Samoistne restarty komputera

[Nutaharion]

Witajcie

 

Wczoraj pojawił się u mnie pewien problem, komputer mi się rejestuje dodatkowo mam 2 pliki których nie mogę usunąć pomimo moich szczerych chęci ciągle pojawiają się po ponownym zresetowaniu komputera.

O ile problem z resetem nie pojawia się w trybie awaryjnym (a właśnie na nim piszę) to na normalnym systemie mogę posiedzieć na kompie około 3 minut poczym sam on się resetuje

 

Nie działają mi takie strony jak:

mcafee.com

eset.com

microsoft.com

imageshack.us

itp. itd

 

Sprawdzałem czy to conficker ale żaden z programów tego nie wykrywa, łatki zabezpieczeń Windowsa zainstalowałem.

 

Żeby nie było, że odrazu zawracam Wam głowę to walczę z nim od wczoraj...

 

1) HiJackThis nie pomaga, wpisy ciągle się pojawiają po ponownym resecie. Niżej zaznaczam 2 pliki które ciągle się pojawiają

 

Gratis cały log z HiJacka podczas awaryjnego przebywanis na kompie.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:27:45, on 2010-10-17

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\K-Meleon\k-meleon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 173.45.76.66 drghwaweg45j4i6u3q32fg2h.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - (no file)

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Drukarka Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard driver\StartAutorun.exe PS2USBKbdDrv.exe

O4 - HKLM\..\Run: [szetyj67v] C:\WINDOWS\system32\szetyj67v.exe

O4 - HKLM\..\Run: [szetyj67vx] C:\WINDOWS\system32\szetyj67vx.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKLM\..\Policies\Explorer\Run: [xal6whv] C:\WINDOWS\TEMP\11np.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [NetLog2] C:\WINDOWS\svc2.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [NetLog3] C:\WINDOWS\svc3.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Color Calibration.lnk = ?

O4 - Global Startup: NaturalColorLoad.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260743467359

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257687575828

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Usługa Google Update (gupdate1c9e3af7b711dc4) (gupdate1c9e3af7b711dc4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

 

--

End of file - 6423 bytes

 

2) ComboFix - niestety po jego ściągnięciu pojawia się następujący błąd poczym program się usuwa :/

 

3) Wywołałem BSOD i pokazało taki alert:

STOP 0x00000050 (0xF74646DC,0x00000000,0,804F6BE8,0x00000000)

sptd.sys - adress F74646DC base at F734F000; datstamp 4C3E6680

 

4) Log z OTL

OTL logfile created on: 2010-10-17 14:31:56 - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Adrian\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 93,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111,80 Gb Total Space | 15,42 Gb Free Space | 13,79% Space Free | Partition Type: NTFS

 

Computer Name: FORGOTTEN | User Name: Adrian | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

 

========== Processes (All) ==========

 

PRC - [2010-10-17 14:30:29 | 000,604,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Pulpit\OTL.exe

PRC - [2010-09-17 07:33:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe

PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe

PRC - [2008-04-14 19:21:43 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]

PRC - [2008-04-14 19:21:43 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]

PRC - [2008-04-14 19:21:43 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]

PRC - [2008-04-14 19:21:43 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]

PRC - [2008-04-14 19:21:43 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]

PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe

PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe

PRC - [2008-04-14 19:21:16 | 001,062,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe

 

 

========== Modules (All) ==========

 

MOD - [2010-10-17 14:30:29 | 000,604,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Pulpit\OTL.exe

MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2010-08-16 10:45:09 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll

MOD - [2010-07-27 08:30:33 | 008,491,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll

MOD - [2010-07-18 00:58:42 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

MOD - [2010-07-18 00:57:22 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll

MOD - [2010-07-18 00:57:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll

MOD - [2010-07-16 14:00:50 | 001,287,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll

MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll

MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll

MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll

MOD - [2009-02-27 06:58:02 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime

MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll

MOD - [2009-02-09 12:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll

MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll

MOD - [2008-06-20 19:48:53 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswsock.dll

MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll

MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv

MOD - [2008-04-14 19:20:58 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll

MOD - [2008-04-14 19:20:58 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll

MOD - [2008-04-14 19:20:57 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll

MOD - [2008-04-14 19:20:57 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll

MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll

MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll

MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll

MOD - [2008-04-14 19:20:45 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll

MOD - [2008-04-14 19:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll

MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll

MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll

MOD - [2008-04-14 19:20:41 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll

MOD - [2008-04-14 19:20:39 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll

MOD - [2008-04-14 19:20:32 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll

MOD - [2008-04-14 19:20:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll

MOD - [2008-04-14 19:20:14 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll

MOD - [2008-04-14 19:20:13 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll

MOD - [2008-04-14 19:20:11 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll

MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (RadClock)

SRV - File not found [On_Demand | Stopped] -- -- (fsssvc)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010-09-23 06:32:47 | 002,950,744 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)

SRV - [2010-04-26 23:15:00 | 003,826,032 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)

SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2009-05-19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009-02-09 13:25:57 | 000,008,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nwcwks.dll -- (NWCWorkstation)

SRV - [2006-11-02 20:40:12 | 000,200,704 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

SRV - [2004-03-18 16:55:48 | 000,094,208 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Adrian\USTAWI~1\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Adrian\USTAWI~1\Temp\1769359.05- -- (ByakkoDriver)

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys -- (atitray)

DRV - [2010-09-08 01:29:35 | 000,445,936 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010-02-13 00:21:35 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)

DRV - [2010-02-12 21:34:58 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV - [2009-08-05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2009-05-29 19:30:07 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)

DRV - [2009-05-25 19:22:36 | 000,033,824 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)

DRV - [2008-07-30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)

DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2005-12-12 21:12:01 | 000,049,664 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)

DRV - [2005-08-10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2005-05-16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2004-12-15 01:51:50 | 000,873,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004-02-03 15:29:20 | 000,021,088 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Porttalk.sys -- (MagicTune)

DRV - [2003-09-06 15:37:22 | 000,062,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)

DRV - [2003-09-06 14:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)

DRV - [2003-09-06 14:25:52 | 000,051,744 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)

DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)

DRV - [2003-08-15 09:53:12 | 000,462,684 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2003-08-14 17:16:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1220945662-1275210071-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKU\S-1-5-21-1220945662-1275210071-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2

FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.10

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: snaplinks@snaplinks.mozdev.org:1.0.8

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11

FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..network.proxy.backup.ftp: "119.70.40.101"

FF - prefs.js..network.proxy.backup.ftp_port: 8080

FF - prefs.js..network.proxy.backup.gopher: "119.70.40.101"

FF - prefs.js..network.proxy.backup.gopher_port: 8080

FF - prefs.js..network.proxy.backup.socks: "119.70.40.101"

FF - prefs.js..network.proxy.backup.socks_port: 8080

FF - prefs.js..network.proxy.backup.ssl: "119.70.40.101"

FF - prefs.js..network.proxy.backup.ssl_port: 8080

FF - prefs.js..network.proxy.ftp: "201.73.45.70"

FF - prefs.js..network.proxy.ftp_port: 3128

FF - prefs.js..network.proxy.gopher: "201.73.45.70"

FF - prefs.js..network.proxy.gopher_port: 3128

FF - prefs.js..network.proxy.http: "201.73.45.70"

FF - prefs.js..network.proxy.http_port: 3128

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "201.73.45.70"

FF - prefs.js..network.proxy.socks_port: 3128

FF - prefs.js..network.proxy.ssl: "201.73.45.70"

FF - prefs.js..network.proxy.ssl_port: 3128

 

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-07-18 00:58:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files\K-Meleon\Plugins [2010-10-08 08:34:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files\K-Meleon\Components [2010-09-27 15:54:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-17 00:04:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-08 08:34:33 | 000,000,000 | ---D | M]

 

[2009-04-26 21:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Extensions

[2010-10-15 22:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions

[2010-10-09 12:25:07 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010-04-27 20:55:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-10-15 11:00:04 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

[2010-08-11 07:26:34 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2010-01-19 00:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{67d0133d-9818-4168-9b50-634ea7f8fe14}

[2010-10-15 11:00:04 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

[2010-05-06 02:47:48 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

[2010-08-18 07:54:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010-10-09 12:25:07 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010-04-10 18:43:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010-03-15 16:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\FasterFox_Lite@BigRedBrent

[2010-01-24 22:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\snaplinks@snaplinks.mozdev.org

[2010-10-16 23:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-08-26 02:52:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2008-06-24 19:07:26 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll

[2010-08-26 02:52:40 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009-06-15 11:14:40 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

[2008-06-24 19:06:50 | 000,460,272 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMAHJONG.dll

[2008-06-24 19:07:38 | 000,685,552 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMAKAOV2.dll

[2008-06-24 19:07:54 | 000,497,136 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSUDOKU.dll

[2006-09-26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

[2010-03-15 08:47:10 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-03-15 08:47:10 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-03-15 08:47:10 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-03-15 08:47:10 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-03-15 08:47:10 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-03-15 08:47:10 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

 

O1 HOSTS File: ([2010-10-17 13:58:57 | 000,000,072 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.Brenz.pl

O1 - Hosts: 173.45.76.66 drghwaweg45j4i6u3q32fg2h.com

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.

