Internet spowolniony prewencyjne sprawdzenie logow

[tenzin]

witam,
Proszę o sprawdzenie logów, Internet zwalnia, czasem jakaś strona się wysypie.

Nie posiadam programów emulujących, próba uruchomienia SPTDinst zakończyła się:


Logi:
startowy z Gmer:

Kod: Zaznacz wszystko

MER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-27 09:14:27
Windows 5.1.2600 Dodatek Service Pack 2
Running: vwmdl7uo.exe; Driver: C:\DOCUME~1\x\USTAWI~1\Temp\pxtdipow.sys
---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs    InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice  \FileSystem\Fastfat \Fat  InCDrec.SYS (InCD File System Recognizer/Nero AG)

---- EOF - GMER 1.0.15 ----


Gmer, właściwy log:

Kod: Zaznacz wszystko

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-27 09:37:38
Windows 5.1.2600 Dodatek Service Pack 2
Running: vwmdl7uo.exe; Driver: C:\DOCUME~1\x\USTAWI~1\Temp\pxtdipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys  section is writeable [0xF7F00360, 0x24BB1D, 0xE8000020]
pnidata         C:\WINDOWS\System32\DRIVERS\secdrv.sys    unknown last section [0xB972DF00, 0x24000, 0x48000000]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                    InCDrec.SYS (InCD File System Recognizer/Nero AG)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1    snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2    snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \FileSystem\Fastfat \Fat                  InCDrec.SYS (InCD File System Recognizer/Nero AG)

---- EOF - GMER 1.0.15 ----


OTL

Kod: Zaznacz wszystko

OTL logfile created on: 2010-05-27 09:40:36 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Documents and Settings\x\Pulpit\problem
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,00 Mb Total Physical Memory | 162,00 Mb Available Physical Memory | 32,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): D:\pagefile.sys 766 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4,31 Gb Total Space | 0,51 Gb Free Space | 11,90% Space Free | Partition Type: NTFS
Drive D: | 14,36 Gb Total Space | 0,53 Gb Free Space | 3,68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX
Current User Name: x
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-05-27 09:38:34 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\problem\OTL.exe
PRC - [2010-05-27 09:05:04 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\problem\vwmdl7uo.exe
PRC - [2010-04-10 14:35:48 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programy\Firefox2\firefox.exe
PRC - [2008-02-22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007-03-14 16:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2006-11-10 16:18:42 | 000,859,136 | ---- | M] (Nero AG) -- D:\Programy\nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006-07-07 17:15:12 | 000,348,160 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
PRC - [2005-04-30 06:52:00 | 000,836,132 | ---- | M] (C. Ghisler & Co.) -- D:\już nagrane\Programy\TC PowerPack\TOTALCMD.EXE
PRC - [2004-12-13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001-10-26 18:29:52 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-05-27 09:38:34 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\problem\OTL.exe
MOD - [2004-08-04 00:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2007-03-14 16:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007-03-14 16:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2006-11-10 16:18:42 | 000,859,136 | ---- | M] (Nero AG) [Auto | Running] -- D:\Programy\nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005-11-14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-12-13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-01-16 19:42:27 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008-05-16 12:33:12 | 000,089,256 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007-03-14 23:55:18 | 000,026,944 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2007-03-14 23:55:02 | 000,025,792 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006-11-10 16:17:50 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2006-11-10 16:16:34 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006-11-10 16:15:44 | 000,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006-10-22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005-10-09 05:26:40 | 000,019,034 | R--- | M] (Kingsun Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KS-959.sys -- (KS-959)
DRV - [2005-08-16 12:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2005-06-28 09:24:00 | 000,163,584 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88vid.sys -- (CX23880)
DRV - [2005-06-28 09:22:00 | 000,030,976 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88tune.sys -- (CXTUNE)
DRV - [2005-06-28 09:21:00 | 000,009,728 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxavxbar.sys -- (CXAVXBAR)
DRV - [2005-01-06 16:55:38 | 000,009,446 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys -- (WFIOCTL)
DRV - [2004-08-03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-08-03 23:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004-08-03 23:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-03-08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2001-08-17 23:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001-08-17 23:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 21:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Sterownik Creative SoundFont Manager (WDM)
DRV - [2001-08-17 21:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Sterownik Creative Interface Manager (WDM)
DRV - [2001-08-17 21:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001-08-17 21:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (el90xbc)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-842925246-436374069-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.90

