Strasznie działający internet

**Posty:** 219 · przez **Pokahontaz** 12 Lip 2010, 01:25

Witam,
pisze z problemem, który pojawia się u mnie od dłuższego czasu lecz nie miałem nim kiedy się zająć. Cały problem w tym, że internet działa wręcz koszmarnie. Strony wczytują się itp lecz trwa to zdecydowanie za długo. Przy tym czasami tak nawala, że nie idzie przejrzeć nawet poczty. Od dłuższego czasu niemożliwe jest oglądanie żadnych filmików, słuchanie muzyki itp. Problem jest na tyle duży, że wszystkie te programy -gmery i inne pomimo tego, że internet jako taki działa nie szły się ściągnąć - 300kb downloadu to zbyt wiele

Całą instrukcje zamieszczania logów przeczytałem i wszystko zrobiłem we wskazanej kolejności.

Ładnie proszę o pomoc i zamieszczam co potrzeba:

GMER:

Kod: Zaznacz wszystko: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-07-10 14:46:06 Windows 5.1.2600 Dodatek Service Pack 3 Running: u8n4967c.exe; Driver: C:\DOCUME~1\Puciek\USTAWI~1\Temp\uxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xACB22C7A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xACB22B36] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xACB230EA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xACB23014] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xACB2270C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xACB22C10] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xACB2264C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xACB226B0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xACB22D30] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xACB231B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xACB22CF0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xACB22E70] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xACB2FAC6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xACB2F8EA] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xACB2FA24] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CC0 8050454C 4 Bytes JMP 58ACB230 PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP ACB2FA28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!NtCreateSection 805AB3AE 7 Bytes JMP ACB2F8EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC512 5 Bytes JMP ACB2B536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2F96 5 Bytes JMP ACB2CEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1136 7 Bytes JMP ACB2FACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9667000, 0x239517, 0xE8000020] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1088] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1088] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \FileSystem\Cdfs \Cdfs A9F50400 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x41 0x66 0x9F 0x99 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x41 0x66 0x9F 0x99 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC318F42-275E-4A62-869F-7ED05160B716}@LeaseObtainedTime 1278757491 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC318F42-275E-4A62-869F-7ED05160B716}@T1 1278757618 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC318F42-275E-4A62-869F-7ED05160B716}@T2 1278757714 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EC318F42-275E-4A62-869F-7ED05160B716}@LeaseTerminatesTime 1278757746 Reg HKLM\SYSTEM\CurrentControlSet\Services\{EC318F42-275E-4A62-869F-7ED05160B716}\Parameters\Tcpip@LeaseObtainedTime 1278757491 Reg HKLM\SYSTEM\CurrentControlSet\Services\{EC318F42-275E-4A62-869F-7ED05160B716}\Parameters\Tcpip@T1 1278757618 Reg HKLM\SYSTEM\CurrentControlSet\Services\{EC318F42-275E-4A62-869F-7ED05160B716}\Parameters\Tcpip@T2 1278757714 Reg HKLM\SYSTEM\CurrentControlSet\Services\{EC318F42-275E-4A62-869F-7ED05160B716}\Parameters\Tcpip@LeaseTerminatesTime 1278757746 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE9BCB42-B9C9-6F15-CA8B-46356DBEAABF} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE9BCB42-B9C9-6F15-CA8B-46356DBEAABF}@nacmmfojeiklionhogldgnojckld 0x6A 0x61 0x66 0x67 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE9BCB42-B9C9-6F15-CA8B-46356DBEAABF}@mainokginpjnjlenejdajjobdj 0x6A 0x61 0x66 0x67 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D0BA19B6-1E32-3C8E-E00B-3A61DECAF5A0} ---- EOF - GMER 1.0.15 ----

OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2010-07-11 16:34:02 - Run 1 OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\Puciek\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 97,65 Gb Total Space | 32,98 Gb Free Space | 33,77% Space Free | Partition Type: NTFS Drive D: | 200,43 Gb Total Space | 105,63 Gb Free Space | 52,70% Space Free | Partition Type: NTFS Drive E: | 7,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 124,01 Mb Total Space | 85,94 Mb Free Space | 69,30% Space Free | Partition Type: FAT32 Computer Name: PUCEK Current User Name: Puciek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-07-10 11:27:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Puciek\Pulpit\OTL.exe PRC - [2010-05-23 07:51:46 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-04-29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2009-11-18 00:37:18 | 000,224,816 | ---- | M] () -- D:\Program Files\Hotspot Shield\bin\openvpnas.exe PRC - [2009-11-12 23:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2009-11-11 11:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2009-10-27 10:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2009-10-27 10:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2009-10-27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2008-07-11 02:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2008-07-10 03:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-08-31 09:49:48 | 000,364,192 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe PRC - [2003-06-26 19:13:36 | 002,695,168 | ---- | M] (D-Link) -- C:\Program Files\D-Link\Air Utility\AirCFG.exe PRC - [2002-03-19 13:15:46 | 000,036,864 | ---- | M] (D-Link) -- C:\Program Files\WZCBDL Service\WZCBDLS.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-07-10 11:27:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Puciek\Pulpit\OTL.exe MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - File not found [Auto | Stopped] -- D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) SRV - File not found [Auto | Stopped] -- D:\Program Files\Quake III Arena\Ad-Aware_Anniversary_Pro_8.2.2_ENG_Portable\App\AdAware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-04-29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010-03-18 16:50:44 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-11-18 00:37:40 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- D:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService) SRV - [2009-11-18 00:37:18 | 000,224,816 | ---- | M] () [Auto | Running] -- D:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService) SRV - [2009-11-12 23:42:18 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2009-10-27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009-09-08 19:14:00 | 003,363,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2008-07-11 02:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) SRV - [2008-07-11 02:28:06 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) SRV - [2008-07-11 02:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100) SRV - [2008-07-10 03:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008-07-10 03:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2007-08-31 09:49:48 | 000,364,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\atwtusb.exe -- (WTService) SRV - [2002-03-19 13:15:46 | 000,036,864 | ---- | M] (D-Link) [Auto | Running] -- C:\Program Files\WZCBDL Service\WZCBDLS.exe -- (WZCBDLService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\SBREdrv.sys -- (SBRE) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psxenum.sys -- (PsxPortEnumerator) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Puciek\USTAWI~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130) DRV - [2010-05-06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-05-06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-05-06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-05-06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-05-06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-05-06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-05-05 04:45:04 | 004,807,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010-02-22 18:28:52 | 005,862,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010-01-08 23:33:22 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-11-18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009-11-18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009-11-15 16:59:19 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009-11-12 23:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss) DRV - [2009-11-09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009-10-06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009-10-06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009-10-06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009-10-06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-07-10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-08-08 12:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lachesis.sys -- (LachesisFltr) DRV - [2007-03-01 10:05:38 | 000,090,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007-02-26 17:15:22 | 000,061,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21) DRV - [2006-11-17 12:35:36 | 000,031,080 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid8106.sys -- (hid8106) DRV - [2006-10-13 14:48:26 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb20.sys -- (xusb20) DRV - [2005-12-21 12:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Usbicp.sys -- (uisp) DRV - [2004-10-24 09:11:00 | 000,028,800 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PPortJoy.sys -- (PPortJoystick) DRV - [2004-10-24 09:11:00 | 000,013,952 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PPJoyBus.sys -- (PPJoyBus) DRV - [2003-07-14 12:45:52 | 000,159,104 | R--- | M] (D-Link Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETDLWL.sys -- (NETDLWL) D-Link Air Wireless Adapter(DL) DRV - [2002-09-27 19:21:26 | 000,022,912 | ---- | M] (D-Link Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NIOC.sys -- (NIOC) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\altavista, = http://www.altavista.com/q?q=%s IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\dictionary, = http://dictionary.reference.com/search?q=%s IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://search.ebay.com/%s IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\google, = http://www.google.com/search?q=%s IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\grep, = http://www.google.com/search?q=%s IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\hotmail, = http://www.hotmail.com IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\money, = http://moneycentral.msn.com/investor/common/findsymbol.asp?optType=&Company=%s IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\msdn, = http://search.microsoft.com/default.asp?qu=%s&boolean=ALL&nq=NEW&so=RECCNT&p=1&ig=01&ig=03&ig=04&ig=05&ig=06&i=00&i=01&i=02&i=03&i=04&i=05&i=06&i=07&i=08&i=09&i=10&i=11&i=12&i=13&i=14&i=15&i=16&i=17&i=18&i=19&i=20&i=21&i=22&i=23&i=24&i=25&i=26&i=27&i=28&i=29&i=30&i=31&i=32&i=33&i=34&i=35&i=36&i=37&i=38&i=39&i=40&i=41&siteid=us/dev IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\msn, = http://search.msn.com/results.aspx?FORM=SMCRT&q=%s IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\slashdot, = http://www.slashdot.com IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\wikipedia, = http://en.wikipedia.org/w/wiki.phtml?title=%s IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\yahoo, = http://search.yahoo.com/bin/search?p=%s IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL\yahoomail, = http://mail.yahoo.com IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-12-17 13:46:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-29 00:13:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-04 11:38:06 | 000,000,000 | ---D | M] [2009-11-15 17:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Mozilla\Extensions [2010-07-11 09:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Mozilla\Firefox\Profiles\l8mujomy.default\extensions [2010-05-01 07:55:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Puciek\Dane aplikacji\Mozilla\Firefox\Profiles\l8mujomy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-05-18 07:27:46 | 000,003,483 | ---- | M] () -- C:\Documents and Settings\Puciek\Dane aplikacji\Mozilla\Firefox\Profiles\l8mujomy.default\searchplugins\szukaj-na-jm.xml [2010-07-10 11:22:18 | 000,001,011 | ---- | M] () -- C:\Documents and Settings\Puciek\Dane aplikacji\Mozilla\Firefox\Profiles\l8mujomy.default\searchplugins\torrentz-search.xml [2009-11-20 00:57:43 | 000,001,979 | ---- | M] () -- C:\Documents and Settings\Puciek\Dane aplikacji\Mozilla\Firefox\Profiles\l8mujomy.default\searchplugins\wrzuta.xml [2009-11-15 20:15:45 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\Puciek\Dane aplikacji\Mozilla\Firefox\Profiles\l8mujomy.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2010-07-11 00:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-03 01:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll [2009-12-15 17:02:53 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll [2010-03-13 19:33:40 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-13 19:33:40 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-13 19:33:40 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-13 19:33:40 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-13 19:33:40 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-13 19:33:40 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml Hosts file not found O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKLM..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe (D-Link) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1078081533-1844237615-682003330-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0 O7 - HKU\S-1-5-21-1078081533-1844237615-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0 O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-03-25 13:05:10 | 000,000,054 | ---- | M] () - C:\AutoComplete.txt -- [ NTFS ] O32 - AutoRun File - [2009-11-15 16:52:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-03-31 10:08:02 | 000,000,082 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{578bbba4-e49c-11de-8015-00134629a2b1}\Shell\AutoRun\command - "" = K:\1rfw8hjr.com -- File not found O33 - MountPoints2\{578bbba4-e49c-11de-8015-00134629a2b1}\Shell\explore\Command - "" = K:\1rfw8hjr.com -- File not found O33 - MountPoints2\{578bbba4-e49c-11de-8015-00134629a2b1}\Shell\open\Command - "" = K:\1rfw8hjr.com -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-07-10 11:54:12 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Puciek\Pulpit\OTL.exe [2010-07-03 05:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems [2010-07-03 05:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared [2010-07-03 03:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio [2010-06-22 18:58:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy [2010-06-22 16:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Puciek\Pulpit\assafsaf [2010-06-22 10:15:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft [2010-06-21 20:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft-BackupByAdAwarePortable [2010-06-12 04:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-07-11 04:43:54 | 029,531,245 | ---- | M] () -- C:\Documents and Settings\Puciek\Pulpit\Devil_May_Cry_4_-_Poradnik_Gry-OnLine.pdf [2010-07-11 00:22:58 | 022,282,240 | -H-- | M] () -- C:\Documents and Settings\Puciek\NTUSER.DAT [2010-07-10 23:07:28 | 000,000,699 | ---- | M] () -- C:\WINDOWS\win.ini [2010-07-10 23:06:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-07-10 23:06:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-07-10 11:53:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-07-10 11:52:10 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Puciek\ntuser.ini [2010-07-10 11:52:01 | 002,644,024 | -H-- | M] () -- C:\Documents and Settings\Puciek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-10 11:27:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Puciek\Pulpit\OTL.exe [2010-07-10 11:27:40 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Puciek\Pulpit\u8n4967c.exe [2010-07-09 10:31:09 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Ghost Recon Advanced Warfighter.lnk [2010-07-06 10:19:09 | 000,000,332 | ---- | M] () -- C:\WINDOWS\system.ini [2010-07-06 10:19:09 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010-07-04 11:38:06 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-07-03 11:20:01 | 000,073,416 | ---- | M] () -- C:\Documents and Settings\Puciek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-07-03 11:18:56 | 000,289,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-07-01 22:21:42 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Puciek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-23 16:31:07 | 000,060,896 | ---- | M] () -- C:\Documents and Settings\Puciek\Pulpit\comichighlighting1.png [2010-06-23 09:45:51 | 000,189,392 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010-06-23 09:41:47 | 000,138,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-06-19 09:45:56 | 000,007,283 