Heurestyka jak sie to dostaje do kompa

**Posty:** 190 · przez **mirekg1963** 29 Maj 2009, 12:33

Kolejny komp ma problemy z tym Heur.W32. Co to jest i jak się przed tym chronić. No i oczywiście przesyłam log

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-05-29 12:28:41 - Run 2 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Właściciel\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 447,48 Mb Total Physical Memory | 183,79 Mb Available Physical Memory | 41,07% Memory free 1,03 Gb Paging File | 0,80 Gb Available in Paging File | 77,33% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 63,23 Gb Free Space | 84,84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XPN21 Current User Name: Właściciel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2009-05-29 11:27:27 | 01,005,904 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-01-30 12:54:36 | 16,116,224 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2009-05-29 11:27:29 | 00,518,488 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2006-03-02 14:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2009-05-29 11:42:07 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\temp\ofkgex.exe PRC - [2009-04-29 12:46:40 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-05-29 12:28:31 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009-05-29 11:27:27 | 01,005,904 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Running]) SRV - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2006-06-18 23:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running]) DRV - File not found -- -- (asc3360pr [On_Demand | Running]) DRV - [2009-04-15 21:22:30 | 00,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped]) DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-01-30 12:57:50 | 04,474,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2009-05-29 11:27:41 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running]) DRV - [2006-10-31 08:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2006-10-18 16:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running]) DRV - [2006-11-27 16:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2006-11-27 16:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324W FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-25 13:19:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-26 16:02:36 | 00,000,000 | ---D | M] [2009-04-17 09:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Extensions [2009-04-17 09:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-05-26 12:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Firefox\Profiles\l4401bj6.default\extensions [2009-05-14 12:20:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Firefox\Profiles\l4401bj6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009-05-06 15:07:09 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\FireFox\Profiles\l4401bj6.default\searchplugins\ask.xml [2009-05-11 13:13:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-04-29 12:46:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-04-29 12:46:39 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-04-29 12:46:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} http://download.gamedesire.com/g_bin/pl/cards_2_0_0_77.cab (GameDesire Card Games) O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} http://download.gamedesire.com/g_bin/pl/boards_2_0_0_35.cab (Ganymede Board Games) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239897967046 (WUWebControl Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-04-15 21:02:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-05-27 19:41:03 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{3d4512a5-29fe-11de-a64d-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{3d4512a5-29fe-11de-a64d-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.bat -- File not found O33 - MountPoints2\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\Shell\AUToPlay\Command - "" = D:\kqfgcp.exe -- File not found O33 - MountPoints2\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\Shell\AutoRun\command - "" = D:\kqfgcp.exe -- File not found O33 - MountPoints2\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\Shell\ExPlORE\coMmand - "" = D:\kqfgcp.exe -- File not found O33 - MountPoints2\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\Shell\opEn\COmmAnd - "" = D:\kqfgcp.exe -- File not found O33 - MountPoints2\{a9927e5a-2ab3-11de-8cba-001a4d80ed79}\Shell - "" = AutoRun O33 - MountPoints2\{a9927e5a-2ab3-11de-8cba-001a4d80ed79}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found O33 - MountPoints2\{a9927e5b-2ab3-11de-8cba-001a4d80ed79}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe O33 - MountPoints2\{a9927e5b-2ab3-11de-8cba-001a4d80ed79}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-05-29 12:28:31 | 00,000,000 | ---D | M] O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-05-29 12:28:27 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTListIt2.exe [2009-05-29 11:47:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2009-05-29 11:47:03 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2009-05-28 18:52:11 | 11,524,348 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\WoDBO.exe [2009-05-28 18:51:29 | 00,105,269 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Server Changer.rar [2009-05-27 19:41:03 | 00,000,000 | RHSD | C] -- C:\autorun.inf [2009-05-27 17:12:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\SQL Developer [2009-05-27 17:10:39 | 10,416,8562 | ---- | C] () -- C:\WINDOWS\sqldeveloper-5783.zip [2009-05-27 11:14:10 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-05-27 11:12:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2009-05-27 11:12:44 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe [2009-05-27 11:10:12 | 25,563,472 | ---- | C] ( ) -- C:\Documents and Settings\Właściciel\Pulpit\AdbeRdr910_pl_PL.exe [2009-05-26 19:35:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Pulpit\mapytibia840 [2009-05-26 19:35:34 | 01,317,998 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\mapytibia840.rar [2009-05-26 17:38:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Tibia [2009-05-26 17:38:18 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk [2009-05-26 17:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\Tibia [2009-05-26 17:33:19 | 20,398,051 | ---- | C] (CipSoft GmbH ) -- C:\Documents and Settings\Właściciel\Pulpit\tibia842.exe [2009-05-26 16:24:16 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800} [2009-05-26 16:24:15 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk [2009-05-26 16:24:10 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2009-05-26 16:20:58 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk [2009-05-26 16:20:20 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu [2009-05-26 16:18:32 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2009-05-26 16:17:40 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Metin2 PL.lnk [2009-05-26 16:13:54 | 00,000,000 | ---D | C] -- C:\Program Files\Metin2_PL [2009-05-26 16:13:26 | 00,001,369 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Counter-Strike 1.6.lnk [2009-05-26 16:13:26 | 00,000,000 | ---D | C] -- C:\Program Files\Valve [2009-05-26 16:13:00 | 20,910,808 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\nowegg.exe [2009-05-26 15:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-05-26 15:54:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM [2009-05-25 16:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Nowe Gadu-Gadu [2009-05-25 16:55:54 | 00,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2009-05-21 19:34:20 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-05-21 19:26:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009-05-21 19:26:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\temp [2009-05-21 19:22:06 | 00,000,223 | ---- | C] () -- C:\Boot.bak [2009-05-21 19:22:03 | 00,262,400 | ---- | C] () -- C:\cmldr [2009-05-21 19:22:02 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-05-21 19:20:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009-05-21 19:20:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009-05-21 19:20:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009-05-21 19:20:48 | 00,130,048 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-05-21 19:20:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009-05-21 19:20:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009-05-21 19:20:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009-05-21 19:20:48 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-05-21 19:20:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009-05-21 19:01:10 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-05-21 