Aktualizacje na programosy.pl: Reg OrganizerPlayOnAtlantis Word ProcessorWinSCP PortableWinSCPMozilla FirefoxVX SearchAIDA64 Extreme EditionMediachance Dynamic Auto-Painter Pro  

  • Ogłoszenie:

Problem z ochroną plików systemu

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Problem z ochroną plików systemu

Postprzez matiz 06 Mar 2010, 19:20

reklama
Witam,
skanując komputer skanerem online, skaner znalazł kilka wirusów, po kilku chwilach pokazał mi się komunikat typu: "Ochrona plików systemu Windows, pliki wymagane do prawidłowego działania systemu windows zostały zastąpione nie rozpoznanymi wersjami. Aby zapewnić stabilność systemu, system Windows musi przywrócić oryginalne wersje tych plików. Włóż teraz dysk cd-rom dodatku service pack 2 systemu" ...

Pewnie któryś z wirusów wyrządził 'krzywde' systemowi, a najgorsze jest że aktualnie nie posiadam tej płyty o który prosi komputer... Proszę o pomoc, podczas skanowania skanerem skaner wykrył trojana którego nie potrafił usunąć, załączam loga:

Kod: Zaznacz wszystko
OTL logfile created on: 2010-03-06 18:09:57 - Run 3
OTL by OldTimer - Version 3.1.23.0     Folder = C:\
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,00 Mb Total Physical Memory | 231,00 Mb Available Physical Memory | 45,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,56 Gb Total Space | 0,23 Gb Free Space | 1,26% Space Free | Partition Type: FAT32
Drive D: | 18,67 Gb Total Space | 0,11 Gb Free Space | 0,59% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATIZ
Current User Name: Mateusz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-01-10 12:39:20 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2009-10-11 04:17:36 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-10-11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008-12-13 06:23:30 | 00,882,176 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2008-10-04 14:08:56 | 00,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008-08-07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008-08-05 14:11:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008-08-05 14:10:58 | 00,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008-06-17 16:00:34 | 01,249,280 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
PRC - [2008-05-22 15:05:06 | 00,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2007-09-20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2006-07-14 16:24:10 | 00,049,152 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\ZSSnp211.EXE
PRC - [2004-08-03 22:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004-08-03 22:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-07-15 11:42:00 | 00,114,755 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004-01-26 11:38:38 | 00,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
PRC - [2003-10-16 19:07:12 | 00,626,688 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\NeostradaTP.exe
PRC - [2003-10-16 19:07:12 | 00,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\Watch.exe
PRC - [2003-10-16 19:07:10 | 00,200,704 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\ComComp.exe
PRC - [2003-10-16 19:07:10 | 00,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe
PRC - [2000-08-04 02:50:00 | 00,044,032 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\News\NewsUpd.exe
PRC - [2000-03-27 01:55:00 | 00,164,864 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [1999-12-13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctsvccda.exe
PRC - [1999-08-30 01:55:00 | 00,189,952 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-01-10 12:39:20 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2006-08-25 17:51:14 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-10-11 04:17:36 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008-08-07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-03-23 10:17:24 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007-09-20 15:35:38 | 00,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-09-20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007-01-04 03:40:22 | 00,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2004-07-15 11:42:00 | 00,114,755 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-02-20 19:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [1999-12-13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\Ctsvccda.exe -- (Creative Service for CDROM Access)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2008-06-06 09:24:44 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008-05-07 07:38:20 | 00,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008-05-07 07:38:20 | 00,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007-09-17 15:53:26 | 00,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007-07-07 23:19:12 | 00,028,400 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2007-01-15 17:41:52 | 00,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006-07-25 11:47:56 | 00,391,791 | ---- | M] (ZSMC Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZS211.sys -- (ZSMC211) USB PC Camera (ZS211)
DRV - [2005-04-26 15:32:36 | 00,012,738 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2005-04-22 17:31:20 | 00,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005-02-25 16:49:18 | 00,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004-08-23 13:55:54 | 00,029,440 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\actser.sys -- (actser)
DRV - [2004-08-09 13:33:26 | 00,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004-08-09 13:29:28 | 00,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004-08-03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2004-08-03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-08-03 21:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004-07-15 11:42:00 | 02,459,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003-12-08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003-12-08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003-12-01 17:20:52 | 00,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003-09-19 16:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003-07-17 12:56:32 | 00,089,216 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\FO_PAnt.sys -- (FO_PAnt)
DRV - [2003-04-03 12:04:28 | 00,058,752 | ---- | M] (Panda Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (pavdrv)
DRV - [2002-10-09 13:53:54 | 00,043,904 | ---- | M] (Alfa Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AFPAnsi.sys -- (AFPAnsi)
DRV - [2001-11-08 10:53:54 | 00,018,120 | R--- | M] (   ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [2001-08-17 22:02:40 | 00,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame)
DRV - [2001-08-17 22:02:32 | 00,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-08-17 20:19:34 | 00,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001-01-03 02:00:00 | 00,500,677 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sbpci.sys -- (sbpci) Sound Blaster AudioPCI Audio Driver (WDM)
DRV - [1999-12-17 01:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-299502267-725345543-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-299502267-725345543-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
IE - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll ()
IE - HKU\S-1-5-21-299502267-725345543-1801674531-1003\S-1-5-21-299502267-725345543-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://pl.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007-05-01 19:19:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007-05-01 19:19:34 | 00,000,000 | ---D | M]

[2010-01-06 00:19:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Extensions
[2007-05-01 19:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\g9lmhmdm.default\extensions
[2010-01-09 23:20:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\g9lmhmdm.default\extensions\toolbar@ask.com
[2007-05-01 19:19:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-06 00:18:58 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-06 00:18:58 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-06 00:18:58 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-06 00:18:58 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-06 00:18:58 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-06 00:18:58 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll (BitComet)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WooCnxMon] C:\Program Files\Neostrada TP\CnxMon.exe ()
O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Neostrada TP\Watch.exe (France Télécom R&D)
O4 - HKLM..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.EXE (ZSMCSNAP)
O4 - HKU\S-1-5-21-299502267-725345543-1801674531-1003..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe (Time Information Services Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O7 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O7 - HKU\S-1-5-21-299502267-725345543-1801674531-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all links using BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download all videos using BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download link using &BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..Trusted Domains: com.pl ([mks] http in Zaufane witryny)
O15 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..Trusted Domains: com.pl ([www.mks] http in Zaufane witryny)
O15 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} http://mks.com.pl/skaner/SkanerOnline.cab (MainControl Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} http://skaner.mks.com.pl/SkanerOnline.cab (MainControl Class)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-12 00:10:54 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006-09-13 19:58:26 | 00,000,000 | ---D | M] - C:\AutoRun -- [ FAT32 ]
O32 - AutoRun File - [2006-09-13 19:58:02 | 00,593,920 | ---- | M] (Electronic Arts Inc.) - C:\AutoRunGUI.dll -- [ FAT32 ]
O32 - AutoRun File - [2010-01-12 00:10:54 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2007-12-29 19:51:00 | 00,000,081 | RHS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-02-17 19:25:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Pulpit\psy tapety
[2007-05-19 13:38:52 | 00,018,120 | R--- | C] (   ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2005-05-15 22:26:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Symantec
[2005-02-19 13:05:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-02-19 13:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-02-19 12:41:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2005-02-19 12:41:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-03-06 12:53:22 | 00,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-03-06 12:52:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-03-06 12:52:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-03-06 12:52:52 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2010-03-05 21:44:28 | 08,126,464 | -H-- | M] () -- C:\Documents and Settings\Mateusz\NTUSER.DAT
[2010-03-05 09:42:06 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Mateusz\ntuser.ini
[2010-03-04 19:59:18 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-01 19:36:00 | 00,001,222 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-03-01 19:36:00 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010-03-01 19:36:00 | 00,000,252 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-28 10:07:54 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-26 16:50:32 | 00,107,372 | ---- | M] () -- C:\anna_baranska.jpeg
[2010-02-23 01:12:04 | 00,078,848 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\MksClean[www.instalki.pl].exe
[2010-02-22 17:39:50 | 00,000,636 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Postal 2 -  Share the Pain.lnk
[2010-02-21 19:29:26 | 02,640,814 | -H-- | M] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-21 13:17:50 | 00,130,760 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\kkkkkkkkkk.jpg
[2010-02-19 23:29:08 | 00,212,139 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\6Weidera.JPG
[2010-02-10 12:31:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-02-26 16:50:30 | 00,107,372 | ---- | C] () -- C:\anna_baranska.jpeg
[2010-02-26 15:38:14 | 00,000,319 | ---- | C] () -- C:\Documents and Settings\Mateusz\Moje dokumenty\Skrót do ComboFix.lnk
[2010-02-23 01:12:01 | 00,078,848 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\MksClean[www.instalki.pl].exe
[2010-02-22 17:39:45 | 00,000,636 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\Postal 2 -  Share the Pain.lnk
[2010-02-21 13:17:49 | 00,130,760 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\kkkkkkkkkk.jpg
[2010-02-19 23:29:07 | 00,212,139 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\6Weidera.JPG
[2009-08-24 23:30:55 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-08-24 23:30:55 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-08-24 23:30:53 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-08-24 23:30:49 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-08-24 23:30:49 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-12-14 16:02:05 | 00,102,317 | ---- | C] () -- C:\Documents and Settings\Mateusz\Dane aplikacji\NMM-MetaData.db
[2008-03-23 10:04:21 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008-03-21 17:30:17 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008-02-01 14:21:09 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2007-12-27 22:19:54 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
[2007-08-02 19:08:46 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-07-12 16:14:42 | 00,000,651 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-05-19 13:41:57 | 00,000,375 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2007-05-09 16:00:48 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache
[2007-03-31 17:00:21 | 00,000,486 | ---- | C] () -- C:\WINDOWS\naglos.INI
[2007-03-29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007-01-15 17:41:49 | 00,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006-11-23 15:23:31 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006-04-19 15:55:28 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2005-10-14 11:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005-09-19 19:15:59 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005-08-09 16:10:30 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005-05-28 00:10:25 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005-05-24 21:15:25 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\windblt.dll
[2005-05-20 21:26:00 | 00,000,678 | ---- | C] () -- C:\WINDOWS\ChaseHQ2EvoConfig.ini
[2005-04-30 17:15:40 | 00,000,771 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005-04-22 19:29:01 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005-04-22 19:28:43 | 00,000,009 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2005-04-22 17:05:05 | 00,050,458 | ---- | C] () -- C:\WINDOWS\System32\interceptor.sys
[2005-04-10 19:40:58 | 00,000,533 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2005-04-10 19:37:56 | 00,089,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FO_PAnt.sys
[2005-02-25 16:44:52 | 00,009,965 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2005-02-25 15:20:55 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005-02-21 15:55:37 | 00,208,384 | ---- | C] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005-02-19 15:07:34 | 00,001,563 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2005-02-19 15:03:49 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005-02-19 13:31:05 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005-02-19 13:25:00 | 00,000,071 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005-02-19 13:09:03 | 00,000,489 | ---- | C] () -- C:\WINDOWS\demo.INI
[2004-08-03 22:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-07-17 09:36:38 | 00,028,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002-12-10 00:00:00 | 01,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002-12-10 00:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2001-09-17 13:20:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1999-08-12 00:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1999-08-12 00:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1999-01-22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2005-06-16 22:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Kazaa Lite
[2005-09-18 13:18:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint
[2005-11-26 13:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\stamina
[2007-06-24 00:56:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
[2007-11-13 23:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FlashFXP
[2008-11-26 17:45:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2008-11-26 17:51:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2005-06-24 17:42:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Opera
[2005-09-18 13:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Aim
[2007-01-19 20:23:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\matiz
[2007-02-15 14:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\uTorrent
[2007-02-27 17:59:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Microgaming
[2007-04-29 13:07:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\MusicIP
[2007-09-16 11:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\BearShare
[2008-03-21 17:33:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Panasonic
[2008-07-20 12:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\HouseCall 6.6
[2008-11-26 17:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Nokia
[2008-11-26 17:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\PC Suite

