Prosze o sprawdzenie logów(komputer strasznie muli itp.)

**Posty:** 12 · przez **adam1916l** 24 Sie 2009, 14:13

Witam.

od jakiegoś czasu coś dzieje się z moim komputerem, ostatnio złapałem wirusa, i coraz bardziej zaczą zamulać, wirus chyba usunołem ale nie jestem pewien, komputer co kika uruchomień skanuje się chkdsk i naprawia plik bo się cenzura!ły, wskazywało by to może na dysk lecz dysk jest dość nowy i sprawdzałem go kilkoma programami które wykazują że jest w b. dobrym stanie, nie wiem co się dzieje ..

log z RSIT

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by Ja at 2009-08-24 14:02:19 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 1 GB (7%) free of 20 GB Total RAM: 1535 MB (74% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:03:05, on 2009-08-24 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\system32\Ati2evxx.exe C:\windows\Explorer.EXE C:\windows\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe C:\WINDOWS\system32\oodag.exe C:\Documents and Settings\Ja\Pulpit\RSIT.exe C:\windows\system32\wscntfy.exe C:\Program Files\trend micro\Ja.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Ja\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 3361 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-13 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\Ja\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-07-13 42088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=C:\windows\SOUNDMAN.EXE [2004-12-22 77824] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064] "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400] "VGAUtil"=C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe [2004-09-17 552960] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-07-27 10719848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoD] C:\Documents and Settings\Ja\Moje dokumenty\GoD\GoD.exe /tray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopod] C:\DOCUME~1\Ja\USTAWI~1\Temp\b.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] C:\WINDOWS\system32\oodtray.exe [2009-04-08 2553088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [2009-07-01 37888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gupdate1ca1a03de11b26a"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\windows\system32\Ati2evxx.dll [2005-05-04 46080] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" "C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe" "E:\Program Files\CSCZ\czero.exe"="E:\Program Files\CSCZ\czero.exe:*:Enabled:Condition Zero Launcher" "C:\Program Files\Valve\hltv.exe"="C:\Program Files\Valve\hltv.exe:*:Enabled:HLTV Launcher" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2009-08-24 14:02:19 ----D---- C:\rsit 2009-08-24 14:02:19 ----D---- C:\Program Files\trend micro 2009-08-24 13:09:48 ----D---- C:\windows\temp 2009-08-24 13:09:46 ----A---- C:\ComboFix.txt 2009-08-24 13:02:21 ----D---- C:\Qoobox 2009-08-24 11:54:41 ----A---- C:\log.txt 2009-08-24 11:36:48 ----D---- C:\Program Files\HDD Regenerator 2009-08-17 19:10:51 ----A---- C:\windows\PEV.exe 2009-08-17 19:10:51 ----A---- C:\windows\NIRCMD.exe 2009-08-17 19:10:50 ----A---- C:\windows\zip.exe 2009-08-17 19:10:50 ----A---- C:\windows\SWXCACLS.exe 2009-08-17 19:10:50 ----A---- C:\windows\SWSC.exe 2009-08-17 19:10:50 ----A---- C:\windows\SWREG.exe 2009-08-17 19:10:50 ----A---- C:\windows\sed.exe 2009-08-17 19:10:50 ----A---- C:\windows\grep.exe 2009-08-17 19:05:36 ----D---- C:\windows\ERDNT 2009-08-15 22:35:17 ----D---- C:\windows\system32\oodag 2009-08-15 19:11:26 ----D---- C:\Program Files\OO Software 2009-08-14 20:11:16 ----D---- C:\Program Files\HD Tune Pro 2009-08-10 23:45:16 ----D---- C:\Program Files\Google 2009-08-10 23:45:15 ----D---- C:\Program Files\DivX 2009-08-01 16:37:33 ----A---- C:\windows\system32\VB6STKIT.DLL 2009-08-01 16:37:33 ----A---- C:\windows\system32\VB6FR.DLL 2009-08-01 16:37:33 ----A---- C:\windows\system32\inetfr.DLL 2009-08-01 16:37:33 ----A---- C:\windows\system32\AudPlayer.dll 2009-08-01 16:37:33 ----A---- C:\windows\system32\AudioVisu.dll 2009-08-01 16:37:33 ----A---- C:\windows\system32\AudioRecord.dll 2009-08-01 16:37:33 ----A---- C:\windows\system32\AudioInfos.dll 2009-08-01 16:37:33 ----A---- C:\windows\system32\AudFile.dll 2009-08-01 16:37:33 ----A---- C:\windows\system32\AudDisplay.dll 2009-08-01 16:37:33 ----A---- C:\windows\system32\AudDesign.dll 2009-08-01 16:37:32 ----A---- C:\windows\system32\TABCTFR.DLL 2009-08-01 16:37:32 ----A---- C:\windows\system32\MSCMCFR.DLL 2009-08-01 16:37:32 ----A---- C:\windows\system32\Mscc2fr.dll 