O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Drukarka Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()

O4 - HKLM..\Run: [szetyj67v] C:\WINDOWS\system32\szetyj67v.exe ()

O4 - HKLM..\Run: [szetyj67vx] C:\WINDOWS\system32\szetyj67vx.exe ()

O4 - HKLM..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard driver\StartAutorun.exe PS2USBKbdDrv.exe File not found

O4 - HKU\.DEFAULT..\Run: [NetLog2] C:\WINDOWS\svc2.exe ()

O4 - HKU\.DEFAULT..\Run: [NetLog3] C:\WINDOWS\svc3.exe ()

O4 - HKU\S-1-5-18..\Run: [NetLog2] C:\WINDOWS\svc2.exe ()

O4 - HKU\S-1-5-18..\Run: [NetLog3] C:\WINDOWS\svc3.exe ()

O4 - HKU\S-1-5-21-1220945662-1275210071-839522115-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Color Calibration.lnk = C:\Program Files\SEC\Magic Tune 2.5\GammaTray.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: xal6whv = C:\WINDOWS\TEMP\11np.exe ()

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-1220945662-1275210071-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1220945662-1275210071-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1220945662-1275210071-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1220945662-1275210071-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (Microsoft Corporation)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260743467359 (WUWebControl Class)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257687575828 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.63.9 82.139.8.7

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-08-02 16:52:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwcwks.dll (Microsoft Corporation)

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpReg: IPLA! - hkey= - key= - C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)

MsConfig - StartUpReg: riuom - hkey= - key= - C:\Documents and Settings\Adrian\riuom.exe File not found

MsConfig - StartUpReg: szetyj67v - hkey= - key= - File not found

MsConfig - StartUpReg: szetyj67vx - hkey= - key= - File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PEVSystemStart - Service

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: procexp90.Sys - Driver

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PEVSystemStart - Service

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: procexp90.Sys - Driver

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

========== Files/Folders - Created Within 90 Days ==========

 

[2010-10-17 14:30:26 | 000,604,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Pulpit\OTL.exe

[2010-10-17 13:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia

[2010-10-17 13:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe

[2010-10-16 22:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Dane aplikacji\Malwarebytes

[2010-10-16 22:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2010-10-16 22:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\InCode Solutions

[2010-10-13 19:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games

[2010-10-13 19:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Pulpit\Plants vs Zombies

[2010-10-13 11:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner

[2010-10-10 22:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Dane aplikacji\Azgard

[2010-10-10 22:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Azgard Defence

[2010-10-08 08:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010-10-05 20:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line

[2010-10-05 20:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\WINDOWS

[2010-10-03 00:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Ustawienia lokalne\Dane aplikacji\Apple

[2010-09-27 21:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys

[2010-09-27 10:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010-09-27 10:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer

[2010-09-23 11:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2010-09-23 11:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Dane aplikacji\Gadu-Gadu 10

[2010-09-23 11:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10

[2010-09-22 17:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai

[2010-09-21 23:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell

[2010-09-21 23:03:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm

[2010-09-21 23:03:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$

[2010-09-21 10:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Moje dokumenty\iMacros

[2010-09-09 02:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Dane aplikacji\Apple Computer

[2010-09-08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2010-09-08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

[2010-09-08 01:29:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010-09-08 00:18:17 | 000,240,128 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010-09-08 00:18:17 | 000,189,952 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010-09-08 00:18:17 | 000,165,376 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010-09-08 00:18:17 | 000,060,928 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010-09-08 00:15:45 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010-09-04 16:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\Traffic Giant Gold

[2010-09-03 23:13:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$

[2010-09-03 21:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Silkroad

[2010-09-02 18:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller

[2010-08-28 23:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tor

[2010-08-28 07:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Pulpit\zs

[2010-08-26 19:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Dane aplikacji\TS3Client

[2010-08-26 19:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client

[2010-08-26 19:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess

[2010-08-26 02:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010-08-26 02:52:56 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe

[2010-08-26 02:52:56 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe

[2010-08-26 02:52:56 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe

[2010-08-26 02:52:56 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl

[2010-08-22 09:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Pulpit\SaS 4 Full - Cracked by Pifzar

[2010-08-18 20:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity

[2010-08-18 08:49:39 | 000,000,000 | ---D | C] -- C:\Program Files\zsro

[2010-08-15 08:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Pulpit\grry

[2010-08-08 02:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\ProxyFinderEnterprise

[2010-08-05 00:24:05 | 000,000,000 | ---D | C] -- C:\Kolo_fortuny

[2010-08-02 16:38:28 | 000,179,456 | ---- | C] (Virtual Media Technology P/L) -- C:\WINDOWS\hdk3ctnt.dll

[2010-07-31 21:21:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2010-07-19 16:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\cache

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2010-10-17 14:30:29 | 000,604,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Pulpit\OTL.exe

[2010-10-17 14:27:17 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\HiJackThis.lnk

[2010-10-17 14:15:24 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1275210071-839522115-1004.job

[2010-10-17 14:15:24 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1275210071-839522115-1004.job

[2010-10-17 13:58:57 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010-10-17 13:58:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-10-17 13:57:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-10-17 13:57:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2010-10-17 13:53:24 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-10-17 13:53:20 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1275210071-839522115-500.job

[2010-10-17 13:53:20 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job

[2010-10-17 13:13:29 | 000,046,080 | ---- | M] () -- C:\WINDOWS\System32\updata.exe

[2010-10-17 13:13:22 | 000,271,360 | ---- | M] () -- C:\WINDOWS\svc3.exe

[2010-10-17 13:12:51 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\service.sys

[2010-10-17 13:12:49 | 000,163,328 | ---- | M] () -- C:\WINDOWS\System32\szetyj67v.exe

[2010-10-17 13:12:48 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\szetyj67vx.exe

[2010-10-17 13:12:25 | 000,271,360 | ---- | M] () -- C:\WINDOWS\svc2.exe

[2010-10-17 13:08:11 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3B2B6D4D-EE43-4C61-B6A9-8686B51074BB}.job

[2010-10-17 09:16:14 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-10-17 00:52:58 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1275210071-839522115-500.job

[2010-10-17 00:50:36 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\Adrian\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-10-16 23:48:14 | 002,446,336 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Narodowy Bank Polski - Dane.xls

[2010-10-16 21:25:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adrian\wmic

[2010-10-16 20:51:08 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Odkurzacz.lnk

[2010-10-16 19:28:14 | 000,591,446 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2010-10-16 19:28:14 | 000,505,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-10-16 19:28:14 | 000,121,088 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2010-10-16 19:28:14 | 000,089,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-10-16 19:24:50 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010-10-16 15:58:16 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job

[2010-10-16 15:40:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-10-16 13:40:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job

[2010-10-15 23:58:54 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Produktywnosć - eJahan.xls

[2010-10-15 15:32:25 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat

[2010-10-14 23:52:20 | 000,003,139 | ---- | M] () -- C:\WINDOWS\wincmd.ini

[2010-10-14 23:52:01 | 000,000,627 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini

[2010-10-13 11:21:13 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Adrian\NTUSER.bak

[2010-10-12 21:34:30 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-10-12 21:30:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-10-12 20:00:03 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Umowa.doc

[2010-10-08 08:34:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk

[2010-10-08 08:33:14 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk

[2010-10-08 08:32:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\CCleaner.lnk

[2010-10-06 21:19:37 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Skrót do Start Tor Browser.lnk

[2010-10-06 07:09:57 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Dane klasa 1a.xls

[2010-10-05 20:02:41 | 000,000,295 | ---- | M] () -- C:\WINDOWS\SIERRA.INI

[2010-10-04 14:54:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-09-28 19:37:58 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Adrian\Moje dokumenty\Iza.doc

[2010-09-27 21:22:31 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\EVEREST Home Edition.lnk

[2010-09-27 10:38:11 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk

[2010-09-23 11:11:06 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\OpenFM.lnk

[2010-09-23 11:11:06 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Gadu-Gadu 10.lnk

[2010-09-23 10:12:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2010-09-21 11:23:28 | 000,083,475 | ---- | M] () -- C:\Documents and Settings\Adrian\Moje dokumenty\nutaharion.iim

[2010-09-21 11:01:02 | 000,083,475 | ---- | M] () -- C:\Documents and Settings\Adrian\Moje dokumenty\chorwaci.iim

[2010-09-18 22:00:31 | 000,305,152 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\mapa.xls

[2010-09-08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx

[2010-09-08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts

[2010-09-08 01:29:35 | 000,445,936 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys

[2010-09-04 16:01:49 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Traffic Giant Gold.lnk

[2010-09-03 21:56:53 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Silkroad.lnk

[2010-09-01 13:52:39 | 000,285,824 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll

[2010-09-01 13:52:39 | 000,285,824 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll

[2010-08-26 19:42:44 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk

[2010-08-26 02:52:52 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk

[2010-08-26 02:52:39 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll

[2010-08-26 02:52:39 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe

[2010-08-26 02:52:39 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe

[2010-08-26 02:52:39 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe

[2010-08-26 02:52:39 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl

[2010-08-26 02:52:15 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Defraggler.lnk

[2010-08-22 09:24:32 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Skrót do ss4_downloadable.lnk

[2010-08-20 01:03:03 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Polish Deposits.xls

[2010-08-18 20:37:27 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini

[2010-08-18 20:36:12 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Audacity.lnk

[2010-08-12 03:03:34 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Adrian\Ustawienia lokalne\Dane aplikacji\housecall.guid.cache