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Programy\Firefox2\components [2007-05-07 20:29:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Programy\Firefox2\plugins [2007-05-07 20:29:22 | 000,000,000 | ---D | M]

[2008-12-05 16:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Extensions
[2010-05-14 09:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions
[2010-03-12 15:17:04 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009-11-20 11:32:31 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}
[2007-07-31 21:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010-05-01 15:43:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-03-12 15:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\i7g7mm11.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions

O1 HOSTS File: ([2010-01-27 10:14:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe\Acrobat 7\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe (Leadtek Research Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program2\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-436374069-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.228.7.228 217.172.224.160
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-05-04 22:42:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-05-21 08:22:40 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-01-28 16:08:52 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-05-21 08:22:38 | 000,000,000 | ---D | C] -- C:\Mp3
[2010-05-18 11:32:32 | 000,208,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2010-05-18 11:31:42 | 000,208,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2010-05-18 11:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010-05-18 09:16:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\x\Recent
[2010-05-01 11:54:43 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-05-01 11:54:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-05-01 11:54:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-05-01 11:54:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-05-27 08:04:34 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-05-27 08:04:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-27 08:04:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-27 08:04:17 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-26 21:48:54 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\x\ntuser.dat
[2010-05-26 21:48:54 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\x\ntuser.ini
[2010-05-26 21:16:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-05-26 09:01:55 | 000,074,217 | -H-- | M] () -- C:\treeinfo.wc
[2010-05-25 12:52:45 | 005,087,340 | -H-- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-05-18 11:54:26 | 000,000,741 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-05-18 11:54:26 | 000,000,264 | RHS- | M] () -- C:\boot.ini
[2010-05-18 11:54:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-05-10 08:42:55 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-05-18 11:34:20 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2010-05-18 11:32:41 | 000,088,566 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010-05-18 11:32:32 | 000,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009-02-06 18:52:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pool.INI
[2009-02-05 21:35:02 | 000,000,094 | -H-- | C] () -- C:\WINDOWS\System32\spv1_WCssg.ini
[2009-01-05 11:32:07 | 000,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-01-07 13:54:36 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Kulki.ini
[2007-09-06 19:43:52 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-07-16 15:52:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007-07-10 13:50:04 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007-06-26 19:51:40 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FH_setup.ini
[2007-05-31 19:27:36 | 000,000,239 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2007-05-19 20:57:44 | 000,172,032 | R--- | C] () -- C:\WINDOWS\ESUSDX.DLL
[2007-05-19 20:57:44 | 000,077,824 | R--- | C] () -- C:\WINDOWS\ESUSD.DLL
[2007-05-16 20:31:28 | 000,000,054 | ---- | C] () -- C:\WINDOWS\JascCmdFile.INI
[2007-05-07 21:39:19 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-05-07 19:29:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007-05-04 22:59:11 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006-10-22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-10-22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-10-22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-10-22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005-10-14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005-10-14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005-10-14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005-10-14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005-10-14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005-10-14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005-10-14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001-07-31 09:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999-01-22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2009-01-16 20:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Acronis
[2009-05-07 20:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2009-06-11 17:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Color Wheel Pro
[2009-02-05 20:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\EA
[2008-05-28 08:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\n7-89-o9-3r-4t-r9
[2009-02-05 21:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sandlot Games
[2007-12-06 10:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SBT
[2008-05-19 14:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2007-09-10 18:07:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems
[2008-05-05 11:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Alawar
[2009-06-10 18:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\avidemux
[2010-05-20 10:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\BESTplayer
[2008-05-07 18:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Big Fish Games
[2010-04-14 09:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\EurekaLog
[2007-05-10 22:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\FUJIFILM
[2007-05-08 08:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Gadu-Gadu
[2008-06-13 13:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\GameHouse
[2009-02-05 21:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Incredible Ink
[2009-05-07 16:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\MobileAction
[2009-06-19 09:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Opera
[2008-01-04 11:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\TC PowerPack
[2009-10-20 19:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Thinstall
[2007-06-22 09:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Thunderbird
[2010-05-19 18:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\VSO

