[wirus]Wyskakujące okna, coś pobiera spyware.

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe



R3 - Default URLSearchHook is missing

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent

O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: AdsGone.lnk = C:\Program Files\AdsGone\AdsGone.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE

O23 - Service: Usługa Google Update (gupdate1ca50d9a49bd2e2) (gupdate1ca50d9a49bd2e2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Użytkownik Katarina edytował ten post 27 02 2010 - 11:51

netsvcs

OTL logfile created on: 2010-02-25 14:46:04 - Run 1OTL by OldTimer - Version 3.1.30.2     Folder = C:\Documents and Settings\Tomek\Moje dokumenty\PobieranieWindows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 97,65 Gb Total Space | 44,08 Gb Free Space | 45,14% Space Free | Partition Type: NTFSD: Drive not present or media not loadedDrive E: | 51,39 Gb Total Space | 30,31 Gb Free Space | 58,98% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: TOMEKCurrent User Name: TomekLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010-02-25 14:45:24 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomek\Moje dokumenty\Pobieranie\OTL.exePRC - [2010-02-25 13:37:56 | 002,732,492 | ---- | M] (Blizzard Entertainment) -- C:\Documents and Settings\Tomek\Moje dokumenty\Pobieranie\Downloader_StarCraft_Combo_enGB(2).exePRC - [2010-01-16 03:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2009-01-01 14:26:32 | 004,411,392 | ---- | M] (XPortSoft) -- C:\Program Files\AdsGone\AdsGone.exePRC - [2008-12-24 14:52:08 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exePRC - [2008-05-17 00:31:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exePRC - [2008-02-22 03:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exePRC - [2008-02-22 03:25:20 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exePRC - [2006-11-03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\Pixart\Pac207\Monitor.exePRC - [2005-07-28 07:32:20 | 000,094,208 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exePRC - [2004-08-03 22:44:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exePRC - [2004-08-03 22:44:22 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exePRC - [2004-08-03 22:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe  ========== Modules (SafeList) ========== MOD - [2010-02-25 14:45:24 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomek\Moje dokumenty\Pobieranie\OTL.exeMOD - [2004-08-03 22:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll  ========== Win32 Services (SafeList) ========== SRV - [2009-10-19 16:31:41 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca50d9a49bd2e2) Usługa Google Update (gupdate1ca50d9a49bd2e2)SRV - [2009-10-01 15:53:04 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)SRV - [2008-12-24 14:52:08 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)SRV - [2008-05-17 00:31:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)  ========== Driver Services (SafeList) ========== DRV - [2010-02-25 14:26:21 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)DRV - [2010-01-19 07:38:40 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)DRV - [2009-01-13 11:10:08 | 005,015,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2008-10-30 13:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)DRV - [2008-05-17 00:31:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)DRV - [2006-11-10 12:51:46 | 000,505,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)DRV - [2005-02-23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)DRV - [2005-01-07 15:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2002-09-28 22:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.conduit.com/?SearchSource=10&ctid=CT2077543IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official" FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-23 14:06:08 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-23 14:06:04 | 000,000,000 | ---D | M] [2010-02-23 14:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Extensions[2010-02-23 14:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Extensions\mozswing@mozswing.org[2010-02-23 14:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\nt80h78n.default\extensions[2010-02-24 04:12:43 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\nt80h78n.default\searchplugins\ask.uk.xml[2010-02-23 14:06:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010-01-16 01:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2010-01-16 01:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2010-01-16 01:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2010-01-16 01:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2010-01-16 01:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2010-01-16 01:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-02-25 03:52:30 | 000,457,226 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 actionsplash.comO1 - Hosts: 127.0.0.1 ads.x10.comO1 - Hosts: 127.0.0.1 images.x10.comO1 - Hosts: 127.0.0.1 adserv.internetfuel.comO1 - Hosts: 127.0.0.1 popme.163.comO1 - Hosts: 127.0.0.1 servedby.advertising.comO1 - Hosts: 127.0.0.1 specialoffers.aol.comO1 - Hosts: 127.0.0.1 whenushop.whenu.comO1 - Hosts: 127.0.0.1 www.popupnation.comO1 - Hosts: 127.0.0.1 www.popuptraffic.comO1 - Hosts: 127.0.0.1 view.popupsponsor.comO1 - Hosts: 127.0.0.1 popups.infostart.comO1 - Hosts: 127.0.0.1 ads.ad-flow.comO1 - Hosts: 127.0.0.1 www.popupmoney.comO1 - Hosts: 127.0.0.1 ad0.popupad.netO1 - Hosts: 127.0.0.1 ad00.popupad.netO1 - Hosts: 127.0.0.1 ad01.popupad.netO1 - Hosts: 127.0.0.1 ad03.popupad.netO1 - Hosts: 127.0.0.1 ad04.popupad.netO1 - Hosts: 127.0.0.1 ad05.popupad.netO1 - Hosts: 127.0.0.1 ad06.popupad.netO1 - Hosts: 127.0.0.1 ad07.popupad.netO1 - Hosts: 127.0.0.1 ad08.popupad.netO1 - Hosts: 127.0.0.1 ad09.popupad.netO1 - Hosts: 127.0.0.1 contest.x10.comO1 - Hosts: 15746 more lines...O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not foundO4 - HKLM..\Run: [Monitor] C:\WINDOWS\Pixart\Pac207\Monitor.exe (PixArt Imaging Incorporation)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)O4 - HKCU..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe ()O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)O4 - Startup: C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\AdsGone.lnk = C:\Program Files\AdsGone\AdsGone.exe (XPortSoft)O4 - Startup: C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-09-30 02:29:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{04e7b0b8-ae41-11de-8efa-806d6172696f}\Shell - "" = AutoRunO33 - MountPoints2\{04e7b0b8-ae41-11de-8efa-806d6172696f}\Shell\LSD\command - "" = WScript.exe .