[2010-08-12 02:43:09 | 009,554,916 | ---- | M] () -- C:\WINDOWS\System32\mswinsck.ocx

[2010-08-07 19:53:06 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Skrót do mirc.lnk

[2010-08-02 16:52:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010-08-02 16:48:31 | 000,000,171 | ---- | M] () -- C:\WINDOWS\SDDINST.INI

[2010-08-02 16:38:28 | 000,000,111 | RHS- | M] () -- C:\IO32.IDX

[2010-07-31 11:26:26 | 000,055,248 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2010-07-21 10:24:49 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Adrian\intlname.ols

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-10-17 13:13:30 | 000,271,360 | ---- | C] () -- C:\WINDOWS\svc3.exe

[2010-10-17 13:13:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\updata.exe

[2010-10-17 13:12:51 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\service.sys

[2010-10-17 13:12:49 | 000,163,328 | ---- | C] () -- C:\WINDOWS\System32\szetyj67v.exe

[2010-10-17 13:12:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\szetyj67vx.exe

[2010-10-17 13:12:30 | 000,271,360 | ---- | C] () -- C:\WINDOWS\svc2.exe

[2010-10-17 00:05:09 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1275210071-839522115-500.job

[2010-10-17 00:05:09 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1275210071-839522115-500.job

[2010-10-16 21:25:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adrian\wmic

[2010-10-16 19:18:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP

[2010-10-16 15:58:15 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job

[2010-10-16 15:58:15 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job

[2010-10-15 15:32:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

[2010-10-12 19:35:12 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Umowa.doc

[2010-10-08 08:34:34 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk

[2010-10-05 20:02:42 | 000,004,398 | ---- | C] () -- C:\WINDOWS\caesar3.ico

[2010-10-05 19:44:54 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Dane klasa 1a.xls

[2010-09-28 19:37:57 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Adrian\Moje dokumenty\Iza.doc

[2010-09-27 21:22:31 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\EVEREST Home Edition.lnk

[2010-09-27 10:38:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk

[2010-09-23 11:11:06 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\OpenFM.lnk

[2010-09-23 11:11:06 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Gadu-Gadu 10.lnk

[2010-09-21 11:07:20 | 000,083,475 | ---- | C] () -- C:\Documents and Settings\Adrian\Moje dokumenty\nutaharion.iim

[2010-09-21 10:49:28 | 000,083,475 | ---- | C] () -- C:\Documents and Settings\Adrian\Moje dokumenty\chorwaci.iim

[2010-09-18 21:49:20 | 000,305,152 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\mapa.xls

[2010-09-08 00:18:17 | 000,285,696 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010-09-08 00:18:17 | 000,126,464 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010-09-08 00:18:17 | 000,108,544 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010-09-08 00:18:17 | 000,108,032 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010-09-08 00:18:17 | 000,095,744 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010-09-04 16:01:49 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Traffic Giant Gold.lnk

[2010-09-03 23:13:08 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010-08-28 23:34:40 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Skrót do Start Tor Browser.lnk

[2010-08-26 19:42:44 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk

[2010-08-26 02:52:52 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk

[2010-08-22 09:24:32 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Skrót do ss4_downloadable.lnk

[2010-08-18 20:36:12 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Audacity.lnk

[2010-08-16 00:33:45 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Silkroad.lnk

[2010-08-12 03:03:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Adrian\Ustawienia lokalne\Dane aplikacji\housecall.guid.cache

[2010-08-10 21:24:13 | 009,554,916 | ---- | C] () -- C:\WINDOWS\System32\mswinsck.ocx

[2010-08-07 19:53:06 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Skrót do mirc.lnk

[2010-08-02 16:38:28 | 000,000,111 | RHS- | C] () -- C:\IO32.IDX

[2010-08-02 16:38:27 | 000,000,171 | ---- | C] () -- C:\WINDOWS\SDDINST.INI

[2010-07-21 13:42:02 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Polish Deposits.xls

[2010-04-06 22:25:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2010-04-06 22:07:07 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2010-03-07 09:56:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\zSpy.INI

[2009-12-14 00:46:44 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009-12-04 09:57:12 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009-10-18 12:39:21 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009-08-25 15:20:50 | 000,000,295 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2009-08-12 18:44:41 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Gunzlauncher.INI

[2009-07-24 08:35:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2009-07-22 01:05:04 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009-07-22 01:05:04 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5C83351FA4.sys

[2009-07-12 11:33:56 | 000,000,627 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini

[2009-07-12 11:30:59 | 000,003,139 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2009-06-17 00:34:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009-05-29 19:43:45 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2009-05-29 19:43:45 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2009-05-29 19:43:45 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2009-05-25 19:22:36 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys

[2009-05-25 08:51:48 | 000,000,058 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2009-05-07 16:00:09 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\Adrian\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-05-02 15:20:51 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Adrian\Dane aplikacji\PnkBstrK.sys

[2009-04-27 17:25:55 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Adrian\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2009-04-26 21:49:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009-04-26 21:33:03 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-04-26 21:33:01 | 002,102,272 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2009-04-26 21:33:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009-04-26 21:33:00 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-04-26 21:33:00 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-04-26 21:32:59 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009-04-26 21:25:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008-05-26 22:22:36 | 000,016,222 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008-05-26 22:22:34 | 000,021,728 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008-05-26 22:22:32 | 000,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2006-10-27 08:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2004-11-07 16:38:00 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini

[2003-04-16 14:00:00 | 000,000,009 | ---- | C] () -- C:\WINDOWS\System32\comsats.sys

[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[1997-06-14 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

 

========== LOP Check ==========

 

[2010-10-17 00:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera

[2010-10-17 00:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Windows Search

[2010-05-13 00:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Alawar

[2010-02-13 21:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Ashampoo

[2010-10-10 22:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Azgard

[2010-05-14 09:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\ChomikBox

[2010-06-23 17:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\DAEMON Tools Lite

[2010-04-02 06:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\fizzy

[2009-04-26 21:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Gadu-Gadu

[2010-09-23 11:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Gadu-Gadu 10

[2009-05-02 15:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\id Software

[2009-12-04 22:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\InfraRecorder

[2010-06-04 09:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\ipla

[2010-01-07 02:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\K-Meleon

[2010-03-16 19:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Nowe Gadu-Gadu

[2009-07-15 00:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\OpenFM

[2009-04-27 08:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\OpenOffice.org

[2009-04-28 18:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Opera

[2010-08-26 20:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\TS3Client

[2010-10-17 09:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\uTorrent

[2010-06-09 17:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\WaterProof

[2009-06-25 23:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Windows Desktop Search

[2009-05-04 14:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Windows Search

[2010-10-09 17:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper

[2009-06-03 14:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo

[2010-08-26 19:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess

[2010-06-20 00:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2010-09-23 11:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2009-05-02 15:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software

[2009-10-20 08:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MumboJumbo

[2010-10-13 19:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2009-12-18 00:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Drivers HeadQuarters Inc

[2010-10-13 19:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games

[2009-05-29 22:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WildTangent

[2010-10-17 13:08:11 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B2B6D4D-EE43-4C61-B6A9-8686B51074BB}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %systemdrive%\*.* >

[2010-08-02 16:52:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010-04-03 16:41:54 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2010-10-16 19:24:50 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2003-04-16 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2007-02-10 13:24:40 | 000,990,720 | ---- | M] () -- C:\bootvis.msi

[2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr

[2009-04-26 21:00:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009-04-26 21:00:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010-08-02 16:38:28 | 000,000,111 | RHS- | M] () -- C:\IO32.IDX

[2009-04-26 21:00:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2009-04-26 21:51:16 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009-05-01 16:05:53 | 000,251,152 | RHS- | M] () -- C:\ntldr

[2010-10-17 13:57:37 | 1878,511,616 | -HS- | M] () -- C:\pagefile.sys

[2010-10-08 12:07:19 | 000,000,032 | ---- | M] () -- C:\rekord.txt

[2010-06-30 22:46:26 | 000,002,369 | ---- | M] () -- C:\test.spr

 

 

< MD5 for: AGP440.SYS >

[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:agp440.sys

[2009-05-01 16:01:20 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys

[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2009-05-01 16:01:20 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 

< MD5 for: BEEP.SYS >

[2003-04-16 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys

[2003-04-16 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys

[2003-04-16 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

 

< MD5 for: CDROM.SYS >

[2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys

[2009-05-01 16:01:20 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys

[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys

[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

 

< MD5 for: EVENTLOG.DLL >

[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008-04-14 19:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

 

< MD5 for: NDIS.SYS >

[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys

[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys

[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

 

< MD5 for: WINLOGON.EXE >

[2008-04-14 19:21:48 | 000,538,112 | ---- | M] (Microsoft Corporation) MD5=08D93F7E72B18281E606DA5D41031E11 -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

[2008-04-14 19:21:48 | 000,538,112 | ---- | M] (Microsoft Corporation) MD5=D9AD438F754A69FCDD27935AAC3481D8 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

 

< End of report >

 

 

5) Nie mogę dać logu z GMER'a bo powoduje on reset komputera nawet w stanie awaryjnym ;/ Więc proszę mnie za to nie karać.

