Trojan kavos + rootkit nmdfgds0.dll

**Posty:** 4 · przez **inf** 09 Cze 2009, 22:39

witam i prosze o pomoc. avast wykrywa ale nie potrafi sobie z tym poradzic. Zainfekowany plik sm.exe, avast nie moze nic zrobic i nieustannie powiadamia mnie o tym, ze to wykryl, nawet zaczely sie pojawiac krytyczne bledy dot. tego pliku. Nie dziala mi ujawnianie ukrytych plików i folderów, tzn wlaczam opcje folderow->zaznaczam->zastosuj->ok ... zadne ukryte pliki i foldery sie nie ujawniaja, a po powrocie do opcji ta funkcja jest odznaczona. Wykonalem pelny skan przy po mocy Malwarebytes' Anti-Malware i... mam usunac wsio co wykryl?

Malwarebytes' Anti-Malware log

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.37 Wersja bazy definicji: 2255 Windows 5.1.2600 Dodatek Service Pack 2 2009-06-09 22:37:15 mbam-log-2009-06-09 (22-37-03).txt Typ skanowania: Pełne skanowanie (A:\|C:\|D:\|E:\|F:\|) Przeskanowane obiekty: 125508 Upłynęło: 1 hour(s), 46 minute(s), 32 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 3 Zainfekowane klucze rejestru: 21 Zainfekowane wartości rejestru: 4 Zainfekowane pliki rejestru: 1 Zainfekowane foldery: 7 Zainfekowane pliki: 21 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> No action taken. C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> No action taken. Zainfekowane klucze rejestru: HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> No action taken. Zainfekowane wartości rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken. Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken. Zainfekowane foldery: C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Cache (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\History (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Settings (Adware.MyWebSearch) -> No action taken. C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken. Zainfekowane pliki: C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Cache\0002A828 (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Cache\00BC9300.bin (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Cache\00BC97E4.bin (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Cache\00BCB255.bin (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\History\search (Adware.MyWebSearch) -> No action taken. c:\program files\myglobalsearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> No action taken. c:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> No action taken. c:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> No action taken. C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> No action taken. c:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> No action taken. c:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnLineGames) -> No action taken. C:\autorun.inf (Worm.Autorun) -> No action taken. C:\sm.exe (Worm.Autorun) -> No action taken.

**Posty:** 18165 · przez **wojtas** 09 Cze 2009, 22:48

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z OTL

**Posty:** 4 · przez **inf** 10 Cze 2009, 00:28

SDFix:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by D A N I E L on 2009-06-10 at 00:01 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\autorun.inf - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-10 00:07:59 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="E:\programy\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:9e,65,54,46,2a,0c,6b,bb,77,bc,53,eb,0a,e3,25,47,6f,28,14,0a,f1,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,4b,d3,c1,90,a1,f6,7d,1a,8f,a8,0a,dc,8d,db,d7,b5,5d,.. "khjeh"=hex:37,96,1a,5f,89,2a,af,18,2b,dc,a9,ea,3b,bb,d0,a2,55,19,f7,b4,18,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:f9,ba,57,c8,01,84,3d,07,da,fd,f4,33,60,75,fa,4f,a1,7f,ca,aa,5a,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="E:\programy\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:9e,65,54,46,2a,0c,6b,bb,77,bc,53,eb,0a,e3,25,47,6f,28,14,0a,f1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,4b,d3,c1,90,a1,f6,7d,1a,8f,a8,0a,dc,8d,db,d7,b5,5d,.. "khjeh"=hex:37,96,1a,5f,89,2a,af,18,2b,dc,a9,ea,3b,bb,d0,a2,55,19,f7,b4,18,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:f9,ba,57,c8,01,84,3d,07,da,fd,f4,33,60,75,fa,4f,a1,7f,ca,aa,5a,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\\programy\\BitSpirit\\BitSpirit.exe"="E:\\programy\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client" "E:\\gry\\ET\\ET.exe"="E:\\gry\\ET\\ET.exe:*:Enabled:ET" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikacj©" "C:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager" "E:\\gry\\Combat Arms EU\\CombatArms.exe"="E:\\gry\\Combat Arms EU\\CombatArms.exe:*Enabled:CombatArms.exe" "E:\\gry\\Combat Arms EU\\Engine.exe"="E:\\gry\\Combat Arms EU\\Engine.exe:*Enabled:Engine.exe" "E:\\gry\\Combat Arms EU\\NMService.exe"="E:\\gry\\Combat Arms EU\\NMService.exe:*:Enabled:Nexon Messenger Core" "E:\\gry\\FT BOS\\BOS.exe"="E:\\gry\\FT BOS\\BOS.exe:*:Enabled:BOS" "E:\\gry\\Naval\\DG_RJWp.exe"="E:\\gry\\Naval\\DG_RJWp.exe:*:Enabled:Distant Guns RJW" "E:\\programy\\Teamspeak2_RC2\\TeamSpeak.exe"="E:\\programy\\Teamspeak2_RC2\\TeamSpeak.exe:*:Enabled:Teamspeak RC2" "E:\\Warcraft III\\Warcraft III.exe"="E:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare" "C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"="C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe:*:Enabled:Pando Media Booster" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "E:\\gry\\Combat Arms EU\\CombatArms.exe"="E:\\gry\\Combat Arms EU\\CombatArms.exe:*Enabled:CombatArms.exe" "E:\\gry\\Combat Arms EU\\Engine.exe"="E:\\gry\\Combat Arms EU\\Engine.exe:*Enabled:Engine.exe" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Sun 7 Jun 2009 103,339 ..SHR --- "C:\sm.exe" Tue 9 Jun 2009 83,456 ..SHR --- "C:\WINDOWS\system32\nmdfgds0.dll" Tue 9 Jun 2009 83,456 ..SHR --- "C:\WINDOWS\system32\nmdfgds1.dll" Sun 7 Jun 2009 103,339 ..SHR --- "C:\WINDOWS\system32\olhrwef.exe" Fri 10 Apr 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 24 Apr 2009 6,657,032 A..H. --- "C:\Documents and Settings\D A N I E L\Ustawienia lokalne\Temp\dotnetfx3521022.08\1033\dotnetfx35\x86\BITD4.tmp" [b]Finished![/b]

OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2009-06-10 00:24:12 - Run 2 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\D A N I E L\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,48 Mb Total Physical Memory | 199,36 Mb Available Physical Memory | 38,98% Memory free 1,25 Gb Paging File | 0,97 Gb Available in Paging File | 77,47% Paging File free Paging file location(s): C:\pagefile.sys 800 1200 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,64 Gb Total Space | 11,17 Gb Free Space | 59,95% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 37,26 Gb Total Space | 20,42 Gb Free Space | 54,81% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XP-5333C863EC9A Current User Name: D A N I E L Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2009-02-05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-02-05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2008-12-06 18:47:02 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2004-08-04 00:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2003-03-20 08:21:00 | 01,855,488 | R--- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\Mixer.exe PRC - [2003-10-16 19:07:10 | 00,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe PRC - [2003-10-16 19:07:12 | 00,053,248 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\TaskBarIcon.exe PRC - [2009-02-05 23:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2004-03-04 05:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE PRC - [2004-07-28 17:39:28 | 00,962,661 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe PRC - [2009-04-28 23:53:54 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2003-10-16 19:07:12 | 00,626,688 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\NeostradaTP.exe PRC - [2003-10-16 19:07:10 | 00,200,704 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\ComComp.exe PRC - [2003-10-16 19:07:12 | 00,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\Watch.exe PRC - [2009-06-09 23:42:50 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D A N I E L\Pulpit\OTL.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-02-05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - [2009-02-05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009-02-05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped]) SRV - [2009-02-05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-03-03 14:53:32 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped]) SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2008-12-06 18:47:02 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2009-02-05 23:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running]) DRV - [2001-08-17 22:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running]) DRV - [2004-03-02 10:26:58 | 00,050,007 | ---- | M] (Analog Deivces) -- C:\WINDOWS\System32\Drivers\adildr.sys -- (ADILOADER [Auto | Stopped]) DRV - [2004-03-02 10:24:16 | 00,127,065 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\system32\DRIVERS\adiusbaw.sys -- (adiusbaw [On_Demand | Running]) DRV - [2009-02-05 23:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) DRV - [2009-02-05 23:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) DRV - [2009-02-05 23:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) DRV - [2009-02-05 23:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running]) DRV - [2009-02-05 23:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running]) DRV - File not found -- -- (catchme [On_Demand | Running]) DRV - [2002-11-18 09:51:40 | 00,377,358 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Running]) DRV - [2004-08-04 01:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running]) DRV - [2001-08-18 00:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running]) DRV - [2006-10-22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2003-08-04 15:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped]) DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2008-12-31 21:58:38 | 00,028,400 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2009-01-04 14:56:07 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll () IE - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\S-1-5-21-1202660629-484763869-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-07 17:58:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-06-02 20:41:16 | 00,000,000 | ---D | M] [2009-01-19 19:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\D A N I E L\Dane aplikacji\mozilla\Extensions [2009-01-19 19:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\D A N I E L\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-06-08 23:31:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\D A N I E L\Dane aplikacji\mozilla\Firefox\Profiles\jwpbbj2f.default\extensions [2009-05-04 17:44:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\D A N I E L\Dane aplikacji\mozilla\Firefox\Profiles\jwpbbj2f.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2008-12-01 23:09:26 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Dane aplikacji\Mozilla\FireFox\Profiles\jwpbbj2f.default\searchplugins\winamp-search-1.xml [2008-12-01 22:38:07 | 00,000,358 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Dane aplikacji\Mozilla\FireFox\Profiles\jwpbbj2f.default\searchplugins\winamp-search.xml [2009-06-10 00:21:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-04-28 23:54:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-01-09 00:06:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009-04-28 23:53:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-04-28 23:53:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-04-23 00:35:20 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-04-23 00:35:20 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-04-23 00:35:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-04-23 00:35:20 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-04-23 00:35:20 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-04-23 00:35:20 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-04-23 00:35:20 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search) O3 - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup File not found O4 - HKLM..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.) O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe () O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe (France Télécom R&D) O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe (France Télécom R&D) O4 - HKU\S-1-5-21-1202660629-484763869-1957994488-1004..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe () O4 - HKU\S-1-5-21-1202660629-484763869-1957994488-1004..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (Gadu-Gadu S.A.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Bo-Shot.lnk = C:\Program Files\Bo-Shot\Bo-Shot.exe (BoSoft) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1202660629-484763869-1957994488-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Pobierz z &BitSpirit - E:\programy\BitSpirit\bsurl.htm () O9 - Extra Button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-11-28 18:49:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-06-10 00:25:20 | 00,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-06-10 00:25:20 | 00,000,051 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{40c62a70-bd6f-11dd-93fb-806d6172696f}\Shell\AutoRun\command - "" = E:\sm.exe -- [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] () O33 - MountPoints2\{40c62a70-bd6f-11dd-93fb-806d6172696f}\Shell\open\Command - "" = E:\sm.exe -- [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] () O33 - MountPoints2\{e00eb332-5331-11de-95d8-4d6564696130}\Shell\AutoRun\command - "" = G:\sm.exe -- File not found O33 - MountPoints2\{e00eb332-5331-11de-95d8-4d6564696130}\Shell\open\Command - "" = G:\sm.exe -- File not found O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\sm.exe -- [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] () O33 - MountPoints2\C\Shell\open\Command - "" = C:\sm.exe -- [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] () O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\sm.exe -- [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] () O33 - MountPoints2\E\Shell\open\Command - "" = E:\sm.exe -- [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] () O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-06-10 00:24:02 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [3 C:\WINDOWS\*.tmp files] [2009-06-10 00:21:09 | 