[color=#E56717]========== Purity Check ==========[/color]


< End of report >


Extras

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2010-05-27 09:40:37 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Documents and Settings\x\Pulpit\problem
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,00 Mb Total Physical Memory | 162,00 Mb Available Physical Memory | 32,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): D:\pagefile.sys 766 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 4,31 Gb Total Space | 0,51 Gb Free Space | 11,90% Space Free | Partition Type: NTFS
Drive D: | 14,36 Gb Total Space | 0,53 Gb Free Space | 3,68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXX
Current User Name: x
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Programy\Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programy\Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [[ Odkurz tutaj ]] -- D:\Programs\Odkurzacz 12\Odkurzacz\odkurzacz.exe %1 (Franmo Software)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "D:\Programy\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program2\Wapster\AQQ\AQQ.exe" = D:\Program2\Wapster\AQQ\AQQ.exe:*:Enabled:P2P AQQ -- (AQQ Sp. z o.o.)
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny -- (Gadu-Gadu S.A.)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Disabled:Nero ProductSetup -- (Nero AG)
"D:\Program2\Wapster\AQQ\WapSter AQQ\AQQ.exe" = D:\Program2\Wapster\AQQ\WapSter AQQ\AQQ.exe:*:Enabled:AQQ -- (Creative Team S.A.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Programs\Opera\opera.exe" = D:\Programs\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Programs\VideoLAN\VLC\vlc.exe" = D:\Programs\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040415-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Dysk 2
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{21A7C708-D575-491C-94AE-86FFCF2BF19F}" = ArcSoft Funhouse
"{2300ee96-0a41-4fab-bd03-989ec44577a0}" = Acronis Disk Director Suite
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.1
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{371ebc04-8ced-4aeb-96f6-8184eaf340bc}" = Network Magic
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.2.2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{934519A2-4D50-4B83-A459-92D90E9E3188}" = WinFast PVR
"{9F57DB08-26D6-11D6-8AA5-0000E22DA3A0}" = EPSON Scan Tool
"{AAB93551-3FFE-42B2-8315-96252BBC1045}" = Nero 7 Essentials
"{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
"{AC76BA86-7AD7-1045-7B44-A70500000002}" = Adobe Reader 7.0.5 - Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BE4AA694-815A-4045-BD49-C94F2BED7458}" = WinFast Entertainment Center
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DA2D4D11-1811-4A24-B719-BF9F048C6106}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"05c47d5751c3310b756be2ccf133cd7eab261f89" = Pakiet sterowników systemu Windows - Pure Networks, Inc. Network Magic Wireless Driver (03/14/2007 4.1.7073.2)
"7-zip" = 7-Zip 4.64
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ancient tri-jong" = GameHouse Games Collection: Ancient Tri-Jong
"ancient tripeaks" = GameHouse Games Collection: Ancient Tripeaks
"Applian FLV Player2.0.24" = Applian FLV Player
"AQQ" = WapSter AQQ
"Avidemux 2.4" = Avidemux 2.4
"bejeweled 2" = GameHouse Games Collection: Bejeweled 2
"big kahuna reef" = GameHouse Games Collection: Big Kahuna Reef
"Big Kahuna Reef 2" = Big Kahuna Reef 2
"bounce out blitz" = GameHouse Games Collection: Bounce Out Blitz
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"chainz 2: relinked" = GameHouse Games Collection: Chainz 2 - Relinked
"charm solitaire" = GameHouse Games Collection: Charm Solitaire
"Color Wheel Pro_is1" = Color Wheel Pro 2.0
"combo chaos!" = GameHouse Games Collection: Combo Chaos!
"Cosmic Stacker" = Cosmic Stacker
"Crimsonland_is1" = Crimsonland
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"E.M. PowerPoint Video Converter_is1" = E.M. PowerPoint Video Converter 2.50
"f1dc22d10ff2c6da9a043efb1cb6581df9787ce6" = Pakiet sterowników systemu Windows - Pure Networks, Inc. Network Magic Device Discovery Driver (03/14/2007 4.1.7073.2)
"Gadu-Gadu" = Gadu-Gadu 7.7
"HaaliMkx" = Haali Media Splitter
"hamsterball" = GameHouse Games Collection: Hamsterball
"HijackThis" = HijackThis 2.0.2
"jewel quest" = GameHouse Games Collection: Jewel Quest
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"luxor" = GameHouse Games Collection: Luxor
"magic ball 2" = GameHouse Games Collection: Magic Ball 2
"mah jong adventures" = GameHouse Games Collection: Mah Jong Adventures
"mah jong medley" = GameHouse Games Collection: Mah Jong Medley
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.8
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
"Multimedialne słowniki języka polskiego PWN" = Multimedialne słowniki języka polskiego PWN
"MuVo Driver" = Creative Mass Storage Drivers
"napiprojekt_is1" = NAPIPROJEKT 1.0.6.2
"NVIDIA Drivers" = NVIDIA Drivers
"Odkurzacz 12.3_is1" = Odkurzacz 12.3
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Polish Your English - Kurs" = Polish Your English - Kurs
"puzzle express" = GameHouse Games Collection: Puzzle Express
"puzzle inlay" = GameHouse Games Collection: Puzzle Inlay
"puzzle solitaire" = GameHouse Games Collection: Puzzle Solitaire
"RealAlt_is1" = Real Alternative 1.7.5
"saints & sinners bingo" = GameHouse Games Collection: Saints & Sinners Bingo
"shape shifter" = GameHouse Games Collection: Shape Shifter
"SkanerOnline" = Skaner on-line mks_vir
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"ST6UNST #1" = Wari
"SubEdit-Player_is1" = SubEdit-Player
"super bounce out!" = GameHouse Games Collection: Super Bounce Out!
"super candy cruncher" = GameHouse Games Collection: Super Candy Cruncher
"super collapse!" = GameHouse Games Collection: Super Collapse!
"super collapse! ii" = GameHouse Games Collection: Super Collapse! II
"super gamehouse solitaire vol. 2" = GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
"super gem drop" = GameHouse Games Collection: Super Gem Drop
"super letter linker" = GameHouse Games Collection: Super Letter Linker
"super mah jong solitaire" = GameHouse Games Collection: Super Mah Jong Solitaire
"super rumble cube" = GameHouse Games Collection: Super Rumble Cube
"super texttwist" = GameHouse Games Collection: Super TextTwist
"SWB PWN 2006" = Słownik wyrazów bliskoznacznych PWN 2006
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-01-22 14:57:17 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca CharmSolitaire.exe, wersja 1.0.4.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-01-23 15:05:23 | Computer Name = XXX | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca ALLPlayer.exe, wersja 3.0.5.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2010-01-27 03:30:24 | Computer Name = XXX | Source = Pure Networks Network Magic Service | ID = 1
Description =

Error - 2010-01-27 03:34:24 | Computer Name = XXX | Source = Pure Networks Network Magic Service | ID = 1
Description =

Error - 2010-01-27 06:29:04 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd 3do18ppv.exe, wersja 1.0.15.15281, moduł
powodujący błąd 3do18ppv.exe, wersja 1.0.15.15281, adres błędu 0x0005c887.

Error - 2010-01-27 06:29:22 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd 3do18ppv.exe, wersja 1.0.15.15281, moduł
powodujący błąd 3do18ppv.exe, wersja 1.0.15.15281, adres błędu 0x0005c887.

Error - 2010-01-27 06:30:08 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd zg669w64.exe, wersja 1.0.15.15281, moduł
powodujący błąd zg669w64.exe, wersja 1.0.15.15281, adres błędu 0x0005c887.

Error - 2010-01-27 06:31:19 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd 687zfqd8.exe, wersja 1.0.15.15281, moduł
powodujący błąd 687zfqd8.exe, wersja 1.0.15.15281, adres błędu 0x0005c887.

Error - 2010-01-27 06:33:53 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd 3y32c4fj.exe, wersja 1.0.15.15281, moduł
powodujący błąd 3y32c4fj.exe, wersja 1.0.15.15281, adres błędu 0x0005c887.

Error - 2010-01-27 06:34:43 | Computer Name = XXX | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd khlfw2zj.exe, wersja 1.0.15.15281, moduł
powodujący błąd khlfw2zj.exe, wersja 1.0.15.15281, adres błędu 0x0005c887.

[ System Events ]
Error - 2010-05-25 09:12:33 | Computer Name = XXX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
wuauserv z argumentami „”  w celu uruchomienia serwera:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2010-05-26 02:38:41 | Computer Name = XXX | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.100 dla karty sieciowej o adresie 00104B300B59
został  zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2010-05-26 02:38:53 | Computer Name = XXX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
wuauserv z argumentami „”  w celu uruchomienia serwera:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2010-05-26 05:50:27 | Computer Name = XXX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
wuauserv z argumentami „”  w celu uruchomienia serwera:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2010-05-26 09:20:39 | Computer Name = XXX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
wuauserv z argumentami „”  w celu uruchomienia serwera:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2010-05-26 12:06:32 | Computer Name = XXX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
wuauserv z argumentami „”  w celu uruchomienia serwera:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2010-05-26 14:02:53 | Computer Name = XXX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
wuauserv z argumentami „”  w celu uruchomienia serwera:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2010-05-27 02:04:20 | Computer Name = XXX | Source = Dhcp | ID = 1002
Description = Adres IP połączenia 192.168.1.100 dla karty sieciowej o adresie 00104B300B59
został  zabroniony przez serwer DHCP 192.168.1.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2010-05-27 02:04:32 | Computer Name = XXX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
wuauserv z argumentami „”  w celu uruchomienia serwera:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2010-05-27 03:03:10 | Computer Name = XXX | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1058” podczas próby uruchomienia usługi
wuauserv z argumentami „”  w celu uruchomienia serwera:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >


Pozdrawiam i z góry dziękuję!

[ordynat]

W logach nie widać żadnej infekcji, żadnego Rootkita.
.

[wojtas]

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację Windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. zrób skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )


Zaktualizuj zabezpieczenia:
>>> Adobe Reader 9.3 (bez Free McAfee® Security Scan Plus)
>>> Internet Explorer 8
>>> Service Pack 3

[tenzin]

Dzięki. Za pierwszym razem Ani-Malware nic nie wykrył, ale sprawdziłem kilka dni temu i log wskazał coś takiego, można usuwać?

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Wersja bazy: 4196

Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180

2010-06-14 14:20:53
mbam-log-2010-06-14 (14-20-53).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowano obiektów: 185621
Upłynęło: 42 minut(y), 21 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 1

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
D:\Program2\Gadu-Gadu\plugs\emchecker.dll (Malware.Packer.Morphine) -> No action taken.


Pozdrawiam,

[NieWiem]

Nie jest to jakoś specjalnie niebezpieczne, po prostu jakaś wtyczka do gadu gadu. Sam zdecyduj czy zostawisz, czy usuniesz