Coś z mychą, czy to coś z płytą główną?

**Posty:** 190 · przez **mirekg1963** 08 Maj 2009, 18:31

Witam ! Mam nowy problem, bo ja chyba jestem problemowy?

Mam kłopoty z myszką. PS2 przestał kiedyś działać, blokował itd, przełączyłem ją na USB . Niby działa, ale nie zawsze stabilnie, czasami się zwiesza , czasami sie odblokowuje port PS2 po czym znowu szlag go ...słychać czasami jakieś bzyczenie z kompa.
Mam pytanie !!! Czy istnieje jakiś sensowny programik do diagnostyki płyty głównej, do sprawdzenia jej pod kontem , no nie wiem - napiecia elektrycznego, czy czegoś takiego :?:

No bo niby skąd te kłopoty z myszkę a raczej z myszkami bo podłączałem wiele. Moja płyta główna to : Gigabyte M61 SME - S2
Podaje loga z combofixa

Kod: Zaznacz wszystko: ComboFix 09-05-07.A01 - admin 2009-05-08 18:07.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.447.206 [GMT 2:00] Uruchomiony z: c:\documents and settings\admin\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\documents and settings\admin\Dane aplikacji\wiaserva.log c:\windows\system32\wbem\grpconv.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WS2_32SIK -------\Service_ws2_32sik ((((((((((((((((((((((((( Pliki utworzone od 2009-04-08 do 2009-05-08 ))))))))))))))))))))))))))))))) . 2009-05-07 15:22 . 2009-05-07 15:22 -------- d-----w c:\program files\ChomikBox 2009-05-02 11:56 . 2009-05-02 11:56 -------- d-----w c:\documents and settings\admin\Ustawienia lokalne\Dane aplikacji\Help 2009-05-02 07:33 . 2009-05-08 16:09 3478 ----a-w C:\pagefile.sys.vbs 2009-05-02 07:09 . 2009-05-02 07:09 108824 --sh--r C:\fbak.exe 2009-04-29 17:05 . 2009-04-29 17:06 -------- d-----w c:\program files\Nowe Gadu-Gadu 2009-04-28 14:49 . 2009-04-28 14:48 105774 --sh--r C:\ymxf2.exe 2009-04-27 12:08 . 2009-04-27 12:45 -------- d-----w c:\windows\system32\CatRoot_bak 2009-04-27 12:01 . 2008-06-14 18:01 273024 -c----w c:\windows\system32\dllcache\bthport.sys 2009-04-27 12:01 . 2008-06-14 18:01 273024 ------w c:\windows\system32\drivers\bthport.sys 2009-04-27 11:58 . 2009-02-09 11:52 2059008 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe 2009-04-27 11:58 . 2009-02-09 11:52 2017280 -c----w c:\windows\system32\dllcache\ntkrpamp.exe 2009-04-27 11:58 . 2009-02-09 11:52 2181760 -c----w c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-27 11:58 . 2009-02-09 11:52 2137600 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-04-27 11:56 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys 2009-04-27 10:49 . 2009-04-27 10:49 -------- d-----w c:\documents and settings\admin\Ustawienia lokalne\Dane aplikacji\Boss Media 2009-04-27 10:49 . 2009-04-27 10:50 -------- d-----w c:\program files\ParadisePoker 2009-04-27 10:30 . 2009-04-27 10:34 -------- d-----w c:\program files\PokerStars.NET 2009-04-27 09:09 . 2009-04-27 09:09 -------- d-----w c:\documents and settings\LocalService\Pulpit 2009-04-27 09:00 . 2009-04-27 09:00 106709 --sh--r C:\eyt.exe 2009-04-25 08:31 . 2009-04-25 08:30 106749 --sh--r C:\npee.com 2009-04-24 10:04 . 2009-04-24 10:31 -------- d-----w c:\documents and settings\All Users\mg 2009-04-24 09:58 . 2009-04-23 18:31 109167 --sh--r C:\vwewav8.com 2009-04-21 17:47 . 2009-04-23 08:53 109601 --sh--r C:\g1ljsm.com 2009-04-20 15:34 . 2009-04-20 15:34 0 ----a-r C:\logwmemory.bin 2009-04-20 15:33 . 2009-04-20 15:33 -------- d-----w c:\documents and settings\admin\Dane aplikacji\Soldat 2009-04-20 11:49 . 2009-05-08 16:09 3478 --sha-r c:\windows\pagefile.sys.vbs 2009-04-14 16:13 . 2009-04-14 16:13 108514 --sh--r C:\[u]0[/u]xuc.com 2009-04-14 08:54 . 2009-04-14 08:53 109163 --sh--r C:\qwtb.com 2009-04-11 07:30 . 2009-05-07 14:14 -------- d-----w c:\documents and settings\admin\Gadu-Gadu 2009-04-11 07:30 . 2009-04-11 07:30 -------- d-----w c:\program files\Gadu-Gadu 2009-04-11 07:30 . 2006-03-07 10:27 1531671 ----a-w C:\gg61(programosy.pl).exe 2009-04-11 07:30 . 2009-04-11 07:30 1529938 ----a-w C:\gg6.zip . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-08 15:08 . 2009-03-30 07:49 -------- d-----w c:\program files\Metin2_PL 2009-04-27 15:30 . 2006-03-02 12:00 49492 ----a-w c:\windows\system32\perfc015.dat 2009-04-27 15:30 . 2006-03-02 12:00 355486 ----a-w c:\windows\system32\perfh015.dat 2009-04-27 09:03 . 2009-04-02 16:09 15688 ----a-w c:\windows\system32\lsdelete.exe 2009-04-14 18:20 . 2009-03-31 12:50 -------- d-----w c:\program files\Tibia 2009-04-14 18:10 . 2009-03-28 10:59 -------- d-----w c:\program files\Valve 2009-04-09 17:47 . 2009-04-06 18:45 110321 --sh--r C:\1ogf.exe 2009-04-07 09:07 . 2009-04-07 09:07 -------- d-----w c:\program files\Common Files\Adobe 2009-04-04 07:17 . 2009-04-03 16:11 110157 --sh--r C:\cqxj.exe 2009-03-31 12:51 . 2009-03-31 12:51 -------- d-----w c:\program files\Asprate 2009-03-31 12:40 . 2009-03-31 12:40 0 ----a-w c:\windows\nsreg.dat 2009-03-31 11:43 . 2009-03-27 11:04 76487 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-03-30 13:22 . 2009-03-30 13:22 16504 ----a-w c:\documents and settings\admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-03-30 09:59 . 2009-03-30 08:23 -------- d-----w c:\program files\Odkurzacz 2009-03-30 08:37 . 2009-03-30 08:37 -------- d-----w c:\program files\OpenOffice.org 3 2009-03-30 07:48 . 2009-03-30 07:48 -------- d-----w c:\program files\ClamWin 2009-03-30 07:45 . 2009-03-30 07:46 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-03-30 07:42 . 2009-03-30 07:42 -------- d-----w c:\program files\Lavasoft 2009-03-28 11:09 . 2009-03-28 11:09 -------- d-----w c:\program files\Java 2009-03-28 11:07 . 2009-03-28 11:07 -------- d-----w c:\program files\Common Files\Java 2009-03-28 10:59 . 2009-03-27 11:15 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-27 11:17 . 2009-03-27 11:11 14656 ----a-w c:\windows\gdrv.sys 2009-03-27 11:15 . 2009-03-27 11:15 -------- d-----w c:\program files\Realtek 2009-03-27 11:15 . 2009-03-27 11:15 315392 ----a-w c:\windows\HideWin.exe 2009-03-27 11:15 . 2009-03-27 11:15 -------- d-----w c:\program files\DIFX 2009-03-27 11:13 . 2009-03-27 11:13 -------- d-----w c:\program files\Common Files\InstallShield 2009-03-27 11:05 . 