Avake Opublikowano 29 Sierpnia 2010 Zgłoś Udostępnij Opublikowano 29 Sierpnia 2010 Witam, mam problem z niechcianymi, pojawiającymi się podczas przeglądania sieci reklamami. Chodzi o to, że często klikając np. w jakąś stronę w google, przekierowuję mnie na np. stronę grooveswish.com. CZęsto przeglądając jakieś strony, pojawia się reklama celldorado.com, jakieś khan warsy czy strony porno. MBAM nic nie wykrył, a skanując Spyware Doctorem znalazłem coś takiego: Czym zeskanować komputer aby być pewnym, że nic na nim nie mam i jak sobie poradzić z tymi reklamami. Log z OTL: OTL logfile created on: 2010-08-29 18:19:03 - Run 3OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\user\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,11 Gb Total Space | 17,54 Gb Free Space | 47,28% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 37,41 Gb Total Space | 36,91 Gb Free Space | 98,66% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 333,37 Gb Free Space | 71,58% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOM Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-08-29 18:15:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Pulpit\OTL.exe PRC - [2010-08-11 19:04:28 | 000,208,389 | ---- | M] () -- G:\Dysk\Warcraft III\DCGExtensionScript1.2.exe PRC - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010-06-01 19:00:52 | 001,778,480 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2010-04-01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010-03-11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010-03-02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010-02-24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009-03-13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files\Everything\Everything.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005-09-22 17:34:02 | 000,094,208 | ---- | M] (Panasonic Communications Co.,Ltd.) -- C:\Program Files\Panasonic\KX-FLB800_FLM650 Series\ResPcDev.exe PRC - [2004-12-27 16:08:14 | 000,303,104 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe PRC - [2004-08-03 05:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE PRC - [2004-02-24 16:15:58 | 000,069,632 | ---- | M] (Panasonic) -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe PRC - [2002-10-30 11:40:34 | 000,028,672 | R--- | M] () -- C:\WINDOWS\htpatch.exe ========== Modules (SafeList) ========== MOD - [2010-08-29 18:15:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Pulpit\OTL.exe MOD - [2010-06-01 19:00:52 | 000,278,288 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010-06-10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010-06-01 19:00:52 | 001,778,480 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2010-04-01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010-03-11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010-02-24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2004-08-03 05:33:14 | 000,036,864 | ---- | M] (Panasonic Communications Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\LocalCom\LMSRVNT.EXE -- (Panasonic Local Printer Service) SRV - [2004-02-24 16:15:58 | 000,069,632 | ---- | M] (Panasonic) [Auto | Running] -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750obex.sys -- (k750obex) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750mgmt.sys -- (k750mgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750mdm.sys -- (k750mdm) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750mdfl.sys -- (k750mdfl) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\USTAWI~1\Temp\YLX22A.tmp -- (GarenaPEngine) DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\FO_PAnt.sys -- (FO_PAnt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\USTAWI~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\adiusbaw.sys -- (adiusbaw) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys) DRV - [2010-06-04 11:55:58 | 000,229,312 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2010-06-01 19:00:24 | 000,087,824 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect) DRV - [2010-06-01 19:00:22 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2010-03-01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010-02-16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-02-11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009-05-11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009-05-11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008-05-22 14:21:46 | 000,016,896 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lycosa.sys -- (LycoFltr) DRV - [2008-04-13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008-04-13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Sterownik audio USB (WDM) DRV - [2007-04-17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi) DRV - [2007-04-12 06:46:50 | 000,010,880 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr) DRV - [2007-01-18 22:04:33 | 000,068,961 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer) DRV - [2005-08-02 23:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2005-04-25 11:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b) DRV - [2004-04-30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s) DRV - [2004-03-08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2003-12-08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003-12-08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) DRV - [2003-10-10 16:06:26 | 000,062,720 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2003-10-10 15:06:24 | 000,052,128 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003-09-06 14:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1) DRV - [2003-04-23 09:47:26 | 000,918,290 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2002-10-31 05:58:42 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP) DRV - [2002-10-09 14:53:54 | 000,043,904 | ---- | M] (Alfa Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AFPAnsi.sys -- (AFPAnsi) DRV - [2002-07-10 17:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 22:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) DRV - [1999-09-10 14:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1409082233-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1409082233-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ IE - HKU\S-1-5-21-1409082233-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1409082233-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1409082233-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.pl" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100823 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.2.3 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1 FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: kempelton-fx@arvidaxelsson.se:3.2.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-29 14:57:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-08-29 14:56:44 | 000,000,000 | ---D | M] [2010-08-29 14:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions [2010-08-29 18:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\kqzllvf8.default\extensions [2010-08-29 18:00:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\kqzllvf8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-08-29 15:19:47 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\kqzllvf8.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2010-08-29 15:19:49 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\kqzllvf8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010-08-29 15:19:49 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\kqzllvf8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010-08-29 15:19:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\kqzllvf8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010-08-29 15:19:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\kqzllvf8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-08-29 15:19:48 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\kqzllvf8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010-08-29 18:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\kqzllvf8.default\extensions\kempelton-fx@arvidaxelsson.se [2010-08-29 14:56:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-07-23 02:41:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-07-23 02:41:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-07-23 02:41:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-07-23 02:41:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-07-23 02:41:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-07-23 02:41:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-05-11 13:24:51 | 000,002,854 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 173.232.108.157 www.google.com O1 - Hosts: 173.232.108.157 google.com O1 - Hosts: 173.232.108.157 google.com.au O1 - Hosts: 173.232.108.157 www.google.com.au O1 - Hosts: 173.232.108.157 google.be O1 - Hosts: 173.232.108.157 www.google.be O1 - Hosts: 173.232.108.157 google.com.br O1 - Hosts: 173.232.108.157 www.google.com.br O1 - Hosts: 173.232.108.157 google.ca O1 - Hosts: 38 more lines... O3 - HKU\S-1-5-21-1409082233-261478967-839522115-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe () O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe () O4 - HKLM..\Run: [Panasonic Device Manager for KX-FLB800/FLM650 Series] C:\Program Files\Panasonic\KX-FLB800_FLM650 Series\ResPcDev.exe (Panasonic Communications Co.,Ltd.) O4 - HKLM..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe (Panasonic Communications Co., Ltd.) O4 - HKLM..\Run: [Panasonic PCFAX for KX-FLB800/FLM650 Series] C:\Program Files\Panasonic\KX-FLB800_FLM650 Series\KmPcFax.exe (Panasonic Communications Co.,Ltd.) O4 - HKLM..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.) O4 - Startup: C:\Documents and Settings\user\Menu Start\Programy\Autostart\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1409082233-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1409082233-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1409082233-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: wc3 keys = G:\Dysk\Warcraft III\DCGExtensionScript1.2.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1409082233-261478967-839522115-1003\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://82.170.187.115/activex/AMC.cab (AxisMediaControlEmb Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-08-29 18:16:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Moje dokumenty\Pobieranie [2010-08-29 18:15:44 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Pulpit\OTL.exe [2010-08-29 14:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla [2010-08-29 14:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010-08-28 17:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010-08-23 20:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Axis Communications [2010-08-16 22:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Moje dokumenty\gegl-0.0 [2010-08-16 13:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\COMODO [2010-08-16 13:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2010-08-15 18:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Avira [2010-08-15 18:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\QuickScan [2010-08-15 16:14:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-08-15 16:14:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-08-15 16:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-08-15 15:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\DoctorWeb [2010-08-14 12:18:39 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll [2010-08-14 12:18:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll [2010-08-14 12:18:37 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll [2010-08-14 12:18:36 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll [2010-08-14 12:18:35 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll [2010-08-14 12:18:34 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll [2010-08-14 12:18:34 