Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

[wirus]Zainfekowany system, chodzi tylko internet

Rozpoczęty przez Anania , 20 05 2010 12:20

Temat jest zamknięty

11 odpowiedzi w tym temacie

#1 Anania

Początkujący

44 postów

Napisano 20 05 2010 - 12:20

Hej!
Mój komputer zosta zainfekowany. Poza internetem wiekszosc programow nie dziala. Chcialam uruchomic Combofix i Hijack, ale nie moge. Na kompie mam sporo waznych plikow. Chcialam je zgrac na plyte przy uzyciu Record Now, ale to tez nie dziala. Wyskakuja mi komunikaty, ze wiekszosc plikow systemowych jest zainfekowana. Nie wiem, co robic. Nie chcialabym stracic moich plikow, wiec mam nadzieje, ze instalacja nowego systemu to nie jedyne wyjscie.
Wyskakuje mi caly czas okienko z prosba o zakupienie oprogramowania Antispyware Soft.
Sorry, za brak polskich znakow, ale uzywam komputera za granica.
Mam nadzieje, ze znajdzie sie jakis ratunek.

PS Probowalam rano zainstalowac Spybot, ale nie moge uruchomic pliku. Chyba wszystkie moje pliki .exe nie dzialaja.
Nie moge rowniez wejsc w Dodaj/Usun programy. Chcialam sprawdzic wszystko, ale wlasciwie nic nie moge zrobic.

Użytkownik Anania edytował ten post 20 05 2010 - 12:23

0

Do góry

#2 ordynat

Zaawansowany użytkownik

804 postów

Napisano 20 05 2010 - 12:35

1) Zrób log z OTL.
>http://oldtimer.geekstogo.com/OTL.com
>http://oldtimer.geekstogo.com/OTL.scr
Któryś z nich powinien działać, bo nie mają rozszerzenia .exe.

2)Użyj "Dr.Webcureit" i napisz, co wykrył.
>Link zapasowy (już ze zmienioną nazwą), jeśli oficjalna strona będzie zablokowana przez wirusa >
>http://www.zshare.net/download/763009946ef91940/
.

0

Do góry

#3 Anania

Początkujący

44 postów

Napisano 20 05 2010 - 13:29

Ściągnęłam te programy, ale żaden z nich się nie uruchamia. Po prostu nic. Nie ma nawet żadnego komunikatu, że ten program jest zainfekowany.

Zauważyłam, że mam problemy z uruchomieniem narzędzi systemowych. Chciałam uruchomić Oczyszczanie dysku i nic. Wiersz poleceń się włączył, ale po sekundzie znikł.

PS Może instalacja nakładkowa pomoże?

Użytkownik Anania edytował ten post 20 05 2010 - 14:19

0

Do góry

#4 ordynat

Zaawansowany użytkownik

804 postów

Napisano 20 05 2010 - 14:11

No cóż, skoro nie ma żadnej możliwości pomocy, to oczywiście nic nie pomogę.

0

Do góry

#5 Anania

Początkujący

44 postów

Napisano 20 05 2010 - 14:28

A co z instalacją nakładkową? Pomoże to coś, czy nie bardzo.

0

Do góry

#6 ordynat

Zaawansowany użytkownik

804 postów

Napisano 20 05 2010 - 14:59

Mogłoby pomóc, ale tylko w przypadku, gdy nie ma infekcji.
A jak w Trybie Awaryjnym (F8 przed startem Systemu) ?
.

0

Do góry

#7 Anania

Początkujący

44 postów

Napisano 20 05 2010 - 19:07

Jakimś cudem udało mi się zrobić skany przy pomocy Combofix i OTL.
Oto logi.
Z OTL

OTL logfile created on: 2010-05-20 15:11:01 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Documents and Settings\Ania\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
502,00 Mb Total Physical Memory | 93,00 Mb Available Physical Memory | 19,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73,12 Gb Total Space | 33,57 Gb Free Space | 45,91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HOME-194B20088B
Current User Name: Ania
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-31 09:02:28 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Ania\Ustawienia lokalne\Temp\RtkBtMnt.exe
PRC - [2007-08-09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007-01-31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006-12-19 15:16:20 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2005-04-08 13:08:52 | 000,483,328 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-08-09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007-01-31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006-12-19 15:16:20 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2004-01-30 15:19:20 | 000,065,625 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR)
SRV - [2004-01-30 15:16:06 | 000,065,622 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010-02-06 16:40:37 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-11-25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-04-13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-08 10:50:40 | 005,955,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007-09-20 21:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007-05-31 12:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-03-21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007-02-16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006-12-23 03:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006-12-23 03:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006-12-23 03:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006-12-19 15:16:24 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2004-08-13 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004-08-13 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004-08-13 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004-08-13 01:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004-08-13 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004-08-13 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004-08-13 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004-08-13 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004-08-13 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004-08-13 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004-08-04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004-07-14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004-07-14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.90
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-20 20:11:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-19 19:22:10 | 000,000,000 | ---D | M]
 
[2008-09-08 08:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Extensions
[2010-05-20 13:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions
[2009-09-03 19:58:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-10-22 19:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008-09-10 12:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010-04-13 18:44:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010-03-13 22:15:10 | 000,000,000 | ---D | M] (myFireFox) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010-04-14 18:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\personas@christopher.beard
[2010-04-13 18:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\sort_tabs_by@codeoptimism.net
[2010-03-13 22:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010-02-06 16:41:50 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\searchplugins\daemon-search.xml
[2010-05-17 19:52:35 | 000,002,436 | ---- | M] () -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\searchplugins\google-us.xml
[2010-05-20 13:18:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008-01-23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2007-02-04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010-03-13 23:03:24 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-13 23:03:24 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-13 23:03:24 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-13 23:03:24 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-13 23:03:24 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-13 23:03:24 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ClientGW]  File not found
O4 - HKLM..\Run: [eSnips] C:\Program Files\eSnips\ClientGW.exe File not found
O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe File not found
O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKCU..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe File not found
O4 - HKCU..\Run: [iuldgypb] C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel\vmcbhletssd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-03-25 21:08:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010-05-20 13:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-05-20 13:28:54 | 000,000,000 | ---D | C] -- C:\327882R2FWJFW
[2010-05-20 13:18:41 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
[2010-05-20 13:15:44 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.com
[2010-05-20 07:55:46 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Documents and Settings\Ania\Pulpit\spybotsd162.exe
[2010-05-19 22:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel
[2010-05-07 12:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Pulpit\D.Florczyk
[2010-05-03 14:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Dane aplikacji\Gadu-Gadu 10
[2010-05-03 14:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-05-03 14:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2010-04-28 13:36:57 | 001,123,328 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\drivers\BCMWL5.SYS
[2010-04-28 13:36:57 | 001,123,328 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\bcmwl5.sys
[2010-04-28 13:36:55 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devIA64.exe
[2010-04-28 13:36:55 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devAMD64.exe
[2010-04-28 13:36:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devcon.exe
[2010-04-28 13:36:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2010-04-28 13:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Broadcom
[2010-04-28 13:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Dane aplikacji\InstallShield
[2010-04-22 11:42:38 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010-04-22 11:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Audio Converter
[2010-04-21 09:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Moje dokumenty\NoteBurner
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Pulpit\*.tmp files -> C:\Documents and Settings\Ania\Pulpit\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Ania\Moje dokumenty\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010-05-20 15:14:19 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Ania\NTUSER.DAT
[2010-05-20 15:09:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-20 15:08:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-20 14:44:43 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Ania\ntuser.ini
[2010-05-20 13:52:24 | 040,688,888 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\D.W.C.I.com
[2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
[2010-05-20 13:23:32 | 040,701,552 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\kg8mtuzg.exe
[2010-05-20 13:14:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.com
[2010-05-20 07:56:23 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Documents and Settings\Ania\Pulpit\spybotsd162.exe
[2010-05-20 07:43:19 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-19 20:53:27 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\The Perfect CV.doc
[2010-05-18 11:10:12 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\Miejsca pracy.doc
[2010-05-10 15:04:14 | 000,011,587 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Plan tygodnia.xlsx
[2010-05-10 13:23:11 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\A letter.doc
[2010-05-08 23:45:23 | 000,232,770 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\That's our baby.docx
[2010-05-06 11:40:34 | 000,493,738 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-05-06 11:40:34 | 000,435,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-06 11:40:34 | 000,085,114 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-05-06 11:40:33 | 000,068,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-06 11:40:31 | 001,096,188 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-03 14:20:59 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-05-03 14:20:58 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-04-26 17:04:23 | 000,303,274 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line 2.JPG
[2010-04-26 17:02:38 | 000,314,073 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line.JPG
[2010-04-26 16:59:22 | 000,261,261 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\stacja metra.JPG
[2010-04-26 16:57:49 | 000,262,420 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\biblioteka.JPG
[2010-04-25 20:00:02 | 000,010,456 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Anna Florczyk address.docx
[2010-04-22 11:42:39 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\MP3 Audio Converter.lnk
[2010-04-22 11:34:52 | 000,001,300 | ---- | M] () -- C:\File List.htm
[2010-04-22 10:12:30 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Something.docx
[2010-04-22 08:55:34 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-20 20:08:57 | 000,071,112 | ---- | M] () -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Pulpit\*.tmp files -> C:\Documents and Settings\Ania\Pulpit\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Ania\Moje dokumenty\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010-05-20 13:44:11 | 040,688,888 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\D.W.C.I.com
[2010-05-20 13:19:44 | 040,701,552 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\kg8mtuzg.exe
[2010-05-18 11:10:10 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\Miejsca pracy.doc
[2010-05-14 20:23:42 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\The Perfect CV.doc
[2010-05-10 15:04:13 | 000,011,587 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Plan tygodnia.xlsx
[2010-05-10 13:19:31 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\A letter.doc
[2010-05-08 23:45:18 | 000,232,770 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\That's our baby.docx
[2010-05-03 14:20:59 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-05-03 14:20:58 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
[2010-04-28 13:36:57 | 000,614,534 | ---- | C] () -- C:\WINDOWS\System32\bcmwl5.inf
[2010-04-28 13:36:57 | 000,012,465 | ---- | C] () -- C:\WINDOWS\System32\bcm43xx.cat
[2010-04-28 13:36:57 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2010-04-28 13:36:57 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2010-04-28 13:36:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2010-04-28 13:36:55 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2010-04-26 17:04:17 | 000,303,274 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line 2.JPG
[2010-04-26 17:02:37 | 000,314,073 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line.JPG
[2010-04-26 16:59:22 | 000,261,261 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\stacja metra.JPG
[2010-04-26 16:57:48 | 000,262,420 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\biblioteka.JPG
[2010-04-25 19:55:09 | 000,010,456 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Anna Florczyk address.docx
[2010-04-22 11:42:39 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\MP3 Audio Converter.lnk
[2010-04-22 11:34:52 | 000,001,300 | ---- | C] () -- C:\File List.htm
[2010-04-21 19:46:18 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Something.docx
[2010-02-06 16:40:35 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-05-10 18:46:57 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008-10-23 09:53:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2008-08-05 08:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2008-04-23 15:34:50 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2008-03-31 09:00:39 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-03-28 13:33:30 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008-03-26 16:56:08 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-03-26 10:42:55 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2008-03-26 09:51:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4924.dll
[2008-02-29 06:14:04 | 000,223,744 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2008-02-21 04:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-02-21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008-02-21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008-02-21 04:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2004-05-22 02:44:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002-10-16 00:54:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001-07-07 04:00:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
< End of report >

Combofix

ComboFix 10-05-19.03 - Ania 2010-05-20  17:19:35.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.48.1045.18.502.120 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Ania\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100520-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

Zainfekowana kopia c:\windows\system32\drivers\rasacd.sys została znaleziona. Problem naprawiono 
Plik odzyskano z - Kitty had a snack <img src='http://www.forum.tweaks.pl/public/style_emoticons/<#EMO_DIR#>/laugh.png' class='bbc_emoticon' alt='B)' /> 
.
(((((((((((((((((((((((((   Pliki utworzone od 2010-04-20 do 2010-05-20  )))))))))))))))))))))))))))))))
.

2010-05-20 13:22 . 2010-05-20 13:22	--------	d-----w-	c:\documents and settings\Ania\DoctorWeb
2010-05-20 13:21 . 2008-04-14 17:21	396288	----a-w-	c:\windows\system32\CF25796.exe
2010-05-19 20:47 . 2010-05-20 13:09	--------	d-----w-	c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel
2010-05-03 12:21 . 2010-05-03 12:26	--------	d-----w-	c:\documents and settings\Ania\Dane aplikacji\Gadu-Gadu 10
2010-05-03 12:20 . 2010-05-03 12:20	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-05-03 12:19 . 2010-05-03 12:20	--------	d-----w-	c:\program files\Gadu-Gadu 10
2010-04-22 09:42 . 2002-01-05 13:37	344064	----a-w-	c:\windows\system32\msvcr70.dll
2010-04-22 09:42 . 2010-04-22 09:42	--------	d-----w-	c:\program files\MP3 Audio Converter
2010-04-21 08:40 . 2010-04-21 08:40	42080	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2010-04-21 08:39 . 2010-04-21 08:39	11776	----a-w-	c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 19:57 . 2008-03-26 10:00	--------	d-----w-	c:\documents and settings\Ania\Dane aplikacji\uTorrent
2010-05-18 18:57 . 2009-09-27 08:24	--------	d-----w-	c:\documents and settings\Ania\Dane aplikacji\vlc
2010-05-12 10:54 . 2009-04-05 12:10	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-05-06 09:40 . 2006-03-02 12:00	85114	----a-w-	c:\windows\system32\perfc015.dat
2010-05-06 09:40 . 2006-03-02 12:00	493738	----a-w-	c:\windows\system32\perfh015.dat
2010-04-28 11:36 . 2008-03-26 07:53	--------	d-----w-	c:\program files\Broadcom
2010-04-28 11:36 . 2008-03-26 14:22	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-28 11:36 . 2010-04-28 11:36	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Broadcom
2010-04-28 11:36 . 2010-04-28 11:36	--------	d-----w-	c:\documents and settings\Ania\Dane aplikacji\InstallShield
2010-04-28 11:20 . 2010-04-05 19:34	--------	d-----w-	c:\program files\Logia
2010-04-22 18:09 . 2008-03-30 16:21	--------	d-----w-	c:\documents and settings\Ania\Dane aplikacji\dvdcss
2010-04-20 18:08 . 2008-03-25 19:13	71112	----a-w-	c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-04-20 10:35 . 2010-04-19 17:22	--------	d-----w-	c:\program files\Microsoft Works
2010-04-19 17:21 . 2009-04-05 12:17	--------	d-----w-	c:\program files\MSBuild
2010-04-19 17:19 . 2010-04-19 17:19	--------	d-----w-	c:\program files\Microsoft.NET
2010-04-19 17:17 . 2010-04-19 17:17	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2010-04-05 19:35 . 2010-04-05 19:34	--------	d-----w-	c:\documents and settings\Ania\Dane aplikacji\Logia
2010-03-25 09:36 . 2009-06-11 08:44	--------	d-----w-	c:\documents and settings\Ania\Dane aplikacji\ZoomBrowser EX
2010-03-25 09:36 . 2009-06-11 08:43	--------	d-----w-	c:\documents and settings\Ania\Dane aplikacji\CameraWindowDC
2010-03-24 21:39 . 2009-05-10 16:46	--------	d-----w-	c:\program files\Nitro PDF
2010-03-21 18:19 . 2008-03-26 10:01	--------	d-----w-	c:\program files\uTorrent
2010-03-10 06:17 . 2006-03-02 12:00	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-02-25 06:19 . 2006-03-02 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-02 12:00	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-08 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-08 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-08 131072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-12 122939]
"pdfFactory Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-04-08 483328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20898:TCP"= 20898:TCP:BitComet 20898 TCP
"20898:UDP"= 20898:UDP:BitComet 20898 UDP
"56315:TCP"= 56315:TCP:Pando P2P TCP Listening Port
"56315:UDP"= 56315:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 114768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-06 20560]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-02-06 691696]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKCU-Run-iuldgypb - c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel\vmcbhletssd.exe
HKLM-Run-ClientGW - (no file)
HKLM-Run-eSnips - c:\program files\eSnips\ClientGW.exe
HKLM-Run-NoteBurner - c:\program files\NoteBurner\VTBurnerGUI.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 17:33
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-796845957-616249376-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{193DBEDF-3912-0FFB-B553-ABE763F10E64}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadphigpifnhgkhiae"=hex:6b,61,68,6b,69,64,66,62,67,66,62,69,67,62,70,6b,66,70,
   65,69,6d,6e,00,00
"hanojgojefpmfkdm"=hex:6b,61,68,6b,69,64,66,62,67,66,62,69,67,62,6e,6b,70,6e,
   64,63,64,6e,00,00
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(3900)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2010-05-20  17:38:31
ComboFix-quarantined-files.txt  2010-05-20 15:38

Przed: 36 201 553 920 bajtów wolnych
Po: 37 309 833 216 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3037CC1CD3168E74376FC865946A05C0

0

Do góry

#8 ordynat

Zaawansowany użytkownik

804 postów

Napisano 20 05 2010 - 19:38

Nie ma tu żadnej infekcji - poza jednym plikiem naprawionym przez ComboFix.