00,000,051 | RHS- | C] () -- C:\autorun.inf [2009-06-10 00:05:04 | 53,639,9872 | -HS- | C] () -- C:\hiberfil.sys [2009-06-09 23:52:03 | 00,000,000 | ---D | C] -- C:\SDFix [2009-06-09 23:51:19 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\SDFix.exe [2009-06-09 23:42:43 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\D A N I E L\Pulpit\OTL.exe [2009-06-09 23:11:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009-06-09 23:00:41 | 00,055,296 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\Seconfig XP.exe [2009-06-09 22:56:40 | 00,038,899 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\SeconfigXP.zip [2009-06-09 22:01:25 | 00,083,456 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll [2009-06-09 20:46:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\D A N I E L\Dane aplikacji\Malwarebytes [2009-06-09 20:46:24 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-06-09 20:46:21 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-06-09 20:46:19 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-06-09 20:46:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-06-09 20:46:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-06-09 20:43:57 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\D A N I E L\Pulpit\mbam-setup.exe [2009-06-09 20:42:00 | 00,103,339 | RHS- | C] () -- C:\sm.exe [2009-06-09 17:47:26 | 00,006,689 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\podanie.abw [2009-06-09 14:49:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment [2009-06-08 19:50:35 | 00,083,456 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll [2009-06-08 11:01:39 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdaudio.sys [2009-06-08 11:01:07 | 00,103,339 | RHS- | C] () -- C:\WINDOWS\System32\olhrwef.exe [2009-06-07 20:55:19 | 00,007,168 | -HS- | C] () -- C:\WINDOWS\Thumbs.db [2009-06-07 20:55:15 | 00,005,632 | -HS- | C] () -- C:\Thumbs.db [2009-06-07 09:22:48 | 00,172,674 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\1211AAneut4sell.bmp [2009-06-07 09:10:04 | 00,172,126 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\USRep1110forsell.bmp [2009-06-04 07:39:55 | 00,008,119 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\historia.rtf [2009-06-02 20:41:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2009-06-02 20:38:31 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2009-06-01 12:52:33 | 00,016,322 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\podanie.abw [2009-05-24 16:34:56 | 00,220,210 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\niem.abw [2009-05-16 11:59:05 | 00,000,000 | ---D | C] -- C:\Program Files\The Learning Company [2009-05-16 11:58:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2009-05-11 01:33:41 | 07,282,688 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\Muse-08-Hysteria.mp3 [2009-05-11 01:31:53 | 02,497,811 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Moje dokumenty\kleopatra.JPG [2009-04-06 17:30:16 | 00,000,626 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009-01-04 14:56:05 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-01-03 18:19:50 | 00,001,323 | ---- | C] () -- C:\WINDOWS\disney.ini [2008-12-29 22:50:44 | 00,001,499 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2008-12-29 11:22:40 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-12-06 18:47:22 | 00,138,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008-12-01 10:43:10 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX3600FGD.ini [2008-11-30 01:43:52 | 00,000,785 | ---- | C] () -- C:\WINDOWS\Rtcw.INI [2008-11-29 11:43:35 | 00,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2008-11-29 11:43:35 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2008-11-29 11:43:27 | 00,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini [2008-11-29 11:43:22 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2008-11-29 11:43:19 | 00,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll [2008-11-29 11:20:00 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\adinst32.dll [2008-11-28 19:45:43 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2008-11-28 19:15:48 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2008-11-28 19:13:34 | 00,028,165 | ---- | C] () -- C:\WINDOWS\cmijack.ini [2008-11-28 19:13:34 | 00,018,240 | ---- | C] () -- C:\WINDOWS\cmaudio.ini [2008-11-28 19:11:57 | 00,000,199 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2008-11-28 19:11:57 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2006-10-22 13:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-22 13:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-22 13:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-22 13:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-22 13:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-22 13:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-22 13:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2004-08-04 00:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-07-17 11:36:38 | 00,028,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001-07-21 22:16:20 | 00,000,498 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 22:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-06-10 00:26:36 | 00,000,051 | RHS- | M] () -- C:\autorun.inf [2009-06-10 00:20:43 | 00,083,456 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll [2009-06-10 00:20:27 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-06-10 00:05:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-06-10 00:05:22 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\D A N I E L\Ustawienia lokalne\desktop.ini [2009-06-10 00:05:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-06-10 00:05:04 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys [2009-06-10 00:01:56 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009-06-09 23:51:44 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\SDFix.exe [2009-06-09 23:42:50 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D A N I E L\Pulpit\OTL.exe [2009-06-09 22:56:43 | 00,038,899 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\SeconfigXP.zip [2009-06-09 22:03:36 | 00,083,456 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds1.dll [2009-06-09 20:46:24 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-06-09 20:45:36 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\D A N I E L\Pulpit\mbam-setup.exe [2009-06-09 17:47:26 | 00,006,689 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\podanie.abw [2009-06-08 17:54:17 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-06-08 09:54:14 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-06-07 20:55:19 | 00,007,168 | -HS- | M] () -- C:\WINDOWS\Thumbs.db [2009-06-07 20:55:17 | 00,005,632 | -HS- | M] () -- C:\Thumbs.db [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] () -- C:\WINDOWS\System32\olhrwef.exe [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] () -- C:\sm.exe [2009-06-07 09:22:48 | 00,172,674 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\1211AAneut4sell.bmp [2009-06-07 09:10:04 | 00,172,126 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\USRep1110forsell.bmp [2009-06-07 08:43:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-06-04 07:39:55 | 00,008,119 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\historia.rtf [2009-06-02 08:39:54 | 00,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB [2009-06-01 12:52:33 | 00,016,322 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\podanie.abw [2009-05-26 22:38:08 | 00,002,389 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2009-05-26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-05-26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-05-24 16:34:56 | 00,220,210 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\niem.abw [2009-05-22 01:36:46 | 00,001,499 | ---- | M] () -- C:\WINDOWS\bestplayer.ini [2009-05-22 01:36:46 | 00,000,072 | ---- | M] () -- C:\WINDOWS\bestplayer.bpp [2009-05-22 01:36:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\bestplayer.bbt [2009-05-16 11:58:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\SETUP32.INI [2009-05-13 18:25:00 | 00,070,656 | -HS- | M] () -- C:\Documents and Settings\D A N I E L\Moje dokumenty\Thumbs.db [2009-05-11 01:35:58 | 07,282,688 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\Muse-08-Hysteria.mp3 [2009-05-11 01:32:40 | 02,497,811 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Moje dokumenty\kleopatra.JPG < End of report >