14:27:03 | 00,000,000 | ---- | C] () -- C:\3ba1 [2009-05-20 20:44:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Malwarebytes [2009-05-20 20:44:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-05-19 16:35:46 | 00,000,000 | ---D | C] -- C:\Program Files\DiskTrix [2009-05-16 15:12:07 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-05-16 15:12:04 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2009-05-16 15:12:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple [2009-05-16 15:11:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\GrabPro [2009-05-16 15:11:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Orbit [2009-05-14 12:20:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google [2009-05-13 14:52:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Help [2009-05-13 14:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\WinHex [2009-05-13 14:50:47 | 00,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG [2009-05-12 21:19:56 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc1395793746.bin [2009-05-12 21:19:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\GanymedeNet [2009-05-11 20:27:43 | 37,464,624 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx.avi [2009-05-11 20:25:15 | 20,413,054 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Hottest_Women_Lesbian_Hardcore_Fucking_XXX_Sex.avi [2009-05-11 20:24:34 | 14,883,238 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx_13 [2009-05-11 20:23:29 | 24,458,482 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam-_sexy_lingerie_naked_porn_xxx_porno_sex_scenes_sexo_nude_pussy_breasts.avi [2009-05-11 20:20:52 | 09,646,736 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam.avi [2009-05-11 20:19:51 | 50,015,052 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Arty_sexy_chat_date_Blonde_striptease_horny_porno_strip_naked_free_sex_porn_babe_xxx_porno_chick.avi [2009-05-11 13:47:11 | 14,094,621 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cyclone_1 [2009-05-11 13:46:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Desktopicon [2009-05-11 13:32:57 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2009-05-11 13:31:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2009-05-07 15:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\My Received Files [2009-05-07 15:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\My Music [2009-05-07 15:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\BearShare [2009-05-07 15:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\12399 [2009-05-07 15:55:53 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Smiley.ico [2009-05-07 14:18:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-05-07 14:15:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\WinRAR [2009-05-07 14:14:43 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR [2009-05-07 14:10:36 | 01,382,845 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\wrar380pl.exe [2009-05-06 18:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Porno Links XP [2009-05-06 15:42:36 | 00,000,000 | RHSD | C] -- C:\SYSTEM [2009-05-06 15:06:02 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll [2009-05-06 15:06:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\DVDVideoSoft [2009-05-06 15:05:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2009-05-06 14:13:13 | 00,000,000 | ---D | C] -- C:\Program Files\Tibia Auto [2009-04-29 12:27:13 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006-10-31 08:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-31 08:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-31 08:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-31 08:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-31 08:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-31 08:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-31 08:35:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006-03-02 14:00:00 | 00,000,512 | ---- | C] () -- C:\WINDOWS\win.ini [2006-03-02 14:00:00 | 00,000,263 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [2009-05-29 12:28:31 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTListIt2.exe [2009-05-29 11:33:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-05-29 11:33:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-05-29 11:33:16 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\desktop.ini [2009-05-29 11:33:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-05-29 11:28:04 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2009-05-29 11:27:41 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009-05-28 18:53:44 | 00,105,269 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Server Changer.rar [2009-05-28 18:53:43 | 11,524,348 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\WoDBO.exe [2009-05-28 13:51:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-05-27 17:10:44 | 10,416,8562 | ---- | M] () -- C:\WINDOWS\sqldeveloper-5783.zip [2009-05-27 11:14:10 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-05-27 11:11:17 | 25,563,472 | ---- | M] ( ) -- C:\Documents and Settings\Właściciel\Pulpit\AdbeRdr910_pl_PL.exe [2009-05-26 19:35:40 | 01,317,998 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\mapytibia840.rar [2009-05-26 17:38:18 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk [2009-05-26 17:38:09 | 20,398,051 | ---- | M] (CipSoft GmbH ) -- C:\Documents and Settings\Właściciel\Pulpit\tibia842.exe [2009-05-26 16:26:08 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009-05-26 16:25:39 | 00,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-05-26 16:24:15 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk [2009-05-26 16:20:58 | 00,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2009-05-26 16:20:58 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk [2009-05-26 16:17:40 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Metin2 PL.lnk [2009-05-26 16:16:13 | 20,910,808 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\nowegg.exe [2009-05-26 16:13:26 | 00,001,369 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Counter-Strike 1.6.lnk [2009-05-26 15:52:41 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-23 12:23:10 | 00,000,512 | ---- | M] () -- C:\WINDOWS\win.ini [2009-05-23 12:23:10 | 00,000,293 | RHS- | M] () -- C:\boot.ini [2009-05-23 12:23:10 | 00,000,263 | ---- | M] () -- C:\WINDOWS\system.ini [2009-05-21 19:24:06 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009-05-21 18:58:20 | 00,000,223 | ---- | M] () -- C:\Boot.bak [2009-05-21 14:27:03 | 00,000,000 | ---- | M] () -- C:\3ba1 [2009-05-20 20:37:02 | 00,130,048 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-05-19 13:54:16 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2009-05-12 21:19:56 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\proc1395793746.bin [2009-05-11 20:31:39 | 37,464,624 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx.avi [2009-05-11 20:27:43 | 14,883,238 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx_13 [2009-05-11 20:27:18 | 20,413,054 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Hottest_Women_Lesbian_Hardcore_Fucking_XXX_Sex.avi [2009-05-11 20:25:25 | 24,458,482 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam-_sexy_lingerie_naked_porn_xxx_porno_sex_scenes_sexo_nude_pussy_breasts.avi [2009-05-11 20:22:41 | 50,015,052 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Arty_sexy_chat_date_Blonde_striptease_horny_porno_strip_naked_free_sex_porn_babe_xxx_porno_chick.avi [2009-05-11 20:22:06 | 09,646,736 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam.avi [2009-05-11 16:19:03 | 14,094,621 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cyclone_1 [2009-05-11 13:38:09 | 00,866,660 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-05-11 13:38:09 | 00,448,348 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-05-11 13:38:09 | 00,392,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-05-11 13:38:09 | 00,074,450 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-05-11 13:38:09 | 00,058,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-05-07 14:10:49 | 01,382,845 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\wrar380pl.exe [2009-05-07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [color=orange]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317 < End of report >

**Posty:** 18165 · przez **wojtas** 29 Maj 2009, 14:02

ile Ty masz tych kompów ?? jakie zabezpieczenie ? antywir + firewall + zdrowy rozsadek... caly czas widze u Ciebie infekcje z pendriva lub cos... nie podpinaj tego albo najlepiej sformatuj bo tam jest infekcja i gdy podlaczysz do kompa to przechodzi infekcja z pena na kompa i tak wkółko.. w jakim pliku wykrywa Ci wirusa tego Heur??

Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - AutoRun File - [2009-05-27 19:41:03 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{3d4512a5-29fe-11de-a64d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3d4512a5-29fe-11de-a64d-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.bat -- File not found
O33 - MountPoints2\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\Shell\AUToPlay\Command - "" = D:\kqfgcp.exe -- File not found
O33 - MountPoints2\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\Shell\AutoRun\command - "" = D:\kqfgcp.exe -- File not found
O33 - MountPoints2\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\Shell\ExPlORE\coMmand - "" = D:\kqfgcp.exe -- File not found
O33 - MountPoints2\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\Shell\opEn\COmmAnd - "" = D:\kqfgcp.exe -- File not found
O33 - MountPoints2\{a9927e5a-2ab3-11de-8cba-001a4d80ed79}\Shell - "" = AutoRun
O33 - MountPoints2\{a9927e5b-2ab3-11de-8cba-001a4d80ed79}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
O33 - MountPoints2\{a9927e5b-2ab3-11de-8cba-001a4d80ed79}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe

:Files
C:\autorun.inf
D:\autorun.inf

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTListIt2 z opcją Run Scan. Pokazujesz nowy log OTListIt.txt oraz raport z czyszczenia kompa

**Posty:** 190 · przez **mirekg1963** 29 Maj 2009, 15:41

Dobra, przyznaje Ci sie jak na spowiedzi! Jest tych kompów z 15 . Czasami działaja na nich osoby odpowiedzialne czasami nie. Tak do końca nie mogę tego skontrolować, pewnych rzeczy nie mogę zabronić jak na przykład urzywania pena. Zgadzam sie jednak z Tobą że kontrola powinna być większa. Wiesz koszty mnie niestety też ograniczają no i moja nie zaduża wiedza o tym...Mam darmówkę ClamWina ktoś powiedział mi że jest ok i free stosuje do tego AdAware. Co tydzień skanuje tym i tym co dwa defrag. Chętnie skorzystam z Twoich sugestii co do firewlla a może jakieś inne zabezpieczenie przed infekcjami z pena? Pomoc mile będzie widziana. Podobno Ci co pomagają słabszym będą później wynagrodzeni... :lol:

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-05-29 15:31:27 - Run 3 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Właściciel\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 447,48 Mb Total Physical Memory | 238,68 Mb Available Physical Memory | 53,34% Memory free 1,03 Gb Paging File | 0,87 Gb Available in Paging File | 84,53% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 63,10 Gb Free Space | 84,67% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XPN21 Current User Name: Właściciel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2007-01-30 12:54:36 | 16,116,224 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2009-02-27 17:10:28 | 00,109,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe PRC - [2008-04-14 19:21:19 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe PRC - [2009-05-29 12:28:31 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009-05-29 11:27:27 | 01,079,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped]) SRV - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2006-06-18 23:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running]) DRV - File not found -- -- (asc3360pr [On_Demand | Running]) DRV - [2009-04-15 21:22:30 | 00,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped]) DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-01-30 12:57:50 | 04,474,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2009-05-29 11:27:41 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running]) DRV - [2006-10-31 08:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2006-10-18 16:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running]) DRV - [2006-11-27 16:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2006-11-27 16:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324W FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-25 13:19:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-26 16:02:36 | 00,000,000 | ---D | M] [2009-04-17 09:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Extensions [2009-04-17 09:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-05-26 12:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Firefox\Profiles\l4401bj6.default\extensions [2009-05-14 12:20:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Firefox\Profiles\l4401bj6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009-05-06 15:07:09 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\FireFox\Profiles\l4401bj6.default\searchplugins\ask.xml [2009-05-11 13:13:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-04-29 12:46:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-04-29 12:46:39 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-04-29 12:46:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} http://download.gamedesire.com/g_bin/pl/cards_2_0_0_77.cab (GameDesire Card Games) O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} http://download.gamedesire.com/g_bin/pl/boards_2_0_0_35.cab (Ganymede Board Games) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239897967046 (WUWebControl Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-04-15 21:02:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-05-29 15:28:07 | 00,000,000 | ---D | M] O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-05-29 15:20:17 | 00,000,000 | ---D | C] -- C:\_OTListIt [2009-05-29 12:28:27 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTListIt2.exe [2009-05-29 11:47:03 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2009-05-28 18:52:11 | 11,524,348 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\WoDBO.exe [2009-05-28 18:51:29 | 00,105,269 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Server Changer.rar [2009-05-27 17:12:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\SQL Developer [2009-05-27 17:10:39 | 10,416,8562 | ---- | C] () -- C:\WINDOWS\sqldeveloper-5783.zip [2009-05-27 11:14:10 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-05-27 11:12:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2009-05-27 11:12:44 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe [2009-05-27 11:10:12 | 25,563,472 | ---- | C] ( ) -- C:\Documents and Settings\Właściciel\Pulpit\AdbeRdr910_pl_PL.exe [2009-05-26 19:35:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Pulpit\mapytibia840 [2009-05-26 19:35:34 | 01,317,998 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\mapytibia840.rar [2009-05-26 17:38:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Tibia [2009-05-26 17:38:18 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk [2009-05-26 17:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\Tibia [2009-05-26 17:33:19 | 20,398,051 | ---- | C] (CipSoft GmbH ) -- C:\Documents and Settings\Właściciel\Pulpit\tibia842.exe [2009-05-26 16:24:16 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800} [2009-05-26 16:24:15 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk [2009-05-26 16:24:10 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2009-05-26 16:20:58 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk [2009-05-26 16:20:20 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu [2009-05-26 16:18:32 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2009-05-26 16:17:40 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Metin2 PL.lnk [2009-05-26 16:13:54 | 00,000,000 | ---D | C] -- C:\Program Files\Metin2_PL [2009-05-26 16:13:26 | 00,001,369 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Counter-Strike 1.6.lnk [2009-05-26 16:13:26 | 00,000,000 | ---D | C] -- C:\Program Files\Valve [2009-05-26 16:13:00 | 20,910,808 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\nowegg.exe [2009-05-26 15:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-05-26 15:54:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM [2009-05-25 16:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Nowe Gadu-Gadu [2009-05-25 16:55:54 | 00,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2009-05-21 19:34:20 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-05-21 19:26:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009-05-21 19:26:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\temp [2009-05-21 19:22:06 | 00,000,223 | ---- | C] () -- C:\Boot.bak [2009-05-21 19:22:03 | 00,262,400 | ---- | C] () -- C:\cmldr [2009-05-21 19:22:02 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-05-21 19:20:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009-05-21 19:20:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009-05-21 19:20:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009-05-21 19:20:48 | 00,130,048 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-05-21 19:20:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009-05-21 19:20:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009-05-21 19:20:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009-05-21 19:20:48 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-05-21 19:20:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009-05-21 19:01:10 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-05-21 14:27:03 | 00,000,000 | ---- | C] () -- C:\3ba1 [2009-05-20 20:44:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Malwarebytes [2009-05-20 20:44:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-05-19 16:35:46 | 00,000,000 | ---D | C] -- C:\Program Files\DiskTrix [2009-05-16 15:12:07 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-05-16 15:12:04 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2009-05-16 15:12:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple [2009-05-16 15:11:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\GrabPro [2009-05-16 15:11:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Orbit [2009-05-14 12:20:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google [2009-05-13 14:52:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Help [2009-05-13 14:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\WinHex [2009-05-13 14:50:47 | 00,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG [2009-05-12 21:19:56 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc1395793746.bin [2009-05-12 21:19:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\GanymedeNet [2009-05-11 20:27:43 | 37,464,624 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx.avi [2009-05-11 20:25:15 | 20,413,054 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Hottest_Women_Lesbian_Hardcore_Fucking_XXX_Sex.avi [2009-05-11 20:24:34 | 14,883,238 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx_13 [2009-05-11 20:23:29 | 24,458,482 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam-_sexy_lingerie_naked_porn_xxx_porno_sex_scenes_sexo_nude_pussy_breasts.avi [2009-05-11 20:20:52 | 09,646,736 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam.avi [2009-05-11 20:19:51 | 50,015,052 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Arty_sexy_chat_date_Blonde_striptease_horny_porno_strip_naked_free_sex_porn_babe_xxx_porno_chick.avi [2009-05-11 13:47:11 | 14,094,621 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cyclone_1 [2009-05-11 13:46:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Desktopicon [2009-05-11 13:32:57 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2009-05-11 13:31:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2009-05-07 15:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\My Received Files [2009-05-07 15:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\My Music [2009-05-07 15:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\BearShare [2009-05-07 15:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\12399 [2009-05-07 15:55:53 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Smiley.ico [2009-05-07 14:18:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-05-07 14:15:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\WinRAR [2009-05-07 14:14:43 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR [2009-05-07 14:10:36 | 01,382,845 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\wrar380pl.exe [2009-05-06 18:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Porno Links XP [2009-05-06 15:42:36 | 00,000,000 | RHSD | C] -- C:\SYSTEM [2009-05-06 15:06:02 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll [2009-05-06 15:06:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\DVDVideoSoft [2009-05-06 15:05:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2009-05-06 14:13:13 | 00,000,000 | ---D | C] -- C:\Program Files\Tibia Auto [2009-04-29 12:27:13 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006-10-31 08:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-31 08:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-31 08:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-31 08:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-31 08:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-31 08:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-31 08:35:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006-03-02 14:00:00 | 00,000,512 | ---- | C] () -- C:\WINDOWS\win.ini [2006-03-02 14:00:00 | 00,000,263 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [2009-05-29 15:27:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-05-29 15:23:31 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\desktop.ini [2009-05-29 15:23:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-05-29 15:23:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-05-29 12:28:31 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTListIt2.exe [2009-05-29 11:28:04 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2009-05-29 11:27:41 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009-05-28 18:53:44 | 00,105,269 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Server Changer.rar [2009-05-28 18:53:43 | 11,524,348 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\WoDBO.exe [2009-05-28 13:51:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-05-27 17:10:44 | 10,416,8562 | ---- | M] () -- C:\WINDOWS\sqldeveloper-5783.zip [2009-05-27 11:14:10 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-05-27 11:11:17 | 25,563,472 | ---- | M] ( ) -- C:\Documents and Settings\Właściciel\Pulpit\AdbeRdr910_pl_PL.exe [2009-05-26 19:35:40 | 01,317,998 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\mapytibia840.rar [2009-05-26 17:38:18 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Tibia.lnk [2009-05-26 17:38:09 | 20,398,051 | ---- | M] (CipSoft GmbH ) -- C:\Documents and Settings\Właściciel\Pulpit\tibia842.exe [2009-05-26 16:26:08 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009-05-26 16:25:39 | 00,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-05-26 16:24:15 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk [2009-05-26 16:20:58 | 00,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2009-05-26 16:20:58 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk [2009-05-26 16:17:40 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Metin2 PL.lnk [2009-05-26 16:16:13 | 20,910,808 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\nowegg.exe [2009-05-26 16:13:26 | 00,001,369 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Counter-Strike 1.6.lnk [2009-05-26 15:52:41 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-23 12:23:10 | 00,000,512 | ---- | M] () -- C:\WINDOWS\win.ini [2009-05-23 12:23:10 | 00,000,293 | RHS- | M] () -- C:\boot.ini [2009-05-23 12:23:10 | 00,000,263 | ---- | M] () -- C:\WINDOWS\system.ini [2009-05-21 19:24:06 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009-05-21 18:58:20 | 00,000,223 | ---- | M] () -- C:\Boot.bak [2009-05-21 14:27:03 | 00,000,000 | ---- | M] () -- C:\3ba1 [2009-05-20 20:37:02 | 00,130,048 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-05-19 13:54:16 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2009-05-12 21:19:56 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\proc1395793746.bin [2009-05-11 20:31:39 | 37,464,624 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx.avi [2009-05-11 20:27:43 | 14,883,238 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx_13 [2009-05-11 20:27:18 | 20,413,054 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Hottest_Women_Lesbian_Hardcore_Fucking_XXX_Sex.avi [2009-05-11 20:25:25 | 24,458,482 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam-_sexy_lingerie_naked_porn_xxx_porno_sex_scenes_sexo_nude_pussy_breasts.avi [2009-05-11 20:22:41 | 50,015,052 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Arty_sexy_chat_date_Blonde_striptease_horny_porno_strip_naked_free_sex_porn_babe_xxx_porno_chick.avi [2009-05-11 20:22:06 | 09,646,736 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam.avi [2009-05-11 16:19:03 | 14,094,621 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cyclone_1 [2009-05-11 13:38:09 | 00,866,660 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-05-11 13:38:09 | 00,448,348 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-05-11 13:38:09 | 00,392,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-05-11 13:38:09 | 00,074,450 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-05-11 13:38:09 | 00,058,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-05-07 14:10:49 | 01,382,845 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\wrar380pl.exe [2009-05-07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [color=orange]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317 < End of report >

