Zdechły pulpit

**Posty:** 64 · przez **megatron** 03 Gru 2009, 21:10

Mam problem z pulpitem. Co jakiś czas robi się on martwy poza paskiem zadań. W ten sposób po zminimalizowaniu do paska na pulpicie pozostaje ostatni martwy obraz (strony internetowej itp) ostatnio używanego programu. Nie mam przez to dostepu do ikon na puplicie. Proszę o pomoc.

Log z Hijacka

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:00:50, on 2009-12-03 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe D:\iTunesSetup\iTunesHelper.exe C:\Program Files\Winamp\winampa.exe E:\,m,\Reader\Reader_sl.exe C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\sstext3d.scr C:\Documents and Settings\Ja\Pulpit\putty.exe C:\WINDOWS\explorer.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\explorer.exe C:\Program Files\uTorrent\uTorrent.exe E:\wu1n.exe E:\wu1n.exe E:\wu1n.exe E:\wu1n.exe E:\wu1n.exe E:\wu1n.exe E:\wu1n.exe E:\,m,\Reader\AcroRd32.exe E:\,m,\Reader\AcroRd32.exe E:\,m,\Reader\AcroRd32.exe E:\,m,\Reader\AcroRd32.exe C:\Documents and Settings\Ja\Pulpit\netlook140pl na Pyzolek\NetLook140.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = wyborcza.pl/0,0.html?p=020 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = wyborcza.pl/0,0.html?p=020 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\AntiVirus\Webfilter\AvkWebIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: (no name) - {318AC5C4-EBD8-43EC-9DD3-0DD089992C57} - C:\WINDOWS\system32\awtuuVNE.dll (file missing) O2 - BHO: (no name) - {53CDB924-5777-4FE1-A854-6F4C92E1B5B2} - C:\WINDOWS\system32\ddcYpmjI.dll (file missing) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {8E184002-F992-44BB-BF5E-536A13FC5662} - C:\WINDOWS\system32\qoMccDVP.dll (file missing) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E042F0EC-0F4A-4A2E-92C2-161F80405F00} - C:\WINDOWS\system32\qoMgfFWN.dll (file missing) O2 - BHO: (no name) - {E626CFBD-9C68-4F49-BAEE-1929F5C76CB3} - C:\WINDOWS\system32\byXRkJda.dll (file missing) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: &Tłumaczenie - {2F7DB8D7-9BE7-4666-901E-F380555BCAC7} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\AntiVirus\Webfilter\AvkWebIE.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesSetup\iTunesHelper.exe" O4 - HKLM\..\Run: [C-Media Speaker Configuration] C:\Documents and Settings\Ja\Pulpit\kodeki dżwiek\Setup.exe /SPEAKER O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Ja\USTAWI~1\Temp\{64BF564B-6B0D-4020-8AB4-FAE03CC9532B}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0015" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [C:\WINDOWS\SYSTEM32\kdewp.exe] C:\WINDOWS\SYSTEM32\kdewp.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\,m,\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKCU\..\Run: [Eraser] D:\Eraser\Eraser.exe -hide O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Ja\USTAWI~1\Temp\herss.exe O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Budzik.lnk = C:\Program Files\Budzik\budzik.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {94C70A96-012C-4171-98FC-C1971511F20D} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll,-103 - {94C70A96-012C-4171-98FC-C1971511F20D} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{34E5F8CA-1811-4D52-B5BC-2726AFF39BF9}: NameServer = 85.255.113.202,85.255.112.223 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: ddcYpmjI - ddcYpmjI.dll (file missing) O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: G DATA Scheduler (AVKService) - G DATA Software - C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe O23 - Service: Strażnik AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe O23 - Service: Usługa Google Update (gupdate1ca55d21fe63d5a) (gupdate1ca55d21fe63d5a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 10553 bytes

