"zamulony" internet

**Posty:** 188 · przez **czesieK** 14 Lip 2010, 15:09

Witam, ostatnio zaczął mi mulić internet na komputerze stacjonarnym. Stało się to jakoś po tym jak na komputerze pojawił mi się (po raz kolejny) wirus Daum kasując kilka programów. Dodam, że internet muli tylko i wyłącznie na komputerze stacjonarnym, na laptopie już nie, więc nie jest to raczej problem z routerem czy siecią.
(Z OTL-a wyskakuje mi tylko jeden log...)

Oto logi:
Gmer:

Kod: Zaznacz wszystko: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-07-14 14:59:19 Windows 5.1.2600 Dodatek Service Pack 2 Running: oimq1nrz.exe; Driver: C:\DOCUME~1\user\USTAWI~1\Temp\pfrcraob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xBA5B1C7A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xBA5B1B36] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xBA5B20EA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xBA5B2014] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xBA5B170C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xBA5B1C10] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xBA5B164C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xBA5B16B0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xBA5B1D30] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xBA5B21B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xBA5B1CF0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xBA5B1E70] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xBA5BEAC6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xBA5BE8EA] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xBA5BEA24] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2398 80501288 2 Bytes [7A, 1C] {JP 0x1e} .text ntkrnlpa.exe!ZwCallbackReturn + 2430 80501320 4 Bytes JMP 30BA5B20 .text ntkrnlpa.exe!ZwCallbackReturn + 2444 80501334 2 Bytes [0C, 17] {OR AL, 0x17} .text ntkrnlpa.exe!ZwCallbackReturn + 251C 8050140C 2 Bytes [4C, 16] {DEC ESP; PUSH SS} PAGE ntkrnlpa.exe!ZwLoadDriver 8057866C 7 Bytes JMP BA5BEA28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!NtCreateSection 8059F56A 7 Bytes JMP BA5BE8EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B0A76 5 Bytes JMP BA5BA536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ObInsertObject 805B7764 5 Bytes JMP BA5BBEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C5F68 7 Bytes JMP BA5BEACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF67EB000, 0x1C5D58, 0xE8000020] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[620] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002 IAT C:\WINDOWS\system32\services.exe[620] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x03 0x79 0x2B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE3 0xFB 0xA8 0xD6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC8 0xC1 0x10 0x23 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDB 0x27 0x6C 0x5A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x03 0x79 0x2B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE3 0xFB 0xA8 0xD6 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC8 0xC1 0x10 0x23 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDB 0x27 0x6C 0x5A ... ---- EOF - GMER 1.0.15 ----

OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2010-07-14 15:36:36 - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\user\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 279,00 Mb Available Physical Memory | 27,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 61,15 Gb Total Space | 3,80 Gb Free Space | 6,22% Space Free | Partition Type: NTFS Drive D: | 87,89 Gb Total Space | 13,63 Gb Free Space | 15,51% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MUUUUUUUUUX Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-07-13 23:07:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Pulpit\OTL.exe PRC - [2010-06-29 20:24:21 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-06-29 20:24:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-06-16 11:31:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010-05-14 11:00:26 | 000,316,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe PRC - [2010-05-14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010-05-06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2009-12-08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe PRC - [2009-08-18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009-08-18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009-07-15 15:15:12 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009-05-28 11:23:12 | 010,486,376 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2009-05-28 10:33:44 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2007-06-13 15:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-05-29 20:06:44 | 000,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe PRC - [2006-08-03 06:12:36 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2006-03-10 02:58:14 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-07-13 23:07:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Pulpit\OTL.exe MOD - [2010-06-16 11:31:57 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll MOD - [2010-06-16 11:31:04 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll MOD - [2010-06-16 11:31:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll MOD - [2006-08-25 17:51:13 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [1999-03-29 07:34:06 | 000,110,595 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Msscript1.ocx [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010-05-14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-05-06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009-08-18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009-02-16 00:03:05 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2008-06-13 16:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2007-05-29 20:06:44 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdfcoms.exe -- (lxdf_device) SRV - [2007-05-29 20:06:20 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe -- (lxdfCATSCustConnectService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\79757457.sys -- (is-SH6FFdrv) DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\78940690.sys -- (is-L57GSdrv) DRV - [2010-05-06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-05-06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-05-06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-05-06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-05-06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-05-06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009-02-26 00:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009-02-04 04:31:17 | 000,170,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW) DRV - [2008-11-23 17:13:49 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dtscsi.sys.vir -- (dtscsi) DRV - [2008-08-25 12:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec) DRV - [2008-08-25 12:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt) DRV - [2008-08-25 12:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec) DRV - [2006-11-06 17:01:50 | 004,024,832 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2006-07-04 18:17:52 | 000,053,921 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hid7906.sys -- (hid7906) DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2004-08-04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2002-07-17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-725345543-1844823847-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-725345543-1844823847-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-725345543-1844823847-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKU\S-1-5-21-725345543-1844823847-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-725345543-1844823847-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-725345543-1844823847-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.onet.pl" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:4.0 FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010-03-06 13:51:57 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010-06-11 20:03:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-06-16 11:31:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-29 20:24:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-29 20:24:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-06-16 11:31:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010-06-16 11:32:04 | 000,000,000 | ---D | M] [2010-04-17 16:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions [2010-07-13 17:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\cb55a8gw.default\extensions [2010-06-24 21:32:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\cb55a8gw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-17 16:34:04 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\cb55a8gw.default\searchplugins\bing.xml [2010-07-13 17:48:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-01-08 22:47:23 | 000,552,960 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMAKAO.dll [2009-01-08 22:44:00 | 000,679,936 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMAKAOV2.dll [2010-04-01 19:33:11 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-04-01 19:33:11 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-04-01 19:33:11 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-04-01 19:33:11 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-04-01 19:33:11 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-04-01 19:33:11 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-02-16 21:11:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\user\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKU\S-1-5-21-725345543-1844823847-682003330-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-725345543-1844823847-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-725345543-1844823847-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-725345543-1844823847-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-725345543-1844823847-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab (CPlayFirstDinerDash2Control Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 87.101.31.249 8.8.8.8 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\Msdxm6.ocx (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{27f8d10a-39a7-11df-9098-00304f245418}\Shell\AutoRun\command - "" = G:\affi8l.exe -- File not found O33 - MountPoints2\{27f8d10a-39a7-11df-9098-00304f245418}\Shell\open\Command - "" = G:\affi8l.exe -- File not found O33 - MountPoints2\{78e18ed8-1e9f-11de-8d21-00304f245418}\Shell\AutoRun\command - "" = G:\PMB_P.exe -- File not found O33 - MountPoints2\{92944920-4733-11df-90be-00304f245418}\Shell\AutoRun\command - "" = G:\ji83j.exe -- File not found O33 - MountPoints2\{92944920-4733-11df-90be-00304f245418}\Shell\open\Command - "" = G:\ji83j.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] File not found -- C:\Documents and Settings\user\Moje dokumenty\user. [2010-07-13 23:07:41 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Pulpit\OTL.exe [2010-07-13 23:01:38 | 000,880,624 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\user\Pulpit\SPTDinst-v162-x86.exe [2010-06-26 18:36:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010-06-23 12:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\PES 2010 Editor [2010-06-19 15:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\DAEMON Tools Lite [2010-06-19 15:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-06-16 11:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Real [2010-06-16 11:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Real [2008-11-26 00:08:14 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhcp.dll [2008-11-26 00:08:13 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfserv.dll [2008-11-26 00:08:13 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfusb1.dll [2008-11-26 00:08:13 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfinpa.dll [2008-11-26 00:08:13 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfiesc.dll [2008-11-26 00:08:12 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfpmui.dll [2008-11-26 00:08:12 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdflmpm.dll [2008-11-26 00:08:12 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfprox.dll [2008-11-26 00:08:11 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhbn3.dll [2008-11-26 00:08:10 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomc.dll [2008-11-26 00:08:10 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomm.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] File not found -- C:\Documents and Settings\user\Moje dokumenty\user. [2010-07-14 15:00:53 | 000,118,506 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\0097a3dd46.jpeg [2010-07-14 14:54:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-07-14 13:59:22 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010-07-14 13:50:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1844823847-682003330-1003.job [2010-07-14 13:50:57 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1844823847-682003330-1003.job [2010-07-14 09:08:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-07-14 09:08:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-07-14 00:29:32 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT [2010-07-14 00:29:26 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini [2010-07-13 23:16:34 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\oimq1nrz.exe [2010-07-13 23:07:45 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Pulpit\OTL.exe [2010-07-13 23:01:41 | 000,880,624 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\user\Pulpit\SPTDinst-v162-x86.exe [2010-07-13 20:54:00 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-07-11 16:29:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-07-09 13:22:48 | 000,012,550 | ---- | M] () -- C:\Documents and Settings\All Users\lxdf [2010-07-09 00:43:20 | 000,037,504 | ---- | M] () -- C:\Documents and Settings\user\Moje dokumenty\kimon.m3u [2010-07-08 10:41:41 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-06-26 18:37:37 | 001,078,344 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-06-26 18:37:37 | 000,502,858 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-06-26 18:37:37 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-06-26 18:37:37 | 000,090,072 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-06-26 18:37:37 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-06-16 11:33:51 | 000,000,100 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2010-06-16 11:31:50 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2010-06-16 11:31:38 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2010-06-16 11:31:38 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2010-06-16 11:31:04 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll [2010-06-16 11:31:04 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll [2010-06-16 11:31:04 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2010-06-16 11:27:35 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\user\Pulpit\ALLPlayer V2.3.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-07-14 15:00:53 | 000,118,506 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\0097a3dd46.jpeg [2010-07-13 23:16:33 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\user\Pulpit\oimq1nrz.exe [2010-06-16 11:31:59 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1844823847-682003330-1003.job [2010-06-16 11:31:59 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1844823847-682003330-1003.job [2010-06-10 14:35:44 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\NCMedia2.dll [2010-05-28 02:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010-03-03 22:17:25 | 000,000,042 | ---- | C] () -- C:\WINDOWS\FFS20ChtReg.ini [2010-01-30 14:24:17 | 000,000,291 | ---- | C] () -- C:\WINDOWS\thug2.ini [2009-09-19 11:52:29 | 000,000,533 | ---- | C] () -- C:\WINDOWS\Tcsofla.ini [2009-05-05 14:15:54 | 000,000,745 | ---- | C] () -- C:\WINDOWS\COD.INI [2009-04-20 22:36:29 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009-04-13 15:54:58 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-04-13 15:54:54 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-04-13 15:54:54 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-02-24 15:00:58 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009-02-08 17:28:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008-12-30 01:46:38 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll [2008-12-30 01:46:38 | 003,086,336 | ---- | C] () -- C:\WINDOWS\System32\flvvideo.dll [2008-12-30 01:46:38 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2008-12-27 20:59:15 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008-12-27 20:58:54 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2008-11-28 16:21:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-11-26 00:11:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdfvs.dll [2008-11-26 00:11:27 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfcoin.dll [2008-11-26 00:10:57 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdfdrs.dll [2008-11-26 00:10:57 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfcnv4.dll [2008-11-26 00:10:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdfcaps.dll [2008-11-26 00:10:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDFPMON.DLL [2008-11-26 00:10:39 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDFFXPU.DLL [2008-11-26 00:10:19 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfoem.dll [2008-11-26 00:08:26 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\lxdfrwrd.ini [2008-11-26 00:08:14 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfinst.dll [2008-11-26 00:08:11 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdfgrd.dll [2008-11-23 17:00:17 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-11-23 17:00:17 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-11-23 16:50:47 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008-11-23 16:43:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2006-07-27 04:05:58 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2006-06-21 12:33:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2003-01-09 05:03:28 | 000,001,601 | ---- | C] () -- C:\WINDOWS\kaillera.ini [2003-01-09 05:03:28 | 000,000,913 | ---- | C] () -- C:\WINDOWS\n02.ini [1998-06-13 22:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll [color=#E56717]========== LOP Check ==========[/color] [2008-11-26 00:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\6500 Series [2010-03-19 17:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper [2010-05-15 14:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2009-12-23 11:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2010-06-19 15:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2008-12-12 00:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations [2009-08-10 16:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-03-19 18:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FarmFrenzy2 [2010-05-14 15:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2010-01-28 22:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI [2010-04-15 22:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2008-12-11 14:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-03-21 21:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PlayFirst [2010-06-02 13:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-08-01 18:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited [2010-03-07 00:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Z-Software [2009-12-15 15:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\2K Sports [2009-02-26 23:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\6500 Series [2009-12-23 11:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Ashampoo [2010-01-19 15:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Atari [2009-08-13 01:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\BESTplayer [2008-11-27 15:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\DAEMON Tools [2010-06-19 15:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\DAEMON Tools Lite [2008-12-11 14:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Datalayer [2010-07-14 14:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\DC++ [2009-02-05 16:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\fltk.org [2010-05-06 22:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Friday's games [2008-11-23 17:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Gadu-Gadu [2009-01-08 22:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\GanymedeNet [2010-07-07 14:05:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\ipla [2010-03-02 18:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\IVONA Player [2010-05-24 12:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Leadertech [2009-02-11 23:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Lexmark Productivity Studio [2010-05-12 17:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\maxup [2008-12-11 14:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Nokia [2010-05-27 19:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Nowe Gadu-Gadu [2009-06-11 15:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\OpenFM [2009-04-06 10:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Opera [2008-12-11 14:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\PC Suite [2010-03-21 21:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\PlayFirst [2009-11-08 16:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\RayV [2008-11-26 15:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Thunderbird [2010-06-21 17:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\uTorrent [2010-03-07 00:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Z-Software [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:91486201 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C6798065 < End of report >