\sys32.vbsO34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 -  File not foundNetSvcs: Ias - C:\WINDOWS\system32\ias [2009-10-01 04:18:43 | 000,000,000 | ---D | M]NetSvcs: Iprip -  File not foundNetSvcs: Irmon -  File not foundNetSvcs: NWCWorkstation -  File not foundNetSvcs: Nwsapagent -  File not foundNetSvcs: WmdmPmSp -  File not found ========== Files/Folders - Created Within 30 Days ========== [2010-02-25 12:46:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution[2010-02-25 12:36:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tomek\Recent[2010-02-24 16:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent[2010-02-24 16:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\uTorrent[2010-02-24 13:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2010-02-24 04:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy[2010-02-24 04:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy[2010-02-24 04:45:23 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSFLXGRD.OCX[2010-02-24 04:45:23 | 000,124,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX[2010-02-24 04:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\AdsGone[2010-02-24 04:13:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Program Amen Blue Peak[2010-02-24 04:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\hideupdart[2010-02-24 04:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Incomplete[2010-02-24 04:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\LimeWire[2010-02-23 16:26:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft[2010-02-23 15:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\eMule[2010-02-23 14:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment[2010-02-23 14:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Moje dokumenty\LimeWire[2010-02-23 14:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire[2010-02-23 14:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Moje dokumenty\Pobieranie[2010-02-23 14:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner[2010-02-23 14:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Mozilla[2010-02-23 14:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla[2010-02-23 14:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[2010-02-16 16:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\MSN6[2010-02-16 16:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MSN6[2010-02-02 23:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Identities[2009-10-19 16:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google[2009-10-19 16:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google[2009-09-30 02:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft[2009-09-30 02:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft[2009-09-30 02:29:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-02-25 14:34:33 | 000,000,058 | ---- | M] () -- C:\WINDOWS\WinNetOptimize98ag.cfg[2010-02-25 14:33:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2010-02-25 14:26:21 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys[2010-02-25 14:26:15 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml[2010-02-25 14:26:13 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2010-02-25 14:26:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-02-25 14:26:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-02-25 14:00:00 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\tasks\B13614BF92918D2B.job[2010-02-25 12:43:06 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Tomek\NTUSER.DAT[2010-02-25 12:43:00 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Tomek\ntuser.ini[2010-02-25 04:17:12 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-02-25 03:52:30 | 000,457,226 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2010-02-24 14:44:22 | 000,047,081 | ---- | M] () -- C:\sf 2 pl.torrent[2010-02-24 13:18:00 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\HijackThis.lnk[2010-02-24 04:59:06 | 000,457,226 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100225-035129.backup[2010-02-24 04:54:09 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\Spybot - Search & Destroy.lnk[2010-02-24 04:45:54 | 000,079,621 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100224-045837.backup[2010-02-24 04:45:32 | 000,001,532 | ---- | M] () -- C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\AdsGone.lnk[2010-02-24 04:45:29 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\AdsGone.job[2010-02-24 04:45:23 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\AdsGone.lnk[2010-02-24 04:18:17 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\LimeWire On Startup.lnk[2010-02-24 04:17:50 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\LimeWire PRO 5.4.6.lnk[2010-02-23 17:30:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010-02-23 16:25:43 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\eMule.lnk[2010-02-23 14:06:51 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\CCleaner.lnk[2010-02-23 14:06:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat[2010-02-23 14:06:06 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk[2010-02-20 00:13:02 | 005,323,586 | -H-- | M] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\IconCache.db[2010-02-16 08:26:48 | 001,074,524 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010-02-16 08:26:48 | 000,484,978 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2010-02-16 08:26:48 | 000,427,728 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-02-16 08:26:48 | 000,082,230 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2010-02-16 08:26:48 | 000,066,512 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010-02-01 17:13:55 | 000,024,864 | ---- | M] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-02-24 14:44:22 | 000,047,081 | ---- | C] () -- C:\sf 2 pl.torrent[2010-02-24 13:18:00 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\HijackThis.lnk[2010-02-24 04:54:09 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\Spybot - Search & Destroy.lnk[2010-02-24 04:45:31 | 000,000,058 | ---- | C] () -- C:\WINDOWS\WinNetOptimize98ag.cfg[2010-02-24 04:45:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\tasks\AdsGone.job[2010-02-24 04:45:23 | 000,001,532 | ---- | C] () -- C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\AdsGone.lnk[2010-02-24 04:45:23 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\AdsGone.lnk[2010-02-24 04:18:17 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\Tomek\Menu Start\Programy\Autostart\LimeWire On Startup.lnk[2010-02-24 04:17:50 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\LimeWire PRO 5.4.6.lnk[2010-02-24 04:13:12 | 000,000,264 | -H-- | C] () -- C:\WINDOWS\tasks\B13614BF92918D2B.job[2010-02-23 16:25:43 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\eMule.lnk[2010-02-23 14:06:51 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\CCleaner.lnk[2010-02-23 14:06:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2010-02-23 14:06:06 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk[2010-01-08 19:19:20 | 000,164,352 | -HS- | C] () -- C:\WINDOWS\System32\SC.dll[2009-11-30 14:28:58 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat[2009-11-14 02:13:40 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2009-11-14 02:13:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2009-11-14 02:13:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2009-11-14 02:13:38 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2009-11-14 02:13:38 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2009-11-14 02:13:37 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2009-11-14 02:13:37 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2009-11-06 17:28:09 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI[2009-10-01 05:10:23 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini[2009-09-30 02:42:51 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll[2009-09-30 02:36:59 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-04-21 23:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat[2008-05-17 00:31:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll[2008-05-17 00:31:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll[2008-05-17 00:31:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll[2008-05-17 00:31:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll[2008-05-17 00:31:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll[2002-03-17 00:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000011.DLL ========== Files - Unicode (All) ==========< End of report >