**Posty:** 18165 · przez **wojtas** 03 Gru 2009, 22:20

Daj loga z OTL

przenoszę do bezpieczeństwa

**Posty:** 64 · przez **megatron** 04 Gru 2009, 13:51

Kod: Zaznacz wszystko: OTL logfile created on: 2009-12-04 12:41:38 - Run 1 OTL by OldTimer - Version 3.1.11.4 Folder = C:\Documents and Settings\Ja\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,48 Mb Total Physical Memory | 150,60 Mb Available Physical Memory | 29,44% Memory free 1,22 Gb Paging File | 0,54 Gb Available in Paging File | 44,53% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,77 Gb Total Space | 0,69 Gb Free Space | 7,04% Space Free | Partition Type: NTFS Drive D: | 19,53 Gb Total Space | 0,17 Gb Free Space | 0,87% Space Free | Partition Type: NTFS Drive E: | 45,22 Gb Total Space | 1,21 Gb Free Space | 2,68% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JULKA Current User Name: Ja Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-12-04 12:39:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe PRC - [2009-10-23 13:18:00 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2009-02-10 17:03:37 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-02-10 17:03:37 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-01-08 14:23:08 | 01,019,464 | ---- | M] (G DATA Software) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2009-01-08 14:23:08 | 00,386,120 | ---- | M] (G DATA Software) -- C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe PRC - [2008-12-18 16:35:48 | 01,230,816 | ---- | M] (G DATA Software AG) -- C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe PRC - [2007-12-14 20:17:56 | 00,079,360 | ---- | M] (Opera Software) -- C:\Program Files\Opera\Opera.exe PRC - [2007-06-01 15:51:22 | 00,501,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2007-05-28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007-05-10 15:36:56 | 02,111,176 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2007-05-07 18:27:46 | 00,421,888 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\putty.exe PRC - [2005-07-20 14:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2004-08-03 23:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003-12-10 14:35:28 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\netlook140pl na Pyzolek\NetLook140.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009-12-04 12:39:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe MOD - [2006-12-21 13:30:44 | 00,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll MOD - [2006-08-25 16:51:13 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found -- -- (NMIndexingService) SRV - [2009-10-26 01:20:16 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca55d21fe63d5a) Usługa Google Update (gupdate1ca55d21fe63d5a) SRV - [2009-03-24 12:47:36 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009-02-10 17:03:37 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-01-08 14:23:08 | 01,019,464 | ---- | M] (G DATA Software) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009-01-08 14:23:08 | 00,386,120 | ---- | M] (G DATA Software) -- C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2008-12-18 16:35:48 | 01,230,816 | ---- | M] (G DATA Software AG) -- C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2007-06-01 15:51:22 | 00,501,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2007-05-28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2005-07-20 14:07:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-11-19 18:48:35 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-10-05 18:27:06 | 00,068,424 | ---- | M] (G DATA Software) -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD) DRV - [2009-10-05 18:17:08 | 00,048,712 | ---- | M] (G DATA Software AG) -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2009-10-05 18:15:58 | 00,051,016 | ---- | M] (G DATA Software AG) -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2009-10-05 18:15:53 | 00,032,328 | ---- | M] (G DATA Software AG) -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2008-10-24 18:26:50 | 00,027,904 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\ndisprot.sys -- (Ndisprot) DRV - [2008-02-22 17:53:00 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008-02-04 18:07:35 | 00,011,973 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007-08-03 23:06:50 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006-08-16 10:37:30 | 00,225,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2005-08-03 11:02:38 | 00,005,504 | ---- | M] () -- C:\WINDOWS\system32\drivers\dvdmrp.sys -- (dvdmrp) DRV - [2005-07-20 14:07:00 | 03,198,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005-04-19 03:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004-07-06 22:45:42 | 00,060,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid) DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2001-08-17 21:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = wyborcza.pl/0,0.html?p=020 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = wyborcza.pl/0,0.html?p=020 IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p=" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "wyborcza.pl/0,0.html?p=020" FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Dane aplikacji\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-06-20 16:59:31 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2009-02-08 22:56:36 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2009-10-26 01:23:22 | 00,000,000 | ---D | M] [2009-11-06 15:25:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\kxf4ht6i.default\extensions [2008-10-13 11:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\kxf4ht6i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2008-10-13 11:40:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\kxf4ht6i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2008-02-11 13:24:10 | 00,002,920 | ---- | M] () -- C:\Documents and Settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\kxf4ht6i.default\searchplugins\daemon-search.xml [2009-11-06 15:25:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-10-05 18:15:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2009-02-08 22:56:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2009-02-08 22:56:16 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll [2009-02-08 22:56:16 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll [2009-02-08 22:56:16 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll [2009-02-08 22:56:18 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll [2009-02-08 22:56:18 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll [2008-09-30 15:03:24 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll [2007-06-01 15:51:16 | 00,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll [2005-12-05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2009-02-08 22:56:34 | 00,000,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-02-08 22:56:34 | 00,001,419 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-02-08 22:56:34 | 00,000,926 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-02-08 22:56:34 | 00,000,866 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-02-08 22:56:34 | 00,001,198 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-02-08 22:56:34 | 00,001,693 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\AntiVirus\Webfilter\AvkWebIE.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (no name) - {318AC5C4-EBD8-43EC-9DD3-0DD089992C57} - C:\WINDOWS\System32\awtuuVNE.dll File not found O2 - BHO: (no name) - {53CDB924-5777-4FE1-A854-6F4C92E1B5B2} - C:\WINDOWS\System32\ddcYpmjI.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {8E184002-F992-44BB-BF5E-536A13FC5662} - C:\WINDOWS\System32\qoMccDVP.dll File not found O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {E042F0EC-0F4A-4A2E-92C2-161F80405F00} - C:\WINDOWS\System32\qoMgfFWN.dll File not found O2 - BHO: (no name) - {E626CFBD-9C68-4F49-BAEE-1929F5C76CB3} - C:\WINDOWS\System32\byXRkJda.dll File not found O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (G DATA WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\AntiVirus\Webfilter\AvkWebIE.dll () O3 - HKLM\..\Toolbar: (&Tłumaczenie) - {2F7DB8D7-9BE7-4666-901E-F380555BCAC7} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll (Techland) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKCU\..\Toolbar\ShellBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (&Tłumaczenie) - {2F7DB8D7-9BE7-4666-901E-F380555BCAC7} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll (Techland) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\,m,\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [C:\WINDOWS\SYSTEM32\kdewp.exe] C:\WINDOWS\System32\kdewp.exe File not found O4 - HKLM..\Run: [C-Media Speaker Configuration] C:\Documents and Settings\Ja\Pulpit\kodeki dżwiek\Setup.exe File not found O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe (G DATA Software) O4 - HKLM..\Run: [iTunesHelper] D:\iTunesSetup\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LanzarL2007] C:\DOCUME~1\Ja\USTAWI~1\Temp\{64BF564B-6B0D-4020-8AB4-FAE03CC9532B}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Ja\Ustawienia lokalne\Temp\herss.exe () O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe File not found O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found O4 - HKCU..\Run: [Eraser] D:\Eraser\Eraser.exe (The Eraser Project) O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\Program\Plugins\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe () O4 - Startup: C:\Documents and Settings\Ja\Menu Start\Programy\Autostart\Budzik.lnk = C:\Program Files\Budzik\budzik.exe (BLITZ-ART) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : @C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll,-103 - {94C70A96-012C-4171-98FC-C1971511F20D} - C:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll (Techland) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 158.75.88.5 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ddcYpmjI: DllName - ddcYpmjI.dll - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {53CDB924-5777-4FE1-A854-6F4C92E1B5B2} - C:\WINDOWS\System32\ddcYpmjI.dll File not found O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awtuuVNE) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-06-20 13:57:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-12-03 21:16:49 | 00,000,055 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-12-03 21:16:49 | 00,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-12-03 21:16:49 | 00,000,055 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{25ec54d1-bd76-11de-a045-0013d39fac34}\Shell\AutoRun\command - "" = m.com O33 - MountPoints2\{25ec54d1-bd76-11de-a045-0013d39fac34}\Shell\open\Command - "" = m.com O33 - MountPoints2\{b5caf454-6cad-11de-9fed-0013d39fac34}\Shell\AutoRun\command - "" = G:\mb9x.exe -- File not found O33 - MountPoints2\{b5caf454-6cad-11de-9fed-0013d39fac34}\Shell\open\Command - "" = G:\mb9x.exe -- File not found O33 - MountPoints2\{f936a7eb-ff48-11dd-9fa8-0013d39fac34}\Shell\AutoRun\command - "" = G:\pbudsara.exe -- File not found O33 - MountPoints2\{f936a7eb-ff48-11dd-9fa8-0013d39fac34}\Shell\open\Command - "" = G:\pbudsara.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-12-04 12:39:34 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe [2009-12-03 20:00:19 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-11-26 17:42:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Moje dokumenty\Sara Tommasi [2009-11-21 22:47:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Moje dokumenty\Kody [2009-11-19 21:01:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Moje dokumenty\GTA Vice City User Files [2009-11-19 19:25:15 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit [2009-11-19 19:25:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\Conduit [2009-11-12 20:19:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Moje dokumenty\Stephanie Leonidas [2009-11-11 15:32:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Moje dokumenty\Karinda i Hasana [2009-11-11 15:28:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ja\Moje dokumenty\Rhian Sugden [2007-12-05 01:58:40 | 00,846,720 | ---- | C] (Google) -- C:\Program Files\GoogleToolbarInstaller.exe [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\Documents and Settings\Ja\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Ja\Moje dokumenty\*.tmp -> ] [15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [15 C:\Documents and Settings\Ja\Pulpit\*.tmp files -> C:\Documents and Settings\Ja\Pulpit\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-12-04 12:39:34 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ja\Pulpit\OTL.exe [2009-12-04 12:39:00 | 00,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009-12-04 12:32:26 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-12-04 10:39:00 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009-12-03 21:16:49 | 00,000,055 | RHS- | M] () -- C:\autorun.inf [2009-12-03 21:15:35 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Ja\PUTTY.RND [2009-12-03 21:13:26 | 00,000,972 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2009-12-03 21:13:07 | 00,029,204 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-12-03 21:13:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-12-03 21:13:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-12-03 21:12:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-12-03 21:12:56 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys [2009-12-03 20:00:21 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\HijackThis.lnk [2009-12-03 17:36:49 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009-12-03 11:18:15 | 00,076,559 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\Lepsze_tatuaze_niz_futra_Dani Lugosi,.jpg [2009-12-02 23:43:39 | 00,054,788 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\mirrorsedge.jpg [2009-12-02 17:16:13 | 17,301,504 | -H-- | M] () -- C:\Documents and Settings\Ja\NTUSER.DAT [2009-12-02 17:15:49 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Ja\ntuser.ini [2009-11-24 07:55:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009-11-24 02:02:21 | 00,113,508 | RHS- | M] () -- C:\wu1n.exe [2009-11-24 02:02:21 | 00,113,508 | RHS- | M] () -- C:\pbudsara.exe [2009-11-23 04:53:46 | 03,704,716 | -H-- | M] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-11-22 16:30:56 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2009-11-22 02:25:03 | 00,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI [2009-11-21 00:54:36 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\Nowy Dokument programu Microsoft Word (2).doc [2009-11-19 19:25:09 | 00,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Alcohol 120%.lnk [2009-11-19 19:13:45 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2009-11-19 18:48:35 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-11-14 00:40:58 | 00,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2009-11-12 20:14:51 | 00,009,436 | ---- | M] () -- C:\Documents and Settings\Ja\Pulpit\StephanieLeonidas.jpg [2009-11-12 17:19:41 | 00,150,787 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\Miranda-Kerr-1191107.jpg [2009-11-12 15:16:18 | 00,047,724 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\Svetlana MetkinaSlowianka_3662896.jpg [2009-11-12 15:15:53 | 00,061,401 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\Svetlana Metkina Slowianka_3662898.jpg [2009-11-12 12:38:16 | 00,000,198 | ---- | M] () -- C:\WINDOWS\pdf2word.INI [2009-11-11 13:29:05 | 00,112,695 | RHS- | M] () -- C:\g12g.exe [2009-11-11 04:43:06 | 00,085,245 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\adbc68f719357ba5d677162a29bb7949.jpg [2009-11-11 04:43:00 | 00,085,407 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\67804d98d2ab9c52005dde5c1c151299.jpg [2009-11-11 04:13:35 | 00,093,483 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\kane-and-lynch-contest-babe-finalists-20071128010334836.jpg [2009-11-11 04:12:28 | 00,058,241 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\kane-and-lynch-contest-babe-finalists-20071128010448617.jpg [2009-11-09 00:15:15 | 00,114,924 | RHS- | M] () -- C:\l61yyp.exe [2009-11-08 14:40:01 | 00,024,700 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\f43a05d7abdce230388bcc874a3ff36c.jpg [2009-11-06 15:20:08 | 00,042,007 | ---- | M] () -- C:\Documents and Settings\Ja\Moje dokumenty\Nereida Gallardo.jpg [2009-11-06 15:04:08 | 00,114,602 | RHS- | M] () -- C:\1a1dndah.exe [2009-11-04 18:43:54 | 00,114,304 | RHS- | M] () -- C:\srgo.exe [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\Documents and Settings\Ja\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Ja\Moje dokumenty\*.tmp -> ] [15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [15 C:\Documents and Settings\Ja\Pulpit\*.tmp files -> C:\Documents and Settings\Ja\Pulpit\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009-12-03 20:00:21 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\HijackThis.lnk [2009-12-03 11:18:15 | 00,076,559 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\Lepsze_tatuaze_niz_futra_Dani Lugosi,.jpg [2009-12-02 23:43:39 | 00,054,788 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\mirrorsedge.jpg [2009-11-27 08:12:26 | 00,113,508 | RHS- | C] () -- C:\wu1n.exe [2009-11-19 19:25:09 | 00,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Alcohol 120%.lnk [2009-11-19 19:13:45 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2009-11-19 19:13:45 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2009-11-12 20:14:51 | 00,009,436 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\StephanieLeonidas.jpg [2009-11-12 17:19:41 | 00,150,787 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\Miranda-Kerr-1191107.jpg [2009-11-12 15:16:18 | 00,047,724 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\Svetlana MetkinaSlowianka_3662896.jpg [2009-11-12 15:15:53 | 00,061,401 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\Svetlana Metkina Slowianka_3662898.jpg [2009-11-12 12:38:16 | 00,000,198 | ---- | C] () -- C:\WINDOWS\pdf2word.INI [2009-11-11 16:05:11 | 00,113,508 | RHS- | C] () -- C:\pbudsara.exe [2009-11-11 13:29:32 | 00,112,695 | RHS- | C] () -- C:\g12g.exe [2009-11-11 04:43:06 | 00,085,245 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\adbc68f719357ba5d677162a29bb7949.jpg [2009-11-11 04:43:00 | 00,085,407 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\67804d98d2ab9c52005dde5c1c151299.jpg [2009-11-11 04:13:35 | 00,093,483 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\kane-and-lynch-contest-babe-finalists-20071128010334836.jpg [2009-11-11 04:12:28 | 00,058,241 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\kane-and-lynch-contest-babe-finalists-20071128010448617.jpg [2009-11-08 14:40:01 | 00,024,700 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\f43a05d7abdce230388bcc874a3ff36c.jpg [2009-11-07 16:56:48 | 00,114,924 | RHS- | C] () -- C:\l61yyp.exe [2009-11-07 16:53:35 | 00,114,602 | RHS- | C] () -- C:\1a1dndah.exe [2009-11-06 22:50:02 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Ja\Pulpit\Nowy Dokument programu Microsoft Word (2).doc [2009-11-06 15:20:07 | 00,042,007 | ---- | C] () -- C:\Documents and Settings\Ja\Moje dokumenty\Nereida Gallardo.jpg [2009-11-05 10:49:13 | 00,114,304 | RHS- | C] () -- C:\srgo.exe [2009-10-26 01:29:54 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-07-05 19:20:21 | 00,000,240 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2009-03-31 19:14:57 | 00,001,773 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache [2009-01-20 03:18:32 | 01,410,767 | -HS- | C] () -- C:\WINDOWS\System32\owxsmpov.ini [2009-01-19 15:29:22 | 01,407,327 | -HS- | C] () -- C:\WINDOWS\System32\ihlwjiqw.ini [2009-01-17 06:25:51 | 01,407,285 | -HS- | C] () -- C:\WINDOWS\System32\hdbnwgxo.ini [2009-01-16 06:24:43 | 01,383,279 | -HS- | C] () -- C:\WINDOWS\System32\yprowndx.ini [2009-01-14 08:28:05 | 01,373,523 | -HS- | C] () -- C:\WINDOWS\System32\kmoniiri.ini [2009-01-13 21:15:52 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-01-13 11:40:45 | 00,000,176 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009-01-13 08:27:56 | 01,273,249 | -HS- | C] () -- C:\WINDOWS\System32\llegrauw.ini [2009-01-12 15:44:37 | 00,032,545 | ---- | C] () -- C:\WINDOWS\System32\lap20nh3l4dlrru93.dll [2009-01-12 15:44:37 | 00,027,147 | ---- | C] () -- C:\WINDOWS\System32\qke3kixfefllrru93.dll [2009-01-12 15:44:37 | 00,011,900 | ---- | C] () -- C:\WINDOWS\System32\xkh1udoe84flrru93.dll [2009-01-12 10:57:30 | 01,260,593 | -HS- | C] () -- C:\WINDOWS\System32\sjtmkysd.ini [2009-01-11 10:56:48 | 01,260,593 | -HS- | C] () -- C:\WINDOWS\System32\vlxwnpmh.ini [2009-01-10 10:55:05 | 01,338,453 | -HS- | C] () -- C:\WINDOWS\System32\aljirwcj.ini [2009-01-09 20:45:38 | 01,338,453 | -HS- | C] () -- C:\WINDOWS\System32\nundnrti.ini [2009-01-07 16:22:44 | 01,331,149 | -HS- | C] () -- C:\WINDOWS\System32\vqhjppqo.ini [2009-01-06 16:23:26 | 01,325,094 | -HS- | C] () -- C:\WINDOWS\System32\slnxcbfx.ini [2008-12-18 11:30:37 | 01,636,412 | -HS- | C] () -- C:\WINDOWS\System32\hpxkqrtm.ini [2008-12-17 11:29:06 | 01,636,412 | -HS- | C] () -- C:\WINDOWS\System32\dafpgxwm.ini [2008-12-16 21:49:00 | 01,621,258 | -HS- | C] () -- C:\WINDOWS\System32\tgvfhalg.ini [2008-12-15 21:49:01 | 01,621,259 | -HS- | C] () -- C:\WINDOWS\System32\mlwwiead.ini [2008-12-14 21:46:32 | 01,621,259 | -HS- | C] () -- C:\WINDOWS\System32\ickfojnv.ini [2008-12-13 00:32:29 | 01,622,980 | -HS- | C] () -- C:\WINDOWS\System32\ucwoamit.ini [2008-12-12 00:30:11 | 01,622,980 | -HS- | C] () -- C:\WINDOWS\System32\xqjvlhxi.ini [2008-12-10 00:29:06 | 01,557,552 | -HS- | C] () -- C:\WINDOWS\System32\silydgcw.ini [2008-12-09 00:29:17 | 01,572,005 | -HS- | C] () -- C:\WINDOWS\System32\baeevacd.ini [2008-12-08 00:28:07 | 01,572,005 | -HS- | C] () -- C:\WINDOWS\System32\idafcljq.ini [2008-12-07 00:27:26 | 01,455,662 | -HS- | C] () -- C:\WINDOWS\System32\eifutogl.ini [2008-12-06 11:36:23 | 01,455,662 | -HS- | C] () -- C:\WINDOWS\System32\prrjlnph.ini [2008-12-05 11:35:37 | 01,455,662 | -HS- | C] () -- C:\WINDOWS\System32\nbglehje.ini [2008-12-04 11:35:49 | 01,398,697 | -HS- | C] () -- C:\WINDOWS\System32\ipiycccu.ini [2008-12-03 11:33:57 | 01,752,471 | -HS- | C] () -- C:\WINDOWS\System32\polxapvy.ini [2008-11-28 09:22:06 | 01,752,471 | -HS- | C] () -- C:\WINDOWS\System32\rkcpelmq.ini [2008-11-27 19:34:06 | 01,639,411 | -HS- | C] () -- C:\WINDOWS\System32\enbaeknd.ini [2008-11-26 19:31:49 | 01,639,411 | -HS- | C] () -- C:\WINDOWS\System32\sifjdqaj.ini [2008-11-25 19:29:37 | 01,639,411 | -HS- | C] () -- C:\WINDOWS\System32\lccvxypd.ini [2008-11-24 19:29:10 | 01,624,696 | -HS- | C] () -- C:\WINDOWS\System32\suqmkdnm.ini [2008-11-23 19:29:13 | 01,614,583 | -HS- | C] () -- C:\WINDOWS\System32\rhkihadv.ini [2008-11-22 19:30:02 | 01,616,489 | -HS- | C] () -- C:\WINDOWS\System32\bfnxckbc.ini [2008-11-21 19:27:51 | 01,616,489 | -HS- | C] () -- C:\WINDOWS\System32\kyoayhly.ini [2008-11-20 19:26:55 | 01,540,167 | -HS- | C] () -- C:\WINDOWS\System32\aerxjawg.ini [2008-11-19 19:26:51 | 01,576,594 | -HS- | C] () -- C:\WINDOWS\System32\nsjbygtk.ini [2008-11-17 19:26:23 | 01,555,500 | -HS- | C] () -- C:\WINDOWS\System32\ncbynkse.ini [2008-11-16 19:26:50 | 01,538,441 | -HS- | C] () -- C:\WINDOWS\System32\gkfmpugx.ini [2008-11-15 19:24:17 | 01,539,788 | -HS- | C] () -- C:\WINDOWS\System32\cgpmwxeo.ini [2008-11-14 19:25:21 | 01,539,787 | -HS- | C] () -- C:\WINDOWS\System32\nypoaghg.ini [2008-11-13 19:22:45 | 01,539,787 | -HS- | C] () -- C:\WINDOWS\System32\llqjixhd.ini [2008-11-13 19:22:02 | 01,047,580 | -HS- | C] () -- C:\WINDOWS\System32\ENVuutwa.ini2 [2008-11-13 19:22:01 | 01,047,580 | -HS- | C] () -- C:\WINDOWS\System32\ENVuutwa.ini [2008-11-07 07:35:01 | 01,902,922 | -HS- | C] () -- C:\WINDOWS\System32\nsqhyvls.ini [2008-11-07 07:34:14 | 00,363,225 | -HS- | C] () -- C:\WINDOWS\System32\adJkRXyb.ini2 [2008-11-07 07:34:13 | 00,363,225 | -HS- | C] () -- C:\WINDOWS\System32\adJkRXyb.ini [2008-11-06 12:09:52 | 01,901,308 | -HS- | C] () -- C:\WINDOWS\System32\bgjiqgrg.ini [2008-11-05 12:10:06 | 01,890,293 | -HS- | C] () -- C:\WINDOWS\System32\qgepyhod.ini [2008-11-04 23:46:06 | 01,890,028 | -HS- | C] () -- C:\WINDOWS\System32\qofxtaqs.ini [2008-11-03 23:43:15 | 01,890,028 | -HS- | C] () -- C:\WINDOWS\System32\pqpfbbwy.ini [2008-11-03 23:42:26 | 00,367,391 | -HS- | C] () -- C:\WINDOWS\System32\NWFfgMoq.ini2 [2008-11-03 23:42:26 | 00,367,391 | -HS- | C] () -- C:\WINDOWS\System32\NWFfgMoq.ini [2008-11-03 21:51:23 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008-11-03 21:51:08 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-11-03 21:51:08 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-10-30 22:41:20 | 01,466,856 | -HS- | C] () -- C:\WINDOWS\System32\utehdnvj.ini [2008-10-29 22:41:22 | 01,460,086 | -HS- | C] () -- C:\WINDOWS\System32\kkawulxq.ini [2008-10-28 22:39:30 | 01,006,759 | -HS- | C] () -- C:\WINDOWS\System32\sijmnlsj.ini [2008-10-27 22:39:32 | 01,019,285 | -HS- | C] () -- C:\WINDOWS\System32\iudioami.ini [2008-10-24 18:32:04 | 01,399,974 | -HS- | C] () -- C:\WINDOWS\System32\tsoilfqc.ini [2008-10-24 18:31:06 | 00,359,890 | -HS- | C] () -- C:\WINDOWS\System32\PVDccMoq.ini2 [2008-10-24 18:31:06 | 00,359,890 | -HS- | C] () -- C:\WINDOWS\System32\PVDccMoq.ini [2008-10-14 00:22:50 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2008-08-07 15:28:07 | 00,000,103 | ---- | C] () -- C:\WINDOWS\pro.INI [2008-02-10 16:21:52 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-02-04 18:22:50 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll [2008-02-04 18:22:50 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2007-11-23 14:43:43 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2007-10-07 10:34:24 | 00,000,506 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2007-08-03 21:46:05 | 00,000,543 | ---- | C] () -- C:\Documents and Settings\Ja\Dane aplikacji\AutoGK.ini [2007-08-02 20:41:08 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2007-07-29 21:09:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll [2007-06-25 12:46:23 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2007-06-25 12:46:23 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2007-06-20 17:42:27 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-06-20 17:00:04 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2007-06-20 16:54:30 | 00,235,520 | ---- | C] () -- C:\Documents and Settings\Ja\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006-12-08 13:50:14 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2005-08-03 11:02:38 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\dvdmrp.sys [2005-07-20 14:07:00 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2004-08-03 23:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2003-04-08 10:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002-03-21 14:39:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL [color=#E56717]========== LOP Check ==========[/color] [2009-10-05 22:15:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\2DBoy [2009-04-22 20:12:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2008-02-06 13:19:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Backup [2009-10-26 00:45:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA [2009-10-24 12:13:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2008-06-14 11:52:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks [2008-05-11 19:25:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RedLeg [2007-12-17 20:08:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\sentinel [2009-02-06 16:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-03-17 19:43:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Wru [2009-04-17 17:06:44 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646} [2007-06-20 17:29:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\.ABC 3.01 [2007-08-03 23:08:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\ACD Systems [2009-04-22 20:12:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Ashampoo [2009-01-12 15:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\BPFTP [2008-02-11 13:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\DAEMON Tools [2009-04-23 20:56:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2007-06-21 00:54:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Gadu-Gadu [2009-05-17 12:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\GanymedeNet [2007-11-09 15:50:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\gtk-2.0 [2009-11-15 09:01:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\ipla [2009-01-09 20:50:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\LimeWire [2008-08-07 15:27:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Offline Explorer [2008-01-22 11:15:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\Opera [2007-11-11 22:50:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\TuxPaint [2009-12-04 12:45:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ja\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9AEE100C @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:94A19129 < End of report >