I drugi: http://www.wklej.org/id/364440/

**Posty:** 12734 · przez **Mikou@j** 14 Lip 2010, 15:11

Jakbyś dokładnie przeczytał otl-dds-combofix-vt117885.html i zaznaczył wszystko tak, jak jest na rysunku, wiedziałbyś czemu generuje się jeden log tylko. Popraw to.

**Posty:** 188 · przez **czesieK** 14 Lip 2010, 15:42

Przeglądałem, nawet 3-krotnie, nie zauważyłem jednej opcji przestawionej, już poprawione.

**Posty:** 18165 · przez **wojtas** 14 Lip 2010, 18:53

Uruchom OTL i w sekcji własne opcje skanowania / skrypt (Custom Scans/Fixes) wklej:

:OTL
DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\79757457.sys -- (is-SH6FFdrv)
DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\78940690.sys -- (is-L57GSdrv)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O33 - MountPoints2\{27f8d10a-39a7-11df-9098-00304f245418}\Shell\AutoRun\command - "" = G:\affi8l.exe -- File not found
O33 - MountPoints2\{27f8d10a-39a7-11df-9098-00304f245418}\Shell\open\Command - "" = G:\affi8l.exe -- File not found
O33 - MountPoints2\{78e18ed8-1e9f-11de-8d21-00304f245418}\Shell\AutoRun\command - "" = G:\PMB_P.exe -- File not found
O33 - MountPoints2\{92944920-4733-11df-90be-00304f245418}\Shell\AutoRun\command - "" = G:\ji83j.exe -- File not found
O33 - MountPoints2\{92944920-4733-11df-90be-00304f245418}\Shell\open\Command - "" = G:\ji83j.exe -- File not found
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:91486201
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C6798065

:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]

Kliknij wykonaj skrypt (Run Fix). I potwierdź reset komputera

w panelu sterowania usuń:
MSN Toolbar
Google Toolbar

zrób skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie ) i pokaż na forum raport

**Posty:** 188 · przez **czesieK** 14 Lip 2010, 22:52

Google Toolbar nie potrafiłem znaleźć w Dodaj/Usuń programy, więc nie wiem czy w ogóle tam są.
Oto wyniki z tego Malwarebytes:

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Wersja bazy: 4313 Windows 5.1.2600 Dodatek Service Pack 2 Internet Explorer 8.0.6001.18702 2010-07-14 22:46:45 mbam-log-2010-07-14 (22-46-45).txt Typ skanowania: Szybkie skanowanie Przeskanowano obiektów: 137677 Upłynęło: 8 minut(y), 28 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 1 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> No action taken. Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń)

**Posty:** 18165 · przez **wojtas** 15 Lip 2010, 13:56

system masz czysty juz

Autor postu otrzymał pochwałę

**Posty:** 188 · przez **czesieK** 15 Lip 2010, 15:00

Dzięki za pomoc, internet dalej lekko muli, widać to jednak musi być coś od sieci bądź routera, jakoś to załatwię.

Kto jest na forum