2009-03-27 11:05 -------- d-----w c:\program files\microsoft frontpage 2009-03-27 11:05 . 2006-03-02 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-03-27 11:04 . 2009-03-27 11:04 -------- d-----w c:\program files\Usługi online 2009-03-27 11:03 . 2009-03-27 11:03 21856 ----a-w c:\windows\system32\emptyregdb.dat 2009-03-06 14:47 . 2006-03-02 12:00 285184 ----a-w c:\windows\system32\pdh.dll 2009-02-20 08:32 . 2006-03-02 12:00 662016 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:32 . 2006-03-02 12:00 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-16 13:39 . 2009-04-06 16:13 209203 --sh--r C:\qphdin.com 2009-02-09 14:19 . 2006-03-02 12:00 1846528 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:52 . 2006-03-02 12:00 2181760 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:52 . 2004-08-04 00:38 2059008 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 10:22 . 2006-03-02 12:00 725504 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:22 . 2006-03-02 12:00 686080 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:22 . 2006-03-02 12:00 399360 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:22 . 2006-03-02 12:00 722944 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:10 . 2006-03-02 12:00 111104 ----a-w c:\windows\system32\services.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-11-09 86016] "MSRegInfo"="c:\windows\pagefile.sys.vbs" [2009-05-08 3478] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableProfileQuota"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^admin^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk] path=c:\documents and settings\admin\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Metin2_PL\\metin2.bin"= "c:\\Program Files\\Valve\\hlds.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-30 64160] S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 953168] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00df310e-2d9c-11de-ad58-001a4d7a06ef}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0443e540-2029-11de-ad1a-001a4d7a06ef}] \Shell\AutoRun\command - d:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe \Shell\open\command - d:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1377ab56-2352-11de-ad29-001a4d7a06ef}] \Shell\AutoRun\command - d:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe \Shell\open\command - d:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36e871aa-25ec-11de-ad39-001a4d7a06ef}] \Shell\AutoRun\command - D:\i.cmd \Shell\open\Command - D:\i.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cabda14-2a8c-11de-ad4f-001a4d7a06ef}] \Shell\AutoRun\command - D:\[u]0[/u]xuc.com \Shell\open\Command - D:\[u]0[/u]xuc.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d917fe2-317a-11de-ad69-001a4d7a06ef}] \Shell\AutoRun\command - D:\npee.com \Shell\open\Command - D:\npee.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69fbb228-205d-11de-ad1d-001a4d7a06ef}] \Shell\AutoRun\command - D:\e.cmd \Shell\explore\Command - D:\e.cmd \Shell\open\Command - D:\e.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{730858f4-3bae-11de-ada6-001a4d7a06ef}] \Shell\AutoRun\command - e2.cmd \Shell\open\Command - e2.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80cb645a-1d11-11de-acfd-001a4d7a06ef}] \Shell\AutoRun\command - D:\em8tqm.cmd \Shell\open\Command - D:\em8tqm.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{872d4070-2a9f-11de-ad50-001a4d7a06ef}] \Shell\AutoRun\command - D:\husyu8n.exe \Shell\open\Command - D:\husyu8n.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90c2b904-3b1a-11de-ada4-001a4d7a06ef}] \Shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90c2b905-3b1a-11de-ada4-001a4d7a06ef}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4332462-22c5-11de-ad27-001a4d7a06ef}] \Shell\AutoRun\command - D:\qphdin.com \Shell\open\Command - D:\qphdin.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7327c2a-2e60-11de-ad5d-001a4d7a06ef}] \Shell\AutoRun\command - D:\[u]0[/u]xuc.com \Shell\open\Command - D:\[u]0[/u]xuc.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb117da8-1ac1-11de-acf1-001a4d7a06ef}] \Shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb117da9-1ac1-11de-acf1-001a4d7a06ef}] \Shell\AutoRun\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe \Shell\open\command - e:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6a9f443-2f44-11de-ad60-001a4d7a06ef}] \Shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6a9f444-2f44-11de-ad60-001a4d7a06ef}] \Shell\AutoRun\command - E:\em8tqm.cmd \Shell\open\Command - E:\em8tqm.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edccd11a-2aa9-11de-ad52-001a4d7a06ef}] \Shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edccd11c-2aa9-11de-ad52-001a4d7a06ef}] \Shell\AutoRun\command - D:\husyu8n.exe \Shell\open\Command - D:\husyu8n.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edccd11d-2aa9-11de-ad52-001a4d7a06ef}] \Shell\AutoRun\command - E:\[u]0[/u]xuc.com \Shell\open\Command - E:\[u]0[/u]xuc.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fba24dbc-38da-11de-ad99-001a4d7a06ef}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C643131}] c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe . Zawartość folderu 'Zaplanowane zadania' 2009-05-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 09:02] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ mStart Page = hxxp://www.yahoo.com IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe FF - ProfilePath - c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\pofpueyg.default\ FF - prefs.js: browser.startup.homepage - www.google.pl . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-08 18:09 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\wscript.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\dwwin.exe . ************************************************************************** . Czas ukończenia: 2009-05-08 18:10 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-05-08 16:10 Przed: 71 845 486 592 bajtów wolnych Po: 72 060 428 288 bajtów wolnych 230 --- E O F --- 2009-04-27 15:16