W Drivers zaznaczyłem Use SafeList

**Posty:** 2183 · przez **NieWiem** 04 Gru 2009, 13:58

Dużo tego, w tym ślady po Vundo.

Przeczytaj uważnie instrukcję programu ComboFix, po czym wyłącz swój program antywirusowy, firewall i inne programy, które mogą zakłócać nawet pobieranie ComboFixa twierdząc, że jest wirusem. Nie jest! Spokojnie go ściągnij i zapisz na pulpicie.
Pobierz:
- LINK #1
- LINK #2
Pozamykaj wszystkie otwarte okna, komunikatory, programy. ComboFixowi nie powinno sie przeszkadzać.
Uruchom program z dwukliku (VISTA: prawoklik i 'uruchom jako administrator').
Pozwól mu spokojnie działać, nie klikaj ani nie stukaj w klawiaturę - to może spwodować zawieszenie się komputera.
Zalecane jest też instalowanie konsoli odzyskiwania, jeśli ComboFix o nią poprosi. Dzięki niej można odrolować zmiany w przypadku pomyłki narzędzia.
Jeśli będzie potrzeba - zgódź się na restart.
Kiedy program skończy, wytworzy loga (będzie on także w pliku C:\ComboFix.txt), którego wklej w odpowiedzi, pamiętając o tagach [code] lub na http://www.wklej.org.