Kosmetyka:
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [ClientGW] File not found
O4 - HKLM..\Run: [eSnips] C:\Program Files\eSnips\ClientGW.exe File not found
O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe File not found
O4 - HKCU..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe File not found
O4 - HKCU..\Run: [iuldgypb] C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel\vmcbhletssd.exe File not found

:Commands
[emptytemp]
[Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij "Run Scan".
Pokaż nowy log OTL.txt oraz raport z usuwania.
.
A skoro nie ma infekcji, więc możesz zrobić reinstalację Systemu bez utraty danych (http://www.searchengines.pl/phpbb203/index.php?showtopic=24500&st=0&p=109540?entry109540
.

0

Do góry

#9 Anania

Początkujący

44 postów

Napisano 20 05 2010 - 20:21

Raport po restarcie

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ClientGW not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eSnips not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NoteBurner not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BitComet not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iuldgypb not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Ania
->Temp folder emptied: 802082 bytes
->Temporary Internet Files folder emptied: 13918812 bytes
->Java cache emptied: 26096545 bytes
->FireFox cache emptied: 46622443 bytes
->Flash cache emptied: 290140 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2148726 bytes
%systemroot%\System32 .tmp files removed: 2952740 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 89,00 mb
 
 
OTL by OldTimer - Version 3.2.5.0 log created on 05202010_200128

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_6f8.dat moved successfully.

Registry entries deleted on Reboot...

Log z OTL

OTL logfile created on: 2010-05-20 20:09:07 - Run 2
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Documents and Settings\Ania\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
502,00 Mb Total Physical Memory | 63,00 Mb Available Physical Memory | 13,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73,12 Gb Total Space | 34,78 Gb Free Space | 47,56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HOME-194B20088B
Current User Name: Ania
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010-05-20 20:04:51 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Ania\Ustawienia lokalne\temp\RtkBtMnt.exe
PRC - [2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
PRC - [2010-04-03 20:15:56 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-01-31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006-12-19 15:16:20 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2005-04-08 13:08:52 | 000,483,328 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-08-09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007-01-31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006-12-19 15:16:20 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2004-01-30 15:19:20 | 000,065,625 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR)
SRV - [2004-01-30 15:16:06 | 000,065,622 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010-02-06 16:40:37 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009-11-25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-04-13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-08 10:50:40 | 005,955,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007-09-20 21:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007-05-31 12:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-03-21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007-02-16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006-12-23 03:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006-12-23 03:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006-12-23 03:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006-12-19 15:16:24 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2004-08-13 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004-08-13 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004-08-13 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004-08-13 01:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004-08-13 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004-08-13 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004-08-13 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004-08-13 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004-08-13 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004-08-13 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004-08-04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004-07-14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004-07-14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.90
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-20 20:11:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-19 19:22:10 | 000,000,000 | ---D | M]
 