Dodano Dzisiaj, 12:17:
wykonałem scan Easy Cleanerem, usunął 112 błędnych wpisów w rejestrze, 1256 niepotrzebnych plików, wyczaił uruchamiany przy stacie program cdoosoft C:\WIDNOWS\system32\olhrwef.exe co jak wynika było jednym z wielu smieci - usunąłem

**Posty:** 18165 · przez **wojtas** 10 Cze 2009, 12:19

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)
O3 - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (My Global Search)
O32 - AutoRun File - [2009-06-10 00:25:20 | 00,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-06-10 00:25:20 | 00,000,051 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{40c62a70-bd6f-11dd-93fb-806d6172696f}\Shell\AutoRun\command - "" = E:\sm.exe -- [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] ()
O33 - MountPoints2\{40c62a70-bd6f-11dd-93fb-806d6172696f}\Shell\open\Command - "" = E:\sm.exe -- [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] ()
O33 - MountPoints2\{e00eb332-5331-11de-95d8-4d6564696130}\Shell\AutoRun\command - "" = G:\sm.exe -- File not found
O33 - MountPoints2\{e00eb332-5331-11de-95d8-4d6564696130}\Shell\open\Command - "" = G:\sm.exe -- File not found
O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\sm.exe -- [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] ()
O33 - MountPoints2\C\Shell\open\Command - "" = C:\sm.exe -- [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] ()
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\sm.exe -- [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] ()
O33 - MountPoints2\E\Shell\open\Command - "" = E:\sm.exe -- [2009-06-07 13:09:02 | 00,103,339 | RHS- | M] ()

:Files
C:\Program Files\MyGlobalSearch
C:\autorun.inf
E:\autorun.inf
C:\sm.exe
E:\sm.exe
C:\WINDOWS\System32\nmdfgds1.dll
C:\WINDOWS\System32\nmdfgds0.dll
C:\WINDOWS\System32\olhrwef.exe