 

 

Próbowałem zainstalować program antywirusowy Eset NOD 32 ale jest to niemożliwe z poziomu awaryjnego a na normalnym komputer się resetuje zanim na dobre zacznie się on instalować

 

Jeżeli będzie potrzebny to spróbuje zrobić screen z procesów podczas normalnego startu. Jeżeli są potrzebne inne logi to tylko proszę powiedzieć a będą gotowe

[picasso]

HijackThis bezużyteczny, ja nie analizuję w oparciu o ten archaizm. W całości zastępuje go OTL. OTL robiony na cudzych ustawieniach z innego forum a nie tak jak napisane tu i nie ma w ogóle członu Extras (nie zaznaczone Rejestr - Skan dodatkowy). Jeśli w ogóle nie można uruchomić GMER, przecież jest napisane, by w takim przypadku podać log z Root Repeal. Ale:

 

3) Wywołałem BSOD i pokazało taki alert:

STOP 0x00000050 (0xF74646DC,0x00000000,0,804F6BE8,0x00000000)

sptd.sys - adress F74646DC base at F734F000; datstamp 4C3E6680

 

SPTD to sterownik emulacji wirtualnej. Jest ogłoszenie adresujące to: Oprogramowanie emulujące napędy. To ogłoszenie to podstawa do wykonania przed próbą uruchamiania GMER czy Root Repeal.

 

Czyli: czekam na zdjęcie emulacji wirtualnej (całkowita deinstalacja DAEMON Tools oraz odmontowanie sterownika SPTD) + prawidłowy zestaw logów. Wtedy przejdę do analizy infekcji, która tu jest obecna.

 

 

.

[Nutaharion]

Zastosowałem się do Twoich próśb i komputer już się sam od siebie nie resetuje ale nadal robi to podczas włączenia GMER'a

 

Niżej podaję log z OTL, zaraz pobawię się jeszcze z szukaniem tych plików od DT

 

OTL logfile created on: 2010-10-17 18:30:01 - Run 2

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Adrian\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 79,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 95,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111,80 Gb Total Space | 21,04 Gb Free Space | 18,82% Space Free | Partition Type: NTFS

 

Computer Name: FORGOTTEN | User Name: Adrian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2010-10-17 18:16:31 | 000,066,560 | ---- | M] () -- C:\Documents and Settings\Adrian\Ustawienia lokalne\temp\11np.exe

PRC - [2010-10-17 14:30:29 | 000,604,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Pulpit\OTL.exe

PRC - [2008-04-14 19:21:16 | 001,062,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-09-14 19:16:50 | 003,162,112 | ---- | M] () -- C:\Program Files\Multimedia Keyboard driver\PS2USBKbdDrv.exe

PRC - [2006-11-02 20:40:12 | 000,200,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

PRC - [2005-07-08 06:55:00 | 000,204,800 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

PRC - [2004-05-05 10:52:12 | 000,520,192 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe

PRC - [2004-03-18 16:55:48 | 000,094,208 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2004-02-14 09:52:58 | 000,065,536 | ---- | M] () -- C:\Program Files\SEC\Magic Tune 2.5\GammaTray.exe

PRC - [2002-04-12 14:39:24 | 000,184,320 | ---- | M] () -- C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010-10-17 14:30:29 | 000,604,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Pulpit\OTL.exe

MOD - [2010-08-23 18:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (RadClock)

SRV - File not found [On_Demand | Stopped] -- -- (fsssvc)

SRV - [2010-09-23 06:32:47 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)

SRV - [2010-04-26 23:15:00 | 003,826,032 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)

SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2009-05-19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009-02-09 13:25:57 | 000,008,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwcwks.dll -- (NWCWorkstation)

SRV - [2006-11-02 20:40:12 | 000,200,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

SRV - [2004-03-18 16:55:48 | 000,094,208 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010-02-13 00:21:35 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)

DRV - [2010-02-12 21:34:58 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV - [2009-08-05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2009-05-29 19:30:07 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)

DRV - [2009-05-25 19:22:36 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)

DRV - [2008-07-30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)

DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2005-12-12 21:12:01 | 000,049,664 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)

DRV - [2005-08-10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2005-05-16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2004-12-15 01:51:50 | 000,873,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004-02-03 15:29:20 | 000,021,088 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Porttalk.sys -- (MagicTune)

DRV - [2003-09-06 15:37:22 | 000,062,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)

DRV - [2003-09-06 14:27:06 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)

DRV - [2003-09-06 14:25:52 | 000,051,744 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)

DRV - [2003-09-06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)

DRV - [2003-08-15 09:53:12 | 000,462,684 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2003-08-14 17:16:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1220945662-1275210071-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKU\S-1-5-21-1220945662-1275210071-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2

FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.10

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: snaplinks@snaplinks.mozdev.org:1.0.8

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11

FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..network.proxy.backup.ftp: "119.70.40.101"

FF - prefs.js..network.proxy.backup.ftp_port: 8080

FF - prefs.js..network.proxy.backup.gopher: "119.70.40.101"

FF - prefs.js..network.proxy.backup.gopher_port: 8080

FF - prefs.js..network.proxy.backup.socks: "119.70.40.101"

FF - prefs.js..network.proxy.backup.socks_port: 8080

FF - prefs.js..network.proxy.backup.ssl: "119.70.40.101"

FF - prefs.js..network.proxy.backup.ssl_port: 8080

FF - prefs.js..network.proxy.ftp: "201.73.45.70"

FF - prefs.js..network.proxy.ftp_port: 3128

FF - prefs.js..network.proxy.gopher: "201.73.45.70"

FF - prefs.js..network.proxy.gopher_port: 3128

FF - prefs.js..network.proxy.http: "201.73.45.70"

FF - prefs.js..network.proxy.http_port: 3128

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "201.73.45.70"

FF - prefs.js..network.proxy.socks_port: 3128

FF - prefs.js..network.proxy.ssl: "201.73.45.70"

FF - prefs.js..network.proxy.ssl_port: 3128

 

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-07-18 00:58:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files\K-Meleon\Plugins [2010-10-08 08:34:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files\K-Meleon\Components [2010-09-27 15:54:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-10-17 00:04:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-10-08 08:34:33 | 000,000,000 | ---D | M]

 

[2009-04-26 21:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Extensions

[2010-10-15 22:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions

[2010-10-09 12:25:07 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010-04-27 20:55:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-10-15 11:00:04 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

[2010-08-11 07:26:34 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2010-01-19 00:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{67d0133d-9818-4168-9b50-634ea7f8fe14}

[2010-10-15 11:00:04 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

[2010-05-06 02:47:48 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

[2010-08-18 07:54:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010-10-09 12:25:07 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010-04-10 18:43:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010-03-15 16:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\FasterFox_Lite@BigRedBrent

[2010-01-24 22:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Mozilla\Firefox\Profiles\w3a9vjf5.default\extensions\snaplinks@snaplinks.mozdev.org

[2010-10-16 23:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-08-26 02:52:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2008-06-24 19:07:26 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll

[2010-08-26 02:52:40 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009-06-15 11:14:40 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

[2008-06-24 19:06:50 | 000,460,272 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMAHJONG.dll

[2008-06-24 19:07:38 | 000,685,552 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPMAKAOV2.dll

[2008-06-24 19:07:54 | 000,497,136 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSUDOKU.dll

[2006-09-26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

[2010-03-15 08:47:10 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-03-15 08:47:10 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-03-15 08:47:10 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-03-15 08:47:10 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-03-15 08:47:10 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-03-15 08:47:10 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

 

O1 HOSTS File: ([2010-10-17 18:19:42 | 000,000,072 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.Brenz.pl

O1 - Hosts: 173.45.76.66 drghwaweg45j4i6u3q32fg2h.com

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dane aplikacji\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Drukarka Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()

O4 - HKLM..\Run: [WireLessKeyboard] C:\Program Files\Multimedia Keyboard driver\StartAutorun.exe PS2USBKbdDrv.exe File not found

O4 - HKU\.DEFAULT..\Run: [NetLog2] C:\WINDOWS\svc2.exe ()

O4 - HKU\.DEFAULT..\Run: [NetLog3] C:\WINDOWS\svc3.exe ()

O4 - HKU\S-1-5-18..\Run: [NetLog2] C:\WINDOWS\svc2.exe ()

O4 - HKU\S-1-5-18..\Run: [NetLog3] C:\WINDOWS\svc3.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Color Calibration.lnk = C:\Program Files\SEC\Magic Tune 2.5\GammaTray.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: xal6whv = C:\WINDOWS\TEMP\11np.exe ()

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-1220945662-1275210071-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1220945662-1275210071-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1220945662-1275210071-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1220945662-1275210071-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe (Microsoft Corporation)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260743467359 (WUWebControl Class)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257687575828 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.63.9 82.139.8.7

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-08-02 16:52:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-10-17 17:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\IObit

[2010-10-17 17:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Dane aplikacji\IObit

[2010-10-17 17:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\RegCure

[2010-10-17 17:11:09 | 000,596,536 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Adrian\Pulpit\SPTDinst-v174-x86.exe

[2010-10-17 14:30:26 | 000,604,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Pulpit\OTL.exe

[2010-10-17 13:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Macromedia

[2010-10-17 13:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Adobe

[2010-10-16 22:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Dane aplikacji\Malwarebytes

[2010-10-16 22:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2010-10-13 19:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games

[2010-10-13 19:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Pulpit\Plants vs Zombies

[2010-10-12 21:26:22 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010-10-12 21:26:22 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2010-10-12 21:25:51 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

[2010-10-10 22:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Dane aplikacji\Azgard

[2010-10-10 22:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Azgard Defence

[2010-10-08 08:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2010-10-05 20:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line

[2010-10-05 20:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\WINDOWS

[2010-10-03 00:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Ustawienia lokalne\Dane aplikacji\Apple

[2010-09-27 10:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010-09-27 10:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer

[2010-09-23 11:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2010-09-23 11:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Dane aplikacji\Gadu-Gadu 10

[2010-09-23 11:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10

[2010-09-22 17:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai

[2010-09-21 23:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell

[2010-09-21 23:03:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm

[2010-09-21 23:03:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$

[2010-09-21 10:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adrian\Moje dokumenty\iMacros

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010-10-17 18:24:12 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3B2B6D4D-EE43-4C61-B6A9-8686B51074BB}.job

[2010-10-17 18:19:42 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010-10-17 18:19:12 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-10-17 18:19:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-10-17 18:19:11 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1275210071-839522115-500.job

[2010-10-17 18:19:11 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1275210071-839522115-1004.job

[2010-10-17 18:19:11 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job

[2010-10-17 18:19:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-10-17 18:15:42 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job

[2010-10-17 18:15:42 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job

[2010-10-17 18:15:42 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1275210071-839522115-1004.job

[2010-10-17 17:28:07 | 000,001,458 | ---- | M] () -- C:\WINDOWS\System32\SmartGart.lnk

[2010-10-17 17:11:10 | 000,596,536 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Adrian\Pulpit\SPTDinst-v174-x86.exe

[2010-10-17 17:04:48 | 002,446,336 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Narodowy Bank Polski - Dane.xls

[2010-10-17 16:50:58 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat

[2010-10-17 15:35:46 | 000,001,648 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010-10-17 15:03:45 | 000,324,096 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\xg7gpebr.exe

[2010-10-17 14:57:58 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-10-17 14:30:29 | 000,604,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Adrian\Pulpit\OTL.exe

[2010-10-17 14:27:17 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\HiJackThis.lnk

[2010-10-17 13:57:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2010-10-17 13:13:29 | 000,046,080 | ---- | M] () -- C:\WINDOWS\System32\updata.exe

[2010-10-17 13:13:22 | 000,271,360 | ---- | M] () -- C:\WINDOWS\svc3.exe

[2010-10-17 13:12:51 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\service.sys

[2010-10-17 13:12:49 | 000,163,328 | ---- | M] () -- C:\WINDOWS\System32\szetyj67v.exe

[2010-10-17 13:12:48 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\szetyj67vx.exe

[2010-10-17 13:12:25 | 000,271,360 | ---- | M] () -- C:\WINDOWS\svc2.exe

[2010-10-17 00:52:58 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1275210071-839522115-500.job

[2010-10-17 00:50:36 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\Adrian\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-10-16 21:25:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Adrian\wmic

[2010-10-16 20:51:08 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Odkurzacz.lnk

[2010-10-16 19:28:14 | 000,591,446 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2010-10-16 19:28:14 | 000,505,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-10-16 19:28:14 | 000,121,088 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2010-10-16 19:28:14 | 000,089,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-10-16 19:24:50 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010-10-16 15:58:16 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job

[2010-10-16 15:40:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-10-16 13:40:00 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job

[2010-10-15 23:58:54 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Produktywnosć - eJahan.xls

[2010-10-14 23:52:20 | 000,003,139 | ---- | M] () -- C:\WINDOWS\wincmd.ini

[2010-10-14 23:52:01 | 000,000,627 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini

[2010-10-13 11:21:13 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Adrian\NTUSER.bak

[2010-10-12 21:34:30 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-10-12 21:30:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-10-12 20:00:03 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Umowa.doc

[2010-10-08 08:34:34 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk

[2010-10-08 08:33:14 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk

[2010-10-08 08:32:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\CCleaner.lnk

[2010-10-06 21:19:37 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Skrót do Start Tor Browser.lnk

[2010-10-06 07:09:57 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Dane klasa 1a.xls

[2010-10-05 20:02:41 | 000,000,295 | ---- | M] () -- C:\WINDOWS\SIERRA.INI

[2010-10-04 14:54:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-09-28 19:37:58 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Adrian\Moje dokumenty\Iza.doc

[2010-09-27 10:38:11 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk

[2010-09-23 11:11:06 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\OpenFM.lnk

[2010-09-23 11:11:06 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\Gadu-Gadu 10.lnk

[2010-09-23 10:12:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2010-09-21 11:23:28 | 000,083,475 | ---- | M] () -- C:\Documents and Settings\Adrian\Moje dokumenty\nutaharion.iim

[2010-09-21 11:01:02 | 000,083,475 | ---- | M] () -- C:\Documents and Settings\Adrian\Moje dokumenty\chorwaci.iim

[2010-09-18 22:00:31 | 000,305,152 | ---- | M] () -- C:\Documents and Settings\Adrian\Pulpit\mapa.xls

[2010-09-18 12:23:44 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll

[2010-09-18 12:23:44 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll

[2010-09-18 08:53:42 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll

[2010-09-18 08:53:42 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll

[2010-09-18 08:53:41 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll

[2010-09-18 08:53:41 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll

[2010-09-18 08:53:41 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll

[2010-09-18 08:53:41 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-10-17 17:25:00 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job

[2010-10-17 17:25:00 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job

[2010-10-17 16:50:57 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

[2010-10-17 15:03:45 | 000,324,096 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\xg7gpebr.exe

[2010-10-17 13:13:30 | 000,271,360 | ---- | C] () -- C:\WINDOWS\svc3.exe

[2010-10-17 13:13:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\updata.exe

[2010-10-17 13:12:51 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\service.sys

[2010-10-17 13:12:49 | 000,163,328 | ---- | C] () -- C:\WINDOWS\System32\szetyj67v.exe

[2010-10-17 13:12:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\szetyj67vx.exe

[2010-10-17 13:12:30 | 000,271,360 | ---- | C] () -- C:\WINDOWS\svc2.exe

[2010-10-17 00:05:09 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1275210071-839522115-500.job

[2010-10-17 00:05:09 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1275210071-839522115-500.job

[2010-10-16 21:25:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Adrian\wmic

[2010-10-16 19:18:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP

[2010-10-16 15:58:15 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job

[2010-10-16 15:58:15 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job

[2010-10-12 19:35:12 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Umowa.doc

[2010-10-08 08:34:34 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk

[2010-10-05 20:02:42 | 000,004,398 | ---- | C] () -- C:\WINDOWS\caesar3.ico

[2010-10-05 19:44:54 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Dane klasa 1a.xls

[2010-09-28 19:37:57 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Adrian\Moje dokumenty\Iza.doc

[2010-09-27 10:38:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\QuickTime Player.lnk

[2010-09-23 11:11:06 | 000,000,765 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\OpenFM.lnk

[2010-09-23 11:11:06 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\Gadu-Gadu 10.lnk

[2010-09-21 11:07:20 | 000,083,475 | ---- | C] () -- C:\Documents and Settings\Adrian\Moje dokumenty\nutaharion.iim

[2010-09-21 10:49:28 | 000,083,475 | ---- | C] () -- C:\Documents and Settings\Adrian\Moje dokumenty\chorwaci.iim

[2010-09-18 21:49:20 | 000,305,152 | ---- | C] () -- C:\Documents and Settings\Adrian\Pulpit\mapa.xls

[2010-08-12 03:03:34 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Adrian\Ustawienia lokalne\Dane aplikacji\housecall.guid.cache

[2010-08-02 16:38:27 | 000,000,171 | ---- | C] () -- C:\WINDOWS\SDDINST.INI

[2010-04-06 22:25:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2010-04-06 22:07:07 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2010-03-07 09:56:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\zSpy.INI

[2009-12-14 00:46:44 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009-12-04 09:57:12 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009-10-18 12:39:21 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009-08-25 15:20:50 | 000,000,295 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2009-08-12 18:44:41 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Gunzlauncher.INI

[2009-07-24 08:35:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2009-07-22 01:05:04 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009-07-22 01:05:04 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5C83351FA4.sys

[2009-07-12 11:33:56 | 000,000,627 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini

[2009-07-12 11:30:59 | 000,003,139 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2009-06-17 00:34:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009-05-29 19:43:45 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2009-05-29 19:43:45 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2009-05-29 19:43:45 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2009-05-25 19:22:36 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys

[2009-05-25 08:51:48 | 000,000,058 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2009-05-07 16:00:09 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\Adrian\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-05-02 15:20:51 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Adrian\Dane aplikacji\PnkBstrK.sys

[2009-04-27 17:25:55 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Adrian\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2009-04-26 21:49:33 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009-04-26 21:33:03 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-04-26 21:33:01 | 002,102,272 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2009-04-26 21:33:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009-04-26 21:33:00 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-04-26 21:33:00 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-04-26 21:32:59 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009-04-26 21:25:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008-05-26 22:22:36 | 000,016,222 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008-05-26 22:22:34 | 000,021,728 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008-05-26 22:22:32 | 000,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2006-10-27 08:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2004-11-07 16:38:00 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini

[2003-04-16 14:00:00 | 000,000,009 | ---- | C] () -- C:\WINDOWS\System32\comsats.sys

[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[1997-06-14 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

 

========== LOP Check ==========

 

[2010-10-17 00:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera

[2010-10-17 00:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Windows Search

[2010-05-13 00:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Alawar

[2010-02-13 21:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Ashampoo

[2010-10-10 22:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Azgard

[2010-05-14 09:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\ChomikBox

[2010-06-23 17:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\DAEMON Tools Lite