[2008-09-08 08:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Extensions
[2010-05-20 16:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions
[2009-09-03 19:58:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-10-22 19:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008-09-10 12:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010-04-13 18:44:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010-03-13 22:15:10 | 000,000,000 | ---D | M] (myFireFox) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010-04-14 18:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\personas@christopher.beard
[2010-04-13 18:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\sort_tabs_by@codeoptimism.net
[2010-03-13 22:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010-02-06 16:41:50 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\searchplugins\daemon-search.xml
[2010-05-17 19:52:35 | 000,002,436 | ---- | M] () -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\searchplugins\google-us.xml
[2010-05-20 16:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008-01-23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2007-02-04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010-03-13 23:03:24 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-13 23:03:24 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-13 23:03:24 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-13 23:03:24 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-13 23:03:24 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-13 23:03:24 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.24.139.140 62.24.139.139 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-03-25 21:08:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010-05-20 20:02:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-05-20 20:01:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-05-20 19:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2010-05-20 17:05:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-05-20 16:57:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-05-20 16:57:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-05-20 16:57:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-05-20 16:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-05-20 16:46:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-05-20 15:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\DoctorWeb
[2010-05-20 15:21:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2010-05-20 15:21:12 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF25796.exe
[2010-05-20 13:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-05-20 13:18:41 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
[2010-05-20 13:15:44 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.com
[2010-05-20 07:55:46 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Documents and Settings\Ania\Pulpit\spybotsd162.exe
[2010-05-19 22:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel
[2010-05-10 14:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Pulpit\UPSTREAM
[2010-05-07 12:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Pulpit\D.Florczyk
[2010-05-03 14:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Dane aplikacji\Gadu-Gadu 10
[2010-05-03 14:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-05-03 14:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2010-04-28 13:36:57 | 001,123,328 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\drivers\BCMWL5.SYS
[2010-04-28 13:36:57 | 001,123,328 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\bcmwl5.sys
[2010-04-28 13:36:55 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devIA64.exe
[2010-04-28 13:36:55 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devAMD64.exe
[2010-04-28 13:36:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devcon.exe
[2010-04-28 13:36:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2010-04-28 13:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Broadcom
[2010-04-28 13:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Dane aplikacji\InstallShield
[2010-04-22 11:42:38 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010-04-22 11:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Audio Converter
[2010-04-21 09:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Moje dokumenty\NoteBurner
[1 C:\Documents and Settings\Ania\Pulpit\*.tmp files -> C:\Documents and Settings\Ania\Pulpit\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Ania\Moje dokumenty\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010-05-20 20:04:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-20 20:04:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-20 20:03:38 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Ania\NTUSER.DAT
[2010-05-20 20:03:07 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Ania\ntuser.ini
[2010-05-20 17:33:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-05-20 17:12:21 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-20 17:05:50 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-05-20 16:45:12 | 003,692,173 | R--- | M] () -- C:\Documents and Settings\Ania\Pulpit\ComboFix.exe
[2010-05-20 13:52:24 | 040,688,888 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\D.W.C.I.com
[2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
[2010-05-20 13:23:32 | 040,701,552 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\kg8mtuzg.exe
[2010-05-20 13:14:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.com
[2010-05-20 07:56:23 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Documents and Settings\Ania\Pulpit\spybotsd162.exe
[2010-05-19 20:53:27 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\The Perfect CV.doc
[2010-05-18 11:10:12 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\Miejsca pracy.doc
[2010-05-10 15:04:14 | 000,011,587 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Plan tygodnia.xlsx
[2010-05-10 13:23:11 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\A letter.doc
[2010-05-08 23:45:23 | 000,232,770 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\That's our baby.docx
[2010-05-06 11:40:34 | 000,493,738 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-05-06 11:40:34 | 000,435,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-06 11:40:34 | 000,085,114 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-05-06 11:40:33 | 000,068,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-06 11:40:31 | 001,096,188 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-03 14:20:59 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-05-03 14:20:58 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-04-26 17:04:23 | 000,303,274 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line 2.JPG
[2010-04-26 17:02:38 | 000,314,073 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line.JPG
[2010-04-26 16:59:22 | 000,261,261 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\stacja metra.JPG
[2010-04-26 16:57:49 | 000,262,420 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\biblioteka.JPG
[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010-04-25 20:00:02 | 000,010,456 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Anna Florczyk address.docx
[2010-04-22 11:42:39 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\MP3 Audio Converter.lnk
[2010-04-22 11:34:52 | 000,001,300 | ---- | M] () -- C:\File List.htm
[2010-04-22 10:12:30 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Something.docx
[2010-04-22 08:55:34 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\Ania\Pulpit\*.tmp files -> C:\Documents and Settings\Ania\Pulpit\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Ania\Moje dokumenty\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010-05-20 17:05:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-05-20 17:05:45 | 000,262,400 | ---- | C] () -- C:\cmldr
[2010-05-20 16:57:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-05-20 16:57:50 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-05-20 16:57:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-05-20 16:57:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-05-20 16:57:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-05-20 16:44:24 | 003,692,173 | R--- | C] () -- C:\Documents and Settings\Ania\Pulpit\ComboFix.exe
[2010-05-20 13:44:11 | 040,688,888 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\D.W.C.I.com
[2010-05-20 13:19:44 | 040,701,552 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\kg8mtuzg.exe
[2010-05-18 11:10:10 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\Miejsca pracy.doc
[2010-05-14 20:23:42 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\The Perfect CV.doc
[2010-05-10 15:04:13 | 000,011,587 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Plan tygodnia.xlsx
[2010-05-10 13:19:31 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\A letter.doc
[2010-05-08 23:45:18 | 000,232,770 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\That's our baby.docx
[2010-05-03 14:20:59 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-05-03 14:20:58 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
[2010-04-28 13:36:57 | 000,614,534 | ---- | C] () -- C:\WINDOWS\System32\bcmwl5.inf
[2010-04-28 13:36:57 | 000,012,465 | ---- | C] () -- C:\WINDOWS\System32\bcm43xx.cat
[2010-04-28 13:36:57 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2010-04-28 13:36:57 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2010-04-28 13:36:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2010-04-26 17:04:17 | 000,303,274 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line 2.JPG
[2010-04-26 17:02:37 | 000,314,073 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line.JPG
[2010-04-26 16:59:22 | 000,261,261 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\stacja metra.JPG
[2010-04-26 16:57:48 | 000,262,420 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\biblioteka.JPG
[2010-04-25 19:55:09 | 000,010,456 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Anna Florczyk address.docx
[2010-04-22 11:42:39 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\MP3 Audio Converter.lnk
[2010-04-22 11:34:52 | 000,001,300 | ---- | C] () -- C:\File List.htm
[2010-04-21 19:46:18 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Something.docx
[2009-05-10 18:46:57 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008-10-23 09:53:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2008-08-05 08:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2008-04-23 15:34:50 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2008-03-31 09:00:39 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-03-28 13:33:30 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008-03-26 16:56:08 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-03-26 10:42:55 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2008-03-26 09:51:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4924.dll
[2008-02-29 06:14:04 | 000,223,744 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2008-02-21 04:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-02-21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008-02-21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008-02-21 04:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2004-05-22 02:44:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002-10-16 00:54:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001-07-07 04:00:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
< End of report >