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services [2010-06-12 06:39:42 | 000,000,275 | ---- | M] () -- C:\Skrót do Dysk lokalny (D).lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-07-11 13:55:59 | 029,531,245 | ---- | C] () -- C:\Documents and Settings\Puciek\Pulpit\Devil_May_Cry_4_-_Poradnik_Gry-OnLine.pdf [2010-07-11 13:55:37 | 008,838,608 | ---- | C] () -- C:\Documents and Settings\Puciek\Pulpit\Bayonetta_-_Poradnik_GRY-OnLine.pdf [2010-07-10 11:54:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Puciek\Pulpit\u8n4967c.exe [2010-07-09 10:31:09 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Ghost Recon Advanced Warfighter.lnk [2010-06-23 16:30:04 | 000,060,896 | ---- | C] () -- C:\Documents and Settings\Puciek\Pulpit\comichighlighting1.png [2010-06-21 11:04:05 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2010-06-12 06:39:42 | 000,000,275 | ---- | C] () -- C:\Skrót do Dysk lokalny (D).lnk [2010-05-28 02:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010-04-21 03:43:57 | 000,013,951 | ---- | C] () -- C:\WINDOWS\System32\Photoshop Elements.ini [2010-04-21 03:43:57 | 000,010,361 | ---- | C] () -- C:\WINDOWS\System32\PhotoImpact XL SE.ini [2010-04-21 03:43:57 | 000,007,633 | ---- | C] () -- C:\WINDOWS\System32\Vista.ini [2010-04-21 03:43:57 | 000,007,341 | ---- | C] () -- C:\WINDOWS\System32\XP_2000.ini [2010-04-21 03:43:57 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\MKProfile.ini [2010-04-21 03:43:56 | 000,006,422 | ---- | C] () -- C:\WINDOWS\aiptbl.ini [2010-04-20 18:06:47 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATWTINK.DLL [2010-04-10 02:17:03 | 001,795,760 | ---- | C] () -- C:\Documents and Settings\Puciek\Pulpit\save2pc.exe [2010-04-10 02:13:23 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-04-10 02:13:23 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-04-09 17:35:28 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll [2010-02-25 13:56:37 | 000,000,032 | ---- | C] () -- C:\WINDOWS\impexp.INI [2010-01-11 14:57:35 | 000,138,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-01-05 13:52:06 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-01-05 13:52:06 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-12-06 09:08:32 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-11-21 20:17:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS53.DLL [2002-06-09 14:07:30 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\DevCtrl.dll [1999-10-04 00:13:22 | 000,002,828 | ---- | C] () -- C:\WINDOWS\Cpcsrpts.ini [1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [color=#E56717]========== LOP Check ==========[/color] [2010-04-24 20:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AA2DeployClient [2010-05-01 12:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AA3DeployClient [2010-04-30 16:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper [2010-05-16 00:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2009-11-21 22:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Applications [2009-12-02 17:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2010-06-17 19:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk [2010-01-30 12:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Cakewalk [2009-11-21 20:17:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ [2010-04-30 22:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CasualForge [2009-11-28 13:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2009-11-28 13:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro [2010-06-06 05:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-05-03 08:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2009-12-17 13:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2010-01-30 13:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MP3 Remix [2010-01-21 17:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NFS Underground [2009-12-17 13:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-01-19 01:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2009-12-20 13:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Razer [2010-04-21 03:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tablet [2010-04-15 19:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Temp [2010-02-25 12:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WA-PRO [2010-01-06 00:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010-01-30 12:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Ableton [2009-12-02 17:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Ashampoo [2010-06-17 20:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Autodesk [2010-07-01 19:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\BESTplayer [2010-04-08 19:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\BFBC2CC [2010-04-30 22:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\CasualForge [2010-02-12 12:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Command & Conquer 3 Tiberium Wars [2009-11-28 13:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\DAEMON Tools Lite [2009-11-28 13:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\DAEMON Tools Pro [2010-06-17 21:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Dev-Cpp [2010-04-29 18:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Friday's games [2010-01-11 14:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\id Software [2009-12-23 12:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\ImgBurn [2010-01-29 07:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Mp3 Audio Editor [2010-05-15 08:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Need for Speed World [2010-05-15 08:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Need for Speed World Online [2009-12-17 13:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Nokia [2010-06-20 05:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Nowe Gadu-Gadu [2009-12-07 16:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\NPLUTO Corporation [2009-12-14 01:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\OpenOffice.org [2010-02-24 07:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\Opera [2009-12-17 13:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\PC Suite [2010-01-25 14:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\runic games [2010-04-04 16:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\TS3Client [2010-03-23 11:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\URSoft [2010-07-11 16:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\uTorrent [2010-02-18 00:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Puciek\Dane aplikacji\WA-PRO [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:1CE11B51 < End of report >