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll [2010-08-14 12:18:32 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll [2010-08-14 12:18:31 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll [2010-08-14 12:18:31 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll [2010-08-14 12:18:30 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll [2010-08-14 12:18:29 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll [2010-08-14 12:18:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll [2010-08-14 12:18:27 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll [2010-08-14 12:18:26 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll [2010-08-14 12:18:24 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll [2010-08-14 12:18:23 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll [2010-08-14 12:18:22 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll [2010-08-14 12:18:21 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll [2010-08-14 12:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2010-08-13 23:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\PMB Files [2010-08-13 23:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2010-08-13 23:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2010-08-12 20:02:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis [2010-08-12 20:01:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Corel [2010-08-12 19:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\VOX BOX 2.14 [2010-08-12 17:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI [2010-08-12 15:06:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010-08-12 15:06:08 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010-08-12 15:06:08 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010-08-12 15:06:08 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010-08-12 15:06:08 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010-08-12 15:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2010-08-12 15:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira [2010-08-12 13:49:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-08-12 13:49:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-08-12 13:49:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-08-12 13:49:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-08-12 13:49:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-08-11 13:43:38 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll [2010-08-11 13:43:38 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll [2010-08-11 13:43:36 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qedit.dll [2010-08-11 13:43:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax [2010-08-11 13:43:35 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdvd.dll [2010-08-11 13:43:35 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qdv.dll [2010-08-11 13:43:35 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qcap.dll [2010-08-11 13:43:35 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\devenum.dll [2010-08-11 13:43:34 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll [2010-08-11 13:43:34 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll [2010-08-11 13:43:34 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll [2010-08-11 13:43:34 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll [2010-08-11 13:43:34 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll [2010-08-11 13:43:34 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll [2010-08-11 13:43:34 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll [2010-08-11 13:43:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll [2010-08-11 13:43:34 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll [2010-08-11 13:43:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll [2010-08-11 13:43:33 | 001,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll [2010-08-11 13:43:32 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe [2010-08-11 13:43:30 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll [2010-08-11 13:43:30 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll [2010-08-11 13:43:30 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll [2010-08-11 13:43:29 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll [2010-08-11 13:43:29 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe [2010-08-11 13:43:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll [2010-08-11 13:43:28 | 001,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll [2010-08-11 13:43:28 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll [2010-08-11 13:43:28 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll [2010-08-11 13:43:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll [2010-08-11 13:43:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll [2010-08-11 13:43:28 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe [2010-08-11 13:43:28 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll [2010-08-11 13:43:28 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll [2010-08-11 13:43:28 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll [2010-08-11 13:43:27 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll [2010-08-11 13:43:27 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll [2010-08-11 13:43:27 | 000,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll [2010-08-11 13:43:27 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll [2010-08-11 13:43:27 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll [2010-08-11 13:43:27 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll [2010-08-11 13:43:27 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll [2010-08-11 13:43:27 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl [2010-08-11 13:43:27 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll [2010-08-11 13:43:27 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll [2010-08-11 13:43:27 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe [2010-08-11 13:43:27 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll [2010-08-10 14:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\.thumbnails [2010-08-09 20:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Opera [2010-08-08 17:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Moje dokumenty\StarCraft II.temp [2010-08-08 16:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Corel [2010-08-01 09:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities [2010-08-01 09:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Garena [2010-02-24 21:49:29 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\user\Dane aplikacji\pcouffin.sys [2006-02-10 19:28:45 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys [2006-02-10 19:28:45 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys ========== Files - Modified Within 30 Days ========== [2010-08-29 18:16:54 | 011,534,336 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat [2010-08-29 18:15:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Pulpit\OTL.exe [2010-08-29 18:15:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-08-29 18:12:43 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2010-08-29 18:12:19 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-08-29 18:12:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-08-29 18:12:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-08-29 18:10:46 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini [2010-08-29 17:56:03 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-261478967-839522115-1003UA.job [2010-08-29 15:21:31 | 004,813,574 | -H-- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-08-29 11:56:05 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-261478967-839522115-1003Core.job [2010-08-29 10:52:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010-08-29 10:52:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010-08-28 15:52:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\Menu Start\Programy\Autostart\CurseClientStartup.ccip [2010-08-28 08:47:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010-08-28 04:52:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010-08-27 22:52:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010-08-27 16:52:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010-08-27 13:59:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-08-16 22:03:29 | 000,000,935 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010-08-16 15:18:54 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys [2010-08-16 15:18:53 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\A7B69BD028.sys [2010-08-13 10:20:15 | 001,551,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-08-12 20:06:35 | 000,070,480 | ---- | M] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-08-12 16:59:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-08-12 13:41:40 | 001,079,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-08-12 13:41:40 | 000,503,508 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-08-12 13:41:40 | 000,444,336 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-08-12 13:41:40 | 000,089,990 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-08-12 13:41:40 | 000,072,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-08-11 19:51:08 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\user\.recently-used.xbel [2010-08-10 12:58:22 | 011,010,048 | ---- | M] () -- C:\Documents and Settings\user\ntuser.dat.gbck [2010-08-08 22:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job [2010-08-08 16:19:35 | 000,000,040 | -H-- | M] () -- C:\WINDOWS\System32\ivireg.ivr [2010-08-08 14:25:25 | 000,000,011 | R--- | M] () -- C:\WINDOWS\amunres.lsl [2010-08-01 09:13:10 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.FRE ========== Files Created - No Company Name ========== [2010-08-28 15:52:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Menu Start\Programy\Autostart\CurseClientStartup.ccip [2010-08-15 11:51:20 | 000,001,128 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-261478967-839522115-1003UA.job [2010-08-15 11:51:19 | 000,001,076 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-261478967-839522115-1003Core.job [2010-08-12 17:01:47 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2010-08-12 15:25:45 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\user\wrapper.txt [2010-08-12 13:49:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-08-12 13:49:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-08-12 13:49:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-08-12 13:49:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-08-12 13:49:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-08-11 19:51:08 | 000,002,221 | ---- | C] () -- C:\Documents and Settings\user\.recently-used.xbel [2010-08-11 13:43:36 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll [2010-08-11 13:43:36 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll [2010-08-11 13:43:35 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax [2010-08-11 13:43:35 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll [2010-08-11 13:43:35 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll [2010-08-11 13:38:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-08-08 16:21:22 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\KGyGaAvL.sys [2010-08-08 16:21:22 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\A7B69BD028.sys [2010-08-08 16:19:34 | 000,000,040 | -H-- | C] () -- C:\WINDOWS\System32\ivireg.ivr [2010-08-08 14:25:25 | 000,000,011 | R--- | C] () -- C:\WINDOWS\amunres.lsl [2010-08-01 09:27:28 | 000,000,308 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2010-06-29 17:38:51 | 001,497,856 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-03-22 17:45:03 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\user\Dane aplikacji\myMPQ.ini [2010-02-26 22:30:09 | 000,000,000 | -H-- | C] () -- C:\Program Files\Default.rdp [2010-02-24 21:49:29 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\user\Dane