal nie idzie.

**Posty:** 18165 · przez **wojtas** 16 Sie 2009, 17:38

wklej to do avengera;

Files to delete:

C:\WINDOWS\system32\delself.bat
C:\cleanup.exe
C:\WINDOWS\cru629.dat
C:\cleanup.bat
C:\WINDOWS\lizej.bat
C:\WINDOWS\braviax.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\DRIVERS\26377542.sys
C:\WINDOWS\system32\drivers\vacnht73w40.sys

Folders to delete:

C:\WINDOWS\temp01

Drivers to unload:

is-F4S11drv
vacnht73w40

i daj nowego loga OTL i RSITA

**Posty:** 20 · przez **m-daria** 16 Sie 2009, 18:26

zrobiłam tak jak napisałeś. dalej komunikat your computer is infected. i nadal się restartuje co chwilę. udało mi się zrobić logi normalnie, a nie na awaryjnym. po zrobieniu logow komp zaczął pobierać antispyware 2010.

log z OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2009-08-16 18:15:04 - Run 2 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Microsoft XP\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 584,24 Mb Available Physical Memory | 57,08% Memory free 2,40 Gb Paging File | 2,10 Gb Available in Paging File | 87,41% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 136,71 Gb Total Space | 41,81 Gb Free Space | 30,58% Space Free | Partition Type: NTFS Drive D: | 49,59 Gb Total Space | 6,03 Gb Free Space | 12,16% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MICROSOFT Current User Name: Microsoft XP Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2008-04-14 19:21:16 | 00,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006-07-21 10:56:38 | 16,261,632 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2004-07-28 00:43:58 | 00,151,552 | ---- | M] () -- C:\Program Files\Keyboard Driver\OEMDriver.exe PRC - [2000-10-16 09:37:36 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\rmctrl.exe PRC - [2004-08-22 18:05:02 | 00,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe PRC - [2003-05-16 19:00:01 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe PRC - [2007-09-20 08:23:44 | 00,132,624 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe PRC - [2008-10-25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2009-05-21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2007-07-02 17:10:58 | 23,237,416 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2004-04-21 11:26:28 | 00,086,016 | ---- | M] (Cyberlink, Corp.) -- C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe PRC - [2005-10-27 12:00:22 | 00,299,008 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe PRC - [2009-01-09 19:50:10 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2007-03-19 00:05:02 | 00,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe PRC - [2009-01-09 19:51:18 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009-05-21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2005-09-30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2007-07-02 17:10:58 | 01,928,136 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2009-08-16 12:14:16 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Microsoft XP\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008-11-11 19:59:16 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Stopped]) SRV - [2005-09-30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2003-05-16 18:59:35 | 00,266,240 | ---- | M] (HP) -- C:\Documents and Settings\Microsoft XP\Ustawienia lokalne\Temp\hpdj.exe -- (hpdj [Auto | Stopped]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2009-05-21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2008-10-25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2008-11-04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2006-06-05 14:18:30 | 00,117,288 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe -- (SandraDataSrv [On_Demand | Stopped]) SRV - [2006-06-05 14:22:34 | 01,129,000 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe -- (SandraTheSrv [On_Demand | Stopped]) SRV - File not found -- -- (StyleXPService [Auto | Stopped]) SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-08-16 17:28:59 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running]) DRV - [2001-10-06 09:28:22 | 00,024,772 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\clpciid.sys -- (CLPCIID [On_Demand | Stopped]) DRV - [2004-08-22 17:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus [Boot | Running]) DRV - [2004-08-22 17:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt [Boot | Running]) DRV - [2006-06-14 07:56:00 | 00,012,288 | R--- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\EIO.sys -- (EIO [Auto | Running]) DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2006-07-24 10:15:04 | 04,353,024 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2008-07-21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running]) DRV - [2008-01-29 17:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running]) DRV - [2008-03-13 18:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klfltdev.sys -- (KLFLTDEV [On_Demand | Running]) DRV - [2009-08-14 21:54:07 | 00,227,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF [System | Running]) DRV - [2009-08-14 15:46:56 | 00,619,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running]) DRV - [2006-10-22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2007-03-20 23:28:42 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running]) DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2008-04-13 20:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped]) DRV - [2006-11-04 00:45:48 | 00,178,913 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\V0260Vid.sys -- (V0260VID [On_Demand | Running]) DRV - [2006-09-18 09:59:00 | 00,250,240 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-24 10:40:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-08-10 03:06:13 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-07-19 11:47:30 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-07-19 11:47:30 | 00,000,000 | ---D | M] [2008-09-17 23:34:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Microsoft XP\Dane aplikacji\mozilla\Extensions [2008-09-17 23:34:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Microsoft XP\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-08-14 21:58:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Microsoft XP\Dane aplikacji\mozilla\Firefox\Profiles\rrdercqs.default\extensions [2009-07-21 08:39:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Microsoft XP\Dane aplikacji\mozilla\Firefox\Profiles\rrdercqs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009-08-14 21:58:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-07-19 11:47:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007-04-27 06:41:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2007-08-02 18:35:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007-10-25 06:58:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008-04-26 07:54:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2009-01-24 10:41:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009-08-02 19:27:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-07-19 11:47:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2009-07-19 11:47:14 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2009-07-19 11:47:14 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2009-07-19 11:47:14 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll [2009-07-19 11:47:16 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll [2009-07-19 11:47:16 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2008-01-23 08:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2006-12-05 00:11:32 | 00,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2009-05-21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-07-19 11:47:26 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2007-12-11 10:07:00 | 00,307,200 | ---- | M] (ESKA) -- C:\Program Files\mozilla firefox\plugins\npOggX.dll [2006-10-07 06:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2006-09-12 23:57:38 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2006-09-12 23:57:38 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2006-09-12 23:57:38 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2006-09-12 23:57:40 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2006-09-12 23:57:40 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2006-10-07 06:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-07-19 11:47:29 | 00,000,904 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-07-19 11:47:29 | 00,001,419 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-07-19 11:47:29 | 00,002,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-07-19 11:47:29 | 00,000,926 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-07-19 11:47:29 | 00,000,866 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-07-19 11:47:29 | 00,001,198 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-07-19 11:47:29 | 00,001,693 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (4110 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD O1 - Hosts: 46 more lines... O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [braviax] File not found O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe (HP) O4 - HKLM..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMCTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found O4 - HKLM..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe () O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd) O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKCU..\Run: [PowerBar] C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe (Cyberlink, Corp.) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - Startup: C:\Documents and Settings\Microsoft XP\Menu Start\Programy\Autostart\ikowin32.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Microsoft XP\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\Microsoft XP\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: gadu-gadu.pl ([www] https in Zaufane witryny) O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Zaufane witryny) O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} http://www.eska.pl/streamplayers/OggX.ocx (OggX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172769361156 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (cru629.datCorporatio) - C:\WINDOWS\System32\cru629.dat () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-03-01 18:47:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [2009-08-16 18:12:03 | 00,000,000 | ---- | C] () -- C:\backup.reg [2009-08-16 17:31:48 | 02,858,680 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Pulpit\ComboFix.exe [2009-08-16 17:04:23 | 00,189,957 | ---- | C] () -- C:\WINDOWS\System32\wisdstr.exe [2009-08-16 17:00:04 | 00,000,392 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Pulpit\FIX.REG [2009-08-16 14:23:49 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Pulpit\RSIT.exe [2009-08-16 14:04:16 | 00,000,000 | ---D | C] -- C:\Avenger [2009-08-16 14:03:31 | 00,135,168 | ---- | C] () -- C:\zip.exe [2009-08-16 14:02:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft XP\Pulpit\avenger [2009-08-16 12:15:57 | 00,000,000 | ---D | C] -- C:\_OTL [2009-08-16 12:15:16 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Microsoft XP\Pulpit\OTL.exe [2009-08-15 12:03:48 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro [2009-08-15 11:51:04 | 00,000,000 | ---D | C] -- C:\rsit [2009-08-15 02:35:08 | 00,019,427 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\nejijij._dl [2009-08-15 02:35:08 | 00,017,929 | ---- | C] () -- C:\WINDOWS\System32\ulobo._sy [2009-08-15 02:35:08 | 00,017,810 | ---- | C] () -- C:\WINDOWS\oduvomuki._sy [2009-08-15 02:35:08 | 00,017,731 | ---- | C] () -- C:\Program Files\Common Files\atagokow.db [2009-08-15 02:35:08 | 00,017,652 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\amaxaxozot.scr [2009-08-15 02:35:08 | 00,017,574 | ---- | C] () -- C:\WINDOWS\nurajud.inf [2009-08-15 02:35:08 | 00,016,359 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\zidejud._dl [2009-08-15 02:35:08 | 00,016,249 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\colir.db [2009-08-15 02:35:08 | 00,015,668 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ecesowusux._dl [2009-08-15 02:35:08 | 00,013,500 | ---- | C] () -- C:\Program Files\Common Files\evohi.db [2009-08-15 02:35:08 | 00,011,951 | ---- | C] () -- C:\WINDOWS\ysizacyda.inf [2009-08-15 02:34:56 | 00,347,694 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_scui.cpl [2009-08-14 22:33:33 | 00,011,264 | ---- | C] () -- C:\WINDOWS\braviax.exe [2009-08-14 22:33:33 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\cru629.dat [2009-08-14 22:33:33 | 00,006,144 | ---- | C] () -- C:\WINDOWS\cru629.dat [2009-08-14 22:03:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft XP\Pulpit\Virus Removal Tool [2009-08-14 21:58:46 | 38,624,936 | ---- | C] ( ) -- C:\Documents and Settings\Microsoft XP\Pulpit\setup_7.0.0.290_14.08.2009_23-05.exe [2009-08-14 21:54:42 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009-08-14 21:54:42 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009-08-14 21:54:42 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009-08-14 21:54:42 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009-08-14 21:54:42 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2009-08-14 21:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab [2009-08-14 21:54:07 | 00,227,344 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2009-08-14 21:50:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files [2009-08-14 16:12:21 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe [2009-08-14 15:46:56 | 00,619,584 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntfs.sys [2009-08-12 05:33:03 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx [2009-08-12 05:33:00 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll [2009-08-10 06:31:26 | 01,089,883 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat [2009-08-10 03:05:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2009-08-10 03:05:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2009-08-10 03:04:56 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2009-08-10 03:04:26 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2009-08-10 03:04:26 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2009-08-10 03:04:26 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2009-08-10 03:04:26 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll [2009-08-10 03:04:26 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll [2009-08-10 03:04:26 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2009-08-10 03:04:26 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2009-08-10 03:04:25 | 00,000,000 | ---D | C] -- C:\cc848a8d0bb74855a17bde3280 [2009-08-10 03:02:06 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009-08-09 23:45:40 | 00,046,066 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Pulpit\House Season 5 NXOR.torrent [2009-08-09 23:36:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft XP\Pulpit\DEPECHE MODE, NIGHTWISH [2009-08-05 11:01:12 | 00,205,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll [2009-08-02 19:27:23 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009-08-02 19:27:23 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009-08-02 19:27:23 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009-08-02 19:26:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee [2009-08-01 09:41:53 | 00,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2009-08-01 09:41:44 | 00,000,000 | ---D | C] -- C:\Program Files\TryMedia [2009-08-01 09:41:43 | 00,001,702 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Pulpit\Tetris 4000.lnk [2009-08-01 09:41:34 | 00,000,000 | ---D | C] -- C:\Program Files\Alawar [2009-07-30 00:11:52 | 00,792,732 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Moje dokumenty\Kołobrzeg 2009 019.jpg [2009-07-29 23:59:29 | 00,807,241 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Moje dokumenty\Kołobrzeg 2009 016.jpg [2009-07-23 02:05:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft XP\Pulpit\Akademia_Pana_Kleksa_1984__VCDRip__RMVB__PL_ [2009-07-22 10:14:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft XP\Pulpit\Akademia Pana Kleksa [2009-07-21 20:26:10 | 00,497,664 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm [2009-07-21 20:26:09 | 00,000,000 | ---D | C] -- C:\Program Files\AC3Filter [2009-07-21 10:22:00 | 16,797,700 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Pulpit\Mr Maestro.mpeg [2009-07-20 08:41:26 | 00,054,366 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Pulpit\starowka.jpeg [2009-07-19 14:42:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft XP\Pulpit\Torrenty [2009-07-18 14:04:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft XP\Dane aplikacji\cenzura! Culture Foundation [2009-07-18 14:03:06 | 00,000,000 | ---D | C] -- C:\Program Files\cenzura! Culture Foundation [2009-07-18 11:15:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft XP\Pulpit\Bajm - Jozek Nie Daruje Ci Tej Nocy by piratv90 [2009-07-18 11:14:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Microsoft XP\Pulpit\Szklanka_wody___7_bonus_ [2009-07-17 21:04:02 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll [2009-07-17 19:33:46 | 03,690,192 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Pulpit\maciej malenczuk - niewiele ci moge dabe4156.mp3 [2009-07-17 19:21:51 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Pulpit\maciej malenczuk - niewiele ci moge dac (na prozno wyplakujesz g=H.mp3 [2009-07-17 19:13:03 | 03,594,240 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Pulpit\Maciej Maleńczuk - Gdzie Są Przyjaciele Moi.mp3 [2009-07-17 19:13:01 | 04,364,243 | ---- | C] () -- C:\Documents and Settings\Microsoft XP\Pulpit\Maciej Maleńczuk Pudelsi - Kocham Sie.mp3 [2009-05-12 20:52:38 | 00,000,135 | ---- | C] () -- C:\WINDOWS\pdf2word.INI [2008-06-29 16:14:25 | 00,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI [2008-06-28 16:49:17 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2008-06-28 16:49:17 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2008-06-28 16:49:14 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2008-06-28 16:49:14 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll [2008-05-18 16:29:17 | 00,000,640 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-04-23 12:54:00 | 00,000,348 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008-04-01 17:39:10 | 00,000,120 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini [2007-11-04 15:48:51 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys [2007-11-04 15:48:51 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys [2007-08-22 16:50:06 | 00,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini [2007-08-22 16:49:47 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Kulki.ini [2007-07-20 00:50:51 | 00,000,362 | ---- | C] () -- C:\WINDOWS\naglos.INI [2007-04-15 17:17:57 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ctrldll.dll [2007-03-31 15:08:15 | 00,000,486 | ---- | C] () -- C:\WINDOWS\SStylerPro.ini [2007-03-20 23:29:17 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2007-03-03 14:40:28 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-03-03 13:37:07 | 00,010,019 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2007-03-02 16:38:10 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007-03-02 16:38:10 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007-03-02 16:38:09 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007-03-02 16:38:08 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007-03-02 16:38:08 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2007-03-01 18:58:37 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006-10-22 13:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-22 13:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-22 13:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-22 13:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-22 13:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-22 13:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-22 13:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006-03-02 14:00:00 | 00,619,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys [2006-03-02 14:00:00 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys [2006-03-02 14:00:00 | 00,000,643 | ---- | C] () -- C:\WINDOWS\win.ini [2006-03-02 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2004-08-22 18:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2009-08-16 18:14:34 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-08-16 18:14:07 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-08-16 18:14:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-08-16 18:14:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-08-16 18:13:47 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe [2009-08-16 18:13:47 | 00,011,264 | ---- | M] () -- C:\WINDOWS\braviax.exe [2009-08-16 18:13:47 | 00,006,144 | ---- | M] () -- C:\WINDOWS\System32\cru629.dat [2009-08-16 18:13:47 | 00,006,144 | ---- | M] () -- C:\WINDOWS\cru629.dat [2009-08-16 18:13:08 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009-08-16 18:13:08 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009-08-16 18:13:08 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009-08-16 18:13:08 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009-08-16 18:12:03 | 00,000,000 | ---- | M] () -- C:\backup.reg [2009-08-16 18:12:02 | 00,135,168 | ---- | M] () -- C:\zip.exe [2009-08-16 17:29:01 | 00,189,957 | ---- | M] () -- C:\WINDOWS\System32\wisdstr.exe [2009-08-16 17:28:59 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys [2009-08-16 17:28:59 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\dllcache\beep.sys [2009-08-16 17:25:00 | 02,858,680 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Pulpit\ComboFix.exe [2009-08-16 17:00:04 | 00,000,392 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Pulpit\FIX.REG [2009-08-16 14:21:40 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Pulpit\RSIT.exe [2009-08-16 12:14:16 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Microsoft XP\Pulpit\OTL.exe [2009-08-16 12:03:30 | 04,322,138 | -H-- | M] () -- C:\Documents and Settings\Microsoft XP\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-08-15 13:46:02 | 00,037,888 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-15 02:35:08 | 00,019,427 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\nejijij._dl [2009-08-15 02:35:08 | 00,017,929 | ---- | M] () -- C:\WINDOWS\System32\ulobo._sy [2009-08-15 02:35:08 | 00,017,810 | ---- | M] () -- C:\WINDOWS\oduvomuki._sy [2009-08-15 02:35:08 | 00,017,731 | ---- | M] () -- C:\Program Files\Common Files\atagokow.db [2009-08-15 02:35:08 | 00,017,652 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\amaxaxozot.scr [2009-08-15 02:35:08 | 00,017,574 | ---- | M] () -- C:\WINDOWS\nurajud.inf [2009-08-15 02:35:08 | 00,016,359 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\zidejud._dl [2009-08-15 02:35:08 | 00,016,249 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\colir.db [2009-08-15 02:35:08 | 00,015,668 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ecesowusux._dl [2009-08-15 02:35:08 | 00,013,500 | ---- | M] () -- C:\Program Files\Common Files\evohi.db [2009-08-15 02:35:08 | 00,011,951 | ---- | M] () -- C:\WINDOWS\ysizacyda.inf [2009-08-14 22:00:06 | 38,624,936 | ---- | M] ( ) -- C:\Documents and Settings\Microsoft XP\Pulpit\setup_7.0.0.290_14.08.2009_23-05.exe [2009-08-14 21:54:07 | 00,227,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2009-08-14 21:52:33 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009-08-14 20:06:52 | 00,347,694 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\_scui.cpl [2009-08-14 15:46:57 | 00,619,584 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntfs.sys [2009-08-14 15:46:56 | 00,619,584 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys [2009-08-12 10:28:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-08-10 03:17:15 | 00,076,960 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-08-10 03:16:51 | 00,302,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-08-10 03:09:03 | 01,051,138 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-08-10 03:09:03 | 00,493,632 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-08-10 03:09:03 | 00,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-08-10 03:09:03 | 00,084,916 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-08-10 03:09:03 | 00,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-08-09 23:45:38 | 00,046,066 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Pulpit\House Season 5 NXOR.torrent [2009-08-05 11:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll [2009-08-05 11:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll [2009-08-01 09:41:53 | 00,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat [2009-08-01 09:41:43 | 00,001,702 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Pulpit\Tetris 4000.lnk [2009-07-30 02:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-07-30 00:12:41 | 00,792,732 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Moje dokumenty\Kołobrzeg 2009 019.jpg [2009-07-30 00:00:19 | 00,807,241 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Moje dokumenty\Kołobrzeg 2009 016.jpg [2009-07-28 00:27:56 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx [2009-07-21 10:22:00 | 16,797,700 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Pulpit\Mr Maestro.mpeg [2009-07-20 08:41:27 | 00,054,366 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Pulpit\starowka.jpeg [2009-07-19 16:03:56 | 00,497,664 | ---- | M] () -- C:\WINDOWS\System32\ac3filter.acm [2009-07-18 18:05:06 | 03,090,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009-07-18 18:05:06 | 03,090,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2009-07-18 18:05:06 | 01,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll [2009-07-18 18:05:06 | 01,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll [2009-07-17 21:04:02 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll [2009-07-17 21:04:02 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atl.dll [2009-07-17 19:36:48 | 03,690,192 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Pulpit\maciej malenczuk - niewiele ci moge dabe4156.mp3 [2009-07-17 19:27:28 | 04,364,243 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Pulpit\Maciej Maleńczuk Pudelsi - Kocham Sie.mp3 [2009-07-17 19:21:51 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Pulpit\maciej malenczuk - niewiele ci moge dac (na prozno wyplakujesz g=H.mp3 [2009-07-17 19:14:10 | 03,594,240 | ---- | M] () -- C:\Documents and Settings\Microsoft XP\Pulpit\Maciej Maleńczuk - Gdzie Są Przyjaciele Moi.mp3 < End of report >