Ale ta reinstalacja systemu nie jest konieczna? Nie chcę tego robić, jeśli to niepotrzebne. Chciałam zrobić instalację nakładkową tylko po, żeby ewentualnie uruchomić część programów. Ale skoro zaczęły działać same z siebie, to już nie muszę tego robić

0

Do góry

#10 ordynat

Zaawansowany użytkownik

804 postów

Napisano 20 05 2010 - 20:50

Oczywiście, że skoro programy działają OK, to reinstalacja nie jest potrzebna.

Ale coś musiało jednak powodować te problemy.
Sprawdź jeszcze przy pomocy "Dr.Webcureit", tak na wszelki wypadek.

[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
[2010-04-28 13:36:57 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2010-04-28 13:36:57 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2010-04-28 13:36:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT

Sprawdź któryś z tych plików na -> JOTTI/ albo na VIRUSTOTAL.
albo na VIRSCAN
Prawdopodobnie będzie "dobry" ...

.

0

Do góry

#11 Anania

Początkujący

44 postów

Napisano 21 05 2010 - 11:54

Dzięki za pomoc. Nie mogę zrobić skanu za pomocą Dr Webcureit. Przy skanowaniu pliku nr 4220 komputer mi się zawiesza. Próbowałam kilka razy i zawsze jest tak samo. Spróbuję może czegoś innego.
Przeskanowałam kilka wskazanych plików za pomocą VirusTotal. Wszystko czyste.
Zrobiłam skan przy użyciu HijackThis

Oto log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:59:40, on 2010-05-21
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\DOCUME~1\Ania\USTAWI~1\Temp\RtkBtMnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Ania\Moje dokumenty\Aplikacje - Help\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

--
End of file - 7560 bytes

Użytkownik Anania edytował ten post 21 05 2010 - 12:20

0

Do góry

#12 ordynat

Zaawansowany użytkownik

804 postów

Napisano 21 05 2010 - 12:30

Logi z Hijacka w dzisiejszych czasach to nadają się tylko do pokazywania wnukom, jak to kiedyś szukano infekcji.

Skanowanie "Dr.Webcureit" zaleciłem po to, by dowiedzieć się , czy nie masz jakiegoś wirusa zarażającego wszystkie pliki .exe. Większość z takich wirusów nie jest widzialna w żadnych logach, wykryć je mogą tylko skanery Antivirusowe.
.