aplikacji\inst.exe [2010-02-24 21:49:29 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\user\Dane aplikacji\pcouffin.cat [2010-02-24 21:49:29 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\user\Dane aplikacji\pcouffin.inf [2010-02-24 19:37:02 | 680,456,660 | ---- | C] () -- C:\Program Files\data2.cab.partial [2010-02-24 19:37:02 | 001,669,931 | ---- | C] () -- C:\Program Files\setup.isn.partial [2010-02-24 19:37:02 | 000,802,304 | ---- | C] () -- C:\Program Files\setup.exe.partial [2010-02-24 19:37:02 | 000,576,000 | ---- | C] () -- C:\Program Files\ISSetup.dll.partial [2010-02-24 19:37:02 | 000,255,768 | ---- | C] () -- C:\Program Files\setup.inx.partial [2010-02-24 19:37:02 | 000,001,224 | ---- | C] () -- C:\Program Files\setup.ini.partial [2010-02-24 19:37:02 | 000,000,473 | ---- | C] () -- C:\Program Files\layout.bin.partial [2010-02-24 19:37:01 | 001,061,129 | ---- | C] () -- C:\Program Files\data1.cab.partial [2010-02-24 19:37:01 | 000,354,857 | ---- | C] () -- C:\Program Files\data1.hdr.partial [2010-02-24 19:37:01 | 000,021,494 | ---- | C] () -- C:\Program Files\0x0409.ini.partial [2009-10-25 19:03:43 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-10-25 19:03:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-10-25 19:03:39 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-10-25 19:03:38 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-10-25 19:03:38 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-10-25 19:03:38 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-04-08 14:39:31 | 000,257,536 | ---- | C] () -- C:\WINDOWS\libspeex.dll [2009-04-08 14:37:20 | 000,133,120 | ---- | C] () -- C:\WINDOWS\hvdi.dll [2008-01-23 21:28:27 | 000,000,290 | ---- | C] () -- C:\WINDOWS\PanaFLB800_FLM650.ini [2008-01-23 21:28:23 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll [2007-01-18 22:04:34 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini [2007-01-18 22:04:33 | 000,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll [2006-04-01 18:08:11 | 000,000,308 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2006-02-21 22:35:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI [2006-02-18 19:32:19 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\addr_file.html [2006-02-06 18:04:52 | 000,000,534 | ---- | C] () -- C:\WINDOWS\netdet.ini [2006-01-15 18:31:23 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini [2006-01-14 16:43:40 | 000,000,021 | ---- | C] () -- C:\WINDOWS\kit.ini [2005-12-05 15:39:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2005-11-08 19:58:22 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005-11-08 19:07:51 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2005-10-21 13:50:41 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI [2005-10-17 19:19:52 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2005-09-10 16:33:53 | 000,000,195 | ---- | C] () -- C:\WINDOWS\Encyklopedia.INI [2005-08-02 23:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2005-07-05 12:19:22 | 000,000,046 | ---- | C] () -- C:\WINDOWS\adiras.ini [2005-04-18 16:08:02 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI [2005-03-18 17:41:32 | 000,000,020 | ---- | C] () -- C:\WINDOWS\prefs_zb.dll [2005-03-18 17:23:24 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\Vbe.dll [2005-03-18 17:17:22 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [2005-03-18 17:17:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2005-02-26 20:39:26 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll [2005-02-26 20:39:26 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2005-01-15 17:10:22 | 000,000,935 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004-12-27 16:48:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004-10-29 17:28:37 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2004-10-02 08:15:46 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2004-08-12 09:27:37 | 000,212,480 | ---- | C] () -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004-07-12 00:32:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MP3IFilter.dll [2003-12-21 08:47:54 | 000,151,056 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL [2003-12-21 08:47:54 | 000,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21.DLL [2003-12-21 08:47:54 | 000,050,016 | ---- | C] () -- C:\WINDOWS\System32\IYVU9.DLL [2003-12-21 08:47:54 | 000,018,384 | ---- | C] () -- C:\WINDOWS\System32\DCISVGA.DRV [2003-11-10 21:45:31 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2003-11-07 17:10:26 | 000,004,376 | ---- | C] () -- C:\WINDOWS\hpdj5600.ini [2003-11-07 16:17:47 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2003-11-07 16:17:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2003-11-07 16:17:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2003-11-07 16:16:43 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL [2003-11-07 16:16:43 | 000,003,072 | R--- | C] () -- C:\WINDOWS\winio.sys [2003-11-07 16:14:06 | 000,002,133 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2003-11-07 16:14:04 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009-09-17 20:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2010-02-26 22:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2005-12-24 22:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-06-27 15:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-05-12 14:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IconTweaker [2010-05-10 17:14:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MSTFENAPE [2005-01-16 11:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NFS Underground Demo [2010-07-15 15:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-07-04 12:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Panda Security [2010-08-14 09:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2008-12-01 22:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Razer [2010-01-21 19:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Seagate [2007-10-09 15:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\stamina [2010-08-29 17:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-07-05 10:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2010-04-27 21:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009-09-13 17:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009-04-17 19:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010-07-05 10:10:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2008-01-25 16:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Panasonic [2010-06-05 19:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\.purple [2010-06-07 18:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\.wtw [2010-02-26 22:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Canneverbe Limited [2007-12-05 21:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Dev-Cpp [2010-05-24 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\DiskSpaceFan [2009-09-17 20:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\EurekaLog [2010-08-08 22:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\foobar2000 [2006-02-04 16:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\FUJIFILM [2010-05-18 15:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\GlarySoft [2010-08-11 19:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\gtk-2.0 [2005-01-24 19:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\InterTrust [2010-08-10 17:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\IObit [2010-02-08 21:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Leadertech [2010-07-23 14:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Notepad++ [2010-06-27 15:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\OpenFM [2008-01-23 21:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Panasonic [2010-08-15 18:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\QuickScan [2008-12-15 20:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Razer [2008-06-29 13:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Teleca [2006-03-26 20:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Thunderbird [2010-07-05 10:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\TuneUp Software [2010-08-29 12:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\uTorrent [2009-01-18 21:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Visual Styler [2010-02-26 23:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Vso [2010-08-29 10:52:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job [2010-08-27 16:52:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job [2010-08-27 22:52:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job [2010-08-28 04:52:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job [2010-08-29 10:52:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010-08-29 18:12:43 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job [2010-08-08 22:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1FF64EFC @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E6F9610D @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report > Extras: OTL Extras logfile created on: 2010-08-29 18:19:03 - Run 3OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\user\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,11 Gb Total Space | 17,54 Gb Free Space | 47,28% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 37,41 Gb Total Space | 36,91 Gb Free Space | 98,66% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 333,37 Gb Free Space | 71,58% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOM Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1409082233-261478967-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "57221:TCP" = 57221:TCP:*:Enabled:Pando Media Booster "57221:UDP" = 57221:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724 "6112:TCP" = 6112:TCP:*:Enabled:WarCraft TCP "6112:UDP" = 6112:UDP:*:Enabled:WarCraft UDP "6881:TCP" = 6881:TCP:*:Enabled:WAR Europe Downloader "6882:TCP" = 6882:TCP:*:Enabled:WAR Europe Downloader "6883:TCP" = 6883:TCP:*:Enabled:WAR Europe Downloader "6884:TCP" = 6884:TCP:*:Enabled:WAR Europe Downloader "6885:TCP" = 6885:TCP:*:Enabled:WAR Europe Downloader "6886:TCP" = 6886:TCP:*:Enabled:WAR Europe Downloader "6887:TCP" = 6887:TCP:*:Enabled:WAR Europe Downloader "6888:TCP" = 6888:TCP:*:Enabled:WAR Europe Downloader "6889:TCP" = 6889:TCP:*:Enabled:WAR Europe Downloader "6969:TCP" = 6969:TCP:*:Enabled:WAR Europe Downloader "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "57221:TCP" = 57221:TCP:*:Enabled:Pando Media Booster "57221:UDP" = 57221:UDP:*:Enabled:Pando Media Booster "8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher "8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe" = C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe:*:Enabled:Panasonic Trap Monitor Service -- (Panasonic) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "G:\Dysk\League of Legends\Air\LolClient.exe" = G:\Dysk\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found "G:\Dysk\League of Legends\Game\League of Legends.exe" = G:\Dysk\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found "G:\Dysk\iTunes\iTunes.exe" = G:\Dysk\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00DC9929-E9CB-40EF-88B8-FCFFF1BF3D17}" = Panasonic Multi-Function Station dla serii KX-FLB800/FLM650 "{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common "{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}" = Komunikator WTW "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish "{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard "{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 20 "{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish "{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English "{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German "{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins "{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French "{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean "{5061C9FB-BA2D-4498-92B6-5459A0E2F6E3}" = Panasonic V1.13.00PL Monitor urządzeń "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010 "{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional "{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek "{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full "{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{875F2DAB-3B03-11D5-AB3E-000102B0F79A}" = Readiris Pro 7.0 "{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New "{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian "{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai "{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All "{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static "{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light "{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa "{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility "{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder Mouse "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "125;_is1" = DAO "593AFD5277FA19E67C70E56534B45B0DDD9ED9FE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/11/2007 1.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AXIS Media Control Embedded" = AXIS Media Control Embedded "C-Media Audio" = C-Media 3D Audio "DotAlicious Gaming Client" = DotAlicious Gaming Client "Everything" = Everything 1.2.1.371 "foobar2000" = foobar2000 v1.0.2.1 "Game Booster_is1" = Game Booster "Garena" = Garena 2010 "Glary Utilities_is1" = Glary Utilities 2.27.0.982 "Guild Wars" = Guild Wars "ie8" = Windows Internet Explorer 8 "KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Corporate) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Notepad++" = Notepad++ "Odkurzacz 12.3_is1" = Odkurzacz 12.3 "Picasa 3" = Picasa 3 "SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver "ST4UNST #1" = Visual Basic 4 Runtime Files "ST4UNST #2" = Runtime Files Pack 3 "Starcraft" = Starcraft "The KMPlayer" = The KMPlayer (remove only) "uTorrent" = µTorrent "VOX BOX 2.14" = VOX BOX 2.14 "Warcraft III" = Warcraft III "WGA" = Windows Genuine Advantage Validation Tool "WIC" = Windows Imaging Component "Windows Media Encoder 7" = Windows Media Encoder 7.1 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.9 "WinPcapInst" = WinPcap 3.1 "WinRAR archiver" = Archiwizator WinRAR "World of Warcraft" = World of Warcraft ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1409082233-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "Google Chrome" = Google Chrome "IconTweaker" = IconTweaker 1.11 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2010-08-27 13:49:57 | Computer Name = DOM | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd cooliris.dll, wersja 1.11.0.0, adres błędu 0x00127e77. Error - 2010-08-28 15:20:28 | Computer Name = DOM | Source = Bonjour Service | ID = 100 Description = 248: ERROR: read_msg errno 10054 (Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.) Error - 2010-08-29 06:13:20 | Computer Name = DOM | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd cooliris.dll, wersja 1.11.0.0, adres błędu 0x00254691. Error - 2010-08-29 08:05:00 | Computer Name = DOM | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x006c000b. Error - 2010-08-29 09:05:46 | Computer Name = DOM | Source = Bonjour Service | ID = 100 Description = 280: ERROR: read_msg errno 10054 (Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.) Error - 2010-08-29 09:05:46 | Computer Name = DOM | Source = Bonjour Service | ID = 100 Description = 296: ERROR: read_msg errno 10054 (Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.) Error - 2010-08-29 09:05:46 | Computer Name = DOM | Source = Bonjour Service | ID = 100 Description = 684: ERROR: read_msg errno 10054 (Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.) Error - 2010-08-29 09:05:46 | Computer Name = DOM | Source = Bonjour Service | ID = 100 Description = 452: ERROR: read_msg errno 10054 (Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.) Error - 2010-08-29 09:05:46 | Computer Name = DOM | Source = Bonjour Service | ID = 100 Description = 696: ERROR: read_msg errno 10054 (Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.) Error - 2010-08-29 11:43:41 | Computer Name = DOM | Source = pctsSvc.exe | ID = 0 Description = [ Application Events ] Error - 2010-08-27 13:49:57 | Computer Name = DOM | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd cooliris.dll, wersja 1.11.0.0, adres błędu 0x00127e77. Error - 2010-08-28 15:20:28 | Computer Name = DOM | Source = Bonjour Service | ID = 100 Description = 248: ERROR: read_msg errno 10054 (Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.) Error - 2010-08-29 06:13:20 | Computer Name = DOM | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd cooliris.dll, wersja 1.11.0.0, adres błędu 0x00254691. Error - 2010-08-29 08:05:00 | Computer Name = DOM | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd chrome.exe, wersja 0.0.0.0, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x006c000b. Error - 2010-08-29 09:05:46 | Computer Name = DOM | Source = Bonjour Service | ID = 100 Description = 280: ERROR: read_msg errno 10054 (Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.) Error - 2010-08-29 09:05:46 | Computer Name = DOM | Source = Bonjour Service | ID = 100 Description = 296: ERROR: read_msg errno 10054 (Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.) Error - 2010-08-29 09:05:46 | Computer Name = DOM | Source = Bonjour Service | ID = 100 Description = 684: ERROR: read_msg errno 10054 (Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.) Error - 2010-08-29 09:05:46 | Computer Name = DOM | Source = Bonjour Service | ID = 100 Description = 452: ERROR: read_msg errno 10054 (Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.) Error - 2010-08-29 09:05:46 | Computer Name = DOM | Source = Bonjour Service | ID = 100 Description = 696: ERROR: read_msg errno 10054 (Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta.) Error - 2010-08-29 11:43:41 | Computer Name = DOM | Source = pctsSvc.exe | ID = 0 Description = [ System Events ] Error - 2010-08-29 04:13:35 | Computer Name = DOM | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: FO_PAnt Lbd Error - 2010-08-29 08:31:30 | Computer Name = DOM | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys) z powodu następującego błędu: %%2 Error - 2010-08-29 08:31:30 | Computer Name = DOM | Source = Service Control Manager | ID = 7023 Description = Usługa HID Input Service zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-08-29 08:32:52 | Computer Name = DOM | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: FO_PAnt Lbd Error - 2010-08-29 11:39:36 | Computer Name = DOM | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys) z powodu następującego błędu: %%2 Error - 2010-08-29 11:39:36 | Computer Name = DOM | Source = Service Control Manager | ID = 7023 Description = Usługa HID Input Service zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-08-29 11:40:40 | Computer Name = DOM | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: FO_PAnt Lbd Error - 2010-08-29 12:12:44 | Computer Name = DOM | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi General Purpose USB Driver (adildr.sys) z powodu następującego błędu: %%2 Error - 2010-08-29 12:12:44 | Computer Name = DOM | Source = Service Control Manager | ID = 7023 Description = Usługa HID Input Service zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-08-29 12:12:51 | Computer Name = DOM | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: FO_PAnt Lbd < End of report > Niestety GMER pokazuje coś takiego po włączeniu się i po kilku sekundach skanowania: Rootrepeal zachowuje się identycznie. Do opisu problemu mogę dodać, że teraz często gdy wchodzę w google, pojawia się komunikat, że mój komputer wysyła zautomatyzowane zapytania. Odnośnik do komentarza
picasso Opublikowano 29 Sierpnia 2010 Zgłoś Udostępnij Opublikowano 29 Sierpnia 2010 W logach praktycznie brak oznak czynnej infekcji (nie licząc drobnostek typu modyfikacja pliku HOSTS). Przy opisywanych objawach to sugeruje rootkita, przypuszczalnie MBR / TDL. Niestety GMER pokazuje coś takiego po włączeniu się i po kilku sekundach skanowania: http://img339.images...eztytuu22v.png/Rootrepeal zachowuje się identycznie. 1. Nie wyłączyłeś emulacji wirtualnych napędów od Alcohola (co jest podstawą dla uruchamiania takich narzędzi): DRV - [2005-04-25 11:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b)DRV - [2004-04-30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s) Proszę w Autoruns w karcie Drivers wyszukaj pozycje Vax347b i Vax347s, odptaszkuj je i zresetuj komputer. Ponów próbę skanu w GMER. Również widzę, że jest odpadek po przestarzałym GMER: DRV - [2007-01-18 22:04:33 | 000,068,961 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer) Wywołaj plik C:\WINDOWS\gmer_uninstall.cmd. 2. Dodatkowo poproszę o logi z narzędzi: MBRCheck i Kaspersky TDSSKiller (nie podejmuj w nim żadnej naprawy, wszystko ustaw na Skip, o ile coś zostanie wykryte). . Odnośnik do komentarza
Avake Opublikowano 30 Sierpnia 2010 Autor Zgłoś Udostępnij Opublikowano 30 Sierpnia 2010 Log z MBRCheck: MBRCheck, version 1.2.3© 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Dodatek Service Pack 3 (build 2600) Logical Drives Mask: 0x0000007d Kernel Drivers (total 146): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EE000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A7000 ACPI.sys 0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF7596000 pci.sys 0xF75F7000 isapnp.sys 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF7607000 MountMgr.sys 0xF74D7000 ftdisk.sys 0xF798B000 dmload.sys 0xF74B1000 dmio.sys 0xF770F000 PartMgr.sys 0xF7617000 VolSnap.sys 0xF7499000 atapi.sys 0xF7627000 disk.sys 0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF7479000 fltmgr.sys 0xF7467000 sr.sys 0xF7647000 AFPAnsi.sys 0xF7657000 PxHelp20.sys 0xF7450000 KSecDD.sys 0xF7B52000 Ntfs.sys 0xF743C000 inspect.sys 0xF740F000 \WINDOWS\System32\DRIVERS\NDIS.SYS 0xF7717000 \WINDOWS\System32\DRIVERS\TDI.SYS 0xF771F000 SISAGPX.sys 0xF798D000 sfhlp01.sys 0xF798F000 prosync1.sys 0xF787F000 \WINDOWS\System32\drivers\SCSIPORT.SYS 0xF7667000 prohlp02.sys 0xBA7E6000 Mup.sys 0xF7697000 \SystemRoot\System32\DRIVERS\amdk7.sys 0xB95C9000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xB93F4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF76B7000 \SystemRoot\System32\DRIVERS\imapi.sys 0xBA6F6000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS 0xF76C7000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xF76D7000 \SystemRoot\System32\DRIVERS\redbook.sys 0xB93D1000 \SystemRoot\System32\DRIVERS\ks.sys 0xF77E7000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys 0xB9362000 \SystemRoot\system32\drivers\cmuda.sys 0xB933E000 \SystemRoot\system32\drivers\portcls.sys 0xF76E7000 \SystemRoot\system32\drivers\drmk.sys 0xF77EF000 \SystemRoot\System32\DRIVERS\usbohci.sys 0xB931A000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF77F7000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xF77FF000 \SystemRoot\System32\DRIVERS\sisnic.sys 0xB9239000 \SystemRoot\System32\DRIVERS\smserial.sys 0xF7807000 \SystemRoot\System32\Drivers\Modem.SYS 0xF780F000 \SystemRoot\System32\DRIVERS\fdc.sys 0xF76F7000 \SystemRoot\System32\DRIVERS\serial.sys 0xBA6EA000 \SystemRoot\System32\DRIVERS\serenum.sys 0xB9225000 \SystemRoot\System32\DRIVERS\parport.sys 0xBA6E6000 \SystemRoot\System32\DRIVERS\gameenum.sys 0xF7A9F000 \SystemRoot\system32\drivers\msmpu401.sys 0xF7A9D000 \SystemRoot\System32\DRIVERS\audstub.sys 0xF7586000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xBA6E2000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xB920E000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xF7576000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xF7566000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xB91FD000 \SystemRoot\System32\DRIVERS\psched.sys 