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia kompa

**Posty:** 4 · przez **inf** 10 Cze 2009, 12:55

Kod: Zaznacz wszystko: ========== OTL ========== Process explorer.exe killed successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\ deleted successfully. C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL unregistered successfully. C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL moved successfully. Registry value HKEY_USERS\S-1-5-21-1202660629-484763869-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37B85A29-692B-4205-9CAD-2626E4993404} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ not found. File C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL not found. C:\AUTOEXEC.BAT moved successfully. C:\autorun.inf moved successfully. E:\autorun.inf moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40c62a70-bd6f-11dd-93fb-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c62a70-bd6f-11dd-93fb-806d6172696f}\ not found. E:\sm.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40c62a70-bd6f-11dd-93fb-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c62a70-bd6f-11dd-93fb-806d6172696f}\ not found. File E:\sm.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e00eb332-5331-11de-95d8-4d6564696130}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e00eb332-5331-11de-95d8-4d6564696130}\ not found. File G:\sm.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e00eb332-5331-11de-95d8-4d6564696130}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e00eb332-5331-11de-95d8-4d6564696130}\ not found. File G:\sm.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully. C:\sm.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ not found. File C:\sm.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully. File E:\sm.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File E:\sm.exe not found. ========== FILES ========== C:\Program Files\MyGlobalSearch\bar\Settings moved successfully. C:\Program Files\MyGlobalSearch\bar\History moved successfully. C:\Program Files\MyGlobalSearch\bar\Cache moved successfully. C:\Program Files\MyGlobalSearch\bar\1.bin moved successfully. C:\Program Files\MyGlobalSearch\bar moved successfully. C:\Program Files\MyGlobalSearch moved successfully. File\Folder C:\autorun.inf not found. File\Folder E:\autorun.inf not found. File\Folder C:\sm.exe not found. File\Folder E:\sm.exe not found. DllUnregisterServer procedure not found in C:\WINDOWS\System32\nmdfgds1.dll C:\WINDOWS\System32\nmdfgds1.dll NOT unregistered. C:\WINDOWS\System32\nmdfgds1.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\nmdfgds0.dll C:\WINDOWS\System32\nmdfgds0.dll NOT unregistered. C:\WINDOWS\System32\nmdfgds0.dll moved successfully. C:\WINDOWS\System32\olhrwef.exe moved successfully. ========== REGISTRY ========== HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully! ========== COMMANDS ========== File delete failed. C:\Documents and Settings\D A N I E L\Ustawienia lokalne\Temp\etilqs_4DoGDerDw9RNopNgEnrT scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\D A N I E L\Ustawienia lokalne\Temp\~DF74CA.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_408.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Temp folders emptied. Explorer started successfully OTL by OldTimer - Version 2.1.1.0 log created on 06102009_122915 Files moved on Reboot... File C:\Documents and Settings\D A N I E L\Ustawienia lokalne\Temp\etilqs_4DoGDerDw9RNopNgEnrT not found! C:\Documents and Settings\D A N I E L\Ustawienia lokalne\Temp\~DF74CA.tmp moved successfully. File move failed. C:\WINDOWS\temp\Perflib_Perfdata_408.dat scheduled to be moved on reboot. Registry entries deleted on Reboot...