A po skanie komunikat:
Wystąpił problem z aplikacją Generic Host Process for Win 32 Service i zostanie ona zamknięta.

**Posty:** 8001 · przez **Okocza** 08 Maj 2009, 18:38

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z dss'a oraz daj loga z hijacka

**Posty:** 190 · przez **mirekg1963** 08 Maj 2009, 20:15

Po tych wszystkich zabiegach nie mogę działać na otoczeniu sieciowym, nie ma łączności z innym kompem

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:44:00, on 2009-05-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ClamWin\bin\ClamTray.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\admin\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [MSRegInfo] C:\WINDOWS\pagefile.sys.vbs O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 3473 bytes

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by Administrator on 2009-05-08 at 19:58 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\autorun.inf - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-08 20:00:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\\Program Files\\Metin2_PL\\metin2.bin"="C:\\Program Files\\Metin2_PL\\metin2.bin:*:Enabled:metin2" "C:\\Program Files\\Valve\\hlds.exe"="C:\\Program Files\\Valve\\hlds.exe:*:Enabled:HLDS Launcher" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Tue 14 Apr 2009 108,514 ..SHR --- "C:\0xuc.com" Thu 9 Apr 2009 110,321 ..SHR --- "C:\1ogf.exe" Sat 4 Apr 2009 110,157 ..SHR --- "C:\cqxj.exe" Mon 27 Apr 2009 106,709 ..SHR --- "C:\eyt.exe" Sat 2 May 2009 108,824 ..SHR --- "C:\fbak.exe" Thu 23 Apr 2009 109,601 ..SHR --- "C:\g1ljsm.com" Sat 25 Apr 2009 106,749 ..SHR --- "C:\npee.com" Mon 16 Feb 2009 209,203 ..SHR --- "C:\qphdin.com" Tue 14 Apr 2009 109,163 ..SHR --- "C:\qwtb.com" Thu 23 Apr 2009 109,167 ..SHR --- "C:\vwewav8.com" Tue 28 Apr 2009 105,774 ..SHR --- "C:\ymxf2.exe" Tue 23 Oct 2007 3,350,528 A..H. --- "C:\Documents and Settings\admin\Dane aplikacji\U3\temp\Launchpad Removal.exe" [b]Finished![/b]

**Posty:** 8001 · przez **Okocza** 08 Maj 2009, 20:18

mirekg1963, a gdzie log z rsit albo dss ?

**Posty:** 190 · przez **mirekg1963** 08 Maj 2009, 21:08

O przepraszam, nie zrozumiałem! Mówisz i już Ci wysyłam ale wydaje mi się że jest kiepsko z kompem :wow:

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by admin at 2009-05-08 21:06:48 Microsoft Windows XP Home Edition Dodatek Service Pack 2 System drive C: has 69 GB (90%) free of 76 GB Total RAM: 447 MB (39% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:06:52, on 2009-05-08 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ClamWin\bin\ClamTray.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\admin\Pulpit\RSIT.exe C:\Program Files\trend micro\admin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [MSRegInfo] C:\WINDOWS\pagefile.sys.vbs O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 3507 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-31 86016] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "ClamWin"=C:\Program Files\ClamWin\bin\ClamTray.exe [2008-11-09 86016] "MSRegInfo"=C:\WINDOWS\pagefile.sys.vbs [2009-05-08 3478] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-04-27 516440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-02-27 9339496] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe [2008-08-16 264704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^admin^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-12-15 384000] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableProfileQuota"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Program Files\Metin2_PL\metin2.bin"="C:\Program Files\Metin2_PL\metin2.bin:*:Enabled:metin2" "C:\Program Files\Valve\hlds.exe"="C:\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00df310e-2d9c-11de-ad58-001a4d7a06ef}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0443e540-2029-11de-ad1a-001a4d7a06ef}] shell\AutoRun\command - D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe shell\open\command - D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1377ab56-2352-11de-ad29-001a4d7a06ef}] shell\AutoRun\command - D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe shell\open\command - D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36e871aa-25ec-11de-ad39-001a4d7a06ef}] shell\AutoRun\command - D:\i.cmd shell\open\command - D:\i.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cabda14-2a8c-11de-ad4f-001a4d7a06ef}] shell\AutoRun\command - D:\0xuc.com shell\open\command - D:\0xuc.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d917fe2-317a-11de-ad69-001a4d7a06ef}] shell\AutoRun\command - D:\npee.com shell\open\command - D:\npee.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69fbb228-205d-11de-ad1d-001a4d7a06ef}] shell\AutoRun\command - D:\e.cmd shell\explore\command - D:\e.cmd shell\open\command - D:\e.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{730858f4-3bae-11de-ada6-001a4d7a06ef}] shell\AutoRun\command - e2.cmd shell\open\command - e2.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80cb645a-1d11-11de-acfd-001a4d7a06ef}] shell\AutoRun\command - D:\em8tqm.cmd shell\open\command - D:\em8tqm.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{872d4070-2a9f-11de-ad50-001a4d7a06ef}] shell\AutoRun\command - D:\husyu8n.exe shell\open\command - D:\husyu8n.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90c2b904-3b1a-11de-ada4-001a4d7a06ef}] shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90c2b905-3b1a-11de-ada4-001a4d7a06ef}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4332462-22c5-11de-ad27-001a4d7a06ef}] shell\AutoRun\command - D:\qphdin.com shell\open\command - D:\qphdin.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7327c2a-2e60-11de-ad5d-001a4d7a06ef}] shell\AutoRun\command - D:\0xuc.com shell\open\command - D:\0xuc.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb117da8-1ac1-11de-acf1-001a4d7a06ef}] shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb117da9-1ac1-11de-acf1-001a4d7a06ef}] shell\AutoRun\command - E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe shell\open\command - E:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6a9f443-2f44-11de-ad60-001a4d7a06ef}] shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6a9f444-2f44-11de-ad60-001a4d7a06ef}] shell\AutoRun\command - E:\em8tqm.cmd shell\open\command - E:\em8tqm.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edccd11a-2aa9-11de-ad52-001a4d7a06ef}] shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edccd11c-2aa9-11de-ad52-001a4d7a06ef}] shell\AutoRun\command - D:\husyu8n.exe shell\open\command - D:\husyu8n.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edccd11d-2aa9-11de-ad52-001a4d7a06ef}] shell\AutoRun\command - E:\0xuc.com shell\open\command - E:\0xuc.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fba24dbc-38da-11de-ad99-001a4d7a06ef}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs ======List of files/folders created in the last 1 months====== 2009-05-08 21:06:48 ----D---- C:\rsit 2009-05-08 21:06:48 ----D---- C:\Program Files\trend micro 2009-05-08 19:58:06 ----D---- C:\WINDOWS\ERUNT 2009-05-08 19:57:01 ----A---- C:\WINDOWS\ntbtlog.txt 2009-05-08 19:55:35 ----D---- C:\SDFix 2009-05-08 19:40:08 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$ 2009-05-08 19:35:02 ----SHD---- C:\RECYCLER 2009-05-08 18:10:55 ----D---- C:\WINDOWS\temp 2009-05-08 18:10:53 ----A---- C:\ComboFix.txt 2009-05-07 17:22:00 ----D---- C:\Program Files\ChomikBox 2009-05-02 13:56:02 ----D---- C:\Documents and Settings\admin\Dane aplikacji\Help 2009-05-02 09:33:21 ----RASH---- C:\pagefile.sys.vbs 2009-05-02 09:09:43 ----RSH---- C:\fbak.exe 2009-04-29 19:05:58 ----D---- C:\Program Files\Nowe Gadu-Gadu 2009-04-28 16:49:24 ----RSH---- C:\ymxf2.exe 2009-04-27 17:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-04-27 17:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-04-27 17:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-04-27 17:16:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-04-27 17:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-04-27 17:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-04-27 17:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$ 2009-04-27 17:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-04-27 17:16:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-04-27 17:16:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-04-27 17:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-04-27 17:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-04-27 17:16:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-04-27 17:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-04-27 17:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-04-27 17:15:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-04-27 17:15:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-04-27 17:15:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-04-27 17:15:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-04-27 17:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-04-27 17:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$ 2009-04-27 17:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-04-27 17:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-04-27 17:15:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-04-27 17:15:13 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-04-27 17:15:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-04-27 17:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-04-27 17:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-04-27 17:14:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-04-27 17:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$ 2009-04-27 17:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$ 2009-04-27 17:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-04-27 14:08:24 ----D---- C:\WINDOWS\system32\CatRoot_bak 2009-04-27 13:08:45 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-04-27 13:08:45 ----D---- C:\WINDOWS\system32\PreInstall 2009-04-27 13:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2009-04-27 12:49:19 ----D---- C:\Program Files\ParadisePoker 2009-04-27 12:33:43 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-04-27 12:30:12 ----D---- C:\Program Files\PokerStars.NET 2009-04-27 11:00:58 ----RSH---- C:\eyt.exe 2009-04-25 10:31:19 ----RSH---- C:\npee.com 2009-04-24 11:58:53 ----RSH---- C:\vwewav8.com 2009-04-23 20:30:45 ----A---- C:\WINDOWS\system32\wpa.bak 2009-04-21 19:47:08 ----RSH---- C:\g1ljsm.com 2009-04-20 17:33:43 ----D---- C:\Documents and Settings\admin\Dane aplikacji\Soldat 2009-04-20 13:49:47 ----RASH---- C:\WINDOWS\pagefile.sys.vbs 2009-04-14 18:13:36 ----RSH---- C:\0xuc.com 2009-04-14 10:54:12 ----RSH---- C:\qwtb.com 2009-04-11 09:30:55 ----D---- C:\Program Files\Gadu-Gadu 2009-04-11 09:30:40 ----A---- C:\gg61(programosy.pl).exe ======List of files/folders modified in the last 1 months====== 2009-05-08 21:06:48 ----RD---- C:\Program Files 2009-05-08 21:01:56 ----D---- C:\Program Files\Mozilla Firefox 2009-05-08 20:28:58 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-08 20:05:46 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-08 20:05:46 ----D---- C:\WINDOWS 2009-05-08 20:01:49 ----D---- C:\WINDOWS\Prefetch 2009-05-08 19:57:19 ----D---- C:\Documents and Settings 2009-05-08 19:53:34 ----D---- C:\WINDOWS\system32 2009-05-08 19:40:15 ----HD---- C:\WINDOWS\inf 2009-05-08 19:40:12 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-08 19:40:04 ----HD---- C:\WINDOWS\$hf_mig$ 2009-05-08 18:10:55 ----D---- C:\WINDOWS\system32\drivers 2009-05-08 18:09:42 ----A---- C:\WINDOWS\system.ini 2009-05-08 18:08:47 ----D---- C:\WINDOWS\system32\config 2009-05-08 18:08:45 ----D---- C:\WINDOWS\ERDNT 2009-05-08 18:07:59 ----D---- C:\WINDOWS\AppPatch 2009-05-08 18:07:58 ----D---- C:\Program Files\Common Files 2009-05-08 18:07:25 ----D---- C:\WINDOWS\system32\wbem 2009-05-08 17:08:51 ----D---- C:\Program Files\Metin2_PL 2009-05-07 13:03:11 ----D---- C:\Documents and Settings\admin\Dane aplikacji\Nowe Gadu-Gadu 2009-05-04 18:52:11 ----D---- C:\WINDOWS\Minidump 2009-05-02 13:56:02 ----D---- C:\WINDOWS\Help 2009-05-01 15:36:46 ----A---- C:\WINDOWS\VFIND.exe 2009-04-29 19:06:09 ----SHD---- C:\WINDOWS\Installer 2009-04-27 17:30:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-04-27 17:16:59 ----A---- C:\WINDOWS\imsins.BAK 2009-04-27 17:16:48 ----D---- C:\Program Files\Messenger 2009-04-27 17:16:08 ----D---- C:\WINDOWS\WinSxS 2009-04-27 17:14:53 ----D---- C:\Program Files\Internet Explorer 2009-04-27 14:46:09 ----D---- C:\WINDOWS\system32\CatRoot 2009-04-27 14:08:24 ----D---- C:\WINDOWS\Debug 2009-04-27 12:33:49 ----D---- C:\WINDOWS\SoftwareDistribution 2009-04-27 11:03:06 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-04-23 20:30:54 ----A---- C:\WINDOWS\setuplog.txt 2009-04-23 16:34:57 ----RSD---- C:\WINDOWS\Fonts 2009-04-20 12:56:28 ----A---- C:\WINDOWS\NIRCMD.exe 2009-04-14 20:20:41 ----D---- C:\Program Files\Tibia 2009-04-14 20:10:26 ----D---- C:\Program Files\Valve 2009-04-09 19:47:11 ----RSH---- C:\1ogf.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43520] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600] R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024] S1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] S2 amd64si;amd64si; \??\C:\WINDOWS\system32\drivers\amd64si.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\admin\USTAWI~1\Temp\catchme.sys [] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-27 953168] -----------------EOF-----------------