Kod: Zaznacz wszystko: ========== OTLISTIT ========== Process explorer.exe killed successfully! File not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d4512a5-29fe-11de-a64d-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d4512a5-29fe-11de-a64d-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d4512a5-29fe-11de-a64d-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d4512a5-29fe-11de-a64d-806d6172696f}\ not found. File D:\autorun.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\ not found. File D:\kqfgcp.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\ not found. File D:\kqfgcp.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\ not found. File D:\kqfgcp.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{511bad78-4ba0-11de-8d6f-001a4d80ed79}\ not found. File D:\kqfgcp.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9927e5a-2ab3-11de-8cba-001a4d80ed79}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9927e5a-2ab3-11de-8cba-001a4d80ed79}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9927e5b-2ab3-11de-8cba-001a4d80ed79}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9927e5b-2ab3-11de-8cba-001a4d80ed79}\ not found. File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9927e5b-2ab3-11de-8cba-001a4d80ed79}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9927e5b-2ab3-11de-8cba-001a4d80ed79}\ not found. File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe not found. ========== FILES ========== C:\autorun.inf moved successfully. File\Folder D:\autorun.inf not found. ========== REGISTRY ========== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully! ========== COMMANDS ========== File delete failed. C:\Documents and Settings\Właściciel\Ustawienia lokalne\temp\hpichq.exe scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Właściciel\Ustawienia lokalne\temp\w695a08.exe scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Właściciel\Ustawienia lokalne\temp\winnyjqyu.exe scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05292009_152017 Files moved on Reboot... C:\Documents and Settings\Właściciel\Ustawienia lokalne\temp\hpichq.exe moved successfully. C:\Documents and Settings\Właściciel\Ustawienia lokalne\temp\w695a08.exe moved successfully. C:\Documents and Settings\Właściciel\Ustawienia lokalne\temp\winnyjqyu.exe moved successfully. Registry entries deleted on Reboot...

**Posty:** 18165 · przez **wojtas** 29 Maj 2009, 15:53

zabezpieczenie

co do antywirusa to np Avira... firewall Kerio

Start => Uruchom => cmd =>
sc stop asc3360pr
sc delete asc3360pr
Wklep i zatwierdź Enter`em (każdą komendę

)

Wykonaj skan Dr. Web CureIt
Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym (skasuj co znajdzie)

Malwarebytes Anti-Malware

**Posty:** 190 · przez **mirekg1963** 30 Maj 2009, 12:46

Przykro mi ale ta sama rzecz Dr Web Curelt zamyka przeglądarki a kasper - nie ma takiej strony. Mogę Ci tylko dać raport z
Malwarebytes Anti-Malware 1.37 on usunął plik ale nie wiem czy nie ten który zainstalowałem idąc za radą na forum z programu Flash Disinfector sciana

. Ale idę juz za Twoją radą i sukcesywnie będzie wszystko zabezpiczane!

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.37 Wersja bazy definicji: 2195 Windows 5.1.2600 Dodatek Service Pack 3 2009-05-30 12:23:30 mbam-log-2009-05-30 (12-23-30).txt Typ skanowania: Pełne skanowanie (C:\|) Przeskanowane obiekty: 105051 Upłynęło: 22 minute(s), 7 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 1 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\autorun.inf (Trojan.Agent) -> Delete on reboot.

To pewnie mało, co??

**Posty:** 18165 · przez **wojtas** 30 Maj 2009, 12:48

to moze poskanuj:

skanery-on-line-vt95247.html

**Posty:** 190 · przez **mirekg1963** 30 Maj 2009, 14:18

Oj przykro mi bardzo ale nic z tych skanerów nie chce zadziałać! Pewnie Ci się nie nada to do niczego ale wyślę a co tam :cry:

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-05-30 14:10:56 - Run 4 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Właściciel\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 447,48 Mb Total Physical Memory | 155,17 Mb Available Physical Memory | 34,68% Memory free 1,03 Gb Paging File | 0,81 Gb Available in Paging File | 78,75% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 62,36 Gb Free Space | 83,68% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XPN21 Current User Name: Właściciel Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-01-30 12:54:36 | 16,116,224 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2009-05-30 13:32:12 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\temp\winiwlrv.exe PRC - [2009-04-29 12:46:40 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-04-14 19:21:50 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2009-05-29 12:28:31 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2009-05-29 11:27:27 | 01,079,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [On_Demand | Stopped]) SRV - [2006-10-31 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2006-06-18 23:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running]) DRV - File not found -- -- (asc3360pr [On_Demand | Running]) DRV - [2009-04-15 21:22:30 | 00,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped]) DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-01-30 12:57:50 | 04,474,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2009-05-29 11:27:41 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running]) DRV - [2006-10-31 08:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2006-10-18 16:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running]) DRV - [2006-11-27 16:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2006-11-27 16:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.pl" FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324W FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-25 13:19:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-05-26 16:02:36 | 00,000,000 | ---D | M] [2009-04-17 09:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Extensions [2009-04-17 09:27:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-05-29 17:17:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Firefox\Profiles\l4401bj6.default\extensions [2009-05-14 12:20:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\mozilla\Firefox\Profiles\l4401bj6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009-05-06 15:07:09 | 00,000,681 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\FireFox\Profiles\l4401bj6.default\searchplugins\ask.xml [2009-05-11 13:13:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-04-29 12:46:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-04-29 12:46:39 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-04-29 12:46:39 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - Reg Error: Key error. File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} http://download.gamedesire.com/g_bin/pl/cards_2_0_0_77.cab (GameDesire Card Games) O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} http://download.gamedesire.com/g_bin/pl/boards_2_0_0_35.cab (Ganymede Board Games) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239897967046 (WUWebControl Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-04-15 21:02:27 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-05-30 11:51:43 | 00,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-05-30 13:59:46 | 00,000,000 | ---D | M] O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-05-30 11:58:34 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-05-30 11:58:33 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-05-30 11:58:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-05-30 11:51:43 | 00,000,000 | ---D | C] -- C:\autorun.inf [2009-05-29 19:19:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu [2009-05-29 19:19:09 | 00,000,653 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Gadu-Gadu.lnk [2009-05-29 19:19:05 | 00,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu [2009-05-29 19:18:34 | 04,099,252 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\gg77.exe [2009-05-29 19:17:03 | 00,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2009-05-29 19:17:03 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk [2009-05-29 19:16:33 | 00,000,000 | ---D | C] -- C:\Program Files\Nowe Gadu-Gadu [2009-05-29 17:28:20 | 00,000,000 | ---D | C] -- C:\Program Files\Kwyshell [2009-05-29 15:20:17 | 00,000,000 | ---D | C] -- C:\_OTListIt [2009-05-29 12:28:27 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTListIt2.exe [2009-05-29 11:47:03 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2009-05-27 17:12:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\SQL Developer [2009-05-27 17:10:39 | 10,416,8562 | ---- | C] () -- C:\WINDOWS\sqldeveloper-5783.zip [2009-05-27 11:14:10 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-05-27 11:12:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2009-05-27 11:12:44 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe [2009-05-27 11:10:12 | 25,563,472 | ---- | C] ( ) -- C:\Documents and Settings\Właściciel\Pulpit\AdbeRdr910_pl_PL.exe [2009-05-26 17:38:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Tibia [2009-05-26 17:38:16 | 00,000,000 | ---D | C] -- C:\Program Files\Tibia [2009-05-26 17:33:19 | 20,398,051 | ---- | C] (CipSoft GmbH ) -- C:\Documents and Settings\Właściciel\Pulpit\tibia842.exe [2009-05-26 16:24:16 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800} [2009-05-26 16:24:15 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk [2009-05-26 16:24:10 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2009-05-26 16:18:32 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2009-05-26 16:17:40 | 00,000,697 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\Metin2 PL.lnk [2009-05-26 16:13:54 | 00,000,000 | ---D | C] -- C:\Program Files\Metin2_PL [2009-05-26 16:13:26 | 00,001,369 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Counter-Strike 1.6.lnk [2009-05-26 16:13:26 | 00,000,000 | ---D | C] -- C:\Program Files\Valve [2009-05-26 16:13:00 | 20,910,808 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\nowegg.exe [2009-05-26 15:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-05-26 15:54:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM [2009-05-25 16:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Nowe Gadu-Gadu [2009-05-21 19:34:20 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-05-21 19:26:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009-05-21 19:26:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\temp [2009-05-21 19:22:06 | 00,000,223 | ---- | C] () -- C:\Boot.bak [2009-05-21 19:22:03 | 00,262,400 | ---- | C] () -- C:\cmldr [2009-05-21 19:22:02 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-05-21 19:20:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009-05-21 19:20:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009-05-21 19:20:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009-05-21 19:20:48 | 00,130,048 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-05-21 19:20:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009-05-21 19:20:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009-05-21 19:20:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009-05-21 19:20:48 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-05-21 19:20:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009-05-21 19:01:10 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-05-21 14:27:03 | 00,000,000 | ---- | C] () -- C:\3ba1 [2009-05-20 20:44:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Malwarebytes [2009-05-20 20:44:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-05-19 16:35:46 | 00,000,000 | ---D | C] -- C:\Program Files\DiskTrix [2009-05-16 15:12:07 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-05-16 15:12:04 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2009-05-16 