Użytkownik Katarina edytował ten post 27 02 2010 - 11:51
używaj codebox!

:OTL
O32 - HKLM CDRom: AutoRun - 1

:Commands
[emptytemp]

ComboFix 10-02-25.02 - Tomek 2010-02-25  17:26:53.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.2558.2084 [GMT 0:00]

Uruchomiony z: c:\documents and settings\Tomek\Pulpit\ComboFix.exe

.



(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\documents and settings\Tomek\Dane aplikacji\.#

c:\windows\srchasst\nls302en.lex

c:\windows\system32\ieuinit.inf



.

(((((((((((((((((((((((((   Pliki utworzone od 2010-01-25 do 2010-02-25  )))))))))))))))))))))))))))))))

.



2010-02-25 17:19 . 2010-02-25 17:19	--------	d-----w-	c:\windows\system32\LogFiles

2010-02-25 17:16 . 2010-02-25 17:16	--------	d-----w-	C:\_OTL

2010-02-25 15:55 . 2010-02-25 15:07	15880	----a-w-	c:\windows\system32\lsdelete.exe

2010-02-25 15:10 . 2010-02-25 15:10	--------	d-----w-	c:\documents and settings\LocalService\Pulpit

2010-02-25 15:08 . 2009-12-02 13:19	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys

2010-02-25 15:07 . 2010-02-25 15:08	862040	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-02-25 15:07 . 2010-02-25 15:07	15880	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lsdelete.exe

2010-02-25 15:07 . 2010-02-25 15:07	206944	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-02-25 15:07 . 2010-02-25 15:07	390288	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-02-25 15:07 . 2010-02-25 15:07	537576	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-02-25 15:07 . 2010-02-25 15:07	389784	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-02-25 15:06 . 2010-02-25 15:07	163728	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\ShellExt.dll

2010-02-25 15:02 . 2010-02-25 15:02	6296864	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Resources.dll

2010-02-25 15:02 . 2010-02-25 15:02	327000	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-02-25 15:02 . 2010-02-25 15:02	87496	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-02-25 15:00 . 2010-02-25 15:01	933120	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-02-25 15:00 . 2010-02-25 15:00	3803208	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2010-02-25 15:00 . 2010-02-25 15:00	816784	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-02-25 15:00 . 2010-02-25 15:00	823928	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-02-25 14:59 . 2010-02-25 15:00	1643272	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-02-25 14:59 . 2010-02-25 14:59	788880	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-02-25 14:59 . 2010-02-25 14:59	1181328	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-02-25 14:57 . 2010-02-25 14:57	--------	dc-h--w-	c:\documents and settings\All Users\Dane aplikacji\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-02-25 14:57 . 2009-12-07 14:10	2953352	-c--a-w-	c:\documents and settings\All Users\Dane aplikacji\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