**Posty:** 18165 · przez **wojtas** 09 Maj 2009, 14:44

Poczytaj o nowej zasadzie na forum

skasuj w hijacku:

O4 - HKLM\..\Run: [MSRegInfo] C:\WINDOWS\pagefile.sys.vbs

Pobierz OTListIt2

Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
C:\WINDOWS\system32\drivers\amd64si.sys
C:\WINDOWS\system32\wpa.bak
C:\WINDOWS\pagefile.sys.vbs
C:\pagefile.sys.vbs
C:\fbak.exe
C:\ymxf2.exe
C:\eyt.exe
C:\npee.com
C:\vwewav8.com
C:\g1ljsm.com
C:\1ogf.exe
C:\0xuc.com
C:\qwtb.com
d:\pagefile.sys.vbs
d:\fbak.exe
d:\ymxf2.exe
d:\eyt.exe
d:\npee.com
d:\vwewav8.com
d:\g1ljsm.com
d:\1ogf.exe
d:\0xuc.com
d:\qwtb.com
e:\pagefile.sys.vbs
e:\fbak.exe
e:\ymxf2.exe
e:\eyt.exe
e:\npee.com
e:\vwewav8.com
e:\g1ljsm.com
e:\1ogf.exe
e:\0xuc.com
e:\qwtb.com

:Services
amd64si

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d917fe2-317a-11de-ad69-001a4d7a06ef}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69fbb228-205d-11de-ad1d-001a4d7a06ef}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{730858f4-3bae-11de-ada6-001a4d7a06ef}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80cb645a-1d11-11de-acfd-001a4d7a06ef}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{872d4070-2a9f-11de-ad50-001a4d7a06ef}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90c2b905-3b1a-11de-ada4-001a4d7a06ef}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4332462-22c5-11de-ad27-001a4d7a06ef}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7327c2a-2e60-11de-ad5d-001a4d7a06ef}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb117da9-1ac1-11de-acf1-001a4d7a06ef}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6a9f444-2f44-11de-ad60-001a4d7a06ef}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edccd11c-2aa9-11de-ad52-001a4d7a06ef}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fba24dbc-38da-11de-ad99-001a4d7a06ef}]

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTListIt2 z opcją Run Scan. Na forum dajesz nowy log OTListIt.txt (czyszczenie i skan )

**Posty:** 190 · przez **mirekg1963** 11 Maj 2009, 11:16

Kłaniam się nisko i wysyłam co trzeba!