Kod: Zaznacz wszystko: OTL logfile created on: 2009-06-10 12:37:31 - Run 3 OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\D A N I E L\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,48 Mb Total Physical Memory | 257,87 Mb Available Physical Memory | 50,42% Memory free 1,25 Gb Paging File | 0,96 Gb Available in Paging File | 76,43% Paging File free Paging file location(s): C:\pagefile.sys 800 1200 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,64 Gb Total Space | 11,16 Gb Free Space | 59,88% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 37,26 Gb Total Space | 20,42 Gb Free Space | 54,81% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: XP-5333C863EC9A Current User Name: D A N I E L Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2009-02-05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-02-05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2008-12-06 18:47:02 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-02-05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-02-05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2004-08-04 00:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2004-08-04 00:44:26 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe PRC - [2003-10-16 19:07:10 | 00,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe PRC - [2003-10-16 19:07:12 | 00,053,248 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\TaskBarIcon.exe PRC - [2009-02-05 23:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2004-07-28 17:39:28 | 00,962,661 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe PRC - [2009-04-28 23:53:54 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2003-10-16 19:07:12 | 00,626,688 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\NeostradaTP.exe PRC - [2003-10-16 19:07:10 | 00,200,704 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\ComComp.exe PRC - [2003-10-16 19:07:12 | 00,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\Watch.exe PRC - [2009-06-10 12:36:50 | 02,527,280 | ---- | M] () -- C:\Program Files\Alwil Software\Avast4\setup\avast.setup PRC - [2009-06-09 23:42:50 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D A N I E L\Pulpit\OTL.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-02-05 23:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - [2009-02-05 23:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009-02-05 23:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) SRV - [2009-02-05 23:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009-03-03 14:53:32 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped]) SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2008-12-06 18:47:02 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2009-02-05 23:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running]) DRV - [2001-08-17 22:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running]) DRV - [2004-03-02 10:26:58 | 00,050,007 | ---- | M] (Analog Deivces) -- C:\WINDOWS\System32\Drivers\adildr.sys -- (ADILOADER [Auto | Stopped]) DRV - [2004-03-02 10:24:16 | 00,127,065 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\system32\DRIVERS\adiusbaw.sys -- (adiusbaw [On_Demand | Running]) DRV - [2009-02-05 23:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) DRV - [2009-02-05 23:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) DRV - [2009-02-05 23:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) DRV - [2009-02-05 23:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running]) DRV - [2009-02-05 23:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running]) DRV - [2002-11-18 09:51:40 | 00,377,358 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci [On_Demand | Running]) DRV - [2004-08-04 01:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running]) DRV - [2001-08-18 00:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running]) DRV - [2006-10-22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2003-08-04 15:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped]) DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2008-12-31 21:58:38 | 00,028,400 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running]) DRV - [2009-01-04 14:56:07 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl IE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll () IE - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\S-1-5-21-1202660629-484763869-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-05-07 17:58:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-06-02 20:41:16 | 00,000,000 | ---D | M] [2009-01-19 19:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\D A N I E L\Dane aplikacji\mozilla\Extensions [2009-01-19 19:49:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\D A N I E L\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-06-10 00:55:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\D A N I E L\Dane aplikacji\mozilla\Firefox\Profiles\jwpbbj2f.default\extensions [2009-05-04 17:44:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\D A N I E L\Dane aplikacji\mozilla\Firefox\Profiles\jwpbbj2f.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2008-12-01 23:09:26 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Dane aplikacji\Mozilla\FireFox\Profiles\jwpbbj2f.default\searchplugins\winamp-search-1.xml [2008-12-01 22:38:07 | 00,000,358 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Dane aplikacji\Mozilla\FireFox\Profiles\jwpbbj2f.default\searchplugins\winamp-search.xml [2009-06-10 12:35:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-04-28 23:54:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-01-09 00:06:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009-04-28 23:53:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-04-28 23:53:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-04-23 00:35:20 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-04-23 00:35:20 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-04-23 00:35:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-04-23 00:35:20 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-04-23 00:35:20 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-04-23 00:35:20 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-04-23 00:35:20 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation) O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe () O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe (France Télécom R&D) O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe (France Télécom R&D) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1202660629-484763869-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1202660629-484763869-1957994488-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Pobierz z &BitSpirit - E:\programy\BitSpirit\bsurl.htm () O9 - Extra Button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-06-10 12:37:26 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [3 C:\WINDOWS\*.tmp files] [2009-06-10 12:29:15 | 00,000,000 | ---D | C] -- C:\_OTL [2009-06-10 11:44:25 | 00,000,000 | ---D | C] -- C:\TonisArts [2009-06-10 00:05:04 | 53,639,9872 | -HS- | C] () -- C:\hiberfil.sys [2009-06-09 23:52:03 | 00,000,000 | ---D | C] -- C:\SDFix [2009-06-09 23:51:19 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\SDFix.exe [2009-06-09 23:42:43 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\D A N I E L\Pulpit\OTL.exe [2009-06-09 23:11:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009-06-09 23:00:41 | 00,055,296 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\Seconfig XP.exe [2009-06-09 22:56:40 | 00,038,899 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\SeconfigXP.zip [2009-06-09 20:46:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\D A N I E L\Dane aplikacji\Malwarebytes [2009-06-09 20:46:24 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-06-09 20:46:21 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-06-09 20:46:19 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-06-09 20:46:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-06-09 20:46:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-06-09 20:43:57 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\D A N I E L\Pulpit\mbam-setup.exe [2009-06-09 17:47:26 | 00,006,689 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\podanie.abw [2009-06-09 14:49:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment [2009-06-08 11:01:39 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdaudio.sys [2009-06-07 20:55:19 | 00,007,168 | -HS- | C] () -- C:\WINDOWS\Thumbs.db [2009-06-07 20:55:15 | 00,005,632 | -HS- | C] () -- C:\Thumbs.db [2009-06-07 09:22:48 | 00,172,674 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\1211AAneut4sell.bmp [2009-06-07 09:10:04 | 00,172,126 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\USRep1110forsell.bmp [2009-06-04 07:39:55 | 00,008,119 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\historia.rtf [2009-06-02 20:41:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2009-06-02 20:38:31 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2009-06-01 12:52:33 | 00,016,322 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\podanie.abw [2009-05-24 16:34:56 | 00,220,210 | ---- | C] () -- C:\Documents and Settings\D A N I E L\Pulpit\niem.abw [2009-05-16 11:59:05 | 00,000,000 | ---D | C] -- C:\Program Files\The Learning Company [2009-05-16 11:58:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2009-04-06 17:30:16 | 00,000,626 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009-01-04 14:56:05 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-01-03 18:19:50 | 00,001,323 | ---- | C] () -- C:\WINDOWS\disney.ini [2008-12-29 22:50:44 | 00,001,499 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2008-12-29 11:22:40 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-12-06 18:47:22 | 00,138,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008-12-01 10:43:10 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX3600FGD.ini [2008-11-30 01:43:52 | 00,000,785 | ---- | C] () -- C:\WINDOWS\Rtcw.INI [2008-11-29 11:43:35 | 00,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2008-11-29 11:43:35 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini [2008-11-29 11:43:27 | 00,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini [2008-11-29 11:43:22 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2008-11-29 11:43:19 | 00,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll [2008-11-29 11:20:00 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\adinst32.dll [2008-11-28 19:45:43 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2008-11-28 19:15:48 | 00,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2008-11-28 19:13:34 | 00,028,165 | ---- | C] () -- C:\WINDOWS\cmijack.ini [2008-11-28 19:13:34 | 00,018,240 | ---- | C] () -- C:\WINDOWS\cmaudio.ini [2008-11-28 19:11:57 | 00,000,199 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2008-11-28 19:11:57 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2006-10-22 13:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-22 13:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-22 13:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-22 13:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-22 13:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-22 13:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-22 13:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2004-08-04 00:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-07-17 11:36:38 | 00,028,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2001-07-21 22:16:20 | 00,000,498 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 22:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [3 C:\WINDOWS\*.tmp files] [2009-06-10 12:34:07 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-06-10 12:33:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-06-10 12:33:22 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\D A N I E L\Ustawienia lokalne\desktop.ini [2009-06-10 12:33:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-06-10 12:32:59 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys [2009-06-10 00:01:56 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS [2009-06-09 23:51:44 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\SDFix.exe [2009-06-09 23:42:50 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\D A N I E L\Pulpit\OTL.exe [2009-06-09 22:56:43 | 00,038,899 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\SeconfigXP.zip [2009-06-09 20:46:24 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-06-09 20:45:36 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\D A N I E L\Pulpit\mbam-setup.exe [2009-06-09 17:47:26 | 00,006,689 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\podanie.abw [2009-06-08 17:54:17 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-06-08 09:54:14 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-06-07 20:55:19 | 00,007,168 | -HS- | M] () -- C:\WINDOWS\Thumbs.db [2009-06-07 20:55:17 | 00,005,632 | -HS- | M] () -- C:\Thumbs.db [2009-06-07 09:22:48 | 00,172,674 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\1211AAneut4sell.bmp [2009-06-07 09:10:04 | 00,172,126 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\USRep1110forsell.bmp [2009-06-07 08:43:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-06-04 07:39:55 | 00,008,119 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\historia.rtf [2009-06-02 08:39:54 | 00,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB [2009-06-01 12:52:33 | 00,016,322 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\podanie.abw [2009-05-26 22:38:08 | 00,002,389 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2009-05-26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-05-26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-05-24 16:34:56 | 00,220,210 | ---- | M] () -- C:\Documents and Settings\D A N I E L\Pulpit\niem.abw [2009-05-22 01:36:46 | 00,001,499 | ---- | M] () -- C:\WINDOWS\bestplayer.ini [2009-05-22 01:36:46 | 00,000,072 | ---- | M] () -- C:\WINDOWS\bestplayer.bpp [2009-05-22 01:36:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\bestplayer.bbt [2009-05-16 11:58:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\SETUP32.INI [2009-05-13 18:25:00 | 00,070,656 | -HS- | M] () -- C:\Documents and Settings\D A N I E L\Moje dokumenty\Thumbs.db < End of report >

**Posty:** 18165 · przez **wojtas** 10 Cze 2009, 13:22

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym (skasuj co znajdzie)

Malwarebytes Anti-Malware

Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji

Autor postu otrzymał pochwałę

**Posty:** 4 · przez **inf** 11 Cze 2009, 11:24

Kod: Zaznacz wszystko: RAPORT KASPERSKY ONLINE SCANNER 7.0 czwartek, 11 czerwiec 2009 System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600) Wersja Kaspersky Online Scanner: 7.0.26.12 Data ostatniej aktualizacji bazy danych: Thursday, June 11, 2009 01:56:09 Liczba wpisów: 2335799 Ustawienia skanowania Typ bazy danych użytej do skanowania rozszerzona Skanuj archiwa tak Skanuj pocztowe bazy danych tak Obszar skanowania Mój komputer A:\ C:\ D:\ E:\ F:\ Statystyki skanowania Przeskanowanych plików 33301 Nazwa zagrożenia 1 Zainfekowanych obiektów 1 Podejrzanych obiektów 0 Czas skanowania 02:11:34 Nazwa pliku Nazwa zagrożenia Liczba zagrożeń E:\My Download\darius finaly - greatest hits.wma Zainfekowany: Trojan-Downloader.WMA.Wimad.n 1 Wybrany obszar został przeskanowany.

plik został usunięty bez problemu. Dziekuję za pomoc