2010-02-25 14:57 . 2010-02-25 15:08	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft

2010-02-25 14:57 . 2010-02-25 14:57	--------	d-----w-	c:\program files\Lavasoft

2010-02-24 16:14 . 2010-02-24 16:14	--------	d-----w-	c:\program files\uTorrent

2010-02-24 16:13 . 2010-02-24 16:26	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\uTorrent

2010-02-24 13:18 . 2010-02-24 13:18	--------	d-----w-	c:\program files\Trend Micro

2010-02-24 04:54 . 2010-02-25 12:36	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2010-02-24 04:54 . 2010-02-24 04:54	--------	d-----w-	c:\program files\Spybot - Search & Destroy

2010-02-24 04:45 . 2010-02-24 04:46	--------	d-----w-	c:\program files\AdsGone

2010-02-24 04:13 . 2010-02-24 04:13	237568	----a-w-	c:\documents and settings\Tomek\Dane aplikacji\hideupdart\File bind okay.exe

2010-02-24 04:13 . 2010-02-25 17:19	770048	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Program Amen Blue Peak\Help 2.exe

2010-02-24 04:13 . 2010-02-24 04:13	765952	----a-w-	c:\documents and settings\Tomek\Dane aplikacji\hideupdart\hadhievs.exe

2010-02-24 04:13 . 2010-02-24 04:13	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Program Amen Blue Peak

2010-02-24 04:12 . 2010-02-24 04:13	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\hideupdart

2010-02-24 04:12 . 2010-02-24 04:12	520192	----a-w-	c:\documents and settings\Tomek\Dane aplikacji\hideupdart\SettingsDumb.exe

2010-02-24 04:10 . 2010-02-24 04:10	--------	d-----w-	c:\documents and settings\Tomek\Incomplete

2010-02-24 04:10 . 2010-02-25 17:30	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\LimeWire

2010-02-23 16:26 . 2004-08-03 22:44	25600	----a-w-	c:\documents and settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-02-23 16:20 . 2010-02-23 16:20	--------	d-----w-	c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Ares

2010-02-23 15:45 . 2010-02-23 16:25	--------	d-----w-	c:\program files\eMule

2010-02-23 14:48 . 2010-02-25 17:14	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment

2010-02-23 14:38 . 2010-02-24 04:17	--------	d-----w-	c:\program files\LimeWire

2010-02-23 14:06 . 2010-02-23 14:06	--------	d-----w-	c:\program files\CCleaner

2010-02-23 14:06 . 2010-02-23 14:06	0	----a-w-	c:\windows\nsreg.dat

2010-02-23 14:06 . 2010-02-23 14:06	--------	d-----w-	c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Mozilla

2010-02-16 16:37 . 2010-02-23 13:55	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\MSN6

2010-02-16 16:37 . 2010-02-16 16:37	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\MSN6

2010-02-02 23:34 . 2010-02-02 23:34	--------	d-----w-	c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Identities



.

((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-25 17:30 . 2009-09-30 02:48	16608	----a-w-	c:\windows\gdrv.sys

2010-02-24 16:20 . 2009-11-12 15:02	--------	d-----w-	c:\program files\Steam

2010-02-23 16:35 . 2010-01-25 10:27	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\Gadu-Gadu 10

2010-02-16 08:26 . 2002-09-28 22:00	82230	----a-w-	c:\windows\system32\perfc015.dat

2010-02-16 08:26 . 2002-09-28 22:00	484978	----a-w-	c:\windows\system32\perfh015.dat

2010-02-01 17:13 . 2009-09-30 02:47	24864	----a-w-	c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2010-01-26 13:38 . 2010-01-26 13:38	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\OpenFM

2010-01-26 13:38 . 2010-01-26 13:38	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\OpenFM

2010-01-25 16:56 . 2009-10-19 16:31	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\Skype

2010-01-25 12:10 . 2009-10-19 16:32	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\skypePM

2010-01-25 10:27 . 2010-01-25 10:27	--------	d-----w-	c:\program files\Gadu-Gadu 10

2010-01-25 10:27 . 2010-01-25 10:27	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10

2010-01-20 12:05 . 2010-01-20 12:05	42088	----a-w-	c:\documents and settings\Tomek\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll

2010-01-19 07:38 . 2002-09-28 22:00	163644	----a-w-	c:\windows\system32\drivers\secdrv.sys

2010-01-18 12:47 . 2010-01-18 12:47	8854	----a-r-	c:\documents and settings\Tomek\Dane aplikacji\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\Uninstall_GameShadow_F7C1C17E70E3475FBD52EA554391F15D.exe

2010-01-18 12:47 . 2010-01-18 12:47	45056	----a-r-	c:\documents and settings\Tomek\Dane aplikacji\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe

2010-01-18 12:47 . 2010-01-18 12:47	45056	----a-r-	c:\documents and settings\Tomek\Dane aplikacji\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe

2010-01-18 12:47 . 2010-01-18 12:47	45056	----a-r-	c:\documents and settings\Tomek\Dane aplikacji\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\ARPPRODUCTICON.exe

2010-01-18 12:47 . 2010-01-18 12:47	--------	d-----w-	c:\program files\GameShadow

2010-01-18 12:41 . 2010-01-18 12:41	--------	d-----w-	c:\program files\Eidos

2010-01-18 12:41 . 2009-09-30 02:49	--------	d--h--w-	c:\program files\InstallShield Installation Information

2010-01-10 18:45 . 2009-11-30 15:52	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\Mumble

2010-01-10 16:31 . 2010-01-10 16:31	--------	d-----w-	c:\program files\Sun

2010-01-10 16:31 . 2010-01-10 16:31	--------	d-----w-	c:\program files\Java

2010-01-10 16:29 . 2010-01-10 16:29	--------	d-----w-	c:\program files\Common Files\Java

2010-01-09 13:38 . 2010-01-09 13:37	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Ulead Systems

2010-01-09 13:37 . 2010-01-09 13:37	--------	d-----w-	c:\program files\Common Files\Ulead Systems

2010-01-09 13:37 . 2010-01-09 13:37	--------	d-----w-	c:\program files\Ulead Systems

2010-01-09 13:37 . 2010-01-09 13:37	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\Ulead Systems

2010-01-08 19:19 . 2010-01-08 19:19	164352	--sh--w-	c:\windows\system32\SC.dll

2009-11-30 14:28 . 2009-11-30 14:28	64200	----a-w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

.



(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CurseClient"="c:\program files\Curse\CurseClient.exe" [2010-02-24 1845248]

"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-01-20 12067432]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-17 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-17 86016]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"Ulead AutoDetector"="c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]



[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]



c:\documents and settings\Tomek\Menu Start\Programy\Autostart\

AdsGone.lnk - c:\program files\AdsGone\AdsGone.exe [2010-2-24 4411392]

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Curse\\CurseClient.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=

"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=

"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

"c:\\Program Files\\eMule\\eMule.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\AdsGone\\AdsGone.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Tomek\\Moje dokumenty\\Pobieranie\\Downloader_StarCraft_Combo_enGB(2).exe"=



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724



R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-02-25 64288]

R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [2009-09-30 68136]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-02 1181328]

S2 gupdate1ca50d9a49bd2e2;Usługa Google Update (gupdate1ca50d9a49bd2e2);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 133104]

S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [2009-11-06 505984]

.

Zawartość folderu 'Zaplanowane zadania'



2010-02-25 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:00]



2010-02-25 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:00]



2010-02-25 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:00]



2010-02-25 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:00]



2010-02-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:00]



2010-02-24 c:\windows\Tasks\AdsGone.job

- c:\program files\AdsGone\AdsGone.exe [2010-02-24 14:26]



2010-02-25 c:\windows\Tasks\B13614BF92918D2B.job

- c:\docume~1\tomek\daneap~1\hideup~1\File bind okay.exe [2010-02-24 04:13]



2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 16:31]



2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 16:31]

.

.

------- Skan uzupełniający -------

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\nt80h78n.default\

FF - prefs.js: browser.startup.homepage - hxxp://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll



---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - USUNIĘTO PUSTE WPISY - - - -



AddRemove-Ask.com Search Assistant - c:\program files\Ask Search Assistant\uninst.exe







**************************************************************************



catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-25 17:30

Windows 5.1.2600 Dodatek Service Pack 2 NTFS



skanowanie ukrytych procesów ...  



skanowanie ukrytych wpisów autostartu ... 



skanowanie ukrytych plików ...  



skanowanie pomyślnie ukończone

ukryte pliki: 0



**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\System32\wbem\unsecapp.exe

c:\windows\system32\wscntfy.exe

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Czas ukończenia: 2010-02-25  17:35:14 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt  2010-02-25 17:35



Przed: 46 851 895 296 bajtów wolnych

Po: 46 719 754 240 bajtów wolnych



WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn



- - End Of File - - 0FADA4D91F03C17F123F5B120CFBEA40

Użytkownik Katarina edytował ten post 27 02 2010 - 11:52

File::
c:\windows\Tasks\B13614BF92918D2B.job
c:\docume~1\tomek\daneap~1\hideup~1\File bind okay.exe
c:\documents and settings\All Users\Dane aplikacji\Program Amen Blue Peak\Help 2.exe
c:\documents and settings\Tomek\Dane aplikacji\hideupdart\hadhievs.exe
c:\documents and settings\Tomek\Dane aplikacji\hideupdart\SettingsDumb.exe