15:12:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple [2009-05-16 15:11:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\GrabPro [2009-05-16 15:11:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Orbit [2009-05-14 12:20:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google [2009-05-13 14:52:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Help [2009-05-13 14:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\WinHex [2009-05-13 14:50:47 | 00,000,000 | ---D | C] -- C:\Program Files\TibiaBot NG [2009-05-12 21:19:56 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc1395793746.bin [2009-05-12 21:19:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\GanymedeNet [2009-05-11 20:27:43 | 37,464,624 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx.avi [2009-05-11 20:25:15 | 20,413,054 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Hottest_Women_Lesbian_Hardcore_Fucking_XXX_Sex.avi [2009-05-11 20:24:34 | 14,883,238 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx_13 [2009-05-11 20:23:29 | 24,458,482 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam-_sexy_lingerie_naked_porn_xxx_porno_sex_scenes_sexo_nude_pussy_breasts.avi [2009-05-11 20:20:52 | 09,646,736 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam.avi [2009-05-11 20:19:51 | 50,015,052 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Arty_sexy_chat_date_Blonde_striptease_horny_porno_strip_naked_free_sex_porn_babe_xxx_porno_chick.avi [2009-05-11 13:47:11 | 14,094,621 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cyclone_1 [2009-05-11 13:46:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Desktopicon [2009-05-11 13:32:57 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2009-05-11 13:31:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2009-05-07 15:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\My Received Files [2009-05-07 15:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\My Music [2009-05-07 15:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\BearShare [2009-05-07 15:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\12399 [2009-05-07 15:55:53 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Smiley.ico [2009-05-07 14:18:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-05-07 14:15:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Dane aplikacji\WinRAR [2009-05-07 14:14:43 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR [2009-05-07 14:10:36 | 01,382,845 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\wrar380pl.exe [2009-05-06 18:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Porno Links XP [2009-05-06 15:42:36 | 00,000,000 | RHSD | C] -- C:\SYSTEM [2009-05-06 15:06:02 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll [2009-05-06 15:06:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Moje dokumenty\DVDVideoSoft [2009-05-06 15:05:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2009-05-06 14:13:13 | 00,000,000 | ---D | C] -- C:\Program Files\Tibia Auto [2009-04-29 12:27:13 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006-10-31 08:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-31 08:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-31 08:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-31 08:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-31 08:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-31 08:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-31 08:35:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006-03-02 14:00:00 | 00,000,512 | ---- | C] () -- C:\WINDOWS\win.ini [2006-03-02 14:00:00 | 00,000,263 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [2009-05-30 13:28:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-05-30 13:28:06 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\desktop.ini [2009-05-30 13:28:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-05-30 13:28:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-05-30 11:40:27 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-29 19:19:09 | 00,000,653 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Gadu-Gadu.lnk [2009-05-29 19:18:46 | 04,099,252 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\gg77.exe [2009-05-29 19:17:03 | 00,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2009-05-29 19:17:03 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk [2009-05-29 12:28:31 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Pulpit\OTListIt2.exe [2009-05-29 11:28:04 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2009-05-29 11:27:41 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2009-05-28 13:51:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-05-27 17:10:44 | 10,416,8562 | ---- | M] () -- C:\WINDOWS\sqldeveloper-5783.zip [2009-05-27 11:14:10 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-05-27 11:11:17 | 25,563,472 | ---- | M] ( ) -- C:\Documents and Settings\Właściciel\Pulpit\AdbeRdr910_pl_PL.exe [2009-05-26 17:38:09 | 20,398,051 | ---- | M] (CipSoft GmbH ) -- C:\Documents and Settings\Właściciel\Pulpit\tibia842.exe [2009-05-26 16:26:08 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009-05-26 16:25:39 | 00,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-05-26 16:24:15 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk [2009-05-26 16:17:40 | 00,000,697 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\Metin2 PL.lnk [2009-05-26 16:16:13 | 20,910,808 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\nowegg.exe [2009-05-26 16:13:26 | 00,001,369 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Counter-Strike 1.6.lnk [2009-05-26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-05-26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-05-23 12:23:10 | 00,000,512 | ---- | M] () -- C:\WINDOWS\win.ini [2009-05-23 12:23:10 | 00,000,293 | RHS- | M] () -- C:\boot.ini [2009-05-23 12:23:10 | 00,000,263 | ---- | M] () -- C:\WINDOWS\system.ini [2009-05-21 19:24:06 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009-05-21 18:58:20 | 00,000,223 | ---- | M] () -- C:\Boot.bak [2009-05-21 14:27:03 | 00,000,000 | ---- | M] () -- C:\3ba1 [2009-05-20 20:37:02 | 00,130,048 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-05-19 13:54:16 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2009-05-12 21:19:56 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\proc1395793746.bin [2009-05-11 20:31:39 | 37,464,624 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx.avi [2009-05-11 20:27:43 | 14,883,238 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\lesbian_sex__sexy_kiss_tongue_pussy_tits_xxx_13 [2009-05-11 20:27:18 | 20,413,054 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Hottest_Women_Lesbian_Hardcore_Fucking_XXX_Sex.avi [2009-05-11 20:25:25 | 24,458,482 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam-_sexy_lingerie_naked_porn_xxx_porno_sex_scenes_sexo_nude_pussy_breasts.avi [2009-05-11 20:22:41 | 50,015,052 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\Arty_sexy_chat_date_Blonde_striptease_horny_porno_strip_naked_free_sex_porn_babe_xxx_porno_chick.avi [2009-05-11 20:22:06 | 09,646,736 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cenzura-spam.avi [2009-05-11 16:19:03 | 14,094,621 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\cyclone_1 [2009-05-11 13:38:09 | 00,866,660 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-05-11 13:38:09 | 00,448,348 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-05-11 13:38:09 | 00,392,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-05-11 13:38:09 | 00,074,450 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-05-11 13:38:09 | 00,058,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-05-07 14:10:49 | 01,382,845 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\wrar380pl.exe [2009-05-07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [color=orange]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13 @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:4EE74317 < End of report >