[2010-04-02 06:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\fizzy

[2009-04-26 21:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Gadu-Gadu

[2010-09-23 11:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Gadu-Gadu 10

[2009-05-02 15:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\id Software

[2009-12-04 22:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\InfraRecorder

[2010-10-17 18:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\IObit

[2010-06-04 09:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\ipla

[2010-01-07 02:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\K-Meleon

[2010-03-16 19:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Nowe Gadu-Gadu

[2009-07-15 00:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\OpenFM

[2009-04-27 08:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\OpenOffice.org

[2009-04-28 18:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Opera

[2010-08-26 20:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\TS3Client

[2010-10-17 09:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\uTorrent

[2010-06-09 17:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\WaterProof

[2009-06-25 23:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Windows Desktop Search

[2009-05-04 14:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adrian\Dane aplikacji\Windows Search

[2010-10-09 17:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper

[2009-06-03 14:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo

[2010-08-26 19:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess

[2010-06-20 00:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2010-09-23 11:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2009-05-02 15:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software

[2009-10-20 08:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MumboJumbo

[2010-10-13 19:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2009-12-18 00:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Drivers HeadQuarters Inc

[2010-10-13 19:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games

[2010-10-17 17:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RegCure

[2009-05-29 22:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\WildTangent

[2010-10-17 18:15:42 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job

[2010-10-17 18:15:42 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job

[2010-10-17 18:24:12 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B2B6D4D-EE43-4C61-B6A9-8686B51074BB}.job

 

========== Purity Check ==========

 

 

 

< End of report >

[picasso]

Nie wiem jak ten log z OTL robisz, ale nadal nie ma Extras - mówiłam, że "Rejestr - Skan dodatkowy" ma być zaznaczony (czyli opcja Użyj filtrowania). Poza tym, (rozwiązany) restart z powodu SPTD to jedno, ale dezynfekcja to co innego. Tu i tak jest potrzebny zestaw logów z rootkit detekcji, bo ten system jest zainfekowany, a log z OTL to za mało. Na dodatek, tu jest prawie pewne, że jest straszliwa infekcja Virut, atakująca wszystkie wykonywalne na wszystkich dyskach (czytaj: sukcesywnie pliki systemu oraz programów są niszczone). Wskazuje na to: komunikat od ComboFix (oznacza, że program został zmodyfikowany) oraz zestaw tego co widzę w logu (niezmiernie podobne cechy są w tym wykazie z sandboxa: KLIK). Virut często kończy się całkowitym formatem wszystkich partycji.

 

 

1. Wstępnie daję usuwanie tego co widzę w dostarczonych logach OTL (przy okazji i zapisy nieszkodliwe ale wykazujące braki lub błąd). Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
[2010-10-17 13:13:29 | 000,046,080 | ---- | M] () -- C:\WINDOWS\System32\updata.exe
[2010-10-17 13:13:22 | 000,271,360 | ---- | M] () -- C:\WINDOWS\svc3.exe
[2010-10-17 13:12:51 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\service.sys
[2010-10-17 13:12:49 | 000,163,328 | ---- | M] () -- C:\WINDOWS\System32\szetyj67v.exe
[2010-10-17 13:12:48 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\szetyj67vx.exe
[2010-10-17 13:12:25 | 000,271,360 | ---- | M] () -- C:\WINDOWS\svc2.exe
MsConfig - StartUpReg: riuom - hkey= - key= - C:\Documents and Settings\Adrian\riuom.exe File not found
MsConfig - StartUpReg: szetyj67v - hkey= - key= - File not found
MsConfig - StartUpReg: szetyj67vx - hkey= - key= - File not found
O4 - HKU\.DEFAULT..\Run: [NetLog2] C:\WINDOWS\svc2.exe ()
O4 - HKU\.DEFAULT..\Run: [NetLog3] C:\WINDOWS\svc3.exe ()
O4 - HKU\S-1-5-18..\Run: [NetLog2] C:\WINDOWS\svc2.exe ()
O4 - HKU\S-1-5-18..\Run: [NetLog3] C:\WINDOWS\svc3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: xal6whv = C:\WINDOWS\TEMP\11np.exe ()
SRV - [2009-02-09 13:25:57 | 000,008,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwcwks.dll -- (NWCWorkstation)
NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwcwks.dll (Microsoft Corporation)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "http://fpdownload.ma...r/ultrashim.cab" (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "http://platformdl.ad...Plus/1.6/gp.cab" (Reg Error: Value error.)
SRV - File not found [Disabled | Stopped] -- -- (RadClock)
SRV - File not found [On_Demand | Stopped] -- -- (fsssvc)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
 
:Commands
[resethosts]
[emptyflash]
[emptytemp]

 

Klik w Wykonaj skrypt. Będzie restart systemu i otrzymasz log. Zachowaj go do wglądu na potem.

 

2. Przeskanuj system przez Dr. Web CureIt, skan pełny a nie szybki.

 

3. Do oceny: log powstały z usuwania w punkcie 1, wyniki z CureIt oraz już po skanie w CureIt nowy zestaw logów OTL. Dołącz proszę log z GMER lub Root Repeal. Emulacja wirtualna jest już zdjęta, więc przynajmniej jeden obiekt wchodzący w kolizję z rootkit detekcją jest wyeliminowany.

 

 

 

 

.

[Nutaharion]

Czy potrzebujesz całego logu z CureIt'a? Bo próbowałem go dać ale mi przeglądarka pada i nie mogę ;/ Dodatkowo mogę powiedzieć, że w każdym exe znalazł Virut.56

 

Nie wiem czy to wina usuwania tych plików czy coś ale nie mogę ściągać plików z mozilli a przy włączaniu chrome mi się resetuje komputer. Teraz aby wszystko robić to korzystam z K-meleona.

To jakaś wina właśnie tych operacji i wystarczy je przeinstalować?

 

Plik OTL

OTL.Txt

 

GMER

GMER.txt

 

 

//Edit #2

Skoro było tyle krzyku to spróbuję wrzucić cały log z CureIt ale zanim to się przetworzy to trochę minie.

[picasso]

Zbędną dyskusję kasuję.

 

Nie podałeś mi wszystkich logów: nie ma loga z usuwania OTL, by było wiadome w jaki sposób skasował. Nadal brak Extras od OTL (powtarzam po raz trzeci: nie zaznaczyłeś Rejestr - Skan dodatkowy na Użyj filtrowania). Logi zaś sugerują nadal czynnego Viruta.

 

Czy potrzebujesz całego logu z CureIt'a? Bo próbowałem go dać ale mi przeglądarka pada i nie mogę ;/ Dodatkowo mogę powiedzieć, że w każdym exe znalazł Virut.56

 

Tak dużego raportu nawet nie byłabym w stanie przeczytać. Interesowały mnie tylko wyniki, które pliki są zainfekowane i co z nimi CureIt robił (by wiedzieć co ewentualnie należy nadpisać ręcznie). Jeśli "w każdym exe", to jest kiepsko.

 

Nie wiem czy to wina usuwania tych plików czy coś ale nie mogę ściągać plików z mozilli a przy włączaniu chrome mi się resetuje komputer. Teraz aby wszystko robić to korzystam z K-meleona.

To jakaś wina właśnie tych operacji i wystarczy je przeinstalować?

 

Virut nie jest prosty do wyleczenia. Jeśli masz takie objawy, to świadczy to o jednym z dwóch: Virut jest nadal czynny lub są uszkodzone pliki tych programów (wszystko co było zarażone Virutem i zostało poddane leczeniu a nie działa, jest do wyrzucenia / wymiany). Poza tym, skanowanie musi tu być wykonywane do skutku, dopóki przestaną być znajdowane zarażone obiekty. Na razie podaję do wykonania:

 

1. W OTL nadal widać proces startujący z lokalizacji tymczasowej. W OTL w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: xal6whv = C:\DOCUME~1\Adrian\USTAWI~1\Temp\11np.exe ()
 
:Commands
[emptyflash]
[emptytemp]

 

Klik w Wykonaj skrypt. Po restarcie będzie z tego log. Mówię: zachowaj go.

 

2. Ponów skanowanie komputera z całkowicie zewnętrznego środowiska przez jedną z płyt bootowalnych: KLIK (może być ta sama stajnia Dr. Web LiveCD).

 

 

 

 

 

.