Folder::
c:\documents and settings\Tomek\Dane aplikacji\hideupdart
c:\documents and settings\All Users\Dane aplikacji\Program Amen Blue Peak

ComboFix 10-02-25.02 - Tomek 2010-02-26   3:36.2.2 - x86

Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.2558.1966 [GMT 0:00]

Uruchomiony z: c:\documents and settings\Tomek\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Tomek\Pulpit\CFScript.txt



FILE ::

"c:\docume~1\tomek\daneap~1\hideup~1\File bind okay.exe"

"c:\documents and settings\All Users\Dane aplikacji\Program Amen Blue Peak\Help 2.exe"

"c:\documents and settings\Tomek\Dane aplikacji\hideupdart\hadhievs.exe"

"c:\documents and settings\Tomek\Dane aplikacji\hideupdart\SettingsDumb.exe"

"c:\windows\Tasks\B13614BF92918D2B.job"

.



(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\docume~1\tomek\daneap~1\hideup~1\File bind okay.exe

c:\documents and settings\All Users\Dane aplikacji\Program Amen Blue Peak

c:\documents and settings\All Users\Dane aplikacji\Program Amen Blue Peak\Help 2.dat

c:\documents and settings\All Users\Dane aplikacji\Program Amen Blue Peak\Help 2.exe

c:\documents and settings\Tomek\Dane aplikacji\hideupdart

c:\documents and settings\Tomek\Dane aplikacji\hideupdart\0

c:\documents and settings\Tomek\Dane aplikacji\hideupdart\File bind okay.exe

c:\documents and settings\Tomek\Dane aplikacji\hideupdart\hadhievs.exe

c:\documents and settings\Tomek\Dane aplikacji\hideupdart\SettingsDumb.exe

c:\windows\system32\_000110_.tmp.dll

c:\windows\Tasks\B13614BF92918D2B.job



.

(((((((((((((((((((((((((   Pliki utworzone od 2010-01-26 do 2010-02-26  )))))))))))))))))))))))))))))))

.



2010-02-26 03:30 . 2010-02-26 03:30	--------	d--h--w-	c:\windows\$hf_mig$

2010-02-26 03:30 . 2010-02-26 03:30	--------	d-----w-	c:\windows\LastGood

2010-02-25 17:19 . 2010-02-25 17:19	--------	d-----w-	c:\windows\system32\LogFiles

2010-02-25 17:16 . 2010-02-25 17:16	--------	d-----w-	C:\_OTL

2010-02-25 15:55 . 2010-02-25 15:07	15880	----a-w-	c:\windows\system32\lsdelete.exe

2010-02-25 15:10 . 2010-02-25 15:10	--------	d-----w-	c:\documents and settings\LocalService\Pulpit

2010-02-25 15:08 . 2009-12-02 13:19	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys

2010-02-25 15:07 . 2010-02-25 15:08	862040	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\threatwork.exe

2010-02-25 15:07 . 2010-02-25 15:07	15880	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lsdelete.exe

2010-02-25 15:07 . 2010-02-25 15:07	206944	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavamessage.dll

2010-02-25 15:07 . 2010-02-25 15:07	390288	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\lavalicense.dll

2010-02-25 15:07 . 2010-02-25 15:07	537576	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\aawapi.dll

2010-02-25 15:07 . 2010-02-25 15:07	389784	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\UpdateManager.dll

2010-02-25 15:06 . 2010-02-25 15:07	163728	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\ShellExt.dll

2010-02-25 15:02 . 2010-02-25 15:02	6296864	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Resources.dll

2010-02-25 15:02 . 2010-02-25 15:02	327000	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\RPAPI.dll

2010-02-25 15:02 . 2010-02-25 15:02	87496	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\PrivacyClean.dll

2010-02-25 15:00 . 2010-02-25 15:01	933120	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\CEAPI.dll

2010-02-25 15:00 . 2010-02-25 15:00	3803208	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AutoLaunch.exe

2010-02-25 15:00 . 2010-02-25 15:00	816784	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe

2010-02-25 15:00 . 2010-02-25 15:00	823928	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe

2010-02-25 14:59 . 2010-02-25 15:00	1643272	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\Ad-Aware.exe

2010-02-25 14:59 . 2010-02-25 14:59	788880	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWTray.exe

2010-02-25 14:59 . 2010-02-25 14:59	1181328	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft\Ad-Aware\Update\AAWService.exe

2010-02-25 14:57 . 2010-02-25 14:57	--------	dc-h--w-	c:\documents and settings\All Users\Dane aplikacji\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

2010-02-25 14:57 . 2009-12-07 14:10	2953352	-c--a-w-	c:\documents and settings\All Users\Dane aplikacji\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe

2010-02-25 14:57 . 2010-02-25 15:08	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Lavasoft