**Posty:** 64 · przez **megatron** 04 Gru 2009, 18:00

Kod: Zaznacz wszystko: ComboFix 09-12-03.05 - Ja 2009-12-04 16:22.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.134 [GMT 1:00] Uruchomiony z: c:\documents and settings\Ja\Pulpit\ComboFix.exe AV: G DATA AntiVirus *On-access scanning disabled* (Outdated) {71310606-6F3B-49F2-9A81-8315AA75FBB3} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\1a1dndah.exe C:\autorun.inf c:\docume~1\Ja\USTAWI~1\Temp\cvasds1.dll C:\eexyv.exe C:\g12g.exe C:\hjvjte.exe C:\l61yyp.exe C:\nds0q.exe C:\pbudsara.exe C:\r2g20.exe C:\resycled c:\resycled\boot.com C:\s3ek.exe C:\sp1jensi.exe C:\srgo.exe C:\vb0hsoay.exe C:\wcgswa.exe c:\windows\exefld c:\windows\system32\adJkRXyb.ini c:\windows\system32\adJkRXyb.ini2 c:\windows\system32\aerxjawg.ini c:\windows\system32\aljirwcj.ini c:\windows\system32\baeevacd.ini c:\windows\system32\bfnxckbc.ini c:\windows\system32\bgjiqgrg.ini c:\windows\system32\cgpmwxeo.ini c:\windows\system32\dafpgxwm.ini c:\windows\system32\eifutogl.ini c:\windows\system32\enbaeknd.ini c:\windows\system32\ENVuutwa.ini c:\windows\system32\ENVuutwa.ini2 c:\windows\system32\gkfmpugx.ini c:\windows\system32\hdbnwgxo.ini c:\windows\system32\hpxkqrtm.ini c:\windows\system32\ickfojnv.ini c:\windows\system32\idafcljq.ini c:\windows\system32\ieuinit.inf c:\windows\system32\ihlwjiqw.ini c:\windows\system32\ipiycccu.ini c:\windows\system32\iudioami.ini c:\windows\system32\kkawulxq.ini c:\windows\system32\kmoniiri.ini c:\windows\system32\kyoayhly.ini c:\windows\system32\lccvxypd.ini c:\windows\system32\llegrauw.ini c:\windows\system32\llqjixhd.ini c:\windows\system32\mcrh.tmp c:\windows\system32\mlwwiead.ini c:\windows\system32\nbglehje.ini c:\windows\system32\ncbynkse.ini c:\windows\system32\nsjbygtk.ini c:\windows\system32\nsqhyvls.ini c:\windows\system32\nundnrti.ini c:\windows\system32\NWFfgMoq.ini c:\windows\system32\NWFfgMoq.ini2 c:\windows\system32\nypoaghg.ini c:\windows\system32\owxsmpov.ini c:\windows\system32\polxapvy.ini c:\windows\system32\pqpfbbwy.ini c:\windows\system32\prrjlnph.ini c:\windows\system32\PVDccMoq.ini c:\windows\system32\PVDccMoq.ini2 c:\windows\system32\qgepyhod.ini c:\windows\system32\qofxtaqs.ini c:\windows\system32\rhkihadv.ini c:\windows\system32\rkcpelmq.ini c:\windows\system32\sifjdqaj.ini c:\windows\system32\sijmnlsj.ini c:\windows\system32\silydgcw.ini c:\windows\system32\sjtmkysd.ini c:\windows\system32\slnxcbfx.ini c:\windows\system32\suqmkdnm.ini c:\windows\system32\tgvfhalg.ini c:\windows\system32\tsoilfqc.ini c:\windows\system32\ucwoamit.ini c:\windows\system32\utehdnvj.ini c:\windows\system32\vlxwnpmh.ini c:\windows\system32\vqhjppqo.ini c:\windows\system32\xqjvlhxi.ini c:\windows\system32\yprowndx.ini C:\wu1n.exe D:\1a1dndah.exe D:\Autorun.inf D:\eexyv.exe D:\g12g.exe D:\hjvjte.exe D:\l61yyp.exe D:\nds0q.exe D:\pbudsara.exe D:\r2g20.exe D:\resycled d:\resycled\boot.com D:\s3ek.exe D:\sp1jensi.exe D:\srgo.exe D:\vb0hsoay.exe D:\wcgswa.exe D:\wu1n.exe D:\ycvvj.exe E:\1a1dndah.exe E:\Autorun.inf E:\eexyv.exe E:\g12g.exe E:\hjvjte.exe E:\install.exe E:\l61yyp.exe E:\nds0q.exe E:\pbudsara.exe E:\r2g20.exe E:\resycled e:\resycled\boot.com E:\s3ek.exe E:\sp1jensi.exe E:\srgo.exe E:\vb0hsoay.exe E:\wcgswa.exe E:\wu1n.exe E:\ycvvj.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AVPsys ((((((((((((((((((((((((( Pliki utworzone od 2009-11-04 do 2009-12-04 ))))))))))))))))))))))))))))))) . 2009-12-04 15:16 . 2009-12-04 15:16 3579811 ----a-w- c:\documents and settings\Ja\Dane aplikacji\Opera\Opera\profile\cache4\opr3B7AS.exe 2009-12-03 19:00 . 2009-12-03 19:00 -------- d-----w- c:\program files\Trend Micro 2009-11-27 07:18 . 2009-11-30 21:52 79488 ----a-w- c:\documents and settings\Ja\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-24 06:55 . 2009-11-24 06:55 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\free-downloads.net 2009-11-19 18:25 . 2009-11-19 18:25 -------- d-----w- c:\program files\Conduit 2009-11-19 18:25 . 2009-11-19 18:25 -------- d-----w- c:\documents and settings\Ja\Ustawienia lokalne\Dane aplikacji\Conduit . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-04 14:23 . 2009-02-24 10:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater 2009-12-04 13:14 . 2007-06-20 18:15 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\Skype 2009-12-04 13:08 . 2009-01-09 17:44 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\uTorrent 2009-11-22 15:30 . 2007-06-23 18:10 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-11-22 15:13 . 2007-06-20 15:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-19 18:25 . 2008-02-10 15:23 -------- d-----w- c:\program files\free-downloads.net 2009-11-19 17:48 . 2008-02-10 15:21 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-11-17 08:54 . 2007-06-21 06:05 -------- d-----w- c:\program files\Apple Software Update 2009-11-15 08:01 . 2009-10-24 11:13 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\ipla 2009-10-26 00:23 . 2009-02-24 10:48 -------- d-----w- c:\program files\Google 2009-10-26 00:23 . 2008-06-13 11:56 -------- d-----w- c:\program files\DivX 2009-10-26 00:20 . 2009-10-26 00:20 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-10-25 23:45 . 2009-10-05 17:15 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\G DATA 2009-10-25 10:15 . 2009-10-25 10:12 -------- d-----w- c:\program files\ipla 2009-10-25 10:07 . 2001-10-26 15:15 50748 ----a-w- c:\windows\system32\perfc015.dat 2009-10-25 10:07 . 2001-10-26 15:15 358702 ----a-w- c:\windows\system32\perfh015.dat 2009-10-24 14:39 . 2009-10-24 14:25 -------- d-----w- c:\program files\ALLPlayer 2009-10-24 14:39 . 2008-02-08 15:58 -------- d-----w- c:\program files\NAPI-PROJEKT 2009-10-24 14:33 . 2009-10-24 14:33 114191 --sh--r- C:\b00ijwpu.exe 2009-10-24 11:13 . 2009-10-24 11:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-10-20 12:05 . 2008-04-14 11:43 -------- d-----w- c:\program files\English Translator 3 2009-10-13 08:28 . 2009-10-05 17:52 -------- d-----w- c:\program files\Panda Security 2009-10-12 13:54 . 2007-06-24 07:33 -------- d-----w- c:\program files\SPSS 2009-10-06 09:16 . 2009-10-06 09:16 118651 --sh--r- C:\ctu8r.exe 2009-10-05 21:15 . 2008-12-16 16:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\2DBoy 2009-10-05 17:27 . 2009-10-05 17:27 68424 ----a-w- c:\windows\system32\drivers\GRD.sys 2009-10-05 17:17 . 2008-03-10 06:25 48712 -c--a-w- c:\windows\system32\drivers\MiniIcpt.sys 2009-10-05 17:15 . 2009-10-05 17:15 51016 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys 2009-10-05 17:15 . 2009-10-05 17:15 32328 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2009-10-05 17:14 . 2008-03-10 06:23 -------- d-----w- c:\program files\Common Files\G DATA 2009-10-05 17:13 . 2009-10-05 17:13 -------- d-----w- c:\program files\G DATA 2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll 2007-12-05 00:58 . 2007-12-05 00:58 846720 -c--a-w- c:\program files\GoogleToolbarInstaller.exe 2009-02-08 21:56 . 2008-05-10 12:05 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-02-08 21:56 . 2008-05-10 12:05 54368 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-02-08 21:56 . 2008-05-10 12:05 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-02-08 21:56 . 2008-05-10 12:05 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-02-08 21:56 . 2008-05-10 12:05 172136 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-03-10 2079256] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-06-29 57344] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2009-03-10 10:47 2079256 ----a-w- c:\program files\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2009-03-10 2079256] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe sleep" [X] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-05-10 2111176] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-12 25448488] "Eraser"="d:\eraser\Eraser.exe" [2007-12-22 916240] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="E:\" [X] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 136600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-21 282624] "iTunesHelper"="d:\itunessetup\iTunesHelper.exe" [2007-06-01 257088] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352] "RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 589824] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\AntiVirus\AVKTray\AVKTray.exe" [2009-01-08 955464] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-20 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Ja\Menu Start\Programy\Autostart\ Budzik.lnk - c:\program files\Budzik\budzik.exe [2008-12-8 24084] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2007-7-29 155715] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\iTunesSetup\\iTunes.exe"= "\\\\Komp\\NetLook\\NetLook.exe"= "\\\\158.75.91.121\\mohaa\\MOHAA.exe"= "\\\\158.75.89.96\\NetLook\\NetLook.exe"= "\\\\158.75.90.249\\mohaa\\Mohaa.exe"= "\\\\158.75.89.92\\mohaa\\Mohaa.exe"= "\\\\158.75.90.157\\mohaa\\Mohaa.exe"= "\\\\158.75.88.68\\mohaa\\Mohaa.exe"= "\\\\158.75.89.56\\mohaa\\Mohaa.exe"= "c:\\Program Files\\Opera\\Opera.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\Polish\\setup.exe"= "\\\\158.75.89.148\\moha\\MOHAA.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Ja\\Pulpit\\utorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-02-10 721904] R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-10-05 68424] R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-10-05 51016] R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-03-10 48712] R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-10-05 32328] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-10-24 27904] . Zawartość folderu 'Zaplanowane zadania' 2009-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42] 2009-12-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-24 11:47] 2009-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 00:20] 2009-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 00:20] . . ------- Skan uzupełniający ------- . uStart Page = wyborcza.pl/0,0.html?p=020 uInternet Settings,ProxyOverride = 127.0.0.1 IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{94C70A96-012C-4171-98FC-C1971511F20D} - {94C70A96-012C-4171-98FC-C1971511F20D} - c:\program files\Russkij Translator\InternetTranslatorRusPol.dll FF - ProfilePath - c:\documents and settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\kxf4ht6i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - wyborcza.pl/0,0.html?p=020 FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p= FF - component: c:\documents and settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\kxf4ht6i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{318AC5C4-EBD8-43EC-9DD3-0DD089992C57} - c:\windows\system32\awtuuVNE.dll BHO-{8E184002-F992-44BB-BF5E-536A13FC5662} - c:\windows\system32\qoMccDVP.dll BHO-{E042F0EC-0F4A-4A2E-92C2-161F80405F00} - c:\windows\system32\qoMgfFWN.dll BHO-{E626CFBD-9C68-4F49-BAEE-1929F5C76CB3} - c:\windows\system32\byXRkJda.dll HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe HKLM-Run-C-Media Speaker Configuration - c:\documents and settings\Ja\Pulpit\kodeki dżwiek\Setup.exe HKLM-Run-c:\windows\SYSTEM32\kdewp.exe - c:\windows\SYSTEM32\kdewp.exe Notify-ddcYpmjI - ddcYpmjI.dll AddRemove-Budzik 2.0 - d:\budzik\DeIsL1.isu AddRemove-Eraser - c:\documents and settings\All Users\Dane aplikacji\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe REMOVE=TRUE MODIFY=FALSE AddRemove-Euro Truck Simulator - e:\tru\Euro Truck Simulator\uninst.exe AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI AddRemove-Ocean FTP Server_is1 - c:\program files\Code Ocean\Ocean FTP Server\unins000.exe AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe AddRemove-Warning Center - c:\program files\Applications\wcu.exe AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\kxf4ht6i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-04 16:38 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82DDE1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf8615fc3 \Driver\ACPI -> ACPI.sys @ 0xf837ecb8 \Driver\atapi -> 0x82dde1f8 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe ParseProcedure -> ntkrnlpa.exe @ 0x80576c60 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe ParseProcedure -> ntkrnlpa.exe @ 0x80576c60 NDIS: Karta Fast Ethernet zgodna z VIA -> SendCompleteHandler -> NDIS.sys @ 0xf821cba0 PacketIndicateHandler -> NDIS.sys @ 0xf8229b21 SendHandler -> NDIS.sys @ 0xf820787b Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(444) c:\windows\system32\nview.dll c:\windows\system32\NVWRSPL.DLL c:\windows\system32\nvwddi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe c:\program files\G DATA\AntiVirus\AVK\AVKService.exe c:\program files\G DATA\AntiVirus\AVK\AVKWCtl.exe c:\windows\system32\rundll32.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wdfmgr.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\Skype\Plugin Manager\SkypePM.exe . ************************************************************************** . Czas ukończenia: 2009-12-04 16:55 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-12-04 15:54 Przed: 664 834 048 bajtów wolnych Po: 2 367 565 824 bajtów wolnych Current=5 Default=5 Failed=4 LastKnownGood=1 Sets=1,2,3,4,5 - - End Of File - - FB02752E20EDAC65CB64EAFC50B187B1