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-05-11 11:14:31 - Run 1 OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\admin\Pulpit Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 447,48 Mb Total Physical Memory | 170,96 Mb Available Physical Memory | 38,20% Memory free 1,03 Gb Paging File | 0,83 Gb Available in Paging File | 80,82% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 67,27 Gb Free Space | 90,27% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XPN06 Current User Name: admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2006-03-02 14:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2006-03-02 14:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2007-01-30 12:54:36 | 16,116,224 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2008-11-09 10:20:48 | 00,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe PRC - [2004-08-04 01:55:54 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2005-09-23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe PRC - [2009-02-06 18:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2009-05-04 17:13:20 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-05-11 11:10:36 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2006-03-02 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009-04-27 11:02:28 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped]) SRV - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2006-06-19 00:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running]) DRV - [2009-03-27 13:17:34 | 00,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped]) DRV - [2005-01-07 18:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-01-30 12:57:50 | 04,474,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2009-03-30 09:45:44 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running]) DRV - [2006-10-31 08:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2006-10-18 17:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running]) DRV - [2006-11-27 17:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2006-11-27 17:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2006-03-02 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-04 17:13:24 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-04 17:13:24 | 00,000,000 | ---D | M] [2009-04-04 09:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\mozilla\Extensions [2009-04-04 09:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-04-04 09:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\mozilla\Firefox\Profiles\pofpueyg.default\extensions [2009-04-04 09:40:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-05-04 17:13:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-05-04 17:13:20 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-05-04 17:13:20 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon (alch) O4 - HKLM..\Run: [MSRegInfo] C:\WINDOWS\pagefile.sys.vbs File not found O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-03-27 13:05:41 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-05-11 11:11:44 | 00,000,106 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{00df310e-2d9c-11de-ad58-001a4d7a06ef}\Shell - "" = AutoRun O33 - MountPoints2\{0443e540-2029-11de-ad1a-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found O33 - MountPoints2\{0443e540-2029-11de-ad1a-001a4d7a06ef}\Shell\open\command - "" = D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found O33 - MountPoints2\{1377ab56-2352-11de-ad29-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found O33 - MountPoints2\{1377ab56-2352-11de-ad29-001a4d7a06ef}\Shell\open\command - "" = D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found O33 - MountPoints2\{36e871aa-25ec-11de-ad39-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\i.cmd -- File not found O33 - MountPoints2\{36e871aa-25ec-11de-ad39-001a4d7a06ef}\Shell\open\Command - "" = D:\i.cmd -- File not found O33 - MountPoints2\{4cabda14-2a8c-11de-ad4f-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\0xuc.com -- File not found O33 - MountPoints2\{4cabda14-2a8c-11de-ad4f-001a4d7a06ef}\Shell\open\Command - "" = D:\0xuc.com -- File not found O33 - MountPoints2\{90c2b904-3b1a-11de-ada4-001a4d7a06ef}\Shell - "" = AutoRun O33 - MountPoints2\{90c2b904-3b1a-11de-ada4-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found O33 - MountPoints2\{cb117da8-1ac1-11de-acf1-001a4d7a06ef}\Shell - "" = AutoRun O33 - MountPoints2\{cb117da8-1ac1-11de-acf1-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found O33 - MountPoints2\{d6a9f443-2f44-11de-ad60-001a4d7a06ef}\Shell - "" = AutoRun O33 - MountPoints2\{d6a9f443-2f44-11de-ad60-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found O33 - MountPoints2\{edccd11a-2aa9-11de-ad52-001a4d7a06ef}\Shell - "" = AutoRun O33 - MountPoints2\{edccd11a-2aa9-11de-ad52-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found O33 - MountPoints2\{edccd11d-2aa9-11de-ad52-001a4d7a06ef}\Shell\AutoRun\command - "" = E:\0xuc.com -- File not found O33 - MountPoints2\{edccd11d-2aa9-11de-ad52-001a4d7a06ef}\Shell\open\Command - "" = E:\0xuc.com -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [2009-05-11 11:11:44 | 00,003,478 | RHS- | C] () -- C:\pagefile.sys.vbs [2009-05-11 11:11:36 | 00,000,000 | ---D | C] -- C:\_OTListIt [2009-05-11 11:10:35 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTListIt2.exe [2009-05-11 11:07:49 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\HijackThis.lnk [2009-05-11 11:04:11 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\admin\Pulpit\HJTInstall.exe [2009-05-08 21:06:48 | 00,000,000 | ---D | C] -- C:\rsit [2009-05-08 21:06:48 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro [2009-05-08 21:06:08 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\RSIT.exe [2009-05-08 20:01:50 | 00,000,106 | RHS- | C] () -- C:\autorun.inf [2009-05-08 19:58:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009-05-08 19:55:35 | 00,000,000 | ---D | C] -- C:\SDFix [2009-05-08 19:35:02 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-05-08 18:10:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009-05-08 18:06:03 | 03,019,252 | R--- | C] () -- C:\Documents and Settings\admin\Pulpit\ComboFix.exe [2009-05-07 17:22:00 | 00,000,000 | ---D | C] -- C:\Program Files\ChomikBox [2009-05-02 13:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\Help [2009-04-29 19:05:58 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu [2009-04-27 14:08:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak [2009-04-27 14:01:45 | 00,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys [2009-04-27 14:01:45 | 00,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2009-04-27 13:58:48 | 02,059,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2009-04-27 13:58:45 | 02,017,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2009-04-27 13:58:39 | 02,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2009-04-27 13:58:28 | 02,137,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2009-04-27 13:56:39 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2009-04-27 13:08:45 | 00,019,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2009-04-27 13:08:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2009-04-27 12:49:19 | 00,000,000 | ---D | C] -- C:\Program Files\ParadisePoker [2009-04-27 12:33:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2009-04-27 12:30:12 | 00,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET [2009-04-20 17:34:19 | 00,000,000 | R--- | C] () -- C:\logwmemory.bin [2009-04-20 17:33:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\Soldat [2009-04-18 11:13:54 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Moje dokumenty\Pattinson.jpg [2006-10-31 08:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-31 08:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-31 08:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-31 08:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-31 08:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-31 08:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-31 08:35:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006-03-02 14:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2006-03-02 14:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini [2006-03-02 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [2009-05-11 11:13:13 | 00,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-05-11 11:12:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-05-11 11:12:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\admin\Ustawienia lokalne\desktop.ini [2009-05-11 11:12:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-05-11 11:11:44 | 00,003,478 | RHS- | M] () -- C:\pagefile.sys.vbs [2009-05-11 11:11:44 | 00,000,106 | RHS- | M] () -- C:\autorun.inf [2009-05-11 11:10:36 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTListIt2.exe [2009-05-11 11:07:49 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\HijackThis.lnk [2009-05-11 11:04:12 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\admin\Pulpit\HJTInstall.exe [2009-05-11 10:11:11 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-08 21:06:16 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\RSIT.exe [2009-05-08 20:05:48 | 00,000,144 | -HS- | M] () -- C:\Documents and Settings\All Users\Dokumenty\desktop.ini [2009-05-08 19:58:59 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009-05-08 18:09:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-05-08 18:06:34 | 03,019,252 | R--- | M] () -- C:\Documents and Settings\admin\Pulpit\ComboFix.exe [2009-05-04 11:23:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009-05-01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\VFIND.exe [2009-04-27 17:30:41 | 00,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-04-27 17:30:41 | 00,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-04-27 17:30:41 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-04-27 17:30:41 | 00,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-04-27 17:30:41 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-04-27 17:26:20 | 00,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-04-27 17:16:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-04-27 11:03:06 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2009-04-20 17:34:19 | 00,000,000 | R--- | M] () -- C:\logwmemory.bin [2009-04-20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-04-18 11:13:54 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\admin\Moje dokumenty\Pattinson.jpg < End of report >

**Posty:** 18165 · przez **wojtas** 11 Maj 2009, 13:56

Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - AutoRun File - [2009-05-11 11:11:44 | 00,000,106 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{00df310e-2d9c-11de-ad58-001a4d7a06ef}\Shell - "" = AutoRun
O33 - MountPoints2\{0443e540-2029-11de-ad1a-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{0443e540-2029-11de-ad1a-001a4d7a06ef}\Shell\open\command - "" = D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{1377ab56-2352-11de-ad29-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{1377ab56-2352-11de-ad29-001a4d7a06ef}\Shell\open\command - "" = D:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{36e871aa-25ec-11de-ad39-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\i.cmd -- File not found
O33 - MountPoints2\{36e871aa-25ec-11de-ad39-001a4d7a06ef}\Shell\open\Command - "" = D:\i.cmd -- File not found
O33 - MountPoints2\{4cabda14-2a8c-11de-ad4f-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\0xuc.com -- File not found
O33 - MountPoints2\{4cabda14-2a8c-11de-ad4f-001a4d7a06ef}\Shell\open\Command - "" = D:\0xuc.com -- File not found
O33 - MountPoints2\{edccd11d-2aa9-11de-ad52-001a4d7a06ef}\Shell\AutoRun\command - "" = E:\0xuc.com -- File not found
O33 - MountPoints2\{edccd11d-2aa9-11de-ad52-001a4d7a06ef}\Shell\open\Command - "" = E:\0xuc.com -- File not found

:Files
C:\pagefile.sys.vbs
C:\autorun.inf
D:\autorun.inf

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTListIt2 z opcją Run Scan. Pokazujesz nowy log OTListIt.txt (czyszczenie i skan )