[color=#E56717]========== Purity Check ==========[/color]


< End of report >


Plik extras.txt nie zapisał mi się po wygenerowaniu loga...
matiz
~user
 
Posty: 203
Dołączenie: 22 Lip 2005, 21:37


Góra

Problem z ochroną plików systemu

Postprzez Mikou@j 06 Mar 2010, 19:29

matiz napisał(a):Plik extras.txt nie zapisał mi się po wygenerowaniu loga...

więc wygeneruj jeszcze raz. Poza tym brakuje loga z gmera
Czytaj zasady-wstawiania-logow-vt93842.html
ASUS TUF Gaming FX505DT R5-3550H/16GB || XBOX ONE + LG 43UJ6307 || Nintendo Switch ||
Image
"Nothing is true, everything is permitted"
NIE POMAGAM NA PW :!:
Awatar użytkownika
Mikou@j
»ekspert
»ekspert
 
Posty: 12734
Dołączenie: 03 Sty 2006, 21:48
Miejscowość: Katowice
Pochwały: 1007

Góra

Problem z ochroną plików systemu

Postprzez matiz 13 Mar 2010, 18:12

Temat do usunięcia/zamknięcia , byłem zmuszony zrobić format , jednakże dziekuję za chęci, pozdrawiam .
matiz
~user
 
Posty: 203
Dołączenie: 22 Lip 2005, 21:37


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 4 gości

Powered by phpBB © Group
Forum Programosy.pl