Nie dało rady zainstalować kontroli odzyskiwania. Mogę już włączyć antywirusa?

**Posty:** 18165 · przez **wojtas** 04 Gru 2009, 18:09

odinstaluj w dodaj usun:

free-downloads.net
AskTBar

Otworz notatnik i wklej w nim to:

File::
c:\documents and settings\Ja\Dane aplikacji\Opera\Opera\profile\cache4\opr3B7AS.exe
C:\b00ijwpu.exe
C:\ctu8r.exe
d:\b00ijwpu.exe
d:\ctu8r.exe
e:\b00ijwpu.exe
e:\ctu8r.exe

Folder::
c:\program files\free-downloads.net
c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\free-downloads.net
c:\program files\Conduit
c:\documents and settings\Ja\Ustawienia lokalne\Dane aplikacji\Conduit

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db1b3e60-05ac-11de-a5d3-00001cd72a97}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Rozpocznie się usuwanie i powstanie log daj go.

**Posty:** 64 · przez **megatron** 04 Gru 2009, 18:44

Niestety nie mogę usunąć free-downloads.net (pojawia się odmowa) i AskTBar (nie widnieje w spisie programów, które można odinstalować). Czy mogę usunąć je "ręcznie" przez usunięcie ich folderów z Program Files?

**Posty:** 18165 · przez **wojtas** 04 Gru 2009, 18:54

wykonaj co kazałem combofixem

**Posty:** 64 · przez **megatron** 04 Gru 2009, 19:48

Kod: Zaznacz wszystko: ComboFix 09-12-03.05 - Ja 2009-12-04 18:24.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.92 [GMT 1:00] Uruchomiony z: c:\documents and settings\Ja\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Ja\Pulpit\CFScript.txt AV: G DATA AntiVirus *On-access scanning disabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! FILE :: "C:\b00ijwpu.exe" "C:\ctu8r.exe" "c:\documents and settings\Ja\Dane aplikacji\Opera\Opera\profile\cache4\opr3B7AS.exe" "d:\b00ijwpu.exe" "d:\ctu8r.exe" "e:\b00ijwpu.exe" "e:\ctu8r.exe" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\b00ijwpu.exe C:\ctu8r.exe c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\free-downloads.net d:\b00ijwpu.exe d:\ctu8r.exe e:\b00ijwpu.exe e:\ctu8r.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-11-04 do 2009-12-04 ))))))))))))))))))))))))))))))) . 2009-12-03 19:00 . 2009-12-03 19:00 -------- d-----w- c:\program files\Trend Micro 2009-11-27 07:18 . 2009-11-30 21:52 79488 ----a-w- c:\documents and settings\Ja\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-04 17:13 . 2007-06-20 18:15 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\Skype 2009-12-04 14:23 . 2009-02-24 10:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater 2009-12-04 13:08 . 2009-01-09 17:44 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\uTorrent 2009-11-22 15:30 . 2007-06-23 18:10 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-11-22 15:13 . 2007-06-20 15:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-19 17:48 . 2008-02-10 15:21 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-11-17 08:54 . 2007-06-21 06:05 -------- d-----w- c:\program files\Apple Software Update 2009-11-15 08:01 . 2009-10-24 11:13 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\ipla 2009-10-26 00:23 . 2009-02-24 10:48 -------- d-----w- c:\program files\Google 2009-10-26 00:23 . 2008-06-13 11:56 -------- d-----w- c:\program files\DivX 2009-10-26 00:20 . 2009-10-26 00:20 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-10-25 23:45 . 2009-10-05 17:15 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\G DATA 2009-10-25 10:15 . 2009-10-25 10:12 -------- d-----w- c:\program files\ipla 2009-10-25 10:07 . 2001-10-26 15:15 50748 ----a-w- c:\windows\system32\perfc015.dat 2009-10-25 10:07 . 2001-10-26 15:15 358702 ----a-w- c:\windows\system32\perfh015.dat 2009-10-24 14:39 . 2009-10-24 14:25 -------- d-----w- c:\program files\ALLPlayer 2009-10-24 14:39 . 2008-02-08 15:58 -------- d-----w- c:\program files\NAPI-PROJEKT 2009-10-24 11:13 . 2009-10-24 11:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-10-20 12:05 . 2008-04-14 11:43 -------- d-----w- c:\program files\English Translator 3 2009-10-13 08:28 . 2009-10-05 17:52 -------- d-----w- c:\program files\Panda Security 2009-10-12 13:54 . 2007-06-24 07:33 -------- d-----w- c:\program files\SPSS 2009-10-05 21:15 . 2008-12-16 16:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\2DBoy 2009-10-05 17:27 . 2009-10-05 17:27 68424 ----a-w- c:\windows\system32\drivers\GRD.sys 2009-10-05 17:17 . 2008-03-10 06:25 48712 -c--a-w- c:\windows\system32\drivers\MiniIcpt.sys 2009-10-05 17:15 . 2009-10-05 17:15 51016 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys 2009-10-05 17:15 . 2009-10-05 17:15 32328 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll 2007-12-05 00:58 . 2007-12-05 00:58 846720 -c--a-w- c:\program files\GoogleToolbarInstaller.exe 2009-02-08 21:56 . 2008-05-10 12:05 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-02-08 21:56 . 2008-05-10 12:05 54368 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-02-08 21:56 . 2008-05-10 12:05 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-02-08 21:56 . 2008-05-10 12:05 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-02-08 21:56 . 2008-05-10 12:05 172136 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-12-04_15.38.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-04 17:15 . 2009-12-04 17:15 16384 c:\windows\Temp\Perflib_Perfdata_7a8.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-03-19 1267040] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-06-29 57344] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe sleep" [X] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-05-10 2111176] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-12 25448488] "Eraser"="d:\eraser\Eraser.exe" [2007-12-22 916240] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="E:\" [X] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 136600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-21 282624] "iTunesHelper"="d:\itunessetup\iTunesHelper.exe" [2007-06-01 257088] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352] "RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 589824] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\AntiVirus\AVKTray\AVKTray.exe" [2009-01-08 955464] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-20 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Ja\Menu Start\Programy\Autostart\ Budzik.lnk - c:\program files\Budzik\budzik.exe [2008-12-8 24084] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2007-7-29 155715] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\iTunesSetup\\iTunes.exe"= "\\\\Komp\\NetLook\\NetLook.exe"= "\\\\158.75.91.121\\mohaa\\MOHAA.exe"= "\\\\158.75.89.96\\NetLook\\NetLook.exe"= "\\\\158.75.90.249\\mohaa\\Mohaa.exe"= "\\\\158.75.89.92\\mohaa\\Mohaa.exe"= "\\\\158.75.90.157\\mohaa\\Mohaa.exe"= "\\\\158.75.88.68\\mohaa\\Mohaa.exe"= "\\\\158.75.89.56\\mohaa\\Mohaa.exe"= "c:\\Program Files\\Opera\\Opera.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\Polish\\setup.exe"= "\\\\158.75.89.148\\moha\\MOHAA.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Ja\\Pulpit\\utorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-10-05 68424] R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2009-01-08 1019464] R2 AVKService;G DATA Scheduler;c:\program files\G DATA\AntiVirus\AVK\AVKService.exe [2009-01-08 386120] R2 AVKWCtl;Strażnik AntiVirus;c:\program files\G DATA\AntiVirus\AVK\AVKWCtl.exe [2008-12-18 1230816] R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-10-05 51016] R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-03-10 48712] R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-10-05 32328] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-02-10 721904] S2 gupdate1ca55d21fe63d5a;Usługa Google Update (gupdate1ca55d21fe63d5a);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 133104] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-10-24 27904] . Zawartość folderu 'Zaplanowane zadania' 2009-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42] 2009-12-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-24 11:47] 2009-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 00:20] 2009-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 00:20] . . ------- Skan uzupełniający ------- . uStart Page = wyborcza.pl/0,0.html?p=020 uInternet Settings,ProxyOverride = 127.0.0.1 IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{94C70A96-012C-4171-98FC-C1971511F20D} - {94C70A96-012C-4171-98FC-C1971511F20D} - c:\program files\Russkij Translator\InternetTranslatorRusPol.dll FF - ProfilePath - c:\documents and settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\kxf4ht6i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - wyborcza.pl/0,0.html?p=020 FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p= FF - component: c:\documents and settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\kxf4ht6i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . - - - - USUNIĘTO PUSTE WPISY - - - - URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - c:\program files\free-downloads.net\tbfree.dll AddRemove-free-downloads.net Toolbar - c:\progra~1\FREE-D~1.NET\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-04 18:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... ************************************************************************** . Czas ukończenia: 2009-12-04 18:44 ComboFix-quarantined-files.txt 2009-12-04 17:42 ComboFix2.txt 2009-12-04 15:55 Przed: 2 341 933 056 bajtów wolnych Po: 2 309 996 544 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe Current=5 Default=5 Failed=4 LastKnownGood=1 Sets=1,2,3,4,5 - - End Of File - - 644136D1EF51C255E9EA7B2301059DA3

Log

**Posty:** 2183 · przez **NieWiem** 05 Gru 2009, 00:17

Wejdź na stronę http://www.virscan.org i przeskanuj tam

c:\windows\system32\drivers\sptd.sys

Do notatnika wklej tym razem taki skrypt:

File::

Folder::
c:\program files\Winamp Toolbar
c:\program files\AskTBar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"=-
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"=-

Rootkit::

Zapisujesz jako CFScript i przeciągasz jak ostatnio na ikonę ComboFixa i pokazujesz loga.