[Nutaharion]

Już wiem czemu nie pokazywałem extras... ponieważ były one zapisane na dysku a po skanowaniu otwierał się tylko log.txt... Znalazłem to na C: i teraz oddaję w Twoje ręce

 

OTL Extras logfile created on: 2010-10-18 10:54:37 - Run 4

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Adrian\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111,80 Gb Total Space | 22,31 Gb Free Space | 19,95% Space Free | Partition Type: NTFS

 

Computer Name: FORGOTTEN | User Name: Adrian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = K-Meleon.HTML] -- C:\Program Files\K-Meleon\K-Meleon.exe (http://kmeleon.sf.net/)

 

[HKEY_USERS\S-1-5-21-1220945662-1275210071-839522115-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

https [open] -- "C:\Program Files\K-Meleon\K-Meleon.exe" "%1" (http://kmeleon.sf.net/)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"5985:TCP" = 5985:TCP:*:Disabled:Zdalne zarządzanie systemem Windows

"80:TCP" = 80:TCP:*:Disabled:Zdalne zarządzanie systemem Windows — tryb zgodności (ruch przychodzący HTTP)

"1034:TCP" = 1034:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Oracle)

"C:\Program Files\Traffic Giant Gold\TrafficGiant.exe" = C:\Program Files\Traffic Giant Gold\TrafficGiant.exe:*:Enabled:MFC-Anwendung default -- ()

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis

"{1123507C-1806-4A68-9E7F-FBC3F5F2D94D}" = Multimedia Keyboard driver

"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter

"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21

"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK

"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series

"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK

"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack

"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{82D9302E-F209-4805-B548-52087047483A}" = Python 2.4

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{941A33ED-6883-458C-B20E-A2DC5E48FF3A}" = Magic Tune 2.5

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9862473C-E063-4C68-A161-2CDE0E8048A5}" = Podstawowe programy Windows Live

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AB614A6-719C-4A6E-A63E-831E0A35F62A}" = Windows Live Writer

"{9CDEAEC9-2F14-4D39-8541-C1EEC4B5D1CB}" = Galeria fotografii usługi Windows Live

"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A7388312-4FBB-48E5-8DC0-B63DA02658AE}" = Windows Live Toolbar

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver

"{AB7CA5F4-CD20-4B4B-97DD-62ED9EDAE69D}_is1" = BulkRS 2.0

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0

"{AF13F447-044B-425D-8409-4BDF9263C81C}" = Warlords Battlecry II

"{BAE4A43D-6DDE-4E19-A2A5-BBD89A3ED48C}" = PS7200

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C35FE07E-24B5-410F-85B7-122087A0C7DD}" = Poczta usługi Windows Live

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1803CD4-0CE7-4484-98E3-88D7A2D629A4}" = Windows Live Messenger

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update

"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color

"{F88335A8-CA7B-41DE-B37D-81306C73B507}" = Bezpieczeństwo rodzinne usługi Windows Live

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI

"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21

"ATI Display Driver" = ATI Display Driver (Omega 2.5.97a)

"Audacity_is1" = Audacity 1.2.6

"Azgard Defence_is1" = Azgard Defence 1.0

"CCleaner" = CCleaner

"Defraggler" = Defraggler

"ffdshow_is1" = ffdshow [rev 3200] [2010-01-12]

"FileHippo.com" = FileHippo.com Update Checker

"Gadu-Gadu 10" = Gadu-Gadu 10

"Google Chrome" = Google Chrome

"HijackThis" = HijackThis 2.0.2

"hp photosmart 7200 series_Driver" = hp photosmart 7200 series

"InstallShield_{1123507C-1806-4A68-9E7F-FBC3F5F2D94D}" = Multimedia Keyboard driver

"InstallShield_{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver

"ipla" = ipla 2.1.4

"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full

"K-Meleon" = K-Meleon 1.5.4 pl-PL (remove only)

"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended

"mIRC" = mIRC

"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)

"MultiRes (remove only)" = MultiRes (remove only)

"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2

"Odkurzacz 12.4_is1" = Odkurzacz 12.4

"OggDS" = Direct Show Ogg Vorbis Filter (remove only)

"Pharaoh" = Faraon

"Proxy Finder Enterprise Edition" = Proxy Finder Enterprise Edition

"Radeon Omega Drivers for Windows 2k-XPv2.5.97a" = Radeon Omega Drivers v2.5.97a Setup Files

"RealPlayer 12.0" = RealPlayer

"Silkroad" = Silkroad

"SSIII Solo Ultratus" = SSIII Solo Ultratus 1.2

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Totalcmd" = Total Commander (Remove or Repair)

"Traffic Giant Gold" = Traffic Giant Gold

"uTorrent" = µTorrent

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter

"Warlords Battlecry II" = Warlords Battlecry II

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinRAR archiver" = WinRAR archiver

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1220945662-1275210071-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent" = µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2010-10-16 16:14:57 | Computer Name = FORGOTTEN | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

 

Error - 2010-10-16 16:14:57 | Computer Name = FORGOTTEN | Source = MsiInstaller | ID = 1008

Description = Instalacja elementu C:\Documents and Settings\Adrian\Moje dokumenty\Pobieranie\182-eav_nt32_plk.msi

jest niedozwolona z powodu błędu w przetwarzaniu zasad ograniczających oprogramowanie.

Obiektowi nie można zaufać.

 

Error - 2010-10-16 18:16:11 | Computer Name = FORGOTTEN | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

 

Error - 2010-10-16 18:16:34 | Computer Name = FORGOTTEN | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

 

Error - 2010-10-16 18:18:35 | Computer Name = FORGOTTEN | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

 

Error - 2010-10-16 18:18:54 | Computer Name = FORGOTTEN | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

 

Error - 2010-10-16 18:35:21 | Computer Name = FORGOTTEN | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

 

Error - 2010-10-16 18:35:43 | Computer Name = FORGOTTEN | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

 

Error - 2010-10-17 07:56:44 | Computer Name = FORGOTTEN | Source = crypt32 | ID = 131080

Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej

listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,

wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.

 

Error - 2010-10-17 08:56:12 | Computer Name = FORGOTTEN | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd mplayerc.exe, wersja 6.4.9.1, moduł powodujący

błąd unknown, wersja 0.0.0.0, adres błędu 0x00000008.

 

[ System Events ]

Error - 2010-10-17 12:55:25 | Computer Name = FORGOTTEN | Source = Service Control Manager | ID = 7023

Description = Usługa Usługa przywracania systemu zakończyła działanie; wystąpił

następujący błąd: %%2

 

Error - 2010-10-17 13:14:41 | Computer Name = FORGOTTEN | Source = Service Control Manager | ID = 7034

Description = Usługa ProtexisLicensing niespodziewanie zakończyła pracę. Wystąpiło

to razy: 1.

 

Error - 2010-10-17 13:14:41 | Computer Name = FORGOTTEN | Source = Service Control Manager | ID = 7034

Description = Usługa Pml Driver HPZ12 niespodziewanie zakończyła pracę. Wystąpiło

to razy: 1.

 

Error - 2010-10-17 13:14:41 | Computer Name = FORGOTTEN | Source = Service Control Manager | ID = 7034

Description = Usługa Java Quick Starter niespodziewanie zakończyła pracę. Wystąpiło

to razy: 1.

 

Error - 2010-10-17 13:17:24 | Computer Name = FORGOTTEN | Source = SRService | ID = 104

Description = Proces inicjalizacji Przywracania systemu nie powiódł się.

 

Error - 2010-10-17 13:18:33 | Computer Name = FORGOTTEN | Source = Service Control Manager | ID = 7023

Description = Usługa Usługa przywracania systemu zakończyła działanie; wystąpił

następujący błąd: %%2

 

Error - 2010-10-18 01:16:04 | Computer Name = FORGOTTEN | Source = SRService | ID = 104

Description = Proces inicjalizacji Przywracania systemu nie powiódł się.

 

Error - 2010-10-18 01:17:11 | Computer Name = FORGOTTEN | Source = Service Control Manager | ID = 7023

Description = Usługa Usługa przywracania systemu zakończyła działanie; wystąpił

następujący błąd: %%2

 

Error - 2010-10-18 02:15:48 | Computer Name = FORGOTTEN | Source = SRService | ID = 104

Description = Proces inicjalizacji Przywracania systemu nie powiódł się.

 

Error - 2010-10-18 02:16:49 | Computer Name = FORGOTTEN | Source = Service Control Manager | ID = 7023

Description = Usługa Usługa przywracania systemu zakończyła działanie; wystąpił

następujący błąd: %%2

 

 

< End of report >

 

 

 

Co do CureIt'a

-----------------------------------------------------------------------------

Statystyki

-----------------------------------------------------------------------------

Przetestowane obiekty: 233269

Zainfekowane obiekty: 580

Zmodyfikowane obiekty: 0

Podejrzane obiekty: 1

Programy Adware: 0

Programy Dialer: 0

Programy Joke: 0

Programy Riskware: 0

Programy Hacktool: 0

Wyleczone obiekty: 573

Usunięte obiekty: 7

Przemianowane obiekty: 0

Przeniesione obiekty: 0

Pominięte obiekty: 0

Prędkość testu: 95 Kb/s

Czas testu: 8:12:14

-----------------------------------------------------------------------------

 

C:\Program Files\Warlords Battlecry II\Battlecry II.exe - niewyleczalny - usunięty

 

=============================================================================

Całkowita statystyka sesji

=============================================================================

Przetestowane obiekty: 242446

Zainfekowane obiekty: 1153

Zmodyfikowane obiekty: 0

Podejrzane obiekty: 1

Programy Adware: 0

Programy Dialer: 0

Programy Joke: 0

Programy Riskware: 0

Programy Hacktool: 0

Wyleczone obiekty: 1146

Usunięte obiekty: 8

Przemianowane obiekty: 0

Przeniesione obiekty: 0

Pominięte obiekty: 0

Prędkość testu: 129 Kb/s

Czas testu: 8:48:38

=============================================================================

 

Wszystkie pliki zarażone Virutem niby wyleczył. Dodatkowo usunął:

>C:\WINDOWS\Fonts\services.exe zainfekowany wirusem BackDoor.Spy.312 - usunięty

>C:\_OTL\MovedFiles\10172010_185235\C_WINDOWS\svc2.exe zainfekowany wirusem BackDoor.Siggen.25814 - usunięty

>C:\_OTL\MovedFiles\10172010_185235\C_WINDOWS\svc3.exe zainfekowany wirusem BackDoor.Siggen.25814 - usunięty

C:\_OTL\MovedFiles\10172010_185235\C_WINDOWS\system32\szetyj67vx.exe zainfekowany wirusem Win32.Virut.56 - wyleczony

C:\_OTL\MovedFiles\10172010_185235\C_WINDOWS\system32\szetyj67vx.exe zainfekowany wirusem Trojan.Click1.25240 - usunięty

>C:\_OTL\MovedFiles\10172010_185235\C_WINDOWS\system32\updata.exe zainfekowany wirusem Trojan.Click1.25507 - usunięty

C:\Program Files\Warlords Battlecry II\Battlecry II.exe - niewyleczalny - usunięty

 

LOG z tego skryptu:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\xal6whv deleted successfully.

C:\Documents and Settings\Adrian\Ustawienia lokalne\temp\11np.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: Administrator

->Flash cache emptied: 0 bytes

 

User: Adrian

->Flash cache emptied: 100355 bytes

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Adrian

->Temp folder emptied: 82851751 bytes

->Temporary Internet Files folder emptied: 5287536 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 72929404 bytes

->Google Chrome cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 65536 bytes

RecycleBin emptied: 829764 bytes

 

Total Files Cleaned = 154,00 mb

 

 

OTL by OldTimer - Version 3.2.15.2 log created on 10182010_110849

 

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_4f8.dat not found!

 

Registry entries deleted on Reboot...

 

Zrobiłem operację na LiveCD. Ten plik np11.exe wreszcie zniknął

Picasso masz może jeszcze jakieś metody dla upewnienia się?

[picasso]

Wyniki z C:\_OTL się nie liczą, to kwarantanna OTL. To usuwam zawsze na końcu.

 

Zrobiłem operację na LiveCD. Ten plik np11.exe wreszcie zniknął

 

Jakie były statystyki tego procesu? Leczył / usuwał ... ? Poza tym, przeinstalowałeś programy, które nie działały? W związku z tym, że już upłynął cały dzień, zaprezentuj raz jeszcze:

1. Najnowszy zestaw logów z OTL + GMER.

2. Ponów spod systemu skanowanie CureIt, jeśli on nic już nie znajdzie, to podam końcowe kroki czyszczące po usuwaniu.

 

 

.

[Nutaharion]

Wszystkie 7 plików co wykrył LiveCD zostały usunięte ponieważ ich leczenie nie było możliwe

 

Nie wiem jak dodać logi bo pisze, że są a długie a znane mi serwisy (pasteit i pokazywarka) nie uwzględniają formatowania

[picasso]

Wszystkie 7 plików co wykrył LiveCD zostały usunięte ponieważ ich leczenie nie było możliwe

 

Ale czy to były pliki programów, systemu czy dodane przez szkodnika? Pewnie raportu nie zapisałeś z tego działania (a post factum nie da się tych danych odtworzyć). Nie pamiętasz nazw tych 7 plików?

 

Nie wiem jak dodać logi bo pisze, że są a długie a znane mi serwisy (pasteit i pokazywarka) nie uwzględniają formatowania

 

Które logi? OTL + GMER tutaj do Załączników mają iść. W OTL zachowanie formatowania kolorów jest nieistotne, mnie interesuje tylko i wyłącznie treść raportów i mogę spokojnie się obejść bez tego formatowania. Zaś z CureIt interesują mnie tylko przeklejone z raportu linijki, które pliki są zainfekowane (nie interesują mnie wyciągi z wszystkich plików).

 

 

 

.

[Nutaharion]

OTL

otl.txt

OTL.Txt

extras.txt

Extras.Txt

 

Niestety chyba wszystko się nie usunęło bo GMER znów się resetuje podczas skanowania

Chętnie bym zamiast tego dał log z rootrepeal ale tam jest sporo opcji drivers, files, processes etc. i nie wiem które dać ewentualnie czy dać wszystkie

 

Skanowanie CureItem zrobię rano bo on to robi długo przez co nie mogę spać w nocy bo mój komputer nieźle hałasuje ;x

 

#edit #2

Zrobiłem to skanowanie z RootRepeal ale znalazł tylko to:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/10/19 23:18

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA78DE000 Size: 49152 File Visible: No Signed: -

Status: -

 

Stealth Objects

-------------------

Object: Hidden Code [Driver: prodrv06ȅఆ剒敬垼, IRP_MJ_CREATE]

Process: System Address: 0xe1eb66b0 Size: 2384

 

Object: Hidden Code [Driver: prodrv06ȅఆ剒敬垼, IRP_MJ_CLOSE]

Process: System Address: 0xe1eb66b0 Size: 2384

 

Object: Hidden Code [Driver: prodrv06ȅఆ剒敬垼, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0xe1eb66b0 Size: 2384

 

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE]

Process: System Address: 0xe1ad4a00 Size: 287

 

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE]

Process: System Address: 0xe1ad4a00 Size: 287

 

Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0xe1ad4a00 Size: 287

 

==EOF==

 

#edit 3

Zrobiłem ten scan ale raport się nie zachował jak wróciłem ze szkoły to już brat siedział na kompie -.-

Ale zerkałem na procesy i hosty i ten host jakiś dziwny już się nie włącza

 

#edit 4

Nic nie znalazł. Wszędzie obok jest Ok.

Wg. mnie plik hostów sam przez przypadek wkładałem jak się mnie pytał czy podmienić plik bo został on zmodyfikowany coś tam cośtam ;/

Teraz nie pozwoliłem i tamto się nie pojawia.

[picasso]

W logu z OTL widzę powrót tej modyfikacji pliku HOSTS (wpis dodawany przy infekcji Virut, był tu już usuwany):

 

O1 - Hosts: 173.45.76.66 drghwaweg45j4i6u3q32fg2h.com

 

W Start > Uruchom > wklej polecenie notepad C:\WINDOWS\system32\drivers\etc\hosts. Z pliku wytnij tę linijkę (nie ruszaj 127.0.0.1 localhost) i zapisz zmiany w pliku.

 

Niestety chyba wszystko się nie usunęło bo GMER znów się resetuje podczas skanowania

 

Niekoniecznie jest to wynik infekcji (działa tu w tle conajmniej jeden obiekt, który może tworzyć kolizję - konkretniej sterowniki zabezpieczenia StarForce), choć aktualnie nie mam pewności co się tu dzieje w tle.

 

Chętnie bym zamiast tego dał log z rootrepeal ale tam jest sporo opcji drivers, files, processes etc. i nie wiem które dać ewentualnie czy dać wszystkie

 

Nie doczytałeś. W opisie jest dokładnie podane do której karty należy przejść i co należy zaznaczyć. Cytuję:

 

Należy przejść do karty Report i kliknąć w button Scan. Padnie pierwsze pytanie konfiguracyjne skanu, należy zaznaczyć wszystkie sekcje

(...)

Następnie ujawni się pytanie o dyski, które mają zostać przeskanowane. Przy obecności więcej niż jednego należy wybrać tylko dysk systemowy

 

Skanowanie CureItem zrobię rano bo on to robi długo przez co nie mogę spać w nocy bo mój komputer nieźle hałasuje ;x

 

Doedytujesz więc post wyżej, a ja potem doedytuję tu swój. Nie mogę ocenić sytuacji systemu bez wyników ze skanera antywirusowego. Logi nie są w stanie udowodnić czystości w wykonywalnych, bo się w ogóle nie zajmują takim typem skanowania, co najwyżej można to wnioskować po pośrednich znakach (albo masowe modyfikacje / pliki "na świeżo" utworzone, albo dowiązane trojany występujący w parze z infekcją główną).

 

EDIT:

 

Zrobiłem to skanowanie z RootRepeal ale znalazł tylko to

 

Sekcja "Stealth Objects" jest w porządku. To hooki tworzone przez StarForce.

 

EDIT2:

 

Zrobiłem ten scan ale raport się nie zachował jak wróciłem ze szkoły to już brat siedział na kompie -.-

Ale zerkałem na procesy i hosty i ten host jakiś dziwny już się nie włącza

 

W pasku adresów eksploratora Windows wklep %UserProfile%\DoctorWeb. W tym katalogu CureIt trzyma plik raportu. Sprawdź co się pojawiło w zakresie tego ostatniego skanowania.

 

EDIT3:

 

Nic nie znalazł. Wszędzie obok jest Ok.

 

To podaję końcowe instrukcje, a Ty mi odpowiesz już w nowym poście.

 

1. W OTL wywołaj funkcję Sprzątanie. Pozbądź się też z dysku CureIt i jego kwarantanny.

 

2. Zresetuj stan folderów Przywracania systemu: INSTRUKCJE.

 

3. Uzupełnienie:

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"Gadu-Gadu 10" = Gadu-Gadu 10
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)

• Do aktualizacji przeglądarki i Java: INSTRUKCJE.
  
• GG10 to spory kombajn. Zainteresuj się tematem Darmowe komunikatory i alternatywami w rodzaju WTW czy Miranda.
  

Podstawowym pytaniem jest: czy wszystko działa jak należy?

 

 

 

.

[Nutaharion]

1) OTL się usunął po kliknięciu sprzątanie - to normalne ?

 

2) Gotowe

 

3) Szczególne dzięki za "nowe" GG tamto mnie irytowało bo na mojego staruszka było za nowe

 

Wszystko działa bardzo dobrze

Edytowane 21 Października 2010 przez picasso
Tak, to normalne, opcja Sprzątanie usuwa i program z dysku. Temat rozwiązany, zamykam. //picasso