2010-02-25 14:57 . 2010-02-25 14:57	--------	d-----w-	c:\program files\Lavasoft

2010-02-24 16:14 . 2010-02-24 16:14	--------	d-----w-	c:\program files\uTorrent

2010-02-24 16:13 . 2010-02-24 16:26	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\uTorrent

2010-02-24 13:18 . 2010-02-24 13:18	--------	d-----w-	c:\program files\Trend Micro

2010-02-24 04:54 . 2010-02-25 12:36	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2010-02-24 04:54 . 2010-02-24 04:54	--------	d-----w-	c:\program files\Spybot - Search & Destroy

2010-02-24 04:45 . 2010-02-24 04:46	--------	d-----w-	c:\program files\AdsGone

2010-02-24 04:10 . 2010-02-24 04:10	--------	d-----w-	c:\documents and settings\Tomek\Incomplete

2010-02-24 04:10 . 2010-02-26 03:30	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\LimeWire

2010-02-23 16:26 . 2004-08-03 22:44	25600	----a-w-	c:\documents and settings\LocalService\Dane aplikacji\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2010-02-23 16:20 . 2010-02-23 16:20	--------	d-----w-	c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Ares

2010-02-23 15:52 . 2010-02-23 16:19	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\aMule

2010-02-23 15:45 . 2010-02-23 16:25	--------	d-----w-	c:\program files\eMule

2010-02-23 14:48 . 2010-02-25 17:14	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment

2010-02-23 14:38 . 2010-02-24 04:17	--------	d-----w-	c:\program files\LimeWire

2010-02-23 14:06 . 2010-02-23 14:06	--------	d-----w-	c:\program files\CCleaner

2010-02-23 14:06 . 2010-02-23 14:06	0	----a-w-	c:\windows\nsreg.dat

2010-02-23 14:06 . 2010-02-23 14:06	--------	d-----w-	c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Mozilla

2010-02-16 16:37 . 2010-02-23 13:55	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\MSN6

2010-02-16 16:37 . 2010-02-16 16:37	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\MSN6

2010-02-02 23:34 . 2010-02-02 23:34	--------	d-----w-	c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\Identities



.

((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-26 03:28 . 2009-09-30 02:48	16608	----a-w-	c:\windows\gdrv.sys

2010-02-24 16:20 . 2009-11-12 15:02	--------	d-----w-	c:\program files\Steam

2010-02-23 16:35 . 2010-01-25 10:27	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\Gadu-Gadu 10

2010-02-16 08:26 . 2002-09-28 22:00	82230	----a-w-	c:\windows\system32\perfc015.dat

2010-02-16 08:26 . 2002-09-28 22:00	484978	----a-w-	c:\windows\system32\perfh015.dat

2010-02-01 17:13 . 2009-09-30 02:47	24864	----a-w-	c:\documents and settings\Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2010-01-26 13:38 . 2010-01-26 13:38	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\OpenFM

2010-01-26 13:38 . 2010-01-26 13:38	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\OpenFM

2010-01-25 16:56 . 2009-10-19 16:31	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\Skype

2010-01-25 12:10 . 2009-10-19 16:32	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\skypePM

2010-01-25 10:27 . 2010-01-25 10:27	--------	d-----w-	c:\program files\Gadu-Gadu 10

2010-01-25 10:27 . 2010-01-25 10:27	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10

2010-01-20 12:05 . 2010-01-20 12:05	42088	----a-w-	c:\documents and settings\Tomek\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll

2010-01-19 07:38 . 2002-09-28 22:00	163644	----a-w-	c:\windows\system32\drivers\secdrv.sys

2010-01-18 12:47 . 2010-01-18 12:47	8854	----a-r-	c:\documents and settings\Tomek\Dane aplikacji\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\Uninstall_GameShadow_F7C1C17E70E3475FBD52EA554391F15D.exe

2010-01-18 12:47 . 2010-01-18 12:47	45056	----a-r-	c:\documents and settings\Tomek\Dane aplikacji\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe

2010-01-18 12:47 . 2010-01-18 12:47	45056	----a-r-	c:\documents and settings\Tomek\Dane aplikacji\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe

2010-01-18 12:47 . 2010-01-18 12:47	45056	----a-r-	c:\documents and settings\Tomek\Dane aplikacji\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\ARPPRODUCTICON.exe

2010-01-18 12:47 . 2010-01-18 12:47	--------	d-----w-	c:\program files\GameShadow

2010-01-18 12:41 . 2010-01-18 12:41	--------	d-----w-	c:\program files\Eidos

2010-01-18 12:41 . 2009-09-30 02:49	--------	d--h--w-	c:\program files\InstallShield Installation Information

2010-01-10 18:45 . 2009-11-30 15:52	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\Mumble

2010-01-10 16:31 . 2010-01-10 16:31	--------	d-----w-	c:\program files\Sun

2010-01-10 16:31 . 2010-01-10 16:31	--------	d-----w-	c:\program files\Java

2010-01-10 16:29 . 2010-01-10 16:29	--------	d-----w-	c:\program files\Common Files\Java