log z RSITa

http://wklej.org/id/135818/

Dodano Dzisiaj, 13:18:
i cóż dalej robić?? :cry:

Dodano Dzisiaj, 18:23:
pomóżcie, bo to już przerasta wszelkie moje możliwości. znów zaczęła się wyświetlać aplikacja antispyware 2010. :cry:

**Posty:** 18165 · przez **wojtas** 17 Sie 2009, 19:15

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [braviax] File not found
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - Startup: C:\Documents and Settings\Microsoft XP\Menu Start\Programy\Autostart\ikowin32.exe (Microsoft Corporation)

:Files
C:\WINDOWS\System32\wisdstr.exe
C:\WINDOWS\System32\ulobo._sy
C:\WINDOWS\oduvomuki._sy
C:\Program Files\Common Files\atagokow.db
C:\Documents and Settings\All Users\Dokumenty\amaxaxozot.scr
C:\WINDOWS\nurajud.inf
C:\Documents and Settings\All Users\Dane aplikacji\zidejud._dl
C:\Documents and Settings\All Users\Dane aplikacji\colir.db
C:\Documents and Settings\All Users\Dane aplikacji\ecesowusux._dl
C:\Program Files\Common Files\evohi.db
C:\WINDOWS\ysizacyda.inf
C:\WINDOWS\System32\_scui.cpl
C:\WINDOWS\braviax.exe
C:\WINDOWS\System32\cru629.dat
C:\WINDOWS\cru629.dat
C:\WINDOWS\System32\braviax.exe

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia kompa

**Posty:** 20 · przez **m-daria** 17 Sie 2009, 21:53

raport z czyszczenia:

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== No active process named explorer.exe was found! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\braviax not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully. File C:\Documents and Settings\Microsoft XP\Menu Start\Programy\Autostart\ikowin32.exe not found. ========== FILES ========== File\Folder C:\WINDOWS\System32\wisdstr.exe not found. File\Folder C:\WINDOWS\System32\ulobo._sy not found. File\Folder C:\WINDOWS\oduvomuki._sy not found. File\Folder C:\Program Files\Common Files\atagokow.db not found. File\Folder C:\Documents and Settings\All Users\Dokumenty\amaxaxozot.scr not found. File\Folder C:\WINDOWS\nurajud.inf not found. File\Folder C:\Documents and Settings\All Users\Dane aplikacji\zidejud._dl not found. File\Folder C:\Documents and Settings\All Users\Dane aplikacji\colir.db not found. File\Folder C:\Documents and Settings\All Users\Dane aplikacji\ecesowusux._dl not found. File\Folder C:\Program Files\Common Files\evohi.db not found. File\Folder C:\WINDOWS\ysizacyda.inf not found. File\Folder C:\WINDOWS\System32\_scui.cpl not found. C:\WINDOWS\braviax.exe moved successfully. C:\WINDOWS\System32\cru629.dat moved successfully. C:\WINDOWS\cru629.dat moved successfully. C:\WINDOWS\System32\braviax.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: Microsoft XP ->Temp folder emptied: 587134 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 48792 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0,70 mb OTL by OldTimer - Version 3.0.10.7 log created on 08172009_214248 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

log z OTL

http://wklej.org/id/136362/

nadal uruchamia się antispyware 2010 i mówi, że znajduje 27 zakażonych plików.