OTL Extras:
http://www.wklej.org/id/363354/

Pozdrawiam

**Posty:** 2183 · przez **NieWiem** 12 Lip 2010, 10:35

Za wiele zgroźności to ja tutaj nie widzę...

= = = = = M A L W A R E B Y T E S ' = = = = =

Pobierz i zainstaluj MBAM:
mirror do pobrania

Podczas instalacji zaznaczone mają być opcje:

Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Wykonaj pełne skanowanie i pokaż raport.

**Posty:** 219 · przez **Pokahontaz** 14 Lip 2010, 14:21

ten log sam sprawdziłem

i nie wiem już co się dzieje i czemu wszystko tak działa

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Wersja bazy: 4304 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 6.0.2900.5512 2010-07-12 14:12:43 mbam-log-2010-07-12 (14-12-43).txt Typ skanowania: Pełne skanowanie (C:\|D:\|) Przeskanowano obiektów: 351095 Upłynęło: 1 godzin(y), 19 minut(y), 57 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń)

**Posty:** 797 · przez **Haczyk** 15 Lip 2010, 20:44

1. sprawdz co tu pokazuje link
2. msconfig (moze jakis zbedny program dziala w tle)
3. sprobuj wejsc na strone po adresie ip i zobacz czy widac roznice (moze dns-y siadly)