**Posty:** 190 · przez **mirekg1963** 11 Maj 2009, 21:07

Witam! Podaje log z OTList It2

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-05-11 21:04:32 - Run 2 OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\admin\Pulpit Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 447,48 Mb Total Physical Memory | 173,55 Mb Available Physical Memory | 38,78% Memory free 1,03 Gb Paging File | 0,83 Gb Available in Paging File | 80,88% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 67,26 Gb Free Space | 90,26% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XPN06 Current User Name: admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2006-03-02 14:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2006-03-02 14:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2007-01-30 12:54:36 | 16,116,224 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2008-11-09 10:20:48 | 00,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe PRC - [2004-08-04 01:55:54 | 01,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2005-09-23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe PRC - [2009-05-04 17:13:20 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-02-06 18:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2009-05-11 20:59:49 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2006-03-02 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009-04-27 11:02:28 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped]) SRV - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2006-06-19 00:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running]) DRV - [2009-03-27 13:17:34 | 00,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped]) DRV - [2005-01-07 18:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-01-30 12:57:50 | 04,474,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2009-03-30 09:45:44 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running]) DRV - [2006-10-31 08:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2006-10-18 17:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running]) DRV - [2006-11-27 17:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2006-11-27 17:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2006-03-02 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-04 17:13:24 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-04 17:13:24 | 00,000,000 | ---D | M] [2009-04-04 09:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\mozilla\Extensions [2009-04-04 09:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-04-04 09:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\mozilla\Firefox\Profiles\pofpueyg.default\extensions [2009-04-04 09:40:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-05-04 17:13:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-05-04 17:13:20 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-05-04 17:13:20 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon (alch) O4 - HKLM..\Run: [MSRegInfo] C:\WINDOWS\pagefile.sys.vbs File not found O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-03-27 13:05:41 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{90c2b904-3b1a-11de-ada4-001a4d7a06ef}\Shell - "" = AutoRun O33 - MountPoints2\{90c2b904-3b1a-11de-ada4-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found O33 - MountPoints2\{cb117da8-1ac1-11de-acf1-001a4d7a06ef}\Shell - "" = AutoRun O33 - MountPoints2\{cb117da8-1ac1-11de-acf1-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found O33 - MountPoints2\{d6a9f443-2f44-11de-ad60-001a4d7a06ef}\Shell - "" = AutoRun O33 - MountPoints2\{d6a9f443-2f44-11de-ad60-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found O33 - MountPoints2\{edccd11a-2aa9-11de-ad52-001a4d7a06ef}\Shell - "" = AutoRun O33 - MountPoints2\{edccd11a-2aa9-11de-ad52-001a4d7a06ef}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [2009-05-11 20:59:46 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTListIt2.exe [2009-05-11 11:11:36 | 00,000,000 | ---D | C] -- C:\_OTListIt [2009-05-08 21:06:48 | 00,000,000 | ---D | C] -- C:\rsit [2009-05-08 21:06:48 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro [2009-05-08 19:58:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009-05-08 19:55:35 | 00,000,000 | ---D | C] -- C:\SDFix [2009-05-08 19:35:02 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-05-08 18:10:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009-05-07 17:22:00 | 00,000,000 | ---D | C] -- C:\Program Files\ChomikBox [2009-05-02 13:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\Help [2009-04-29 19:05:58 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu [2009-04-27 14:08:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak [2009-04-27 14:01:45 | 00,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys [2009-04-27 14:01:45 | 00,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2009-04-27 13:58:48 | 02,059,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2009-04-27 13:58:45 | 02,017,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2009-04-27 13:58:39 | 02,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2009-04-27 13:58:28 | 02,137,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2009-04-27 13:56:39 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2009-04-27 13:08:45 | 00,019,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2009-04-27 13:08:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2009-04-27 12:49:19 | 00,000,000 | ---D | C] -- C:\Program Files\ParadisePoker [2009-04-27 12:33:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2009-04-27 12:30:12 | 00,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET [2009-04-20 17:34:19 | 00,000,000 | R--- | C] () -- C:\logwmemory.bin [2009-04-20 17:33:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\Soldat [2009-04-18 11:13:54 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Moje dokumenty\Pattinson.jpg [2006-10-31 08:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-31 08:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-31 08:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-31 08:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-31 08:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-31 08:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-31 08:35:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006-03-02 14:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2006-03-02 14:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini [2006-03-02 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [2009-05-11 21:03:08 | 00,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-05-11 21:02:30 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\admin\Ustawienia lokalne\desktop.ini [2009-05-11 21:02:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-05-11 21:02:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-05-11 20:59:49 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTListIt2.exe [2009-05-11 10:11:11 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-08 20:05:48 | 00,000,144 | -HS- | M] () -- C:\Documents and Settings\All Users\Dokumenty\desktop.ini [2009-05-08 19:58:59 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009-05-08 18:09:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-05-04 11:23:21 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009-05-01 15:36:46 | 00,117,248 | ---- | M] () -- C:\WINDOWS\VFIND.exe [2009-04-27 17:30:41 | 00,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-04-27 17:30:41 | 00,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-04-27 17:30:41 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-04-27 17:30:41 | 00,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-04-27 17:30:41 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-04-27 17:26:20 | 00,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-04-27 17:16:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-04-27 11:03:06 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2009-04-20 17:34:19 | 00,000,000 | R--- | M] () -- C:\logwmemory.bin [2009-04-20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-04-18 11:13:54 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\admin\Moje dokumenty\Pattinson.jpg < End of report >

**Posty:** 18165 · przez **wojtas** 11 Maj 2009, 21:42

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

**Posty:** 190 · przez **mirekg1963** 12 Maj 2009, 12:33

Raport z Kaspra , nie wiem czy to dobrze robię, ale działam

Kod: Zaznacz wszystko: wtorek, 12 maj 2009 System operacyjny: Microsoft Windows XP Home Edition Dodatek Service Pack 2 (build 2600) Wersja Kaspersky Online Scanner: 7.0.26.12 Data ostatniej aktualizacji bazy danych: Tuesday, May 12, 2009 10:51:34 Liczba wpisów: 2167307 Ustawienia skanowania Typ bazy danych użytej do skanowania rozszerzona Skanuj archiwa tak Skanuj pocztowe bazy danych tak Obszar skanowania Mój komputer A:\ C:\ Statystyki skanowania Przeskanowanych plików 29400 Nazwa zagrożenia 0 Zainfekowanych obiektów 0 Podejrzanych obiektów 0 Czas skanowania 00:38:00 Nie wykryto zagrożeń. Obszar skanowania jest czysty. Wybrany obszar został przeskanowany.

**Posty:** 18165 · przez **wojtas** 12 Maj 2009, 13:10

czysto juz.

Autor postu otrzymał pochwałę