2010-01-09 13:38 . 2010-01-09 13:37	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Ulead Systems

2010-01-09 13:37 . 2010-01-09 13:37	--------	d-----w-	c:\program files\Common Files\Ulead Systems

2010-01-09 13:37 . 2010-01-09 13:37	--------	d-----w-	c:\program files\Ulead Systems

2010-01-09 13:37 . 2010-01-09 13:37	--------	d-----w-	c:\documents and settings\Tomek\Dane aplikacji\Ulead Systems

2010-01-08 19:19 . 2010-01-08 19:19	164352	--sh--w-	c:\windows\system32\SC.dll

2009-11-30 14:28 . 2009-11-30 14:28	64200	----a-w-	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

.



(((((((((((((((((((((((((((((   SnapShot@2010-02-25_17.30.07   )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-02-26 03:28 . 2010-02-26 03:28	16384              c:\windows\Temp\Perflib_Perfdata_22c.dat

+ 2002-09-28 22:00 . 2005-05-04 14:45	15360              c:\windows\system32\msisip.dll

+ 2002-09-28 22:00 . 2005-05-04 14:45	78848              c:\windows\system32\msiexec.exe

+ 2010-02-26 03:33 . 2010-02-26 03:33	22528              c:\windows\Installer\523a1.msi

+ 2002-09-28 22:00 . 2005-05-04 14:45	884736              c:\windows\system32\msimsg.dll

- 2002-09-28 22:00 . 2004-08-03 22:43	884736              c:\windows\system32\msimsg.dll

+ 2002-09-28 22:00 . 2005-05-04 14:45	271360              c:\windows\system32\msihnd.dll

+ 2002-09-28 22:00 . 2005-05-04 14:45	2890240              c:\windows\system32\msi.dll

.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CurseClient"="c:\program files\Curse\CurseClient.exe" [2010-02-24 1845248]

"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-01-20 12067432]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-17 13529088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-17 86016]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"Ulead AutoDetector"="c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 94208]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]



[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]



c:\documents and settings\Tomek\Menu Start\Programy\Autostart\

AdsGone.lnk - c:\program files\AdsGone\AdsGone.exe [2010-2-24 4411392]

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Curse\\CurseClient.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=

"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=

"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

"c:\\Program Files\\eMule\\eMule.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\AdsGone\\AdsGone.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Tomek\\Moje dokumenty\\Pobieranie\\Downloader_StarCraft_Combo_enGB(2).exe"=



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724



R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-02-25 64288]

R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [2009-09-30 68136]

S2 gupdate1ca50d9a49bd2e2;Usługa Google Update (gupdate1ca50d9a49bd2e2);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 133104]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-12-02 1181328]

S3 PAC207;CIF USB Camera;c:\windows\system32\drivers\PFC027.SYS [2009-11-06 505984]

.

Zawartość folderu 'Zaplanowane zadania'



2010-02-26 c:\windows\Tasks\Ad-Aware Update (Daily 1).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:00]



2010-02-26 c:\windows\Tasks\Ad-Aware Update (Daily 2).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:00]



2010-02-26 c:\windows\Tasks\Ad-Aware Update (Daily 3).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:00]



2010-02-26 c:\windows\Tasks\Ad-Aware Update (Daily 4).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:00]



2010-02-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 15:00]



2010-02-24 c:\windows\Tasks\AdsGone.job

- c:\program files\AdsGone\AdsGone.exe [2010-02-24 14:26]



2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 16:31]



2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 16:31]

.

.

------- Skan uzupełniający -------

.

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\nt80h78n.default\

FF - prefs.js: browser.startup.homepage - hxxp://pl.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official



---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - USUNIĘTO PUSTE WPISY - - - -



AddRemove-Mfcd Poke Win - c:\docume~1\Tomek\DANEAP~1\HIDEUP~1\SettingsDumb.exe







**************************************************************************

skanowanie ukrytych procesów ...  



skanowanie ukrytych wpisów autostartu ... 



skanowanie ukrytych plików ...  



skanowanie pomyślnie ukończone

ukryte pliki: 



**************************************************************************

.

Czas ukończenia: 2010-02-26  03:39:38

ComboFix-quarantined-files.txt  2010-02-26 03:39

ComboFix2.txt  2010-02-25 17:35



Przed: 46 677 528 576 bajtów wolnych

Po: 46 637 867 008 bajtów wolnych



- - End Of File - - D3DF299C2FB64A9E3BA822195F752A5B

Użytkownik Katarina edytował ten post 27 02 2010 - 11:52

c:\\Program Files\\AdsGone

>START>Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.
(W czasie tego chwilowego wyłączenia te kopie usuną się samoczynnie, więc nie ma potrzeby zaglądania do folderu.)
Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka).