• Ogłoszenie:

Walka z wirusami... prosze o sprawdzenie loga i pomoc

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Walka z wirusami... prosze o sprawdzenie loga i pomoc

Postprzez M@zi 12 Lis 2009, 19:01

zacznę od tego ze w jednej chwili wyskoczyło mi kilka wirusów i zaczęło wywalać błąd typu ze plik : C:\Documents and Settings\Raffaello\Ustawienia lokalne\Temp\IadHide5.dll - i teraz nie mogę tego usunąć poniżej screen z eseta


wiec prosił bym o pomoc czy te wirusy i trojany nie zjedzą mi kompa :? i jak się tego wszystkiego pozbyć i wyczyścić wszystkie zbędne śmieci z rejestru klucze itd.

oto loga z otl

Kod: Zaznacz wszystko
OTL logfile created on: 2009-11-12 17:48:06 - Run 2
OTL by OldTimer - Version     Folder = C:\My Downloads
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

767,48 Mb Total Physical Memory | 319,38 Mb Available Physical Memory | 41,61% Memory free
1,83 Gb Paging File | 1,34 Gb Available in Paging File | 72,86% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,75 Gb Total Space | 9,16 Gb Free Space | 46,37% Space Free | Partition Type: NTFS
Drive D: | 43,09 Gb Total Space | 30,83 Gb Free Space | 71,56% Space Free | Partition Type: NTFS
Drive E: | 43,11 Gb Total Space | 0,58 Gb Free Space | 1,34% Space Free | Partition Type: NTFS
Drive F: | 43,10 Gb Total Space | 7,27 Gb Free Space | 16,86% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAFAL
Current User Name: Raffaello
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-11-12 17:26:36 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe
PRC - [2009-11-07 15:32:01 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-07-25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-04-09 14:19:08 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009-04-09 14:17:56 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2008-03-30 13:30:06 | 00,032,768 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007-09-05 06:02:00 | 01,079,752 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2007-08-23 16:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007-06-13 14:23:49 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-05-03 17:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006-05-03 17:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006-01-02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006-01-02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2006-01-02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005-08-04 01:42:00 | 00,528,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2005-08-04 01:42:00 | 00,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2004-08-03 23:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2003-11-18 15:15:18 | 00,262,144 | ---- | M] (D-Link) -- C:\Program Files\D-Link AirPlus\AIRPLUS.EXE
PRC - [2002-07-02 10:56:00 | 00,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe
PRC - [1999-12-13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009-11-12 17:26:36 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\My Downloads\OTL.exe
MOD - [2008-03-30 13:30:05 | 00,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Raffaello\Ustawienia lokalne\Temp\IadHide5.dll
MOD - [2006-08-25 16:51:13 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005-08-04 01:42:00 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2005-08-04 01:42:00 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2005-08-04 01:42:00 | 00,057,344 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2005-08-04 01:42:00 | 00,010,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\HookDLL.DLL
MOD - [2004-08-03 23:43:58 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2002-03-13 08:25:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found --  -- (StarWindServiceAE)
SRV - File not found --  -- (RPCHE)
SRV - [2009-07-25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-04-09 20:12:23 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-04-09 14:29:20 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009-04-09 14:19:08 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008-04-12 14:18:51 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007-10-24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007-10-11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007-10-11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2007-10-09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2007-08-23 16:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-05-03 17:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006-05-03 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2004-08-03 23:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999-12-13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-04-09 14:21:12 | 00,055,768 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009-04-09 14:21:10 | 00,033,096 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009-04-09 14:21:06 | 00,133,000 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009-04-09 14:18:02 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009-04-09 14:10:30 | 00,113,960 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009-02-20 10:57:04 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008-02-11 18:18:36 | 00,715,248 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007-11-13 11:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007-02-11 00:55:50 | 00,013,824 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2007-01-24 18:46:50 | 00,008,704 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2006-05-03 17:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005-07-22 22:40:58 | 00,013,440 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005-06-03 13:47:06 | 00,079,488 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2005-06-03 13:47:04 | 00,081,728 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005-06-03 13:47:00 | 00,089,872 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005-06-03 13:46:58 | 00,006,576 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005-06-03 13:46:52 | 00,055,216 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus)
DRV - [2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004-08-03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003-09-08 09:06:36 | 00,255,360 | R--- | M] (D-Link) -- C:\WINDOWS\system32\drivers\AIRPLUS.sys -- (AIRPLUS)
DRV - [2002-07-24 06:52:26 | 00,998,004 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002-07-19 03:48:32 | 00,156,604 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002-07-19 03:48:22 | 00,213,860 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002-07-19 03:48:08 | 00,011,068 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002-07-19 03:48:04 | 00,195,432 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002-07-19 03:47:52 | 00,837,548 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2002-07-19 03:46:28 | 00,127,948 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001-08-17 21:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001-08-17 21:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001-08-17 21:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001-08-17 21:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001-08-17 20:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [1999-12-17 01:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: askopensearch-VTS@ask.com:
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20091031

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-12-05 14:34:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-10 18:52:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-07 15:32:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009-06-22 22:37:11 | 00,000,000 | ---D | M]

[2008-07-25 17:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Extensions
[2008-07-25 17:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-11-11 19:36:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Firefox\Profiles\f0omazlh.default\extensions
[2009-07-26 22:01:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Firefox\Profiles\f0omazlh.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2008-07-14 15:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Firefox\Profiles\f0omazlh.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2009-07-26 23:16:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Firefox\Profiles\f0omazlh.default\extensions\askopensearch-VTS@ask.com
[2008-07-30 13:35:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Firefox\Profiles\f0omazlh.default\extensions\chromeditplus@webdesigns.ms11.net
[2009-11-07 17:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Firefox\Profiles\f0omazlh.default\extensions\nasanightlaunch@example.com
[2009-07-26 22:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Firefox\Profiles\f0omazlh.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2009-07-26 22:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Firefox\Profiles\f0omazlh.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2009-07-26 22:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Firefox\Profiles\f0omazlh.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2009-07-26 22:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Firefox\Profiles\f0omazlh.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2009-11-11 19:36:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-07 15:32:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008-12-05 14:35:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-04-01 07:53:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-08-26 09:22:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009-11-07 15:31:46 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009-11-07 15:31:46 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007-08-07 13:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009-07-25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008-07-24 16:03:30 | 00,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2009-11-07 15:32:06 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2007-05-10 21:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009-11-07 15:32:11 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-11-07 15:32:11 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-11-07 15:32:12 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009-11-07 15:32:12 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-11-07 15:32:12 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-11-07 15:32:12 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-11-07 15:32:12 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts:       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Raffaello\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (no name) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe  File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Java Quick Start] C:\Documents and Settings\Raffaello\jusched.exe ()
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\D-Link AirPlus.lnk = C:\Program Files\D-Link AirPlus\AIRPLUS.EXE (D-Link)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257929160640 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {615DE55B-972D-4A1E-8D82-C777DEA08F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-02-06 09:40:05 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{135dea4a-a07f-11de-a566-00119549ed36}\Shell - "" = AutoRun
O33 - MountPoints2\{135dea4a-a07f-11de-a566-00119549ed36}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-11-12 17:36:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Raffaello\Pulpit\Virusy
[2009-11-12 10:47:35 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Raffaello\Recent
[2009-11-09 23:27:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Raffaello\Ustawienia lokalne\Dane aplikacji\Help
[2009-11-08 13:12:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Raffaello\Dane aplikacji\ipla
[2009-11-08 13:12:35 | 00,000,000 | ---D | C] -- C:\Program Files\ipla
[2009-11-04 23:29:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2009-11-04 23:29:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Raffaello\Dane aplikacji\OpenFM
[2009-11-04 17:27:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009-11-04 17:27:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009-11-04 17:14:44 | 00,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009-10-30 12:29:10 | 00,000,000 | ---D | C] -- C:\Program Files\D-Link AirPlus
[2009-10-29 00:23:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus
[2009-10-29 00:23:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Raffaello\Dane aplikacji\Azureus
[2009-10-29 00:22:27 | 00,000,000 | ---D | C] -- C:\Program Files\Vuze
[2009-10-25 23:40:56 | 27,423,846 | ---- | C] (Techland) -- C:\Documents and Settings\Raffaello\Pulpit\Portable_English_Translator_XT.exe
[2009-10-21 23:43:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Raffaello\Ustawienia lokalne\Dane aplikacji\GHISLER
[2008-02-06 17:03:12 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008-02-06 17:03:12 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2008-02-06 09:49:38 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Raffaello\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Raffaello\Moje dokumenty\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-11-12 17:17:04 | 00,005,749 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009-11-12 17:15:37 | 00,002,362 | RHS- | M] () -- C:\Documents and Settings\Raffaello\taaixi.exe
[2009-11-12 17:14:24 | 03,375,381 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000003-00001102-00000002-80641102}.CDF
[2009-11-12 17:14:24 | 03,375,381 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000003-00001102-00000002-80641102}.BAK
[2009-11-12 17:14:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-11-12 17:13:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-11-12 17:13:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-11-12 17:13:12 | 00,029,808 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000003-00001102-00000002-80641102}.rfx
[2009-11-12 17:13:12 | 00,029,808 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000003-00001102-00000002-80641102}.rfx
[2009-11-12 17:13:12 | 00,017,500 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000003-00001102-00000002-80641102}.rfx
[2009-11-12 17:13:12 | 00,017,500 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000003-00001102-00000002-80641102}.rfx
[2009-11-12 17:13:12 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009-11-12 17:13:12 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009-11-12 17:13:12 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000002-80641102}.dat
[2009-11-12 17:13:12 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000003-00001102-00000002-80641102}.dat
[2009-11-12 17:12:53 | 04,718,592 | -H-- | M] () -- C:\Documents and Settings\Raffaello\NTUSER.DAT
[2009-11-12 17:12:49 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Raffaello\ntuser.ini
[2009-11-12 17:06:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009-11-12 16:57:41 | 00,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A95261C0-D965-455F-9840-32AB84CB1D02}.job
[2009-11-12 16:32:13 | 00,002,362 | RHS- | M] () -- C:\Documents and Settings\Raffaello\riisoe.exe
[2009-11-12 16:30:39 | 00,002,362 | RHS- | M] () -- C:\Documents and Settings\Raffaello\yttoix.exe
[2009-11-12 13:21:54 | 00,114,688 | RHS- | M] () -- C:\Documents and Settings\Raffaello\jusched.exe
[2009-11-11 09:54:15 | 01,486,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-11-11 00:06:30 | 02,108,126 | -H-- | M] () -- C:\Documents and Settings\Raffaello\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-11-10 10:05:08 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Raffaello\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-08 13:12:42 | 00,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\ipla.lnk
[2009-11-05 18:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-11-04 20:01:15 | 00,129,240 | ---- | M] () -- C:\Documents and Settings\Raffaello\Pulpit\filmy 1 lama.jpg
[2009-11-04 19:30:59 | 00,248,894 | ---- | M] () -- C:\Documents and Settings\Raffaello\Pulpit\filmy.jpg
[2009-10-31 15:15:03 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Raffaello\Dane aplikacji\vso_ts_preview.xml
[2009-10-31 03:55:18 | 00,000,226 | ---- | M] () -- C:\WINDOWS\AWS.ini
[2009-10-30 15:04:28 | 00,000,526 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\SiS.lnk
[2009-10-30 12:29:10 | 00,000,489 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\D-Link AirPlus.lnk
[2009-10-30 12:24:00 | 01,148,700 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-10-30 12:24:00 | 00,522,258 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-10-30 12:24:00 | 00,441,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-10-30 12:24:00 | 00,098,086 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-10-30 12:24:00 | 00,071,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-10-25 23:40:59 | 27,423,846 | ---- | M] (Techland) -- C:\Documents and Settings\Raffaello\Pulpit\Portable_English_Translator_XT.exe
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Raffaello\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Raffaello\Moje dokumenty\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-11-12 17:15:30 | 00,002,362 | RHS- | C] () -- C:\Documents and Settings\Raffaello\taaixi.exe
[2009-11-12 17:06:46 | 03,375,381 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000003-00001102-00000002-80641102}.BAK
[2009-11-12 16:31:58 | 00,002,362 | RHS- | C] () -- C:\Documents and Settings\Raffaello\riisoe.exe
[2009-11-12 16:30:32 | 00,002,362 | RHS- | C] () -- C:\Documents and Settings\Raffaello\yttoix.exe
[2009-11-10 22:05:01 | 00,114,688 | RHS- | C] () -- C:\Documents and Settings\Raffaello\jusched.exe
[2009-11-08 13:12:42 | 00,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\ipla.lnk
[2009-11-04 20:01:14 | 00,129,240 | ---- | C] () -- C:\Documents and Settings\Raffaello\Pulpit\filmy 1 lama.jpg
[2009-11-04 19:30:59 | 00,248,894 | ---- | C] () -- C:\Documents and Settings\Raffaello\Pulpit\filmy.jpg
[2009-10-30 15:04:28 | 00,000,526 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\SiS.lnk
[2009-10-30 12:29:10 | 00,000,489 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\D-Link AirPlus.lnk
[2009-10-18 13:17:52 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\Raffaello\Dane aplikacji\vso_ts_preview.xml
[2009-09-13 20:55:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Bench32.INI
[2009-03-18 19:36:44 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008-10-29 19:46:38 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-10-29 19:46:24 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-10-29 19:46:24 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-10-29 19:46:23 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-10-29 19:46:09 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-10-29 19:46:09 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-10-21 23:55:52 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-07-10 13:41:49 | 00,001,104 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2008-07-08 14:31:00 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2008-06-10 11:50:59 | 00,005,749 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008-05-26 21:22:36 | 00,016,222 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 21:22:34 | 00,021,728 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 21:22:32 | 00,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-05-13 13:00:15 | 00,001,115 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2008-04-25 22:18:40 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008-04-25 22:18:39 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008-04-25 22:18:39 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008-04-25 07:38:46 | 00,000,167 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2008-04-05 17:23:26 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Raffaello\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2008-04-03 06:02:04 | 00,000,226 | ---- | C] () -- C:\WINDOWS\AWS.ini
[2008-03-21 18:33:33 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll
[2008-03-21 18:33:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008-03-21 18:33:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008-03-21 18:33:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008-03-21 18:33:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008-03-21 18:33:32 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008-03-21 18:33:31 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008-03-21 18:33:31 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008-03-21 18:33:31 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008-03-21 18:33:31 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2008-03-21 18:33:31 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008-03-21 18:33:31 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008-03-21 18:33:31 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008-03-21 18:33:30 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008-03-21 18:33:29 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\mplvpx.dll
[2008-03-21 18:33:29 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008-03-21 18:33:28 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\i263_32.drv
[2008-03-21 18:33:27 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2008-03-21 18:33:27 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008-03-21 18:33:27 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2008-03-21 18:33:27 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2008-03-21 18:33:26 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2008-03-21 18:33:26 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2008-03-21 18:33:26 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2008-03-21 18:33:26 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008-02-17 13:10:02 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\Raffaello\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-02-11 21:14:29 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-02-11 18:18:36 | 00,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-02-06 12:46:05 | 00,000,122 | ---- | C] () -- C:\WINDOWS\WA.INI
[2008-02-06 12:27:07 | 00,045,696 | ---- | C] () -- C:\Documents and Settings\Raffaello\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2008-02-06 10:29:28 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2008-02-06 09:59:12 | 02,108,126 | -H-- | C] () -- C:\Documents and Settings\Raffaello\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2008-02-06 09:50:20 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008-02-06 09:49:51 | 00,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2008-02-06 09:49:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008-02-06 09:49:41 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008-02-06 09:49:27 | 00,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007-02-09 15:33:58 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2007-02-09 15:33:58 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2007-02-09 15:33:58 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2007-02-09 15:33:58 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004-08-22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004-03-01 08:43:09 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2003-09-30 10:47:47 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2003-09-30 10:47:47 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003-09-30 10:47:47 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003-09-30 10:47:47 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003-09-30 10:47:46 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2003-09-30 10:47:46 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001-07-21 21:16:20 | 00,000,984 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-21 21:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1997-06-14 03:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0CE7F3C9
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8
< End of report >

logo z HijackThis v2.0.2

Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:52, on 2009-11-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Raffaello\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Raffaello\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: (no name) - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Java Quick Start] C:\Documents and Settings\Raffaello\jusched.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257929160640
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6015AC-30FC-46DA-99AC-28AB4DD8FF0B}: NameServer =
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {615DE55B-972D-4A1E-8D82-C777DEA08F92} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Procedure Call (RPCE) (RPCHE) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Speech\csvd.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

End of file - 7630 bytes
Awatar użytkownika
Posty: 205
Dołączenie: 15 Gru 2005, 18:11
Pochwały: 26

Walka z wirusami... prosze o sprawdzenie loga i pomoc

Postprzez wojtas 12 Lis 2009, 19:09

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

Autor postu otrzymał pochwałę
Awatar użytkownika
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656

Walka z wirusami... prosze o sprawdzenie loga i pomoc

Postprzez M@zi 12 Lis 2009, 20:08

Kod: Zaznacz wszystko
ComboFix 09-11-11.02 - Raffaello 2009-11-12 18:49:43.1.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.767.383 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\Raffaello\Pulpit\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezydentny antywirus jest aktywny


(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Raffaello\Dane aplikacji\EurekaLog
C:\Documents and Settings\Raffaello\Dane aplikacji\EurekaLog\EurekaLog.ini
C:\Documents and Settings\Raffaello\riisoe.exe
C:\Documents and Settings\Raffaello\taaixi.exe
C:\Documents and Settings\Raffaello\Ustawienia lokalne\Temp\IadHide5.dll
C:\Documents and Settings\Raffaello\yttoix.exe

(((((((((((((((((((((((((   Pliki utworzone od 2009-10-12 do 2009-11-12  )))))))))))))))))))))))))))))))

2009-11-12 17:02:17 . 2006-06-19 12:01:38   69632   ----a-w-   C:\WINDOWS\system32\ztvcabinet.dll
2009-11-12 17:02:17 . 2006-05-25 14:52:46   162304   ----a-w-   C:\WINDOWS\system32\ztvunrar36.dll
2009-11-12 17:02:17 . 2005-08-26 00:50:00   77312   ----a-w-   C:\WINDOWS\system32\ztvunace26.dll
2009-11-12 17:02:17 . 2002-03-06 00:00:00   75264   ----a-w-   C:\WINDOWS\system32\unacev2.dll
2009-11-12 17:02:16 . 2003-02-02 19:06:02   153088   ----a-w-   C:\WINDOWS\system32\UNRAR3.dll
2009-11-12 17:01:35 . 2009-11-12 17:02:22   0   d-----w-   C:\Program Files\Trojan Remover
2009-11-12 17:01:35 . 2009-11-12 17:01:35   0   d-----w-   C:\Documents and Settings\Raffaello\Dane aplikacji\Simply Super Software
2009-11-12 17:01:35 . 2009-11-12 17:01:35   0   d-----w-   C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2009-11-10 21:05:01 . 2009-11-12 12:21:54   114688   ----a-w-   C:\Documents and Settings\Raffaello\jusched.exe.vir
2009-11-09 22:27:53 . 2009-11-09 22:27:53   0   d-----w-   C:\Documents and Settings\Raffaello\Ustawienia lokalne\Dane aplikacji\Help
2009-11-08 12:12:47 . 2009-11-12 09:51:18   0   d-----w-   C:\Documents and Settings\Raffaello\Dane aplikacji\ipla
2009-11-08 12:12:35 . 2009-11-08 12:12:44   0   d-----w-   C:\Program Files\ipla
2009-11-04 22:29:58 . 2009-11-04 22:30:23   0   d-----w-   C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
2009-11-04 22:29:56 . 2009-11-04 22:29:56   0   d-----w-   C:\Documents and Settings\Raffaello\Dane aplikacji\OpenFM
2009-11-04 16:27:50 . 2009-11-04 16:27:50   0   d-----w-   C:\WINDOWS\ie8updates
2009-11-04 16:27:49 . 2009-11-11 08:47:39   0   d--h--w-   C:\WINDOWS\$hf_mig$
2009-10-30 11:29:10 . 2009-10-30 11:29:11   0   d-----w-   C:\Program Files\D-Link AirPlus
2009-10-28 23:23:29 . 2009-10-28 23:23:29   0   d-----w-   C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2009-10-28 23:23:25 . 2009-10-29 11:13:53   0   d-----w-   C:\Documents and Settings\Raffaello\Dane aplikacji\Azureus
2009-10-28 23:22:27 . 2009-10-28 23:24:24   0   d-----w-   C:\Program Files\Vuze
2009-10-21 22:43:10 . 2009-10-21 22:43:10   0   d-----w-   C:\Documents and Settings\Raffaello\Ustawienia lokalne\Dane aplikacji\GHISLER
2009-10-18 09:44:10 . 2009-10-18 09:44:10   8704   ----a-w-   C:\Documents and Settings\Raffaello\Dane aplikacji\Thinstall\MoorHunt\40000026200002i\MoorHunt.exe
2009-10-18 09:44:07 . 2009-10-18 09:44:07   8704   ----a-w-   C:\Documents and Settings\Raffaello\Dane aplikacji\Thinstall\MoorHunt\4000001100002i\mscorsvw.exe

((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
2009-11-12 17:58:34 . 2008-02-06 09:12:39   24   ----a-w-   C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000002-80641102}.dat
2009-11-12 17:58:34 . 2008-02-06 09:12:39   24   ----a-w-   C:\WINDOWS\system32\DVCState-{00000002-00000000-00000003-00001102-00000002-80641102}.dat
2009-11-01 16:12:30 . 2009-09-13 16:04:21   0   d-----w-   C:\Documents and Settings\Raffaello\Dane aplikacji\U3
2009-10-31 14:15:04 . 2009-02-20 09:57:03   0   d-----w-   C:\Documents and Settings\Raffaello\Dane aplikacji\Vso
2009-10-30 11:29:09 . 2008-02-06 08:46:10   0   d--h--w-   C:\Program Files\InstallShield Installation Information
2009-10-30 11:24:00 . 2001-10-26 14:15:16   98086   ----a-w-   C:\WINDOWS\system32\perfc015.dat
2009-10-30 11:24:00 . 2001-10-26 14:15:16   522258   ----a-w-   C:\WINDOWS\system32\perfh015.dat
2009-10-28 23:45:52 . 2008-02-06 11:23:05   0   d-----w-   C:\Program Files\Gadu-Gadu
2009-10-27 23:53:49 . 2008-02-07 14:21:19   0   d---a-w-   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2009-10-21 22:22:18 . 2008-05-19 20:18:44   0   d-----w-   C:\Documents and Settings\Raffaello\Dane aplikacji\Thinstall
2009-09-19 18:41:33 . 2008-10-21 22:44:33   0   d-----w-   C:\Documents and Settings\Raffaello\Dane aplikacji\mIRC
2009-09-19 18:41:29 . 2009-07-01 12:04:10   0   d-----w-   C:\Program Files\mIRC
2009-09-15 12:56:05 . 2009-06-23 14:11:13   0   d-----w-   C:\Program Files\The KMPlayer
2009-09-11 14:36:28 . 2004-08-03 22:44:06   133632   ----a-w-   C:\WINDOWS\system32\msv1_0.dll
2009-09-04 22:37:57 . 2009-09-04 22:37:57   0   ----a-r-   C:\logwmemory.bin
2009-09-04 20:47:54 . 2004-08-03 22:44:04   58880   ----a-w-   C:\WINDOWS\system32\msasn1.dll
2009-08-29 07:58:22 . 2004-08-03 22:44:16   916480   ----a-w-   C:\WINDOWS\system32\wininet.dll
2009-08-26 08:21:41 . 2009-08-26 08:21:41   152576   ----a-w-   C:\Documents and Settings\Raffaello\Dane aplikacji\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-26 08:16:36 . 2004-08-03 22:44:14   247326   ----a-w-   C:\WINDOWS\system32\strmdll.dll

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-30 12:30:06 32768]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00:00 28672]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 00:00:00 28672]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 15:41:22 45056]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2009-04-09 13:17:56 2029640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-25 03:23:12 149280]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2009-09-15 12:02:42 1069960]
"WINDVDPatch"="CTHELPER.EXE" - C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 09:56:00 24576]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [2009-10-30 262144]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-3-30 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-3-30 528384]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 20:41:34 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Raffaello^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Raffaello\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

"EnableFirewall"= 0 (0x0)

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [2009-04-09 14:18:02 107256]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 14:19:08 731840]
S2 ATE_PROCMON;ATE_PROCMON;\??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys --> C:\Program Files\Anti Trojan Elite\ATEPMon.sys [?]
S2 RPCHE;Remote Procedure Call (RPCE);C:\Program Files\Common Files\Microsoft Shared\Speech\csvd.exe --> C:\Program Files\Common Files\Microsoft Shared\Speech\csvd.exe [?]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
Zawartość folderu 'Zaplanowane zadania'

2009-11-12 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A95261C0-D965-455F-9840-32AB84CB1D02}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 17:36:40 . 2009-03-08 02:31:54]
------- Skan uzupełniający -------
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{B46B0919-62BA-4D99-A5C4-916B57A6805C} - {B46B0919-62BA-4D99-A5C4-916B57A6805C} -
TCP: {9E6015AC-30FC-46DA-99AC-28AB4DD8FF0B} =
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - C:\Documents and Settings\Raffaello\Dane aplikacji\Mozilla\Firefox\Profiles\f0omazlh.default\
FF - plugin: C:\Documents and Settings\Raffaello\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s30.ogame.onet.pl 
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccessC:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-Anti Trojan Elite - C:\Program Files\Anti Trojan Elite\TJEnder.exe


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 18:59:57
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

  CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???j????&7???6~??6~j???????\???\???????????U?6~??6~\???\?????????`??????C@?\???\??????sj???\??????s\????&7?A??s?&7??C@?x???`|?w\?????@

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82D847F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x82d847f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-583907252-2052111302-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(816)

- - - - - - - > 'explorer.exe'(2796)
C:\Program Files\Logitech\SetPoint\lgscroll.dll
C:\Program Files\Logitech\SetPoint\HookDll.dll
C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
------------------------ Pozostałe uruchomione procesy ------------------------
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
Czas ukończenia: 2009-11-12 19:04:04 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-11-12 18:04:00

Przed: 9 733 865 472 bajtów wolnych
Po: 9 703 608 320 bajtów wolnych

[boot loader]
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 16D464413266E5258348C921F045676B

jeszcze wywala taka rekleme przy korzystaniu z firefoxa

Awatar użytkownika
Posty: 205
Dołączenie: 15 Gru 2005, 18:11
Pochwały: 26

Walka z wirusami... prosze o sprawdzenie loga i pomoc

Postprzez wojtas 12 Lis 2009, 22:29

sciagnij killbox’a

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę
C:\Documents and Settings\Raffaello\jusched.exe.vir

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie ) i daj raport ze skanu
Awatar użytkownika
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656

Walka z wirusami... prosze o sprawdzenie loga i pomoc

Postprzez M@zi 12 Lis 2009, 23:31

Kod: Zaznacz wszystko
Malwarebytes' Anti-Malware 1.41
Wersja bazy definicji: 3156
Windows 5.1.2600 Dodatek Service Pack 2

2009-11-12 22:29:31
mbam-log-2009-11-12 (22-29-31).txt

Typ skanowania: Szybkie skanowanie
Przeskanowane obiekty: 98398
Upłynęło: 5 minute(s), 30 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 1
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RPCHE (Backdoor.Bot) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
(Nie wykryto groźnych plików)

co do optymalizację Windowsa to oczywiście z msconfig korzystam defragmentacje robiłem jakiś czas temu partycji :c a do usuwania śmieci po przeglądaniu neta korzystam z CCleaner a do rejestru to RegCleaner Ale chętnie posłucham jakiś rad :)
Awatar użytkownika
Posty: 205
Dołączenie: 15 Gru 2005, 18:11
Pochwały: 26

Walka z wirusami... prosze o sprawdzenie loga i pomoc

Postprzez wojtas 13 Lis 2009, 00:04

nie widać w systemie juz wirusów.
Awatar użytkownika
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656

Walka z wirusami... prosze o sprawdzenie loga i pomoc

Postprzez M@zi 13 Lis 2009, 00:16

nadal został w temp plik C:\Documents and Settings\Raffaello\Ustawienia lokalne\Temp\IadHide5.dll i nie da się usunąć


nie podoba mi się ten plik :lipa: a użyłem tez ATF_Cleaner i Odkurzacza

ale wielkie dzięki za pomoc i oczywiście duży +

i jak jeszcze pozbyć się przy stracie wyboru systemu tzn. Microsoft Windows recovery Console ?? to chyba combofixa utworzył
Awatar użytkownika
Posty: 205
Dołączenie: 15 Gru 2005, 18:11
Pochwały: 26

Walka z wirusami... prosze o sprawdzenie loga i pomoc

Postprzez wojtas 13 Lis 2009, 16:33

to jest konsola odzyskiwania :) zostaw przyda się
Awatar użytkownika
Posty: 18165
Dołączenie: 13 Sty 2006, 16:00
Miejscowość: Krzeszyce
Pochwały: 1656

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 23 gości