**Posty:** 18165 · przez **wojtas** 30 Maj 2009, 19:46

daj loga z combofixa... cos mi sie wydaje ze bedzie trzzeba formatowac kompy...

**Posty:** 190 · przez **mirekg1963** 01 Cze 2009, 19:49

No to jeszcze wysyłam Ci log z Combofixa, może coś poradzisz??

Kod: Zaznacz wszystko: ComboFix 09-05-31.06 - Właściciel 2009-06-01 19:37.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.447.97 [GMT 2:00] Uruchomiony z: c:\documents and settings\Właściciel\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Service_asc3360pr ((((((((((((((((((((((((( Pliki utworzone od 2009-05-01 do 2009-06-01 ))))))))))))))))))))))))))))))) . 2009-06-01 14:25 . 2009-06-01 14:25 392024 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-06-01 14:25 . 2009-06-01 14:25 97608 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-06-01 14:25 . 2009-06-01 14:25 146792 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe 2009-06-01 14:25 . 2009-06-01 14:25 614264 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-06-01 14:25 . 2009-06-01 14:25 637288 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-06-01 14:25 . 2009-06-01 14:25 2422088 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-06-01 14:25 . 2009-06-01 14:25 705360 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-06-01 14:25 . 2009-06-01 14:25 600408 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-06-01 14:25 . 2009-06-01 14:25 1075536 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-05-29 17:19 . 2009-05-29 17:19 -------- d-----w- c:\program files\Gadu-Gadu 2009-05-29 17:16 . 2009-05-29 17:17 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-05-29 15:28 . 2009-05-29 15:28 -------- d-----w- c:\program files\Kwyshell 2009-05-29 13:20 . 2009-05-29 13:20 -------- d-----w- C:\_OTListIt 2009-05-29 09:47 . 2009-06-01 17:33 -------- d-----w- c:\program files\SkanerOnline 2009-05-29 09:28 . 2009-05-29 09:28 25440 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-05-29 09:28 . 2009-05-29 09:28 169312 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-05-29 09:28 . 2009-05-29 09:28 348496 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-05-29 09:28 . 2009-05-29 09:28 294240 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-05-29 09:28 . 2009-05-29 09:28 83808 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-05-29 09:27 . 2009-05-29 09:27 1630048 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Resources.dll 2009-05-29 09:27 . 2009-05-29 09:27 212848 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-05-29 09:27 . 2009-05-29 09:27 64160 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-05-29 09:27 . 2009-05-29 09:27 40288 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-05-29 09:27 . 2009-05-29 09:27 640360 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-05-27 15:10 . 2009-05-27 15:10 104168562 ----a-w- c:\windows\sqldeveloper-5783.zip 2009-05-27 09:12 . 2009-05-27 09:14 -------- d-----w- c:\program files\Common Files\Adobe 2009-05-26 15:38 . 2009-06-01 13:11 -------- d-----w- c:\program files\Tibia 2009-05-26 14:24 . 2009-05-26 14:24 -------- dc-h--w- c:\documents and settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-05-26 14:24 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe 2009-05-26 14:24 . 2009-05-26 14:24 -------- d-----w- c:\program files\Lavasoft 2009-05-26 14:18 . 2009-05-26 14:18 -------- d-----w- c:\program files\OpenOffice.org 3 2009-05-26 14:13 . 2009-06-01 10:37 -------- d-----w- c:\program files\Metin2_PL 2009-05-26 14:13 . 2009-05-26 14:16 -------- d-----w- c:\program files\Valve 2009-05-26 13:54 . 2009-05-26 13:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2009-05-20 18:44 . 2009-05-20 18:44 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2009-05-19 14:35 . 2009-05-19 14:35 -------- d-----w- c:\program files\DiskTrix 2009-05-16 13:12 . 2009-05-26 15:35 -------- d-----w- c:\program files\Apple Software Update 2009-05-16 13:12 . 2009-05-16 13:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple 2009-05-13 12:52 . 2009-05-15 07:36 -------- d-----w- c:\program files\WinHex 2009-05-13 12:50 . 2009-05-26 14:06 -------- d-----w- c:\program files\TibiaBot NG 2009-05-12 19:19 . 2009-05-12 19:19 4 ----a-w- c:\windows\system32\proc1395793746.bin 2009-05-07 13:56 . 2009-05-07 13:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\12399 2009-05-07 12:18 . 2009-05-18 17:10 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-05-06 16:07 . 2009-05-11 10:30 -------- d-----w- c:\program files\Porno Links XP 2009-05-06 13:42 . 2009-05-20 18:55 -------- d-sh--r- C:\SYSTEM 2009-05-06 13:06 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-05-06 13:05 . 2009-05-11 10:29 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-05-06 12:13 . 2009-05-26 15:37 -------- d-----w- c:\program files\Tibia Auto . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-29 09:28 . 2009-04-16 16:02 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-05-29 09:27 . 2009-04-16 15:47 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-05-26 14:24 . 2009-04-16 15:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft 2009-05-11 11:38 . 2006-03-02 12:00 74450 ----a-w- c:\windows\system32\perfc015.dat 2009-05-11 11:38 . 2006-03-02 12:00 448348 ----a-w- c:\windows\system32\perfh015.dat 2009-04-23 16:39 . 2009-04-23 16:39 -------- d-----w- c:\program files\Asprate 2009-04-17 07:27 . 2009-04-17 07:27 0 ----a-w- c:\windows\nsreg.dat 2009-04-17 07:08 . 2009-04-15 19:17 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-04-16 17:05 . 2009-04-15 19:01 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-04-16 15:39 . 2009-04-16 15:39 -------- d-----w- c:\program files\Java 2009-04-16 15:36 . 2009-04-16 15:36 -------- d-----w- c:\program files\Common Files\Java 2009-04-15 19:22 . 2009-04-15 19:13 14656 ----a-w- c:\windows\gdrv.sys 2009-04-15 19:17 . 2009-04-15 19:17 -------- d-----w- c:\program files\Realtek 2009-04-15 19:17 . 2009-04-15 19:17 315392 ----a-w- c:\windows\HideWin.exe 2009-04-15 19:16 . 2009-04-15 19:16 -------- d-----w- c:\program files\DIFX 2009-04-15 19:15 . 2009-04-15 19:15 -------- d-----w- c:\program files\Common Files\InstallShield 2009-04-15 19:02 . 2009-04-15 19:02 -------- d-----w- c:\program files\microsoft frontpage 2009-04-15 19:01 . 2009-04-15 19:01 -------- d-----w- c:\program files\Usługi online 2009-04-15 19:00 . 2009-04-15 19:00 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2009-03-06 14:22 . 2006-03-02 12:00 285696 ----a-w- c:\windows\system32\pdh.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-01 596312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 109424] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [COLOR=RED] Klucz Trybu Awaryjnego wymaga naprawy. Komputer nie może wejść w Tryb Awaryjny. [/COLOR] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKLM\~\startupfolder\C:^Documents and Settings^Właściciel^Menu Start^Programy^Autostart^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Właściciel\Menu Start\Programy\Autostart\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Metin2_PL\\metin2.bin"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\OpenOffice.org 3\\program\\soffice.exe"= "c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe"= "c:\\Documents and Settings\\Właściciel\\Pulpit\\wrar380pl.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe"= "c:\\WINDOWS\\RTHDCPL.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"= "c:\\Program Files\\Tibia\\Tibia.exe"= "c:\\WINDOWS\\system32\\CF27585.exe"= "c:\\DOCUME~1\\WACICI~1\\USTAWI~1\\Temp\\winsmhma.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-16 64160] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 1005904] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - ASC3360PR . Zawartość folderu 'Zaplanowane zadania' 2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:25] . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ mStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\l4401bj6.default\ FF - prefs.js: browser.startup.homepage - www.google.pl FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= FF - prefs.js: network.proxy.type - 4 ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- pref(dom.disable_open_during_load, true);. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-01 19:41 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\docume~1\WACICI~1\USTAWI~1\temp\winsmhma.exe . ************************************************************************** . Czas ukończenia: 2009-06-01 19:45 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-06-01 17:45 Przed: 66 199 085 056 bajtów wolnych Po: 66 032 033 792 bajtów wolnych 189 --- E O F --- 2009-05-21 17:02

**Posty:** 18165 · przez **wojtas** 01 Cze 2009, 19:53

sprobuj wlozyc plytke od Windowsa i start > uruchom > wpisz SFC /SCANNOW . bo masz chyba jakies pliki systemowe zainfekowane ze infekcja wraca