Potem z przyklejonego pobierasz także program DDS i loga z niego też wklejasz na forum.

**Posty:** 64 · przez **megatron** 05 Gru 2009, 01:16

Po zeskanowaniu na tejstroniepojawiło się coś takiego:

File informationFile Name : sptd0.sys
File Size : 721904 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : d15da1ba189770d93eea2d7e18f95af9
SHA1 : 118f6e32db0b0dd13b6c304fe3030ca650f125cc

Scanner resultsScanner results : Scanners did not find malware!
Time : 2009/11/23 17:16:09 (CET)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.5.0.8 20091124003158 2009-11-24 - 8.211
AhnLab V3 2009.11.21.00 2009.11.21 2009-11-21 - 1.101
AntiVir 8.2.1.72 7.10.1.51 2009-11-23 - 0.257
Antiy 2.0.18 20091123.3299947 2009-11-23 - 0.119
Arcavir 2009 200911230920 2009-11-23 - 0.108
Authentium 5.1.1 200911221552 2009-11-22 - 1.291
AVAST! 4.7.4 091123-1 2009-11-23 - 0.029
AVG 8.5.288 270.14.78/2521 2009-11-23 - 0.339
BitDefender 7.81008.4585883 7.29099 2009-11-23 - 3.901
CA (VET) 35.1.0 7133 2009-11-20 - 6.399
ClamAV 0.95.2 10058 2009-11-23 - 0.126
Comodo 3.12 3010 2009-11-23 - 0.720
CP Secure 1.3.0.5 2009.11.23 2009-11-23 - 0.109
Dr.Web 4.44.0.9170 2009.11.23 2009-11-23 - 7.078
F-Prot 4.4.4.56 20091123 2009-11-23 - 1.267
F-Secure 7.02.73807 2009.11.23.11 2009-11-23 - 0.119
Fortinet 2.81-3.120 11.86 2009-11-23 - 0.228
GData 19.8964/19.580 20091123 2009-11-23 - 4.699
Ikarus T3.1.01.74 2009.11.23.74578 2009-11-23 - 4.135
JiangMin 11.0.800 2009.11.23 2009-11-23 - 4.940
Kaspersky 5.5.10 2009.11.23 2009-11-23 - 0.071
KingSoft 2009.2.5.15 2009.11.23.19 2009-11-23 - 0.509
McAfee 5.3.00 5810 2009-11-22 - 3.457
Microsoft 1.5302 2009.11.22 2009-11-22 - 6.167
Norman 6.01.09 6.01.00 2009-11-23 - 4.009
nProtect 20091123.02 6244568 2009-11-23 - 4.057
Panda 9.05.01 2009.11.22 2009-11-22 - 6.025
Quick Heal 10.00 2009.11.23 2009-11-23 - 1.799
Rising 20.0 22.23.00.09 2009-11-23 - 1.090
Sophos 3.01.0 4.47 2009-11-23 - 2.965
Sunbelt 5518 5518 2009-11-18 - 1.880
Symantec 1.3.0.24 20091122.003 2009-11-22 - 0.083
The Hacker 6.5.0.2 v00075 2009-11-20 - 1.374
Trend Micro 9.000-1003 6.646.04 2009-11-23 - 0.052
VBA32 3.12.12.0 20091122.1900 2009-11-22 - 2.520
ViRobot 20091123 2009.11.23 2009-11-23 - 0.411
VirusBuster 4.5.11.10 10.113.27/2001668 2009-11-23 - 2.502

■Heuristic/Suspicious ■Exact

Dodano 05.12.2009 00:56:39:
Log z Combofixa

Kod: Zaznacz wszystko: ComboFix 09-12-03.05 - Ja 2009-12-05 0:37.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.129 [GMT 1:00] Uruchomiony z: c:\documents and settings\Ja\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Ja\Pulpit\CFScript.txt AV: G DATA AntiVirus *On-access scanning disabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AskTBar c:\program files\AskTBar\bar\1.bin\A5POPSWT.DLL c:\program files\AskTBar\bar\1.bin\ASKTBAR.DLL c:\program files\AskTBar\bar\Cache\002D47FA c:\program files\AskTBar\bar\Cache\002DAD9A.bin c:\program files\AskTBar\bar\Cache\032CA635.bin c:\program files\AskTBar\bar\Cache\032CAA9A.bin c:\program files\AskTBar\bar\Cache\032CAD97.bin c:\program files\AskTBar\bar\Cache\079E425B c:\program files\AskTBar\bar\Cache\092A8162 c:\program files\AskTBar\bar\Cache\files.ini c:\program files\AskTBar\bar\History\search2 c:\program files\AskTBar\bar\Settings\prevcfg2.htm c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL c:\program files\Winamp Toolbar c:\program files\Winamp Toolbar\apopup.dll c:\program files\Winamp Toolbar\install.log c:\program files\Winamp Toolbar\msvcr71.dll c:\program files\Winamp Toolbar\uninstall.exe c:\program files\Winamp Toolbar\winamptb.dll c:\program files\Winamp Toolbar\winampTbServer.exe c:\program files\Winamp Toolbar\winamptbServerPS.dll c:\program files\Winamp Toolbar\xprt5.dll . ((((((((((((((((((((((((( Pliki utworzone od 2009-11-04 do 2009-12-04 ))))))))))))))))))))))))))))))) . 2009-12-04 21:08 . 2009-12-04 21:40 -------- d-----w- c:\windows\system32\CatRoot_bak 2009-12-04 20:53 . 2009-12-04 20:58 -------- d-----w- c:\windows\LastGood 2009-12-03 19:00 . 2009-12-03 19:00 -------- d-----w- c:\program files\Trend Micro 2009-11-27 07:18 . 2009-11-30 21:52 79488 ----a-w- c:\documents and settings\Ja\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-04 23:21 . 2009-01-09 17:44 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\uTorrent 2009-12-04 17:13 . 2007-06-20 18:15 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\Skype 2009-12-04 14:23 . 2009-02-24 10:48 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Google Updater 2009-11-22 15:30 . 2007-06-23 18:10 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-11-22 15:13 . 2007-06-20 15:59 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-19 17:48 . 2008-02-10 15:21 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-11-17 08:54 . 2007-06-21 06:05 -------- d-----w- c:\program files\Apple Software Update 2009-11-15 08:01 . 2009-10-24 11:13 -------- d-----w- c:\documents and settings\Ja\Dane aplikacji\ipla 2009-10-26 00:23 . 2009-02-24 10:48 -------- d-----w- c:\program files\Google 2009-10-26 00:23 . 2008-06-13 11:56 -------- d-----w- c:\program files\DivX 2009-10-26 00:20 . 2009-10-26 00:20 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-10-25 23:45 . 2009-10-05 17:15 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\G DATA 2009-10-25 10:15 . 2009-10-25 10:12 -------- d-----w- c:\program files\ipla 2009-10-25 10:07 . 2001-10-26 15:15 50748 ----a-w- c:\windows\system32\perfc015.dat 2009-10-25 10:07 . 2001-10-26 15:15 358702 ----a-w- c:\windows\system32\perfh015.dat 2009-10-24 14:39 . 2009-10-24 14:25 -------- d-----w- c:\program files\ALLPlayer 2009-10-24 14:39 . 2008-02-08 15:58 -------- d-----w- c:\program files\NAPI-PROJEKT 2009-10-24 11:13 . 2009-10-24 11:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ipla 2009-10-20 12:05 . 2008-04-14 11:43 -------- d-----w- c:\program files\English Translator 3 2009-10-13 08:28 . 2009-10-05 17:52 -------- d-----w- c:\program files\Panda Security 2009-10-12 13:54 . 2007-06-24 07:33 -------- d-----w- c:\program files\SPSS 2009-10-05 17:27 . 2009-10-05 17:27 68424 ----a-w- c:\windows\system32\drivers\GRD.sys 2009-10-05 17:17 . 2008-03-10 06:25 48712 -c--a-w- c:\windows\system32\drivers\MiniIcpt.sys 2009-10-05 17:15 . 2009-10-05 17:15 51016 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys 2009-10-05 17:15 . 2009-10-05 17:15 32328 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll 2007-12-05 00:58 . 2007-12-05 00:58 846720 -c--a-w- c:\program files\GoogleToolbarInstaller.exe 2009-02-08 21:56 . 2008-05-10 12:05 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-02-08 21:56 . 2008-05-10 12:05 54368 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-02-08 21:56 . 2008-05-10 12:05 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-02-08 21:56 . 2008-05-10 12:05 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-02-08 21:56 . 2008-05-10 12:05 172136 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-12-04_15.38.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-04 17:15 . 2009-12-04 17:15 16384 c:\windows\Temp\Perflib_Perfdata_7a8.dat + 2007-06-20 12:54 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe + 2009-12-04 20:54 . 2009-08-06 18:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll + 2009-12-04 20:54 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll + 2007-06-20 12:54 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe + 2004-08-03 22:43 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll + 2004-08-03 22:43 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll + 2009-12-04 20:54 . 2007-04-16 20:45 43352 c:\windows\LastGood\system32\wups2.dll + 2009-12-04 20:54 . 2007-04-16 20:47 33624 c:\windows\LastGood\system32\wups.dll + 2009-12-04 20:54 . 2007-04-16 20:45 53080 c:\windows\LastGood\system32\wuauclt.exe + 2009-12-04 20:54 . 2007-04-16 20:45 92504 c:\windows\LastGood\system32\cdm.dll + 2007-06-20 12:54 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll + 2007-06-20 12:54 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll + 2007-06-20 12:54 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll + 2007-06-20 12:54 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll + 2007-06-20 12:54 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll + 2007-06-20 12:54 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll + 2009-12-04 20:54 . 2007-04-16 20:45 203096 c:\windows\LastGood\system32\wuweb.dll + 2009-12-04 20:54 . 2007-04-16 20:45 325976 c:\windows\LastGood\system32\wucltui.dll + 2009-12-04 20:54 . 2007-04-16 20:45 549720 c:\windows\LastGood\system32\wuapi.dll + 2007-06-20 12:54 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll + 2007-06-20 12:54 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll + 2009-12-04 20:54 . 2007-04-16 20:45 1710936 c:\windows\LastGood\system32\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe sleep" [X] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-05-10 2111176] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-01-12 25448488] "Eraser"="d:\eraser\Eraser.exe" [2007-12-22 916240] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="E:\" [X] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 136600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-21 282624] "iTunesHelper"="d:\itunessetup\iTunesHelper.exe" [2007-06-01 257088] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352] "RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 589824] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\AntiVirus\AVKTray\AVKTray.exe" [2009-01-08 955464] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-20 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\Ja\Menu Start\Programy\Autostart\ Budzik.lnk - c:\program files\Budzik\budzik.exe [2008-12-8 24084] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2007-7-29 155715] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\iTunesSetup\\iTunes.exe"= "\\\\Komp\\NetLook\\NetLook.exe"= "\\\\158.75.91.121\\mohaa\\MOHAA.exe"= "\\\\158.75.89.96\\NetLook\\NetLook.exe"= "\\\\158.75.90.249\\mohaa\\Mohaa.exe"= "\\\\158.75.89.92\\mohaa\\Mohaa.exe"= "\\\\158.75.90.157\\mohaa\\Mohaa.exe"= "\\\\158.75.88.68\\mohaa\\Mohaa.exe"= "\\\\158.75.89.56\\mohaa\\Mohaa.exe"= "c:\\Program Files\\Opera\\Opera.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\Polish\\setup.exe"= "\\\\158.75.89.148\\moha\\MOHAA.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Ja\\Pulpit\\utorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-10-05 68424] R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2009-01-08 1019464] R2 AVKService;G DATA Scheduler;c:\program files\G DATA\AntiVirus\AVK\AVKService.exe [2009-01-08 386120] R2 AVKWCtl;Strażnik AntiVirus;c:\program files\G DATA\AntiVirus\AVK\AVKWCtl.exe [2008-12-18 1230816] R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-08-03 5504] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-10-05 51016] R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-03-10 48712] R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-10-05 32328] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-02-10 721904] S2 gupdate1ca55d21fe63d5a;Usługa Google Update (gupdate1ca55d21fe63d5a);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 133104] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-10-24 27904] . Zawartość folderu 'Zaplanowane zadania' 2009-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42] 2009-12-04 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-24 11:47] 2009-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 00:20] 2009-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 00:20] . . ------- Skan uzupełniający ------- . uStart Page = wyborcza.pl/0,0.html?p=020 uInternet Settings,ProxyOverride = 127.0.0.1 IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {{94C70A96-012C-4171-98FC-C1971511F20D} - {94C70A96-012C-4171-98FC-C1971511F20D} - c:\program files\Russkij Translator\InternetTranslatorRusPol.dll FF - ProfilePath - c:\documents and settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\kxf4ht6i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - wyborcza.pl/0,0.html?p=020 FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p= FF - component: c:\documents and settings\Ja\Dane aplikacji\Mozilla\Firefox\Profiles\kxf4ht6i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll . - - - - USUNIĘTO PUSTE WPISY - - - - AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-05 00:47 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... ************************************************************************** . Czas ukończenia: 2009-12-05 00:51 ComboFix-quarantined-files.txt 2009-12-04 23:50 ComboFix2.txt 2009-12-04 17:44 ComboFix3.txt 2009-12-04 15:55 Przed: 1 232 052 224 bajtów wolnych Po: 1 219 842 048 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Current=5 Default=5 Failed=4 LastKnownGood=1 Sets=1,2,3,4,5 - - End Of File - - B757CFBB232941B66ED6255AB383261D

Dodano 05.12.2009 01:00:57:

Potem z przyklejonego pobierasz także program DDS i loga z niego też wklejasz na forum.

Można prosić jasniej ?

**Posty:** 2183 · przez **NieWiem** 05 Gru 2009, 03:19

Pobierz ten plik i uruchom. Wykona Ci dwa logi, które proszę
przedstawić do analizy.

Prościej się już nie da

Autor postu otrzymał pochwałę

**Posty:** 64 · przez **megatron** 05 Gru 2009, 12:07

Rzeczywiście prościej się nie da

Kod: Zaznacz wszystko: DDS (Ver_09-12-01.01) - NTFSx86 Run by Ja at 11:03:24,59 on 2009-12-05 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.130 [GMT 1:00] AV: G DATA AntiVirus *On-access scanning enabled* (Updated) {71310606-6F3B-49F2-9A81-8315AA75FBB3} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe D:\iTunesSetup\iTunesHelper.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe C:\Program Files\Skype\Phone\Skype.exe D:\Eraser\Eraser.exe svchost.exe C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Ja\Pulpit\putty.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Ja\Pulpit\dds.pif ============== Pseudo HJT Report =============== uStart Page = wyborcza.pl/0,0.html?p=020 uInternet Settings,ProxyOverride = 127.0.0.1 mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL TB: &Tłumaczenie: {2f7db8d7-9be7-4666-901e-f380555bcac7} - c:\program files\russkij translator\InternetTranslatorRusPol.dll TB: G DATA WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - c:\program files\g data\antivirus\webfilter\AvkWebIE.dll TB: {00000000-5736-4205-0008-781CD0E19F00} - No File TB: {00000000-0000-0000-0000-000000000000} - No File EB: &Badanie: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL uRun: [Gadu-Gadu] "c:\program files\gadu-gadu\gg.exe" /tray uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [Eraser] d:\eraser\Eraser.exe -hide uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep" uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount mRun: [SoundMan] SOUNDMAN.EXE mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "d:\itunessetup\iTunesHelper.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Adobe Reader Speed Launcher] "e:\,m,\reader\Reader_sl.exe" mRun: [G DATA AntiVirus Trayapplication] c:\program files\g data\antivirus\avktray\AVKTray.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\ja\menust~1\programy\autost~1\budzik.lnk - c:\program files\budzik\budzik.exe StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\natura~1.lnk - c:\program files\sec\natural color\NaturalColorLoad.exe IE: &Winamp Search - c:\documents and settings\all users\dane aplikacji\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {94C70A96-012C-4171-98FC-C1971511F20D} - {94C70A96-012C-4171-98FC-C1971511F20D} - c:\program files\russkij translator\InternetTranslatorRusPol.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\ja\daneap~1\mozilla\firefox\profiles\kxf4ht6i.default\ FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - wyborcza.pl/0,0.html?p=020 FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p= FF - component: c:\documents and settings\ja\dane aplikacji\mozilla\firefox\profiles\kxf4ht6i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll FF - component: c:\program files\mozilla firefox\extensions\{9aa46f4f-4dc7-4c06-97af-5035170633fe}\components\AvkWebFilterFF.dll FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-10-5 68424] R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\common files\g data\avkproxy\AVKProxy.exe [2009-1-8 1019464] R2 AVKService;G DATA Scheduler;c:\program files\g data\antivirus\avk\AVKService.exe [2009-1-8 386120] R2 AVKWCtl;Strażnik AntiVirus;c:\program files\g data\antivirus\avk\AVKWCtl.exe [2008-12-18 1230816] R2 dvdmrp;dvdmrp;c:\windows\system32\drivers\dvdmrp.sys [2005-8-3 5504] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-10-5 51016] R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968] R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-3-10 48712] R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-10-5 32328] S2 gupdate1ca55d21fe63d5a;Usługa Google Update (gupdate1ca55d21fe63d5a);c:\program files\google\update\GoogleUpdate.exe [2009-10-26 133104] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-10-24 27904] =============== Created Last 30 ================ 2009-12-05 02:13:07 0 d-----w- c:\windows\system32\KB905474 2009-12-05 02:05:18 0 d-----w- c:\windows\ServicePackFiles 2009-12-05 02:03:33 0 d-----w- c:\program files\MSXML 4.0 2009-12-04 23:23:50 0 d-sha-r- C:\cmdcons 2009-12-04 21:08:02 0 d-----w- c:\windows\system32\CatRoot_bak 2009-12-04 21:05:19 273024 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-12-04 21:05:19 273024 ------w- c:\windows\system32\drivers\bthport.sys 2009-12-04 21:04:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-12-04 21:04:00 60416 -c----w- c:\windows\system32\dllcache\colbact.dll 2009-12-04 21:04:00 285184 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-12-04 21:04:00 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-12-04 21:03:59 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-12-04 21:03:59 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-12-04 21:03:59 35328 -c----w- c:\windows\system32\dllcache\sc.exe 2009-12-04 21:03:57 686080 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-12-04 21:03:57 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-12-04 21:03:57 111104 -c----w- c:\windows\system32\dllcache\services.exe 2009-12-04 21:03:55 722944 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-12-04 21:03:04 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx 2009-12-04 21:02:10 202752 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-12-04 21:02:07 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-12-04 21:02:04 333184 -c----w- c:\windows\system32\dllcache\srv.sys 2009-12-04 21:02:02 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2009-12-04 21:01:58 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-12-04 21:01:41 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-12-04 21:01:01 2137600 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-12-04 21:00:58 2181632 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-12-04 21:00:58 2059008 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-12-04 21:00:57 2017280 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-12-04 21:00:49 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll 2009-12-04 21:00:11 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-12-04 21:00:09 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-12-04 20:59:42 1193414 -c----w- c:\windows\system32\dllcache\sysmain.sdb 2009-12-04 20:59:41 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-12-04 17:24:36 1262 ----a-w- C:\CF-Submit.htm 2009-12-04 15:20:54 77312 ----a-w- c:\windows\MBR.exe 2009-12-04 15:20:54 260608 ----a-w- c:\windows\PEV.exe 2009-12-04 15:20:54 161792 ----a-w- c:\windows\SWREG.exe 2009-12-04 15:20:53 98816 ----a-w- c:\windows\sed.exe 2009-12-03 19:00:19 0 d-----w- c:\program files\Trend Micro 2009-11-19 18:13:45 54156 ---ha-w- c:\windows\QTFont.qfn 2009-11-19 18:13:45 1409 ----a-w- c:\windows\QTFont.for 2009-11-12 11:38:16 198 ----a-w- c:\windows\pdf2word.INI ==================== Find3M ==================== 2009-12-05 02:37:57 50748 ----a-w- c:\windows\system32\perfc015.dat 2009-12-05 02:37:57 358702 ----a-w- c:\windows\system32\perfh015.dat 2009-11-22 15:30:56 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-11-19 17:48:35 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-09-25 16:41:28 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll 2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll 2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll 2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll 2009-09-25 05:58:06 664576 ----a-w- c:\windows\system32\wininet.dll 2009-09-25 05:58:03 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-11 14:36:28 133632 ----a-w- c:\windows\system32\msv1_0.dll 2007-12-05 00:58:48 846720 -c--a-w- c:\program files\GoogleToolbarInstaller.exe 2001-01-11 14:02:58 794624 -c--a-w- c:\windows\inf\other\audio3d.dll ============= FINISH: 11:03:43,54 ===============

I log drugi

Kod: Zaznacz wszystko: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2007-06-20 15:00:24 System Uptime: 2009-12-05 03:32:09 (8 hours ago) Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7071 Processor: Intel(R) Celeron(R) CPU 3.06GHz | Socket 478 | 3067/133mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 10 GiB total, 1,185 GiB free. D: is FIXED (NTFS) - 20 GiB total, 0,172 GiB free. E: is FIXED (NTFS) - 45 GiB total, 0,09 GiB free. F: is CDROM () G: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== AAC Decoder Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Reader 9.1 - Polish Adobe Shockwave Player Aktualizacja dla systemu Windows XP (KB894391) Aktualizacja dla systemu Windows XP (KB898461) Aktualizacja dla systemu Windows XP (KB900485) Aktualizacja dla systemu Windows XP (KB908531) Aktualizacja dla systemu Windows XP (KB910437) Aktualizacja dla systemu Windows XP (KB911280) Aktualizacja dla systemu Windows XP (KB916595) Aktualizacja dla systemu Windows XP (KB920872) Aktualizacja dla systemu Windows XP (KB922582) Aktualizacja dla systemu Windows XP (KB927891) Aktualizacja dla systemu Windows XP (KB930916) Aktualizacja dla systemu Windows XP (KB931836) Aktualizacja dla systemu Windows XP (KB967715) Aktualizacja dla systemu Windows XP (KB968389) Aktualizacja dla systemu Windows XP (KB973687) Aktualizacja dla systemu Windows XP (KB973815) Aktualizacja zabezpieczeń dla programu Windows Media Player (KB911564) Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069) Aktualizacja zabezpieczeń dla programu Windows Media Player (KB954155) Aktualizacja zabezpieczeń dla programu Windows Media Player (KB968816) Aktualizacja zabezpieczeń dla programu Windows Media Player (KB973540) Aktualizacja zabezpieczeń dla programu Windows Media Player 6.4 (KB925398) Aktualizacja zabezpieczeń dla programu Windows Media Player 9 (KB917734) Aktualizacja zabezpieczeń dla systemu Windows XP (KB890046) Aktualizacja zabezpieczeń dla systemu Windows XP (KB893756) Aktualizacja zabezpieczeń dla systemu Windows XP (KB896358) Aktualizacja zabezpieczeń dla systemu Windows XP (KB896423) Aktualizacja zabezpieczeń dla systemu Windows XP (KB896428) Aktualizacja zabezpieczeń dla systemu Windows XP (KB899587) Aktualizacja zabezpieczeń dla systemu Windows XP (KB899591) Aktualizacja zabezpieczeń dla systemu Windows XP (KB900725) Aktualizacja zabezpieczeń dla systemu Windows XP (KB901017) Aktualizacja zabezpieczeń dla systemu Windows XP (KB901214) Aktualizacja zabezpieczeń dla systemu Windows XP (KB902400) Aktualizacja zabezpieczeń dla systemu Windows XP (KB904706) Aktualizacja zabezpieczeń dla systemu Windows XP (KB905414) Aktualizacja zabezpieczeń dla systemu Windows XP (KB905749) Aktualizacja zabezpieczeń dla systemu Windows XP (KB908519) Aktualizacja zabezpieczeń dla systemu Windows XP (KB911562) Aktualizacja zabezpieczeń dla systemu Windows XP (KB911927) Aktualizacja zabezpieczeń dla systemu Windows XP (KB913580) Aktualizacja zabezpieczeń dla systemu Windows XP (KB914388) Aktualizacja zabezpieczeń dla systemu Windows XP (KB914389) Aktualizacja zabezpieczeń dla systemu Windows XP (KB917344) Aktualizacja zabezpieczeń dla systemu Windows XP (KB917953) Aktualizacja zabezpieczeń dla systemu Windows XP (KB918118) Aktualizacja zabezpieczeń dla systemu Windows XP (KB918439) Aktualizacja zabezpieczeń dla systemu Windows XP (KB919007) Aktualizacja zabezpieczeń dla systemu Windows XP (KB920213) Aktualizacja zabezpieczeń dla systemu Windows XP (KB920670) Aktualizacja zabezpieczeń dla systemu Windows XP (KB920683) Aktualizacja zabezpieczeń dla systemu Windows XP (KB920685) Aktualizacja zabezpieczeń dla systemu Windows XP (KB922819) Aktualizacja zabezpieczeń dla systemu Windows XP (KB923191) Aktualizacja zabezpieczeń dla systemu Windows XP (KB923414) Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561) Aktualizacja zabezpieczeń dla systemu Windows XP (KB923980) Aktualizacja zabezpieczeń dla systemu Windows XP (KB924191) Aktualizacja zabezpieczeń dla systemu Windows XP (KB924270) Aktualizacja zabezpieczeń dla systemu Windows XP (KB924496) Aktualizacja zabezpieczeń dla systemu Windows XP (KB924667) Aktualizacja zabezpieczeń dla systemu Windows XP (KB925902) Aktualizacja zabezpieczeń dla systemu Windows XP (KB926255) Aktualizacja zabezpieczeń dla systemu Windows XP (KB926436) Aktualizacja zabezpieczeń dla systemu Windows XP (KB927779) Aktualizacja zabezpieczeń dla systemu Windows XP (KB927802) Aktualizacja zabezpieczeń dla systemu Windows XP (KB928255) Aktualizacja zabezpieczeń dla systemu Windows XP (KB928843) Aktualizacja zabezpieczeń dla systemu Windows XP (KB929123) Aktualizacja zabezpieczeń dla systemu Windows XP (KB929969) Aktualizacja zabezpieczeń dla systemu Windows XP (KB930178) Aktualizacja zabezpieczeń dla systemu Windows XP (KB931261) Aktualizacja zabezpieczeń dla systemu Windows XP (KB931784) Aktualizacja zabezpieczeń dla systemu Windows XP (KB932168) Aktualizacja zabezpieczeń dla systemu Windows XP (KB933566) Aktualizacja zabezpieczeń dla systemu Windows XP (KB935839) Aktualizacja zabezpieczeń dla systemu Windows XP (KB935840) Aktualizacja zabezpieczeń dla systemu Windows XP (KB944338-v2) Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648) Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762) Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974) Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066) Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2) Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748) Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004) Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954) Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069) Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572) Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802) Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803) Aktualizacja zabezpieczeń dla systemu Windows XP (KB956844) Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097) Aktualizacja zabezpieczeń dla systemu Windows XP (KB958470) Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644) Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687) Aktualizacja zabezpieczeń dla systemu Windows XP (KB958869) Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426) Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225) Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803) Aktualizacja zabezpieczeń dla systemu Windows XP (KB960859) Aktualizacja zabezpieczeń dla systemu Windows XP (KB961371-v2) Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501) Aktualizacja zabezpieczeń dla systemu Windows XP (KB969059) Aktualizacja zabezpieczeń dla systemu Windows XP (KB969947) Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238) Aktualizacja zabezpieczeń dla systemu Windows XP (KB971032) Aktualizacja zabezpieczeń dla systemu Windows XP (KB971486) Aktualizacja zabezpieczeń dla systemu Windows XP (KB971557) Aktualizacja zabezpieczeń dla systemu Windows XP (KB971633) Aktualizacja zabezpieczeń dla systemu Windows XP (KB971657) Aktualizacja zabezpieczeń dla systemu Windows XP (KB971961) Aktualizacja zabezpieczeń dla systemu Windows XP (KB973354) Aktualizacja zabezpieczeń dla systemu Windows XP (KB973507) Aktualizacja zabezpieczeń dla systemu Windows XP (KB973525) Aktualizacja zabezpieczeń dla systemu Windows XP (KB973869) Aktualizacja zabezpieczeń dla systemu Windows XP (KB974112) Aktualizacja zabezpieczeń dla systemu Windows XP (KB974455) Aktualizacja zabezpieczeń dla systemu Windows XP (KB974571) Aktualizacja zabezpieczeń dla systemu Windows XP (KB975025) Aktualizacja zabezpieczeń dla systemu Windows XP (KB975467) Aktualizacja zabezpieczeń dla Windows XP (KB923689) Aktualizacja zabezpieczeń dla Windows XP (KB941569) Aktualizator Google ALLPlayer V2.4 Apple Software Update Archiwizator WinRAR Ashampoo Photo Commander 6.22 µTorrent AutoUpdate BLM 2.6.5 BloodRayne Budzik 1.04 DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Version Checker DivX Web Player e-Deklaracje e-PFRON OffLine eMusic - 50 Free MP3 offer English Translator 3 Eraser EVEREST Home Edition v2.20 Far Cry Demo Fifa 98 - Road To World Cup - www.cgarchive.com G DATA AntiVirus Gadu-Gadu 7.7 GameDesire-Poker GameDesire-Pool & Snooker Google Chrome Google Update Helper H.264 Decoder ipla 2.0.2 iTunes Java(TM) 6 Update 11 Java(TM) 6 Update 3 Java(TM) SE Runtime Environment 6 Update 1 K-Lite Codec Pack 4.2.5 (Full) Lara Croft Tomb Raider: The Angel Of Darkness Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 MKV Splitter Mozilla Firefox (2.0.0.20) MP3 Player MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NAPI-PROJEKT - Win9x by yoyebie SKIN Natural Color Nero Suite neroxml Niezbędnik CD Onet.pl - Skype 3.0 Opera 9.25 Platform Poprawka dla systemu Windows XP (KB952287) Poprawka dla systemu Windows XP (KB976098-v2) Poprawka systemu Windows XP - KB834707 Poprawka systemu Windows XP - KB873339 Poprawka systemu Windows XP - KB884020 Poprawka systemu Windows XP - KB885835 Poprawka systemu Windows XP - KB885836 Poprawka systemu Windows XP - KB886185 Poprawka systemu Windows XP - KB887472 Poprawka systemu Windows XP - KB888302 Poprawka systemu Windows XP - KB890175 Poprawka systemu Windows XP - KB890859 Poprawka systemu Windows XP - KB891781 QuickTime Real Alternative 1.7.5 Realtek AC'97 Audio Russkij Translator Skype add-on for IE Skype Plugin Manager SubEdit-Player VC80CRTRedist - 8.0.50727.4053 VIA Platforma Menedżera urządzeń WebFldrs XP Winamp Winamp 5.35 PL Winamp Remote Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows Media Player Firefox Plugin XviD MPEG4 Video Codec (remove only) ==== End Of File ===========================

**Posty:** 18165 · przez **wojtas** 06 Gru 2009, 10:54

w logu nic nie widać

Autor postu otrzymał pochwałę

Kto jest na forum