2009-08-01 16:37:31 ----A---- C:\windows\system32\MFC71.dll 2009-08-01 16:37:31 ----A---- C:\windows\system32\lame_enc.dll 2009-08-01 16:37:31 ----A---- C:\windows\system32\CMDLGFR.DLL 2009-08-01 16:37:30 ----D---- C:\Program Files\Free Audio Pack 2009-08-01 16:37:30 ----A---- C:\windows\system32\msvcr70.dll 2009-07-27 23:50:45 ----D---- C:\Documents and Settings\Ja\Dane aplikacji\vlc 2009-07-27 23:49:26 ----D---- C:\Program Files\VideoLAN 2009-07-27 19:47:29 ----D---- C:\windows\Minidump 2009-07-27 18:36:54 ----D---- C:\Documents and Settings\Ja\Dane aplikacji\Ashampoo 2009-07-26 12:31:34 ----D---- C:\Program Files\Valve 2009-07-25 14:22:25 ----D---- C:\Program Files\Gadu-Gadu ======List of files/folders modified in the last 1 months====== 2009-08-24 14:02:19 ----RD---- C:\Program Files 2009-08-24 13:24:35 ----D---- C:\windows\system32 2009-08-24 13:23:00 ----A---- C:\windows\SchedLgU.Txt 2009-08-24 13:09:48 ----D---- C:\WINDOWS 2009-08-24 13:08:29 ----N---- C:\windows\system.ini 2009-08-24 13:07:19 ----D---- C:\windows\system32\drivers 2009-08-24 13:07:18 ----D---- C:\windows\AppPatch 2009-08-24 13:07:15 ----D---- C:\Program Files\Common Files 2009-08-24 13:03:05 ----D---- C:\windows\system32\CatRoot2 2009-08-24 11:57:02 ----SHD---- C:\windows\Installer 2009-08-24 11:43:03 ----D---- C:\windows\Prefetch 2009-08-24 11:40:28 ----D---- C:\windows\system32\config 2009-08-24 11:38:39 ----ASH---- C:\boot.ini 2009-08-24 11:05:33 ----N---- C:\windows\win.ini 2009-08-21 19:58:44 ----D---- C:\Documents and Settings 2009-08-19 12:24:28 ----HD---- C:\windows\inf 2009-08-19 11:30:56 ----D---- C:\Documents and Settings\Ja\Dane aplikacji\uTorrent 2009-08-18 17:57:44 ----SD---- C:\windows\Tasks 2009-08-17 19:33:02 ----RSD---- C:\windows\assembly 2009-08-17 19:32:56 ----D---- C:\Program Files\Common Files\Nokia 2009-08-17 19:31:57 ----D---- C:\windows\WinSxS 2009-08-17 19:31:43 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-08-17 19:17:29 ----RSHDC---- C:\windows\system32\dllcache 2009-08-15 19:48:39 ----D---- C:\windows\Microsoft.NET 2009-08-15 19:29:10 ----D---- C:\windows\Debug 2009-08-15 03:15:49 ----A---- C:\windows\system32\PerfStringBackup.INI 2009-08-13 09:49:54 ----D---- C:\windows\Help 2009-08-13 09:27:26 ----HD---- C:\windows\$hf_mig$ 2009-08-13 09:27:07 ----D---- C:\Program Files\Outlook Express 2009-08-12 14:34:33 ----D---- C:\Documents and Settings\Ja\Dane aplikacji\Winamp 2009-08-05 23:45:36 ----D---- C:\Program Files\Mozilla Firefox 2009-08-05 11:01:12 ----A---- C:\windows\system32\mswebdvd.dll 2009-07-30 02:49:14 ----A---- C:\windows\system32\MRT.exe 2009-07-28 16:34:32 ----D---- C:\Program Files\Nowe Gadu-Gadu 2009-07-27 00:04:15 ----D---- C:\windows\system32\Restore ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208] R1 epfwtdir;epfwtdir; C:\windows\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336] R1 kbdhid;Sterownik klawiatury HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R2 eamon;eamon; C:\windows\system32\DRIVERS\eamon.sys [2009-02-06 113448] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320] R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2005-05-04 1133056] R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys [] R3 hidusb;Sterownik Microsoft klasy HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 mouhid;Sterownik myszy HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\windows\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\windows\system32\DRIVERS\usbohci.sys [2008-04-14 17152] S3 catchme;catchme; \??\C:\DOCUME~1\Ja\USTAWI~1\Temp\catchme.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2009-02-09 17664] S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808] S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2008-04-14 26112] S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808] S3 USBSTOR;Sterownik magazynu masowego USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\windows\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2005-01-28 18944] S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2005-05-04 364544] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2009-04-08 1377536] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-05-03 516096] S3 aspnet_state;Usuga stanu ASP.NET; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952] S4 gupdate1ca1a03de11b26a;Usługa Google Update (gupdate1ca1a03de11b26a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-10 133104] S4 NetTcpPortSharing;Usługa udostępniania portów Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

log z OTL (nie wiedziałem który dać, wyglądają na podobne więc dam OTL.txt)

Kod: Zaznacz wszystko: OTL logfile created on: 2009-08-24 14:07:36 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Ja\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,50 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 71,94% Memory free 3,35 Gb Paging File | 3,09 Gb Available in Paging File | 92,09% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 1,35 Gb Free Space | 6,90% Space Free | Partition Type: NTFS Drive D: | 56,64 Gb Total Space | 0,87 Gb Free Space | 1,53% Space Free | Partition Type: NTFS Drive E: | 39,07 Gb Total Space | 5,05 Gb Free Space | 12,93% Space Free | Partition Type: NTFS Drive F: | 39,07 Gb Total Space | 12,43 Gb Free Space | 31,81% Space Free | Partition Type: NTFS Drive G: | 39,07 Gb Total Space | 0,43 Gb Free Space | 1,11% Space Free | Partition Type: NTFS Drive H: | 39,50 Gb Total Space | 8,09 Gb Free Space | 20,49% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: DOM-9FE46E7B794 Current User Name: Ja Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2005-05-04 10:22:46 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\Ati2evxx.exe PRC - [2005-05-04 10:22:46 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\Ati2evxx.exe PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE PRC - [2004-12-22 11:09:44 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\SOUNDMAN.EXE PRC - [2005-08-05 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe PRC - [2009-02-06 14:23:12 | 02,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2004-09-17 13:32:38 | 00,552,960 | ---- | M] () -- C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe PRC - [2009-04-08 01:40:52 | 01,377,536 | ---- | M] (O&O Software GmbH) -- C:\windows\System32\oodag.exe PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wdfmgr.exe PRC - [2008-04-14 22:51:52 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wscntfy.exe PRC - [2009-02-26 10:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wbem\wmiprvse.exe PRC - [2009-08-24 13:57:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2005-05-04 10:22:46 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2005-05-03 21:05:00 | 00,516,096 | ---- | M] () -- C:\windows\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-02-06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped]) SRV - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2009-08-10 23:45:18 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca1a03de11b26a [Disabled | Stopped]) SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2009-04-08 01:40:52 | 01,377,536 | ---- | M] (O&O Software GmbH) -- C:\windows\System32\oodag.exe -- (O&O Defrag [Auto | Running]) SRV - [2009-06-02 10:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped]) SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2004-12-22 11:07:12 | 02,304,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\windows\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) DRV - [2005-05-04 10:28:34 | 01,133,056 | ---- | M] (ATI Technologies Inc.) -- C:\windows\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - [2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\windows\system32\DRIVERS\d347bus.sys -- (d347bus [Boot | Running]) DRV - [2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\windows\System32\Drivers\d347prt.sys -- (d347prt [Boot | Running]) DRV - [2009-02-06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\windows\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running]) DRV - [2009-02-06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\windows\System32\DRIVERS\ehdrv.sys -- (ehdrv [System | Running]) DRV - [2009-02-06 14:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\windows\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running]) DRV - [2009-08-24 13:24:37 | 00,023,524 | ---- | M] () -- C:\windows\System32\Drivers\GVTDrv.sys -- (GVTDrv [On_Demand | Running]) DRV - [2009-02-09 08:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\windows\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped]) DRV - [2009-02-09 08:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\windows\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped]) DRV - [2005-04-05 21:22:28 | 00,033,536 | R--- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2005-04-05 21:22:30 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2008-08-26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\windows\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2009-04-28 22:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\windows\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2009-02-09 08:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped]) DRV - [2008-04-14 00:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped]) DRV - [2009-02-09 08:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\windows\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-602162358-682003330-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-602162358-682003330-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-602162358-682003330-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKU\S-1-5-21-602162358-682003330-1417001333-1003\S-1-5-21-602162358-682003330-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1 FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-07-24 01:30:07 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-07-24 02:04:25 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-07-18 21:10:31 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-24 11:56:52 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-07-18 21:11:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\mozilla\Extensions [2009-07-18 21:11:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-07-18 21:11:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\mozilla\Firefox\Profiles\w5urpjnn.default\extensions [2009-08-02 00:05:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-07-18 11:21:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-07-13 15:47:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-07-18 11:21:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-07-18 11:21:38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-07-13 15:47:04 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-07-13 15:50:39 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009-07-18 11:21:40 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2008-09-10 21:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10 21:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-06-24 14:27:26 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-06-24 14:27:26 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-06-24 14:27:26 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-06-24 14:27:26 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-06-24 14:27:26 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-06-24 14:27:26 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-06-24 14:27:26 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Ja\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [SoundMan] C:\windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe () O4 - HKU\S-1-5-21-602162358-682003330-1417001333-1003..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-602162358-682003330-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-602162358-682003330-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-602162358-682003330-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-602162358-682003330-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-602162358-682003330-1417001333-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.63.9 82.139.8.7 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\Ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-07-13 14:51:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (OODBS) - C:\windows\System32\OODBS.exe (O&O Software GmbH) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2 C:\*.tmp files] [1 C:\windows\System32\*.tmp files] [3 C:\windows\*.tmp files] [2009-08-24 14:02:19 | 00,000,000 | ---D | C] -- C:\rsit [2009-08-24 14:02:19 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro [2009-08-24 13:59:21 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\RSIT.exe [2009-08-24 13:57:01 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe [2009-08-24 13:09:48 | 00,000,000 | ---D | C] -- C:\windows\temp [2009-08-24 13:02:21 | 00,000,000 | ---D | C] -- C:\Qoobox [2009-08-24 11:49:48 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\shsvcs.dll [2009-08-24 11:49:48 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\regsvc.dll [2009-08-24 11:49:47 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\schedsvc.dll [2009-08-24 11:49:46 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\es.dll [2009-08-24 11:49:46 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\tapisrv.dll [2009-08-24 11:49:46 | 00,246,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\mswsock.dll [2009-08-24 11:49:46 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\netman.dll [2009-08-24 11:49:46 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\upnphost.dll [2009-08-24 11:49:46 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\xmlprov.dll [2009-08-24 11:49:46 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\browser.dll [2009-08-24 11:49:46 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\ssdpsrv.dll [2009-08-24 11:49:46 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\cryptsvc.dll [2009-08-24 11:49:46 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\MsPMSNSv.dll [2009-08-24 11:49:45 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\eventlog.dll [2009-08-24 11:40:52 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\CCleaner.lnk [2009-08-24 11:36:52 | 00,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\HDD Regenerator.lnk [2009-08-24 11:36:48 | 00,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator [2009-08-24 11:15:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Pulpit\HDD.Regenerator_v1.71_keygen [2009-08-24 11:12:14 | 08,400,836 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\HDD.Regenerator_v1.71_keygen.rar [2009-08-18 05:30:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\ESET [2009-08-18 01:02:58 | 02,359,350 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\bez tytułu(1).bmp [2009-08-18 00:59:49 | 00,155,648 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\bez tytułu.bmp [2009-08-17 19:17:29 | 03,090,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\mshtml.dll [2009-08-17 19:17:29 | 02,190,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\ntoskrnl.exe [2009-08-17 19:17:29 | 02,067,328 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\ntkrnlpa.exe [2009-08-17 19:17:29 | 01,571,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\sfcfiles.dll [2009-08-17 19:17:29 | 01,035,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\explorer.exe [2009-08-17 19:17:29 | 01,018,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\kernel32.dll [2009-08-17 19:17:29 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\mfc40u.dll [2009-08-17 19:17:29 | 00,822,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\comres.dll [2009-08-17 19:17:29 | 00,669,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\wininet.dll [2009-08-17 19:17:29 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\comctl32.dll [2009-08-17 19:17:29 | 00,580,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\user32.dll [2009-08-17 19:17:29 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\ntfs.sys [2009-08-17 19:17:29 | 00,510,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\winlogon.exe [2009-08-17 19:17:29 | 00,435,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\ntmssvc.dll [2009-08-17 19:17:29 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\qmgr.dll [2009-08-17 19:17:29 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\netlogon.dll [2009-08-17 19:17:29 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\rpcss.dll [2009-08-17 19:17:29 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\tcpip.sys [2009-08-17 19:17:29 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\termsrv.dll [2009-08-17 19:17:29 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\scecli.dll [2009-08-17 19:17:29 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\ndis.sys [2009-08-17 19:17:29 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\appmgmts.dll [2009-08-17 19:17:29 | 00,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\srsvc.dll [2009-08-17 19:17:29 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\aec.sys [2009-08-17 19:17:29 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\services.exe [2009-08-17 19:17:29 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\imm32.dll [2009-08-17 19:17:29 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\rasauto.dll [2009-08-17 19:17:29 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\ws2_32.dll [2009-08-17 19:17:29 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\spoolsv.exe [2009-08-17 19:17:29 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\wuauclt.exe [2009-08-17 19:17:29 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\ip6fw.sys [2009-08-17 19:17:29 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\msgsvc.dll [2009-08-17 19:17:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\userinit.exe [2009-08-17 19:17:29 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\kbdclass.sys [2009-08-17 19:17:29 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\lpk.dll [2009-08-17 19:17:29 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\powrprof.dll [2009-08-17 19:17:29 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\ctfmon.exe [2009-08-17 19:17:29 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\svchost.exe [2009-08-17 19:17:29 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\asyncmac.sys [2009-08-17 19:17:29 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\wscntfy.exe [2009-08-17 19:17:29 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\lsass.exe [2009-08-17 19:17:29 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\acpiec.sys [2009-08-17 19:17:29 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\sfc.dll [2009-08-17 19:17:29 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\beep.sys [2009-08-17 19:17:29 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\cache\null.sys [2009-08-17 19:17:29 | 00,000,000 | ---D | C] -- C:\windows\System32\dllcache\cache [2009-08-17 19:10:51 | 00,229,376 | ---- | C] () -- C:\windows\PEV.exe [2009-08-17 19:10:51 | 00,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2009-08-17 19:10:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe [2009-08-17 19:10:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2009-08-17 19:10:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2009-08-17 19:10:50 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe [2009-08-17 19:10:50 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe [2009-08-17 19:10:50 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe [2009-08-17 19:08:28 | 03,183,186 | R--- | C] () -- C:\Documents and Settings\Ja\Pulpit\ComboFix.exe [2009-08-17 19:05:42 | 03,124,187 | R--- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\ComboFix.exe [2009-08-17 19:05:36 | 00,000,000 | ---D | C] -- C:\windows\ERDNT [2009-08-17 03:01:56 | 00,274,628 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\asasavrz.jpg [2009-08-15 22:36:42 | 00,058,420 | ---- | C] () -- C:\windows\System32\oodbs.lor [2009-08-15 22:35:17 | 00,000,000 | ---D | C] -- C:\windows\System32\oodag [2009-08-15 19:22:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\O&O [2009-08-15 19:11:34 | 00,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\O&O Defrag.lnk [2009-08-15 19:11:26 | 00,000,000 | ---D | C] -- C:\Program Files\OO Software [2009-08-14 20:11:16 | 00,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro [2009-08-14 20:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Pulpit\HTP3.5 [2009-08-10 23:46:51 | 00,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2009-08-10 23:46:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Moje dokumenty\lista [2009-08-10 23:45:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Google [2009-08-10 23:45:16 | 00,000,000 | ---D | C] -- C:\Program Files\Google [2009-08-10 23:45:15 | 00,000,000 | ---D | C] -- C:\Program Files\DivX [2009-08-10 19:00:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Pulpit\Suja-Ulica_Nadaje-2008 [2009-08-10 13:43:24 | 00,289,646 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\2009_8_9_3.50.31.jpg [2009-08-09 00:41:09 | 00,280,174 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\6400u.jpg [2009-08-02 00:07:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Moje dokumenty\Pobieranie [2009-08-01 18:16:34 | 05,651,226 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\FIRMA_-cenzura!.mp3 [2009-08-01 16:37:39 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\COMCT232.OCX [2009-08-01 16:37:33 | 02,084,864 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudDesign.dll [2009-08-01 16:37:33 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudFile.dll [2009-08-01 16:37:33 | 01,212,416 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudioInfos.dll [2009-08-01 16:37:33 | 00,479,232 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudioVisu.dll [2009-08-01 16:37:33 | 00,458,752 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudPlayer.dll [2009-08-01 16:37:33 | 00,454,656 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudioRecord.dll [2009-08-01 16:37:33 | 00,417,792 | ---- | C] (NCT Company Ltd.) -- C:\windows\System32\AudDisplay.dll [2009-08-01 16:37:33 | 00,224,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TABCTL32.OCX [2009-08-01 16:37:33 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB6FR.DLL [2009-08-01 16:37:33 | 00,116,296 | ---- | C] () -- C:\windows\System32\NCTWMAProfiles.prx [2009-08-01 16:37:33 | 00,115,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msinet.OCX [2009-08-01 16:37:33 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB6STKIT.DLL [2009-08-01 16:37:33 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetfr.DLL [2009-08-01 16:37:32 | 01,081,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mscomctl.ocx [2009-08-01 16:37:32 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSCOMCT2.OCX [2009-08-01 16:37:32 | 00,152,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\COMDLG32.OCX [2009-08-01 16:37:32 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSCMCFR.DLL [2009-08-01 16:37:32 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Mscc2fr.dll [2009-08-01 16:37:32 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TABCTFR.DLL [2009-08-01 16:37:31 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MFC71.dll [2009-08-01 16:37:31 | 00,484,352 | ---- | C] () -- C:\windows\System32\lame_enc.dll [2009-08-01 16:37:31 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CMDLGFR.DLL [2009-08-01 16:37:30 | 00,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvcr70.dll [2009-08-01 16:37:30 | 00,000,000 | ---D | C] -- C:\Program Files\Free Audio Pack [2009-07-29 04:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Moje dokumenty\GoD [2009-07-28 15:39:25 | 00,103,352 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\InjectTable1737.rar [2009-07-28 14:53:32 | 27,299,3000 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ja\Pulpit\WindowsXP-KB835935-SP2-PLK.exe [2009-07-27 23:50:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Dane aplikacji\vlc [2009-07-27 23:49:26 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2009-07-27 19:47:29 | 00,000,000 | ---D | C] -- C:\windows\Minidump [2009-07-27 18:36:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Dane aplikacji\Ashampoo [2009-07-26 12:31:34 | 00,000,000 | ---D | C] -- C:\Program Files\Valve [2009-07-25 18:42:14 | 86,022,604 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\hl1110.exe [2009-07-25 14:22:25 | 00,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu [2009-07-20 00:28:39 | 00,000,262 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009-07-17 15:33:09 | 00,023,524 | ---- | C] () -- C:\windows\System32\drivers\GVTDrv.sys [2009-07-13 15:52:36 | 00,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll [2009-07-13 15:52:36 | 00,000,038 | ---- | C] () -- C:\windows\avisplitter.ini [2009-07-13 15:52:34 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll [2009-07-13 15:52:34 | 00,881,664 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2009-07-13 15:52:34 | 00,205,824 | ---- | C] () -- C:\windows\System32\xvidvfw.dll [2009-07-13 15:52:32 | 00,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2009-07-13 15:52:32 | 00,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest [2009-07-13 15:45:13 | 00,155,136 | ---- | C] ( ) -- C:\windows\System32\drivers\d347bus.sys [2009-07-13 15:45:13 | 00,005,248 | ---- | C] ( ) -- C:\windows\System32\drivers\d347prt.sys [2009-07-13 15:14:51 | 00,354,816 | ---- | C] () -- C:\windows\System32\psisdecd.dll [2009-07-13 15:02:33 | 00,156,672 | ---- | C] () -- C:\windows\System32\RTLCPAPI.dll [2009-07-13 15:02:24 | 00,000,164 | ---- | C] () -- C:\windows\avrack.ini [2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\windows\daemon.dll [2001-07-22 02:16:20 | 00,000,477 | ---- | C] () -- C:\windows\win.ini [2001-07-22 02:15:52 | 00,000,227 | ---- | C] () -- C:\windows\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2 C:\*.tmp files] [1 C:\windows\System32\*.tmp files] [3 C:\windows\*.tmp files] [2009-08-24 13:59:21 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\RSIT.exe [2009-08-24 13:57:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe [2009-08-24 13:24:37 | 00,023,524 | ---- | M] () -- C:\windows\System32\drivers\GVTDrv.sys [2009-08-24 13:24:35 | 00,000,004 | ---- | M] () -- C:\windows\System32\GVTunner.ref [2009-08-24 13:24:23 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2009-08-24 13:24:21 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat [2009-08-24 13:24:10 | 00,058,420 | ---- | M] () -- C:\windows\System32\oodbs.lor [2009-08-24 13:08:29 | 00,000,227 | ---- | M] () -- C:\windows\system.ini [2009-08-24 11:42:40 | 03,183,186 | R--- | M] () -- C:\Documents and Settings\Ja\Pulpit\ComboFix.exe [2009-08-24 11:40:52 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\CCleaner.lnk [2009-08-24 11:38:39 | 00,000,322 | -HS- | M] () -- C:\boot.ini [2009-08-24 11:36:52 | 00,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\HDD Regenerator.lnk [2009-08-24 11:13:19 | 08,400,836 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\HDD.Regenerator_v1.71_keygen.rar [2009-08-24 11:05:33 | 00,000,477 | ---- | M] () -- C:\windows\win.ini [2009-08-23 03:09:13 | 00,229,376 | ---- | M] () -- C:\windows\PEV.exe [2009-08-18 02:33:55 | 00,155,648 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\bez tytułu.bmp [2009-08-18 01:04:27 | 02,359,350 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\bez tytułu(1).bmp [2009-08-17 19:06:06 | 03,124,187 | R--- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\ComboFix.exe [2009-08-17 03:01:56 | 00,274,628 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\asasavrz.jpg [2009-08-15 19:11:34 | 00,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\O&O Defrag.lnk [2009-08-15 03:15:52 | 00,490,628 | ---- | M] () -- C:\windows\System32\perfh015.dat [2009-08-15 03:15:52 | 00,432,492 | ---- | M] () -- C:\windows\System32\perfh009.dat [2009-08-15 03:15:52 | 00,083,880 | ---- | M] () -- C:\windows\System32\perfc015.dat [2009-08-15 03:15:52 | 00,067,448 | ---- | M] () -- C:\windows\System32\perfc009.dat [2009-08-15 03:15:49 | 01,043,322 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2009-08-10 23:46:51 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2009-08-10 19:06:07 | 03,075,656 | -H-- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-08-10 13:43:24 | 00,289,646 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\2009_8_9_3.50.31.jpg [2009-08-09 01:12:19 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-09 00:41:13 | 00,280,174 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\6400u.jpg [2009-08-05 11:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mswebdvd.dll [2009-08-05 11:01:12 | 00,205,312 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mswebdvd.dll [2009-08-04 11:24:44 | 00,012,328 | ---- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-08-01 18:17:04 | 05,651,226 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\FIRMA_-cenzura!.mp3 [2009-07-30 02:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MRT.exe [2009-07-28 15:39:25 | 00,103,352 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\InjectTable1737.rar [2009-07-28 15:27:05 | 27,299,3000 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ja\Pulpit\WindowsXP-KB835935-SP2-PLK.exe [2009-07-28 00:27:56 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\dhtmled.ocx [2009-07-25 19:00:03 | 86,022,604 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\hl1110.exe < End of report >

z góry dzieki

~pozdrawiam

**Posty:** 8001 · przez **Okocza** 24 Sie 2009, 17:07

adam1916l, zastosuj Combofixa i daj z niego log

**Posty:** 12 · przez **adam1916l** 24 Sie 2009, 18:15

robione dzisiaj rano (chwile przed wcześniejszymi dwoma)

Kod: Zaznacz wszystko: ComboFix 09-08-23.01 - Ja 2009-08-24 13:03.7.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.1054 [GMT 2:00] Uruchomiony z: c:\documents and settings\Ja\Pulpit\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((( Pliki utworzone od 2009-07-24 do 2009-08-24 ))))))))))))))))))))))))))))))) . 2009-08-24 09:36 . 2009-08-24 09:36 -------- d-----w- c:\program files\HDD Regenerator 2009-08-21 17:59 . 2009-08-21 18:00 -------- d-----w- c:\documents and settings\Administrator.DOM-9FE46E7B794\Dane aplikacji\Winamp 2009-08-18 03:30 . 2009-08-18 03:30 -------- d-----w- c:\documents and settings\Ja\Ustawienia lokalne\Dane aplikacji\ESET 2009-08-17 17:40 . 2009-08-17 17:40 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google 2009-08-15 20:35 . 2009-08-15 20:35 -------- d-----w- c:\windows\system32\oodag 2009-08-15 17:22 . 2009-08-15 17:22 -------- d-----w- c:\documents and settings\Ja\Ustawienia lokalne\Dane aplikacji\O&O 2009-08-15 17:11 . 2009-08-15 17:11 -------- d-----w- c:\program files\OO Software 2009-08-14 18:11 . 2009-08-14 18:11 -------- d-----w- c:\program files\HD Tune Pro 2009-08-10 21:45 . 2009-08-10 21:47 -------- d-----w- c:\documents and settings\Ja\Ustawienia lokalne\Dane aplikacji\Google 2009-08-10 21:45 . 2009-08-10 21:47 -------- d-----w- c:\program files\Google 2009-08-10 21:45 . 2009-08-24 09:56 -------- d-----w- c:\program files\DivX 2009-08-01 22:11 . 2009-08-01 22:11 -------- d-----w- c:\documents and settings\Adam\Moje dokumenty 2009-08-01 22:11 . 2009-08-01 22:11 -------- d-----w- c:\documents and settings\Adam 2009-07-27 21:50 . 2009-08-11 22:50 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\vlc 2009-07-27 21:49 . 2009-07-27 21:49 -------- d-----w- c:\program files\VideoLAN 2009-07-27 17:46 . 2009-07-27 17:46 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Ashampoo 2009-07-27 16:36 . 2009-07-27 16:36 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\Ashampoo 2009-07-26 10:31 . 2009-08-11 16:32 -------- d-----w- c:\program files\Valve 2009-07-25 12:22 . 2009-07-25 12:36 -------- d-----w- c:\documents and settings\Ja\Gadu-Gadu 2009-07-25 12:22 . 2009-07-25 12:22 -------- d-----w- c:\program files\Gadu-Gadu . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-24 10:03 . 2009-07-17 13:33 23524 ----a-w- c:\windows\system32\drivers\GVTDrv.sys 2009-08-19 09:30 . 2009-07-13 13:47 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\uTorrent 2009-08-17 17:32 . 2009-07-23 23:30 -------- d-----w- c:\program files\Common Files\Nokia 2009-08-15 01:15 . 2001-10-26 18:15 83880 ----a-w- c:\windows\system32\perfc015.dat 2009-08-15 01:15 . 2001-10-26 18:15 490628 ----a-w- c:\windows\system32\perfh015.dat 2009-08-12 12:34 . 2009-07-13 13:49 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\Winamp 2009-08-05 09:01 . 2008-04-14 20:50 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 09:24 . 2009-07-22 13:50 12328 ----a-w- c:\documents and settings\Ja\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-08-01 21:21 . 2009-07-14 23:55 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\uTorrent 2009-08-01 14:37 . 2009-08-01 14:37 -------- d-----w- c:\program files\Free Audio Pack 2009-07-28 14:34 . 2009-07-13 13:43 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-07-24 00:08 . 2009-07-23 23:30 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\Nokia 2009-07-24 00:07 . 2009-07-23 23:29 -------- d-----w- c:\program files\Nokia 2009-07-24 00:03 . 2009-07-24 00:03 -------- d-----w- c:\program files\MSBuild 2009-07-24 00:02 . 2009-07-24 00:02 -------- d-----w- c:\program files\Reference Assemblies 2009-07-23 23:31 . 2009-07-23 23:30 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\PC Suite 2009-07-23 23:30 . 2009-07-23 23:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PC Suite 2009-07-23 23:30 . 2009-07-23 23:29 -------- d-----w- c:\program files\DIFX 2009-07-23 23:30 . 2009-07-23 23:30 -------- d-----w- c:\program files\Common Files\PCSuite 2009-07-23 23:29 . 2009-07-23 23:29 -------- d-----w- c:\program files\PC Connectivity Solution 2009-07-23 23:29 . 2009-07-23 23:29 95232 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe 2009-07-23 23:29 . 2009-07-23 23:29 8192 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe 2009-07-23 23:29 . 2009-07-23 23:29 61440 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-07-23 23:29 . 2009-07-23 23:29 10240 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe 2009-07-23 23:28 . 2009-07-23 23:28 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Installations 2009-07-23 15:02 . 2009-07-23 23:29 33773208 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe 2009-07-23 09:26 . 2009-07-23 09:26 -------- d-----w- c:\program files\RegVac Registry Cleaner 2009-07-19 22:30 . 2009-07-19 22:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-07-19 22:29 . 2009-07-19 22:29 -------- d-----w- c:\program files\Fraps 2009-07-19 22:28 . 2009-07-19 22:28 -------- d-----w- c:\program files\Ventrilo 2009-07-19 22:28 . 2009-07-19 22:28 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-19 13:39 . 2009-07-19 13:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2009-07-19 13:39 . 2009-07-19 13:39 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\OpenFM 2009-07-18 19:25 . 2009-07-18 19:25 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-18 08:24 . 2009-07-18 08:24 -------- d-----w- c:\program files\Teamspeak2 2009-07-18 08:08 . 2009-07-18 08:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SystemExplorer 2009-07-18 08:08 . 2009-07-18 08:08 -------- d-----w- c:\program files\System Explorer 2009-07-17 19:04 . 2008-04-14 20:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-17 13:43 . 2009-07-13 12:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-07-17 13:18 . 2009-07-17 13:18 -------- d-----w- c:\program files\GigaByte 2009-07-16 21:37 . 2009-07-13 13:52 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-07-16 07:13 . 2009-07-15 22:02 -------- d-----w- c:\program files\Real Alternative 2009-07-15 22:01 . 2009-07-15 22:00 -------- d-----w- c:\program files\NAPI-PROJEKT 2009-07-15 21:57 . 2009-07-13 13:47 -------- d-----w- c:\program files\SubEdit-Player 2009-07-15 09:43 . 2009-07-15 09:43 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Media Player Classic 2009-07-15 09:43 . 2009-07-15 09:43 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\DivX 2009-07-14 23:55 . 2009-07-14 23:55 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Gadu-Gadu 2009-07-14 10:11 . 2009-07-14 07:27 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Winamp 2009-07-14 07:37 . 2009-07-14 07:37 0 ----a-w- c:\windows\nsreg.dat 2009-07-14 07:30 . 2009-07-14 07:28 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu 2009-07-13 21:21 . 2009-07-13 13:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-13 14:55 . 2009-07-13 14:55 -------- d-----w- c:\program files\ESET 2009-07-13 14:55 . 2009-07-13 14:55 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ESET 2009-07-13 14:18 . 2009-07-13 14:18 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\teamspeak2 2009-07-13 13:51 . 2009-07-13 13:49 -------- d-----w- c:\program files\Winamp 2009-07-13 13:50 . 2009-07-13 13:50 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\Foxit 2009-07-13 13:50 . 2009-07-13 13:50 -------- d-----w- c:\program files\Foxit Software 2009-07-13 13:48 . 2009-07-13 13:48 -------- d-----w- c:\program files\uTorrent 2009-07-13 13:47 . 2009-07-13 13:47 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-13 13:46 . 2009-07-13 13:46 -------- d-----w- c:\program files\Java 2009-07-13 13:46 . 2009-07-13 13:46 152576 ----a-w- c:\documents and settings\Ja\Dane aplikacji\Sun\Java\jre1.6.0_14\lzma.dll 2009-07-13 13:45 . 2009-07-13 13:45 -------- d-----w- c:\program files\D-Tools 2009-07-13 13:44 . 2009-07-13 13:44 -------- d-----w- c:\program files\Damian Pasternak 2009-07-13 13:44 . 2009-07-13 13:44 -------- d-----w- c:\program files\CCleaner 2009-07-13 13:43 . 2009-07-13 13:43 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\Nowe Gadu-Gadu 2009-07-13 13:42 . 2009-07-13 13:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ashampoo 2009-07-13 13:42 . 2009-07-13 13:42 -------- d-----w- c:\program files\Ashampoo Burning Studio 2009 2009-07-13 13:18 . 2009-07-13 13:18 -------- d-----w- c:\program files\Opera 2009-07-13 13:14 . 2009-07-13 13:13 -------- d-----w- c:\program files\ATI Technologies 2009-07-13 13:06 . 2009-07-13 13:02 -------- d-----w- c:\program files\AvRack 2009-07-13 13:02 . 2009-07-13 13:02 -------- d-----w- c:\program files\Realtek Sound Manager 2009-07-13 13:02 . 2009-07-13 12:58 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-13 13:01 . 2009-07-13 13:01 -------- d-----w- c:\program files\AMD 2009-07-13 12:52 . 2009-07-13 12:52 -------- d-----w- c:\program files\microsoft frontpage 2009-07-13 12:49 . 2009-07-13 12:49 -------- d-----w- c:\program files\Usługi online 2009-07-13 12:47 . 2009-07-13 12:47 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-13 08:20 . 2009-07-13 08:20 42088 ----a-w- c:\documents and settings\Ja\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-07-12 10:21 . 2008-04-14 20:51 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-26 16:51 . 2008-04-14 20:50 669184 ------w- c:\windows\system32\wininet.dll 2009-06-26 16:51 . 2008-04-14 20:50 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-25 08:27 . 2008-04-14 20:50 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:27 . 2008-04-14 20:50 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:27 . 2008-04-14 20:50 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:27 . 2008-04-14 20:50 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:27 . 2008-04-14 20:50 732160 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:27 . 2008-04-14 20:50 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2008-04-13 22:01 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:40 . 2008-04-14 20:50 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2008-04-14 20:50 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:45 . 2008-04-14 20:51 78336 ----a-w- c:\windows\system32\telnet.exe 2009-06-15 10:45 . 2008-04-14 20:51 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-10 14:15 . 2008-04-14 20:50 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:22 . 2009-07-13 12:46 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2008-04-14 20:50 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:11 . 2008-04-14 20:50 1294848 ----a-w- c:\windows\system32\quartz.dll 2009-06-02 16:11 . 2009-07-13 13:52 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-05-29 21:37 . 2009-07-13 13:52 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-05-29 21:31 . 2009-07-13 13:52 881664 ----a-w- c:\windows\system32\xvidcore.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-07-27 10719848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2004-09-17 552960] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2004-12-22 77824] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gupdate1ca1a03de11b26a"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "e:\\Program Files\\CSCZ\\czero.exe"= "c:\\Program Files\\Valve\\hltv.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-02-06 93336] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720] R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2009-07-17 23524] S4 gupdate1ca1a03de11b26a;Usługa Google Update (gupdate1ca1a03de11b26a);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 133104] . . ------- Skan uzupełniający ------- . FF - ProfilePath - c:\documents and settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\w5urpjnn.default\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-24 13:08 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG11.00.00.01WORKSTATION"="7608F6052BE1A5B39936CC00799422431FCAC551953C338929A58E2760800FE1BA896F6855BB1D20B3B19B4F563BCB925FB09047733C79C9082101A6D54CE8B7A7A65830ADF1479E1E3DC6683721C5C57F5B5D39CA84BD0E696042E781FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407C038D530D6EB3452A6A0AC4980AC7933BA14E83374ABC3FCED9DB3AF427D1A2C85367667BF2C6087F5366D48BEE799CC2E64251D132B787E59148961026A50087FE1C13402D2DE6FE5F65ACA50985995CB61C57F4A53D70EF27928EB227107FA7658ED14DE312D84F55DC11CADB17CD90C4843190012B9C215DA11E7FDA0B244CA14AD18C4157D4FAEF3A2E6FB639209BA5285CBAE992B17F0C33C8D04CAFC86B394A1F23993B7BC684B6BF7F3A3DEF876C0EA9DE5DCECE80DC615BD3806C2CAB95BE47DD283759BD37683C0E2A8DAE2B55945B7459672FA4078797BB2AB96F93BEF8133BE7E0522738D4154AA6E3064BDE4DBE806436473B9F2BCEB9D5A3EE5685CF734BD64E9E79D2CF36DC0363FFE2BAEE7A37124A0DC7755A65CB87431BF4AAFBCC4A3D859687CF15B682E049B97ED08177B643F3625CF3FF1B9579F1FA1B77CB7CB59C3BE858F02ADC40F9F8B784A458CAB52DB6B206A57CC17DFC568055F594456D94EB8032A8413A995158B4E57BF5D93C108368246C6DB2DCE96A3C9C3DFB392B6E81989722528DE08B4CB2A805393B3CC954567B13CB4D4B20399333AB149569247E62563137F513E13AE8206E12EB0A199F8CDD268620E2F41C7686C6D3C19285FDB46CB821D12A6874CAFFB4F1ED681EB6496A280647B7BCB5F75D7BDBAF4C1EB6841CD2A79D5422F7070C983499244AB510A6DBFAEE3E160C6494ECAE2AC406D2DCE60470275A4E99964AB6B0B75D3B8BCD1D3E1A632C28117B776C2C82218A6028B4F1998EDF8DAFB13AFF9B0B62E38D4FA4A2B297591749E77495AF5DD519EEFF6B8E11160FBEA0064BB207B30E51380F99ADE82DFD545DCA41546E30C09A0B6F58FEA36917F46BE2607D922DE20F65724E047F8CAA9C00A3F7AC385FBED3C4952197E42EAE6DD0B891DA14FE498D5A6340E32C0AD3CF88D29718EBDA145434DB5F1ED6878AE65E523DD789F891E63EDC867720729D244062B416B6495674D1D33090B4EEAE053876E7CE327341099E163045B6901C2BC44EE891FC413403647BC20AE0A98A066DB48826C69746735EAEA52C87B1AF741CD853AF69FFA519D0F2DCEB4ABF8231D82F0499DE17B2EB7262A9216448170735CE01B3F2ACF2CE469BEFD7B332A30BB4D0E82887FA001E6E3CE5A27BEE442395E5AC4CA8AB97BB40493EFE6146CA7CBC5A930C3A15B934AA9EB9160D99692BDF42CA5715D" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(728) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2009-08-24 13:09 ComboFix-quarantined-files.txt 2009-08-24 11:09 ComboFix2.txt 2009-08-24 09:50 Przed: 1 483 792 384 bajtów wolnych Po: 1 434 177 536 bajtów wolnych 245 --- E O F --- 2009-08-15 01:22

**Posty:** 18165 · przez **wojtas** 25 Sie 2009, 09:30

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie )

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.