**Posty:** 18165 · przez **wojtas** 18 Sie 2009, 11:28

1. Pobierz świeży plik ntfs.sys + beep.sys : http://www.speedyshare.com/319409601.html. Wypakuj je. Podmień do lokalizacji wg. tego

te pliki ktore sciagniesz podmien z tymi:

C:\WINDOWS\System32\drivers\beep.sys
C:\WINDOWS\System32\dllcache\beep.sys
C:\WINDOWS\System32\drivers\ntfs.sys
C:\WINDOWS\System32\dllcache\ntfs.sys

bo te ^^ są zainfekowane a tam masz oryginalne wolne od wirusów.

potem

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PC Antispyware 2010] C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe ()
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found

:Files
C:\WINDOWS\System32\braviax.exe
C:\WINDOWS\braviax.exe
C:\WINDOWS\System32\cru629.dat
C:\WINDOWS\cru629.dat
C:\Program Files\Common Files\rukubyvid.bin
C:\Documents and Settings\Microsoft XP\Ustawienia lokalne\Dane aplikacji\upypa.bat
C:\Program Files\Common Files\atoxu.bat
C:\Documents and Settings\All Users\Dokumenty\nejijij._dl
C:\WINDOWS\hozy.sys
C:\WINDOWS\fylov._sy
C:\WINDOWS\cavuwof.lib
C:\WINDOWS\System32\dllcache\figaro.sys
C:\Documents and Settings\Microsoft XP\Dane aplikacji\iwanikav.scr
C:\Program Files\Common Files\xilaja.dat
C:\WINDOWS\zitohiwyc.dat
C:\Documents and Settings\Microsoft XP\Ustawienia lokalne\Dane aplikacji\dubypy.com
C:\WINDOWS\edasiso.sys
C:\Documents and Settings\All Users\Dokumenty\fubohub.inf
C:\Documents and Settings\Microsoft XP\Dane aplikacji\uramyvyfuv.reg
C:\Documents and Settings\All Users\Dane aplikacji\yromosek._sy
C:\WINDOWS\tequm.dl
C:\Documents and Settings\Microsoft XP\Ustawienia lokalne\Dane aplikacji\odagacopy.inf
C:\Documents and Settings\Microsoft XP\Pulpit\PC_Antispyware2010.lnk
C:\Program Files\PC_Antispyware2010
C:\backup.reg
C:\Documents and Settings\Microsoft XP\Pulpit\ComboFix.exe
C:\zip.exe

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia kompa oraz wylaczasz antywirusa. Poiberasz combofixa i zapisujesz go pod nazwa Lol.exe i odpalasz w trybie normalnym lub awaryjnym i dajesz z niego tez loga + z OTL (raport i log)

**Posty:** 20 · przez **m-daria** 18 Sie 2009, 15:59

Raport z OTL

http://wklej.org/id/136638/

Log z OTL

http://wklej.org/id/136640/

Log z Combofix

http://wklej.org/id/136642/

Przestały wyskakiwać wszelkie okna, ktore mnie niepokoiły, komp zaczął szybciej pracować. Czy to oznacza, że juz czysto??

**Posty:** 18165 · przez **wojtas** 18 Sie 2009, 16:35

Otworz notatnik i wklej w nim to:

File::
c:\documents and settings\LocalService\Dane aplikacji\ihuligefin.scr
c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\nivakoh.bin
c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\otebuxel.exe
c:\documents and settings\Microsoft XP\msword98.exe
c:\windows\system32\drivers\ubczcsm.sys

Driver::
yzea

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

**Posty:** 20 · przez **m-daria** 18 Sie 2009, 22:21

tak też zrobiłam

oto log z Combofixa

http://wklej.org/id/136789/

czy to już wszystko?? :>

**Posty:** 18165 · przez **wojtas** 19 Sie 2009, 08:57

dla pewnosci:

1. Pobierz świeży plik ntfs.sys + beep.sys : http://www.speedyshare.com/319409601.html. Wypakuj je i bezpośrednio na dysku C;
wklej do notatnika:

FCopy::
c:\ntfs.sys | c:\windows\system32\dllcache\ntfs.sys
c:\ntfs.sys | c:\windows\system32\drivers\ntfs.sys
c:\beep.sys | c:\windows\system32\dllcache\beep.sys
c:\beep.sys | c:\windows\system32\drivers\beep.sys

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware

Kto jest na forum