0xF7556000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF7817000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF781F000 \SystemRoot\System32\DRIVERS\raspti.sys 0xB91CD000 \SystemRoot\System32\DRIVERS\rdpdr.sys 0xF7546000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF7737000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xF773F000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF79CD000 \SystemRoot\System32\DRIVERS\swenum.sys 0xB9147000 \SystemRoot\System32\DRIVERS\update.sys 0xBA522000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xBA77E000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA76E000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF79EF000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xF794B000 \SystemRoot\system32\drivers\MODEMCSA.sys 0xF7757000 \SystemRoot\System32\DRIVERS\flpydisk.sys 0xB1057000 \SystemRoot\System32\DRIVERS\cmdguard.sys 0xF7A03000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xB943C000 \SystemRoot\System32\Drivers\Null.SYS 0xF7A05000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7767000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF776F000 \SystemRoot\System32\drivers\vga.sys 0xF7A07000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7A09000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7777000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF777F000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA7A2000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xB1024000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xB0FCB000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xF7787000 \SystemRoot\System32\DRIVERS\cmdhlp.sys 0xB0FA3000 \SystemRoot\System32\DRIVERS\netbt.sys 0xB0F81000 \SystemRoot\System32\drivers\afd.sys 0xBA72E000 \SystemRoot\System32\DRIVERS\netbios.sys 0xF778F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xB0EB6000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xBA70E000 \SystemRoot\System32\drivers\prodrv06.sys 0xB0E1E000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xBA6FE000 \SystemRoot\System32\Drivers\Fips.SYS 0xB0DF8000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xB0DD6000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xB9F49000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xF7993000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0xF77A7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xB0DB2000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xF793F000 \SystemRoot\system32\drivers\dadder.sys 0xF7943000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xB9F09000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF77AF000 \SystemRoot\System32\DRIVERS\usbccgp.sys 0xBA7BA000 \SystemRoot\System32\DRIVERS\mouhid.sys 0xF77CF000 \SystemRoot\System32\Drivers\Lycosa.sys 0xB9EE9000 \SystemRoot\system32\drivers\usbaudio.sys 0xBA7B6000 \SystemRoot\system32\DRIVERS\usbscan.sys 0xF77D7000 \SystemRoot\System32\DRIVERS\usbprint.sys 0xBA7A6000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xB0D22000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79EB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB0EA6000 \SystemRoot\System32\drivers\Dxapi.sys 0xB10FD000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xB9980000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF065000 \SystemRoot\System32\ati2cqag.dll 0xBF0FE000 \SystemRoot\System32\atikvmag.dll 0xBF182000 \SystemRoot\System32\atiok3x2.dll 0xBF1CD000 \SystemRoot\System32\ati3duag.dll 0xBF572000 \SystemRoot\System32\ativvaxx.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xAEBF5000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xAE858000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xAE81B000 \SystemRoot\system32\drivers\wdmaud.sys 0xAEC5A000 \SystemRoot\system32\drivers\sysaudio.sys 0xF799B000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xAE971000 \SystemRoot\System32\Drivers\Aspi32.SYS 0xAE3EA000 \SystemRoot\System32\DRIVERS\srv.sys 0xF79E9000 \??\C:\WINDOWS\system32\drivers\regi.sys 0xAE489000 \SystemRoot\System32\DRIVERS\secdrv.sys 0xADEA9000 \SystemRoot\System32\Drivers\HTTP.sys 0xB10D5000 \SystemRoot\System32\Drivers\TDTCP.SYS 0xADDE6000 \SystemRoot\System32\Drivers\RDPWD.SYS 0xADA97000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 38): 0 System Idle Process 4 System 536 C:\WINDOWS\system32\smss.exe 628 csrss.exe 660 C:\WINDOWS\system32\winlogon.exe 704 C:\WINDOWS\system32\services.exe 716 C:\WINDOWS\system32\lsass.exe 884 C:\WINDOWS\system32\ati2evxx.exe 904 C:\WINDOWS\system32\svchost.exe 956 svchost.exe 1044 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 1112 C:\WINDOWS\system32\svchost.exe 1260 C:\WINDOWS\system32\ati2evxx.exe 1364 svchost.exe 1564 svchost.exe 1628 C:\WINDOWS\system32\spoolsv.exe 1688 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1728 C:\WINDOWS\explorer.exe 1732 svchost.exe 1876 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1920 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1984 C:\Program Files\Bonjour\mDNSResponder.exe 268 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 284 C:\Program Files\Java\jre6\bin\jqs.exe 492 C:\PROGRA~1\PANASO~1\LocalCom\LMSRVNT.EXE 564 C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe 912 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 760 C:\WINDOWS\htpatch.exe 1332 C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe 1352 C:\Program Files\Panasonic\KX-FLB800_FLM650 Series\ResPcDev.exe 1524 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1544 C:\WINDOWS\system32\svchost.exe 1560 G:\Dysk\iTunes\iTunesHelper.exe 1696 C:\WINDOWS\system32\ctfmon.exe 1060 wdfmgr.exe 3460 alg.exe 920 C:\Program Files\iPod\bin\iPodService.exe 2208 C:\Documents and Settings\user\Pulpit\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000009`46d85600 (NTFS) \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: ST380011A, Rev: 3.06 PhysicalDrive1 Model Number: SeagateFreeAgent, Rev: 0138 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 858845D53EA37CAD905BAB010542C912FBC33C8C 465 GB \\.\PhysicalDrive1 MBR Code Faked! SHA1: 31ABC6F76EA6A7FD5B12BF4901243A3546141C86 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: TDSSKiller nic nie wykrył GMER log: http://wklej.org/id/383286/ Odnośnik do komentarza
picasso Opublikowano 30 Sierpnia 2010 Zgłoś Udostępnij Opublikowano 30 Sierpnia 2010 TDSSKiller nic nie wykrył Skan Boot sectorów był zaznaczony? Log z MBRCheck sugeruje infekcję: Size Device Name MBR Status--------------------------------------------74 GB \\.\PhysicalDrive0 Windows XP MBR code detectedSHA1: 858845D53EA37CAD905BAB010542C912FBC33C8C465 GB \\.\PhysicalDrive1 MBR Code Faked!SHA1: 31ABC6F76EA6A7FD5B12BF4901243A3546141C86 1. Zgodnie z opisem narzędzia MBRCheck przeprowadź naprawę MBR odpowiadając wg schematu na pytania w następujący sposób: wprowadź Y, wklep liczbę 2, wklep numer dysku 1, wklep sygnaturę XP czyli numer 1, zatwierdź przez YES i reset komputera. 2. Po restarcie zrób mały skrypt do OTL usuwający wtórne przyrosty. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :Commands [resethosts] [emptyflash] [emptytemp] Uruchom przez Wykonaj skrypt. Po restarcie otrzymasz z tego log. 3. Wytwarzasz nowe logi do wglądu z: OTL, GMER i MBRCheck. Dołącz log powstały z usuwania w punkcie 2. Podsumuj czy po naprawach problem ustąpił ... . Odnośnik do komentarza
Avake Opublikowano 31 Sierpnia 2010 Autor Zgłoś Udostępnij Opublikowano 31 Sierpnia 2010 Log z otl po wykonaniu skryptu: http://wklej.org/id/383904/ OTL: http://wklej.org/id/383905/ Extras OTL: http://wklej.org/id/383910/ MBRcheck: http://wklej.org/id/383906/ GMER: http://wklej.org/id/383907/ Odnośnik do komentarza
picasso Opublikowano 31 Sierpnia 2010 Zgłoś Udostępnij Opublikowano 31 Sierpnia 2010 Bez zmian: Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 858845D53EA37CAD905BAB010542C912FBC33C8C 465 GB \\.\PhysicalDrive1 MBR Code Faked! SHA1: 31ABC6F76EA6A7FD5B12BF4901243A3546141C86 Zmiana metody. 1. Pobierz i uruchom zgodnie z wytycznymi ComboFix. 2. Przedstaw log, który utworzy. Po ukończeniu pracy ComboFix dodaj także nowy log z MBRCheck. . Odnośnik do komentarza
Avake Opublikowano 1 Września 2010 Autor Zgłoś Udostępnij Opublikowano 1 Września 2010 Log z CF: ComboFix 10-08-31.02 - user 2010-09-01 17:31:52.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.1114 [GMT 2:00] Uruchomiony z: c:\documents and settings\user\Pulpit\ComboFix.exe AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00CD-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00F1-0D24-347CA8A3377C} AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\user\Dane aplikacji\EurekaLog c:\documents and settings\user\Dane aplikacji\inst.exe . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AFPANSI -------\Service_AFPAnsi ((((((((((((((((((((((((( Pliki utworzone od 2010-08-01 do 2010-09-01 ))))))))))))))))))))))))))))))) . 2010-08-31 17:09 . 2010-08-31 17:09 -------- d-----w- C:\_OTL 2010-08-28 15:25 . 2010-08-28 15:25 -------- d-----w- c:\program files\iPod 2010-08-23 18:31 . 2010-08-23 18:31 -------- d-----w- c:\program files\Axis Communications 2010-08-16 11:11 . 2010-08-16 11:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\COMODO 2010-08-16 11:07 . 2010-08-16 11:07 -------- d-----w- c:\program files\COMODO 2010-08-15 16:04 . 2010-08-15 16:08 -------- d-----w- c:\documents and settings\user\Dane aplikacji\QuickScan 2010-08-15 14:14 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-15 14:14 . 2010-08-27 14:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-15 14:14 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-15 13:02 . 2010-08-28 13:30 -------- d-----w- c:\documents and settings\user\DoctorWeb 2010-08-14 10:13 . 2010-08-14 10:16 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-08-14 06:47 . 2010-08-14 06:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-08-13 21:28 . 2010-08-16 20:19 -------- d-----w- c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\PMB Files 2010-08-13 21:28 . 2010-08-14 07:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PMB Files 2010-08-13 21:27 . 2010-08-13 21:27 -------- d-----w- c:\program files\Pando Networks 2010-08-12 18:02 . 2010-08-12 18:02 -------- d-----w- c:\program files\Common Files\Protexis 2010-08-12 18:01 . 2010-08-12 18:01 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Corel 2010-08-12 17:11 . 2010-08-13 10:54 -------- d-----w- c:\program files\VOX BOX 2.14 2010-08-12 15:20 . 2010-08-12 15:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI 2010-08-12 15:01 . 2010-02-10 19:20 593920 ------w- c:\windows\system32\ati2sgag.exe 2010-08-11 11:38 . 2010-08-12 14:59 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-10 12:09 . 2010-08-10 12:09 -------- d-----w- c:\documents and settings\user\.thumbnails 2010-08-09 18:04 . 2010-08-09 18:04 -------- d-----w- c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Opera 2010-08-08 14:21 . 2010-08-08 14:21 -------- d-----w- c:\documents and settings\user\Corel . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-01 15:24 . 2010-05-23 08:27 -------- d-----w- c:\program files\Everything 2010-08-29 15:44 . 2007-12-11 20:47 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-08-29 10:00 . 2008-03-31 13:45 -------- d-----w- c:\documents and settings\user\Dane aplikacji\uTorrent 2010-08-28 22:00 . 2010-06-29 15:38 1497856 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2010-08-28 15:25 . 2010-06-26 13:38 -------- d-----w- c:\program files\Common Files\Apple 2010-08-28 15:02 . 2010-08-28 15:02 73000 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-08-28 13:30 . 2009-08-09 14:44 -------- d-----w- c:\documents and settings\user\Dane aplikacji\skypePM 2010-08-27 16:55 . 2010-02-07 14:50 -------- d-----w- c:\program files\uTorrent 2010-08-19 18:26 . 2007-12-03 15:27 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2010-08-17 20:16 . 2010-08-01 07:25 -------- d-----w- c:\program files\Garena 2010-08-17 15:45 . 2010-06-28 22:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Blizzard Entertainment 2010-08-17 13:48 . 2006-05-29 17:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2010-08-16 20:06 . 2006-09-16 13:23 -------- d-----w- c:\program files\Corel 2010-08-16 13:18 . 2010-08-08 14:21 2516 --sha-w- c:\documents and settings\All Users\Dane aplikacji\KGyGaAvL.sys 2010-08-16 13:18 . 2010-08-08 14:21 2516 --sha-w- c:\documents and settings\All Users\Dane aplikacji\KGyGaAvL.sys 2010-08-16 13:18 . 2010-08-08 14:21 88 --sh--r- c:\documents and settings\All Users\Dane aplikacji\A7B69BD028.sys 2010-08-16 13:18 . 2010-08-08 14:21 88 --sh--r- c:\documents and settings\All Users\Dane aplikacji\A7B69BD028.sys 2010-08-16 11:06 . 2010-07-04 17:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Comodo Downloader 2010-08-15 11:15 . 2009-08-09 14:43 -------- d-----w- c:\documents and settings\user\Dane aplikacji\Skype 2010-08-12 18:06 . 2003-12-07 08:16 70480 ----a-w- c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-08-12 15:04 . 2005-10-15 09:25 -------- d-----w- c:\program files\ATI Technologies 2010-08-12 11:41 . 2001-10-26 16:15 89990 ----a-w- c:\windows\system32\perfc015.dat 2010-08-12 11:41 . 2001-10-26 16:15 503508 ----a-w- c:\windows\system32\perfh015.dat 2010-08-11 17:00 . 2008-06-19 16:57 -------- d-----w- c:\documents and settings\user\Dane aplikacji\gtk-2.0 2010-08-11 11:40 . 2003-11-07 15:57 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-10 15:09 . 2010-01-09 11:29 -------- d-----w- c:\documents and settings\user\Dane aplikacji\IObit 2010-08-10 10:55 . 2010-08-01 07:27 -------- d-----w- c:\program files\Glary Utilities 2010-08-08 20:16 . 2010-02-01 15:05 -------- d-----w- c:\documents and settings\user\Dane aplikacji\foobar2000 2010-08-08 18:42 . 2010-08-08 18:42 47364 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll 2010-08-08 14:23 . 2006-09-16 13:24 -------- d-----w- c:\documents and settings\user\Dane aplikacji\Corel 2010-08-08 12:22 . 2010-06-02 21:00 -------- d-----w- c:\program files\The KMPlayer 2010-07-31 13:12 . 2008-06-29 11:46 -------- d-----w- c:\documents and settings\user\Dane aplikacji\Apple Computer 2010-07-23 17:13 . 2010-07-23 17:13 0 ----a-w- c:\windows\ativpsrm.bin 2010-07-23 12:11 . 2010-07-23 12:10 -------- d-----w- c:\documents and settings\user\Dane aplikacji\Notepad++ 2010-07-23 12:10 . 2010-07-23 12:10 -------- d-----w- c:\program files\Notepad++ 2010-07-23 09:47 . 2010-07-23 09:47 -------- d-----w- c:\program files\IObit 2010-07-22 11:41 . 2010-07-22 11:40 30789 ----a-w- c:\windows\scunin.dat 2010-07-22 11:41 . 2010-07-22 11:40 967 ----a-w- c:\windows\ScUnin.pif 2010-07-22 11:41 . 2010-07-22 11:40 94208 ----a-w- c:\windows\ScUnin.exe 2010-07-15 13:21 . 2009-09-06 10:56 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2010-07-13 15:29 . 2010-07-13 15:29 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2010-07-10 11:56 . 2010-07-10 11:56 -------- d-----w- c:\program files\GIMP-2.0 2010-07-07 12:41 . 2006-02-09 20:52 50236 ---ha-w- c:\windows\system32\mlfcache.dat 2010-07-05 08:19 . 2010-07-05 08:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software 2010-07-05 08:11 . 2010-07-05 08:11 -------- d-----w- c:\documents and settings\user\Dane aplikacji\TuneUp Software 2010-07-05 08:10 . 2010-07-05 08:10 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-07-04 17:08 . 2010-07-04 17:08 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\SUPERAntiSpyware.com 2010-07-04 10:38 . 2010-07-04 10:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Panda Security 2010-07-04 10:00 . 2010-07-04 10:00 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2010-07-04 10:00 . 2010-07-04 10:00 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2010-07-04 10:00 . 2010-07-04 10:00 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy) 2010-07-04 09:58 . 2010-07-04 09:56 -------- d-----w- c:\program files\SpybotSDPortable 2010-06-30 12:33 . 2001-10-26 17:29 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:26 . 2005-06-17 23:27 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2001-10-26 16:59 1852160 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2001-08-18 06:24 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2001-10-26 17:29 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2003-11-07 14:27 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe 2010-06-14 07:43 . 2003-11-07 14:26 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-04 09:55 . 2010-06-04 09:55 229312 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-06-04 09:24 . 2010-05-23 18:56 57344 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-02-26 20:30 . 2010-02-26 20:30 0 ---ha-w- c:\program files\Default.rdp 2010-02-24 17:38 . 2010-02-24 17:37 680456660 ----a-w- c:\program files\data2.cab.partial 2010-02-24 17:37 . 2010-02-24 17:37 802304 ----a-w- c:\program files\setup.exe.partial 2010-02-24 17:37 . 2010-02-24 17:37 576000 ----a-w- c:\program files\ISSetup.dll.partial 2010-02-24 17:37 . 2010-02-24 17:37 473 ----a-w- c:\program files\layout.bin.partial 2010-02-24 17:37 . 2010-02-24 17:37 255768 ----a-w- c:\program files\setup.inx.partial 2010-02-24 17:37 . 2010-02-24 17:37 1669931 ----a-w- c:\program files\setup.isn.partial 2010-02-24 17:37 . 2010-02-24 17:37 1224 ----a-w- c:\program files\setup.ini.partial 2010-02-24 17:37 . 2010-02-24 17:37 354857 ----a-w- c:\program files\data1.hdr.partial 2010-02-24 17:37 . 2010-02-24 17:37 21494 ----a-w- c:\program files\0x0409.ini.partial 2010-02-24 17:37 . 2010-02-24 17:37 1061129 ----a-w- c:\program files\data1.cab.partial . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496] "Panasonic Device Monitor Wakeup"="c:\program files\Panasonic\Device Monitor\dmwakeup.exe" [2004-12-27 303104] "Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240] "iTunesHelper"="g:\dysk\iTunes\iTunesHelper.exe" [2010-07-21 141608] c:\documents and settings\user\Menu Start\Programy\Autostart\ CurseClientStartup.ccip [2010-8-28 0] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\windows\system32\logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ Partizan\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-08-15 09:51 136176 ----atw- c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] 2003-04-23 07:48 548864 ----a-r- c:\windows\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" "DeathAdder"=c:\program files\Razer\DeathAdder\razerhid.exe "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="g:\dysk\iTunes\iTunesHelper.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Panasonic\\TrapMonitor\\Trapmnnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "g:\\Dysk\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "6112:TCP"= 6112:TCP:WarCraft TCP "6112:UDP"= 6112:UDP:WarCraft UDP "6881:TCP"= 6881:TCP:WAR Europe Downloader "6882:TCP"= 6882:TCP:WAR Europe Downloader "6883:TCP"= 6883:TCP:WAR Europe Downloader "6884:TCP"= 6884:TCP:WAR Europe Downloader "6885:TCP"= 6885:TCP:WAR Europe Downloader "6886:TCP"= 6886:TCP:WAR Europe Downloader "6887:TCP"= 6887:TCP:WAR Europe Downloader "6888:TCP"= 6888:TCP:WAR Europe Downloader "6889:TCP"= 6889:TCP:WAR Europe Downloader "6969:TCP"= 6969:TCP:WAR Europe Downloader "57221:TCP"= 57221:TCP:Pando Media Booster "57221:UDP"= 57221:UDP:Pando Media Booster "8394:TCP"= 8394:TCP:League of Legends Launcher "8394:UDP"= 8394:UDP:League of Legends Launcher R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-06-04 229312] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-06-01 25240] R2 Panasonic Local Printer Service;Panasonic Local Printer Service;c:\progra~1\PANASO~1\LocalCom\lmsrvnt.exe [2008-01-23 36864] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-07-03 10880] R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-12-01 16896] S0 FO_PAnt;FotoOffice VirtualDisc Driver;c:\windows\system32\Drivers\FO_PAnt.sys --> c:\windows\system32\Drivers\FO_PAnt.sys [?] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 gupdate1ca2ee59ca24870;Usługa Google Update (gupdate1ca2ee59ca24870);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 133104] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\user\USTAWI~1\Temp\YLX22A.tmp --> c:\docume~1\user\USTAWI~1\Temp\YLX22A.tmp [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512] S4 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [2006-02-10 159616] S4 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [2006-02-10 5248] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - WINIO *Deregistered* - WINIO . Zawartość folderu 'Zaplanowane zadania' 2010-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] 2010-09-01 c:\windows\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-08-01 09:21] 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 11:31] 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 11:31] 2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-261478967-839522115-1003Core.job - c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-08-15 09:51] 2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-261478967-839522115-1003UA.job - c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-08-15 09:51] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.pl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.170.187.115/activex/AMC.cab FF - ProfilePath - c:\documents and settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\kqzllvf8.default\ FF - prefs.js: browser.startup.homepage - google.pl FF - plugin: c:\documents and settings\user\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: g:\dysk\iTunes\Mozilla Plugins\npitunes.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - USUNIĘTO PUSTE WPISY - - - - Notify-!SASWinLogon - (no file) MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-01 17:44 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????[???????[???[???[???????????????[???[???[???[$??????[???????????????[????????<??[???w????(????$?w???w?????$?w ??w???[????????d???V??[???[???[d???-??[^3?[???[b??wTJ?[?)?[?)?[htinst.I????*1?[H??[d?????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\user\USTAWI~1\Temp\YLX22A.tmp" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1409082233-261478967-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG11.00.00.01WORKSTATION"="531799D31FDF5534DFA6D9B9B510F39407CBADB0C794D358A6F1CE9F5D20F49B8EBF10376C30D5911A40EA40FC904DF066D228ABE33F77BA097389020792AAC266CD9717B53D889888A3EA958B1293B1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14079DB7CE019D40AA5CA6A0AC4980AC7933BB4922BCD8818462B3D7DC88F0CF9F116829ECC67C40F770E9D14FCEEB06538AFA5DECCF82F4E7AA6EB26AD4BA4C780B97C70820B754F9D84A2B17D2D4CCD3FE63D2FD66B524244CEDC3C570EB0A2161CC04BFC3B5C6FDF07BE43950B96CE8515E8EBC6263CF13DA9BECDF244CD54C1C105FAFFDAB922FD6C93E1BBADFAFD7D2972E757C082FB2FB264A110D25F552D5B20F58F2D4A65D39452982D695D08AE77F805CC09DEAA469FD25939CC29EAB3DC4FD9A966E687CDCBD4D1E41A7038B8B490A858D25A1AEF157008496F67C78979DC63F33BD30259ACE04FDE76CEB0D496E80E91924643B772D8E6713992DFC3A563DF2668749915E505C158E3AA1E4432AD06769A33BD8713A3A220081C49D11CC67C32396742328E2193E4B6C340AAEFC193F5AAE1FB7E7029D7F9E8E4A679AA57C24AC3AE3DD0CE8B0B38863A39BD32CAE971C57FC2EFA490C2E03203808EB446B6D20C3C1E7B38A4D178682E3D892BD1878333139B75D18073F169E7D52AAD3D5D9E78BA98ED9314E6BD5B15FA559FE12CFF5552870D33B49A994F17DBD13C29189486C2A42CD0EC31BDE5C720E2F0089EF9060149B38453E498E07106574C3A7FDD5C2C816F6137871DA71EEBCAC15240D03F3BB1DFA8B075A6951FE87B14BD421F973FD414C77E29EDA6619037FD53941A1B350819CA5F7005E460A8742938BBD74E33321D8B7B337BFB0A956E71F5389934877F435F199C1F95E64EBB09D7103D47F4BB43E114D3441CECDCE3D1133C7D45D4D4AEC1228891C18B3DF1D28DF83023498A03008C4F06A3DA7A9660F4C4034A65D7682E994A37BF41432BABB6437B5F4E4AB7762E6AF19014BC76241441E56552B92C92282C59E7A1555D021C0F9FCB96AC16F2DB09201A2422FC09578EDB325ABDF2829CC84E3B2B8E1BA66690B3BFA59F48935D5A2A7AC08862939F7A017504A3D96B0FC5A7B2BF690E6DE880D24B856F649103ACDE82F901C52A3078C211864B1252CD526E9F339415A207C87C274792047137B62F23D3E618C8A1CE944424CE67556CAA90926DF772A04D5E7F4364E6CAF5A6796496F6BE936EAE2574A96462ABDAA858B0457BED80329D97B6C8756FBC1457E01C2E1646F4584BA55CC618E6E48EBE0D6DC299AB124F003F42EF7039354F5792088326A4EC4DC3849BCF2534AF21F6EF868B93070DF827D6E959A3E984DD443539B06328850" "OODEFRAG12.00.00.01PROFESSIONAL"="6F81798D0085EECB873B202CEA875D707198DC09640D813CD7B6F9E6BAF3EC068F0FBBF47F9FA61B9B53C88179A33FF38F5A6DB76CEE3C78BB95B16D2B92D2DAA5222E00FA13EA7ADADCCB45CB4B7E5B0511B48CBB5C3CAE603130A4E6B400E4F0A23F82139EA1DA0F968B6E1F650789C875283D4A850FCF8C5926A4C5F14AC8A19970189CE2823378627E35653D15E348E25445487F98D3780353C9D3C8592E5E35D71C9F689BFAC9483298C203BBD662D75AE4974211B7D1478C34CF99A7C1414621AFD818CB322AF144DB1249DFD06AFAEDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D5D575E7D6A3B9808A6171C11EC38DE3D93332BA411F6D4176FB24021F1B1F3B203D13B77B256BFD5649FF18DED337F1A82B1FD8E3AA98D6D93D69BC5A74D8197949925443DCEEA0A591789D9943899FEA322EADF037A7E6ADD38365049C80C3CCCC6DDAADFC639ED663E98B14A838A66AF773573FEC728A52768F81F5DAE8D4C45271BACB39640E38B403CDBD7DB1E06255B82F34965B34B0F2CB5E2EDFEA787DCBCF3A3D30CB9E0077D75F388FA472AC1A95E637F9A6999F6FD1E240B2F9D43B9BEE539DFE602EC5C072B6B2E8D1D2F8E72B595C2A03BE3058B49B9C6A658E6BF18D0EAFBDD19A75628A4849C385789D17A5DB4B8A9B992A3B43453B641626F9CE5790D4F9825407D5810572D8E553C9ABA09BB0CD51D9F01913DF1F54E6C6CBDFB864685B4EE7DA54A7F4FBB9B186439DFD37DE9BDBF9A8F6928EB2513C903D5DF86114E42E2B75FDF67AC2ADDC62FC1C9BD9C036B21A784BA1CEAE346736ADD4DE93B5D4891DC0631A283DCC6A95E108DA6930E5F637CD936A46B5B16846F113183696B3EB0EC340A6CBB3BBB3049BE7357AE448B4D66504331C034203D736C300D113212197F49E8681032986BDA30F7788DE3D6CAC2667915101F7900E7349E237D7124C6BBEA029990B3A9910E094C99262D1CE906E5288753CC2BD6D7F00944CC6EC95BDF81BCEBA1B3317CF8B2D32D4267AB5DB6564E25D874AEECDE6B2C567370CA1CBC3735AB7AAB65A9BF5BA788FCDB47FD710624EAC052F612AC357B22B5C1E6F1377E3B8AA79571BB1EF193E6465727C36308923E03A2E53B859F9D52B1B3CCE8CA09501D8875F1F7602D9966E5AB744F51B235E667A9D4FD42C1EC78D299A1B10251AD5D50CDF9486A066D89F22FCFE3939F5F0E0DAD8E97CEF7770ADD4980237F13BE2808280FBB313A78B6593BCCE6122D9745E3F9D3E72C61015EE7A0F3B3F84DA1BF0A11AA82C048D5B7DAADEF654FFC147FB4DB5973ECDF7E305E7E7E02B5442C490797BA7336F856BB8CE7368C5DF5459296A5C560BA9B1BA27D4715CE160164CD81D3" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(660) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3212) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\PANASO~1\TRAPMO~1\Trapmnnt.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\wdfmgr.exe c:\program files\Panasonic\KX-FLB800_FLM650 Series\ResPcDev.exe c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Czas ukończenia: 2010-09-01 17:51:32 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-09-01 15:51 Przed: 19Â 841Â 937Â 408 bajtów wolnych Po: 19Â 714Â 560Â 000 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP" /fastdetect - - End Of File - - 32252734EB1E830C35268245C1E40BFF Niestety, z niewiadomych powodów nawet po odinstalowaniu antywirusa na początku pokazywało, że mam go wyłączyć. log z mbrcheck: http://wklej.org/id/384232/ Nadal mam tego rootkita chyba ;/ Odnośnik do komentarza
picasso Opublikowano 1 Września 2010 Zgłoś Udostępnij Opublikowano 1 Września 2010 Niestety, z niewiadomych powodów nawet po odinstalowaniu antywirusa na początku pokazywało, że mam go wyłączyć. To wynik pozostałości rejestracyjnych programu w Repozytorium WMI. Potem to wyczyścimy. AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00CD-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00F1-0D24-347CA8A3377C}AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} Nadal mam tego rootkita chyba ;/ Log bez zmian. Jak sądzę także, masz nadal reklamy podstawiane (?). W takim razie przeprowadź zadania z poziomu środowiska całkowicie zewnętrznego. 1. Pobierz wymagane narzędzia: płyta OTLPE + aplikacja MbrFix. Plik MbrFix.exe umieść bezpośrednio w głównej ścieżce dysku C. 2. Naprawa wzorowana na tym temacie: KLIK. Tylko, zamiast dysku 0 do naprawy dajesz dysk 1. Masz wykonać instrukcję z ustępu "AKCJA Z POZIOMU OTLPE", punkt 2 i komenda do wpisania: MbrFix /drive 1 fixmbr /yes 3. Po restarcie do Windows stwórz nowy log z MBRCheck. . Odnośnik do komentarza
Avake Opublikowano 7 Września 2010 Autor Zgłoś Udostępnij Opublikowano 7 Września 2010 Sorry, że tak długo. Problem z reklamami ustał już, nie musiałem robić nic z tym OTLPE. Odnośnik do komentarza
picasso Opublikowano 7 Września 2010 Zgłoś Udostępnij Opublikowano 7 Września 2010 Sorry, że tak długo. Problem z reklamami ustał już, nie musiałem robić nic z tym OTLPE. Akcja niewyjaśniona. Proszę o nowy log z MBRCheck.... Odnośnik do komentarza
Avake Opublikowano 8 Września 2010 Autor Zgłoś Udostępnij Opublikowano 8 Września 2010 MBRCheck, version 1.2.3© 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Dodatek Service Pack 3 (build 2600) Logical Drives Mask: 0x0000007d Kernel Drivers (total 141): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EE000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A7000 ACPI.sys 0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF7596000 pci.sys 0xF75F7000 isapnp.sys 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF7607000 MountMgr.sys 0xF74D7000 ftdisk.sys 0xF798B000 dmload.sys 0xF74B1000 dmio.sys 0xF770F000 PartMgr.sys 0xF7617000 VolSnap.sys 0xF7499000 atapi.sys 0xF7627000 disk.sys 0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF7479000 fltmgr.sys 0xF7467000 sr.sys 0xF7647000 PxHelp20.sys 0xF7450000 KSecDD.sys 0xF7B52000 Ntfs.sys 0xF743C000 inspect.sys 0xF740F000 \WINDOWS\System32\DRIVERS\NDIS.SYS 0xF7717000 \WINDOWS\System32\DRIVERS\TDI.SYS 0xF771F000 SISAGPX.sys 0xF798D000 sfhlp01.sys 0xF798F000 prosync1.sys 0xF787F000 \WINDOWS\System32\drivers\SCSIPORT.SYS 0xF7657000 prohlp02.sys 0xF7865000 Mup.sys 0xF7697000 \SystemRoot\System32\DRIVERS\amdk7.sys 0xB952E000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xB9368000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF76A7000 \SystemRoot\System32\DRIVERS\imapi.sys 0xBA7F0000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS 0xF76B7000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xF76C7000 \SystemRoot\System32\DRIVERS\redbook.sys 0xB9345000 \SystemRoot\System32\DRIVERS\ks.sys 0xF77DF000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys 0xB92D6000 \SystemRoot\system32\drivers\cmuda.sys 0xB92B2000 \SystemRoot\system32\drivers\portcls.sys 0xF76D7000 \SystemRoot\system32\drivers\drmk.sys 0xF77E7000 \SystemRoot\System32\DRIVERS\usbohci.sys 0xB928E000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF77EF000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xF77F7000 \SystemRoot\System32\DRIVERS\sisnic.sys 0xB91AD000 \SystemRoot\System32\DRIVERS\smserial.sys 0xF77FF000 \SystemRoot\System32\Drivers\Modem.SYS 0xF7807000 \SystemRoot\System32\DRIVERS\fdc.sys 0xF76E7000 \SystemRoot\System32\DRIVERS\serial.sys 0xBA7E4000 \SystemRoot\System32\DRIVERS\serenum.sys 0xB9199000 \SystemRoot\System32\DRIVERS\parport.sys 0xBA7E0000 \SystemRoot\System32\DRIVERS\gameenum.sys 0xF7A7D000 \SystemRoot\system32\drivers\msmpu401.sys 0xF7A7E000 \SystemRoot\System32\DRIVERS\audstub.sys 0xF76F7000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xBA7DC000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xB9182000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xF7586000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xF7576000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xB9171000 \SystemRoot\System32\DRIVERS\psched.sys 0xF7566000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF780F000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF7817000 \SystemRoot\System32\DRIVERS\raspti.sys 0xB9141000 \SystemRoot\System32\DRIVERS\rdpdr.sys 0xF7556000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF781F000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xF7737000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF79AB000 \SystemRoot\System32\DRIVERS\swenum.sys 0xB90BB000 \SystemRoot\System32\DRIVERS\update.sys 0xBA724000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xBA7C8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA7B8000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF79CB000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xF792F000 \SystemRoot\system32\drivers\MODEMCSA.sys 0xF7747000 \SystemRoot\System32\DRIVERS\flpydisk.sys 0xF793B000 \SystemRoot\System32\DRIVERS\cmderd.sys 0xB0FCB000 \SystemRoot\System32\DRIVERS\cmdguard.sys 0xF79DD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xB9BB1000 \SystemRoot\System32\Drivers\Null.SYS 0xF79DF000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7757000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF775F000 \SystemRoot\System32\drivers\vga.sys 0xF79E1000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79E3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7767000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF776F000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA7FC000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xB0F98000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xB0F3F000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xF7777000 \SystemRoot\System32\DRIVERS\cmdhlp.sys 0xB0F17000 \SystemRoot\System32\DRIVERS\netbt.sys 0xB0EF5000 \SystemRoot\System32\drivers\afd.sys 0xBA778000 \SystemRoot\System32\DRIVERS\netbios.sys 0xB0ECA000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xBA758000 \SystemRoot\System32\drivers\prodrv06.sys 0xB0E32000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xBA748000 \SystemRoot\System32\Drivers\Fips.SYS 0xB0D6C000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xBA738000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xF777F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0xB0D20000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xBA6F0000 \SystemRoot\system32\drivers\dadder.sys 0xBA6EC000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xBA03F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF7787000 \SystemRoot\System32\DRIVERS\usbccgp.sys 0xB1005000 \SystemRoot\System32\DRIVERS\mouhid.sys 0xF77C7000 \SystemRoot\System32\Drivers\Lycosa.sys 0xBA01F000 \SystemRoot\system32\drivers\usbaudio.sys 0xB1001000 \SystemRoot\system32\DRIVERS\usbscan.sys 0xF77CF000 \SystemRoot\System32\DRIVERS\usbprint.sys 0xB0D08000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79A7000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB0EB2000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77D7000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7A6D000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF065000 \SystemRoot\System32\ati2cqag.dll 0xBF0FE000 \SystemRoot\System32\atikvmag.dll 0xBF182000 \SystemRoot\System32\atiok3x2.dll 0xBF1CD000 \SystemRoot\System32\ati3duag.dll 0xBF572000 \SystemRoot\System32\ativvaxx.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xAE853000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xF79E9000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xAE968000 \SystemRoot\System32\Drivers\Aspi32.SYS 0xAE6D6000 \SystemRoot\system32\drivers\wdmaud.sys 0xAE8A8000 \SystemRoot\system32\drivers\sysaudio.sys 0xAEC70000 \SystemRoot\System32\DRIVERS\secdrv.sys 0xAE449000 \SystemRoot\System32\DRIVERS\srv.sys 0xADE68000 \SystemRoot\System32\Drivers\HTTP.sys 0xF778F000 \SystemRoot\System32\Drivers\TDTCP.SYS 0xADCA1000 \SystemRoot\System32\Drivers\RDPWD.SYS 0xADB83000 \SystemRoot\system32\drivers\kmixer.sys 0xAE4D0000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 35): 0 System Idle Process 4 System 536 C:\WINDOWS\system32\smss.exe 628 csrss.exe 660 C:\WINDOWS\system32\winlogon.exe 704 C:\WINDOWS\system32\services.exe 716 C:\WINDOWS\system32\lsass.exe 872 C:\WINDOWS\system32\ati2evxx.exe 892 C:\WINDOWS\system32\svchost.exe 948 svchost.exe 1044 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 1096 C:\WINDOWS\system32\svchost.exe 1168 C:\WINDOWS\system32\ati2evxx.exe 1252 svchost.exe 1396 svchost.exe 1480 C:\WINDOWS\explorer.exe 1532 C:\WINDOWS\system32\spoolsv.exe 1624 svchost.exe 1672 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1712 C:\Program Files\Bonjour\mDNSResponder.exe 2000 C:\Program Files\Java\jre6\bin\jqs.exe 228 C:\PROGRA~1\PANASO~1\LocalCom\LMSRVNT.EXE 284 C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe 520 C:\WINDOWS\system32\svchost.exe 760 wdfmgr.exe 1996 C:\WINDOWS\htpatch.exe 184 C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe 192 C:\Program Files\Panasonic\KX-FLB800_FLM650 Series\ResPcDev.exe 1976 C:\Program Files\Everything\Everything.exe 236 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe 424 G:\Dysk\iTunes\iTunesHelper.exe 456 C:\WINDOWS\system32\ctfmon.exe 2120 C:\Program Files\iPod\bin\iPodService.exe 2308 alg.exe 4016 C:\Documents and Settings\user\Pulpit\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000009`46d85600 (NTFS) \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: ST380011A, Rev: 3.06 PhysicalDrive1 Model Number: SeagateFreeAgent, Rev: 0138 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 858845D53EA37CAD905BAB010542C912FBC33C8C 465 GB \\.\PhysicalDrive1 MBR Code Faked! SHA1: 31ABC6F76EA6A7FD5B12BF4901243A3546141C86 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: wdg. tego, nadal coś mam. Odnośnik do komentarza
picasso Opublikowano 8 Września 2010 Zgłoś Udostępnij Opublikowano 8 Września 2010 Sprawa nie wygląda na załatwioną. Ten odczyt wskazuje nadal na infekcję. Czeka Cię to co już opisałam: naprawianie MBR tego dysku numer 1 z poziomu płyty OTLPE i MbrFix. Wykonaj to. Dla postraszenia: rootkity MBR wyciągają hasła z systemu. I po naprawie MBR, jeśli odczyt zwrotny w MBRCheck będzie poprawny, wymagana będzie zmiana wszystkich haseł. Odnośnik do komentarza
Avake Opublikowano 25 Września 2010 Autor Zgłoś Udostępnij Opublikowano 25 Września 2010 Bardzo przepraszam, że tak długo nie dawałem znaku życia (nie mam ostatnio w ogóle czasu na jakąkolwiek dłuższą pracę z komputerem), i że zapomniałem dodać jednej, chyba ważnej, informacji. Rootkit znajduje się pewnie na dysku zewnętrznym, po przeskanowaniu komputera mbrcheck z podłączonym dyskiem log był ten sam co ostatnio, jednak po odłączeniu dysku, log to: MBRCheck, version 1.2.3© 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Dodatek Service Pack 3 (build 2600) Logical Drives Mask: 0x0000003d Kernel Drivers (total 141): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EE000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75A7000 ACPI.sys 0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF7596000 pci.sys 0xF75F7000 isapnp.sys 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF7607000 MountMgr.sys 0xF74D7000 ftdisk.sys 0xF798B000 dmload.sys 0xF74B1000 dmio.sys 0xF770F000 PartMgr.sys 0xF7617000 VolSnap.sys 0xF7499000 atapi.sys 0xF7627000 disk.sys 0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF7479000 fltmgr.sys 0xF7467000 sr.sys 0xF7647000 PxHelp20.sys 0xF7450000 KSecDD.sys 0xF7B52000 Ntfs.sys 0xF7423000 NDIS.sys 0xF7717000 SISAGPX.sys 0xF798D000 sfhlp01.sys 0xF798F000 prosync1.sys 0xF740B000 \WINDOWS\System32\drivers\SCSIPORT.SYS 0xF7657000 prohlp02.sys 0xF787D000 Mup.sys 0xF76A7000 \SystemRoot\System32\DRIVERS\amdk7.sys 0xB912C000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xB8F66000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF76B7000 \SystemRoot\System32\DRIVERS\imapi.sys 0xF7947000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS 0xF76C7000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xF76D7000 \SystemRoot\System32\DRIVERS\redbook.sys 0xB8F43000 \SystemRoot\System32\DRIVERS\ks.sys 0xF77C7000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys 0xB8ED4000 \SystemRoot\system32\drivers\cmuda.sys 0xB8EB0000 \SystemRoot\system32\drivers\portcls.sys 0xB9572000 \SystemRoot\system32\drivers\drmk.sys 0xF77CF000 \SystemRoot\System32\DRIVERS\usbohci.sys 0xB8E8C000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF77D7000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xF77DF000 \SystemRoot\System32\DRIVERS\sisnic.sys 0xB8DAB000 \SystemRoot\System32\DRIVERS\smserial.sys 0xF77E7000 \SystemRoot\System32\Drivers\Modem.SYS 0xF77EF000 \SystemRoot\System32\DRIVERS\fdc.sys 0xB9562000 \SystemRoot\System32\DRIVERS\serial.sys 0xBA7F8000 \SystemRoot\System32\DRIVERS\serenum.sys 0xB8D97000 \SystemRoot\System32\DRIVERS\parport.sys 0xBA7F4000 \SystemRoot\System32\DRIVERS\gameenum.sys 0xF7AAC000 \SystemRoot\system32\drivers\msmpu401.sys 0xF7AAD000 \SystemRoot\System32\DRIVERS\audstub.sys 0xB9552000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xBA7F0000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xB8D80000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xB9542000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xB9532000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xF77F7000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xB8D6F000 \SystemRoot\System32\DRIVERS\psched.sys 0xB9522000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF77FF000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF7807000 \SystemRoot\System32\DRIVERS\raspti.sys 0xF79A9000 \SystemRoot\system32\DRIVERS\vHidDev.sys 0xB9512000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF780F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xB8D3F000 \SystemRoot\System32\DRIVERS\rdpdr.sys 0xB9502000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF7817000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xF781F000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF79AB000 \SystemRoot\System32\DRIVERS\swenum.sys 0xB8C91000 \SystemRoot\System32\DRIVERS\update.sys 0xBA734000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xF76E7000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF790F000 \SystemRoot\System32\DRIVERS\mouhid.sys 0xB9CE3000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF76F7000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF79AD000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xB9CDF000 \SystemRoot\system32\drivers\MODEMCSA.sys 0xF772F000 \SystemRoot\System32\DRIVERS\flpydisk.sys 0xF79B5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xB8F87000 \SystemRoot\System32\Drivers\Null.SYS 0xF79B7000 \SystemRoot\System32\Drivers\Beep.SYS 0xF773F000 \SystemRoot\System32\drivers\vga.sys 0xF79B9000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79BB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7747000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF774F000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB9CD3000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xB0BCC000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xB0B73000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xB0B4B000 \SystemRoot\System32\DRIVERS\netbt.sys 0xB0B29000 \SystemRoot\System32\drivers\afd.sys 0xF7566000 \SystemRoot\System32\DRIVERS\netbios.sys 0xF7757000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xB0A5E000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xF7546000 \SystemRoot\System32\drivers\prodrv06.sys 0xB09EE000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xF7536000 \SystemRoot\System32\Drivers\Fips.SYS 0xB09C8000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xF7526000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xB09A6000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF79C1000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0xF775F000 \SystemRoot\system32\drivers\dadder.sys 0xF793B000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF7767000 \SystemRoot\System32\DRIVERS\usbccgp.sys 0xF776F000 \SystemRoot\System32\Drivers\Lycosa.sys 0xB095A000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xF74F6000 \SystemRoot\system32\drivers\usbaudio.sys 0xF793F000 \SystemRoot\system32\DRIVERS\usbscan.sys 0xF7777000 \SystemRoot\System32\DRIVERS\usbprint.sys 0xB0942000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79CD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB0C4B000 \SystemRoot\System32\drivers\Dxapi.sys 0xF777F000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7AB9000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF065000 \SystemRoot\System32\ati2cqag.dll 0xBF0FE000 \SystemRoot\System32\atikvmag.dll 0xBF182000 \SystemRoot\System32\atiok3x2.dll 0xBF1CD000 \SystemRoot\System32\ati3duag.dll 0xBF572000 \SystemRoot\System32\ativvaxx.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xAE7C5000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xAE4A0000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xF79F9000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xAE49C000 \SystemRoot\System32\Drivers\Aspi32.SYS 0xAE30F000 \SystemRoot\system32\drivers\wdmaud.sys 0xAE615000 \SystemRoot\system32\drivers\sysaudio.sys 0xAE082000 \SystemRoot\System32\DRIVERS\srv.sys 0xAE605000 \SystemRoot\System32\DRIVERS\secdrv.sys 0xADCA9000 \SystemRoot\System32\Drivers\HTTP.sys 0xF778F000 \SystemRoot\System32\Drivers\TDTCP.SYS 0xADBBE000 \SystemRoot\System32\Drivers\RDPWD.SYS 0xAD8EB000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 35): 0 System Idle Process 4 System 484 C:\WINDOWS\system32\smss.exe 576 csrss.exe 608 C:\WINDOWS\system32\winlogon.exe 652 C:\WINDOWS\system32\services.exe 664 C:\WINDOWS\system32\lsass.exe 832 C:\WINDOWS\system32\ati2evxx.exe 848 C:\WINDOWS\system32\svchost.exe 916 svchost.exe 984 C:\WINDOWS\system32\svchost.exe 1036 svchost.exe 1124 C:\WINDOWS\system32\ati2evxx.exe 1188 svchost.exe 1364 C:\WINDOWS\explorer.exe 1396 C:\WINDOWS\system32\spoolsv.exe 1460 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1500 svchost.exe 1664 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1684 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1728 C:\Program Files\Bonjour\mDNSResponder.exe 1952 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1976 C:\Program Files\Java\jre6\bin\jqs.exe 208 C:\Program Files\CDBurnerXP\NMSAccessU.exe 244 C:\PROGRA~1\PANASO~1\LocalCom\LMSRVNT.EXE 316 C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe 516 C:\WINDOWS\system32\svchost.exe 720 wdfmgr.exe 1936 C:\WINDOWS\htpatch.exe 2012 C:\Program Files\Panasonic\Device Monitor\DMWakeup.exe 1928 C:\Program Files\Panasonic\KX-FLB800_FLM650 Series\ResPcDev.exe 2056 C:\Program Files\Everything\Everything.exe 2064 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2428 alg.exe 2948 C:\Documents and Settings\user\Pulpit\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000009`46d85600 (NTFS) PhysicalDrive0 Model Number: ST380011A, Rev: 3.06 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 858845D53EA37CAD905BAB010542C912FBC33C8C Done! Czy muszę w takim razie robić to z tą płytą, czy może istnieje inny sposób na ten dysk, np. całkowite sformatowanie go? Odnośnik do komentarza
picasso Opublikowano 25 Września 2010 Zgłoś Udostępnij Opublikowano 25 Września 2010 zapomniałem dodać jednej, chyba ważnej, informacji. Rootkit znajduje się pewnie na dysku zewnętrznym Tak, wiem o tym, widzę przecież po parametrach dysku w MBRCheck. Tylko nie wiedziałam jaką rolę pełni ten dysk i czy można podjąć na nim bardziej radykalne kroki bez patrzenia na dane: Czy muszę w takim razie robić to z tą płytą, czy może istnieje inny sposób na ten dysk, np. całkowite sformatowanie go? Oczywiście można go i sformatować, jeśli nic nie stoi na przeszkodzie. Odnośnik do komentarza
Avake Opublikowano 22 Października 2010 Autor Zgłoś Udostępnij Opublikowano 22 Października 2010 Mimo, że sformatowałem dysk, to nadal jest tak samo, ale strony już od dawna się nie wyświetlają. Odnośnik do komentarza
picasso Opublikowano 23 Października 2010 Zgłoś Udostępnij Opublikowano 23 Października 2010 (edytowane) Nie wiem co o tym sądzić. Jeszcze ewentualnie można użyć funkcję wymazywania w programie producenta SeaTools. Edytowane 25 Listopada 2010 przez picasso 25.11.2010 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso Odnośnik do komentarza
Rekomendowane odpowiedzi