Rozwiązany: Zmulony (zawirusowany) komp

Loviricus · Czerwiec 16, 2010

Korzystając z okazji, podepnę się pod ten topic, bo problem mam w sumie podobny. Od jakiegoś czasu mój komputer strasznie "zmula", podobnie jest z szybkością działania internetu. Próbowałem antywirusa (COMODO z codzienną aktualizacją bazy wirusów) oraz Anti - Malware. Znalazło kilka wirusów, które usunąłem, ale szybkość pracy komputera/internetu nie poprawiła się.

Log z OTL:

OTL logfile created on: 2010-07-17 21:21:48 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = D:\Ściągane
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 4,09 Gb Free Space | 20,92% Space Free | Partition Type: NTFS
Drive D: | 54,99 Gb Total Space | 4,66 Gb Free Space | 8,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PRIVATE-GOL0G6G
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-07-17 21:20:46 | 000,572,416 | ---- | M] (OldTimer Tools) -- D:\Ściągane\OTL.exe
PRC - [2010-05-03 21:01:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-30 17:26:02 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-09-25 14:11:44 | 000,380,928 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\RaConfig.exe
========== Modules (SafeList) ==========
MOD - [2010-07-17 21:20:46 | 000,572,416 | ---- | M] (OldTimer Tools) -- D:\Ściągane\OTL.exe
MOD - [2010-02-02 11:37:51 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010-03-29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus?
SRV - [2010-01-30 17:26:02 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
========== Driver Services (SafeList) ==========
DRV - [2010-02-02 11:37:48 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010-01-30 17:28:16 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010-01-30 17:28:15 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009-09-09 13:51:05 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-09-06 21:10:57 | 000,016,512 | ---- | M] (Windows ? 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009-08-17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-06-25 08:07:40 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-06-25 08:07:40 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2008-09-04 07:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008-09-04 07:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008-09-04 07:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows ? Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007-11-30 08:55:48 | 000,107,520 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2007-09-19 11:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005-05-31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005-05-31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005-04-30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005-04-30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005-04-30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005-03-25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005-02-23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004-10-19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004-10-15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003-10-08 13:14:38 | 000,051,712 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2400.sys -- (RT2400)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Allegro"
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/webhp?hl=pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-23 17:02:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-17 11:14:12 | 000,000,000 | ---D | M]
[2009-09-06 19:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2010-07-17 11:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions
[2010-02-03 12:44:11 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010-06-15 18:46:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-07-17 11:14:09 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus?)) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010-05-06 13:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\battlefieldheroespatcher@ea.com
[2010-07-17 11:14:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-04-24 10:32:29 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-04-24 10:32:29 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-04-24 10:32:29 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-04-24 10:32:29 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-04-24 10:32:29 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-04-24 10:32:29 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ()
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
O4 - HKCU..\Run: [igndlm.exe] D:\programy\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKLM..\RunOnce: [uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-09-06 20:46:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{281f9aac-a290-11de-a4f4-0080c6e787eb}\Shell - "" = AutoRun
O33 - MountPoints2\{49a1fa56-51f5-11df-a6ed-0080c6e787eb}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-07-17 21:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
[2010-07-17 21:01:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010-07-17 11:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010-07-16 13:05:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010-07-16 13:05:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010-07-16 07:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010-07-14 18:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\gtk-2.0
[2010-07-14 18:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails
[2010-07-14 18:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gimp-2.6
[2010-07-14 18:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gegl-0.0
[2010-07-13 19:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2010-06-30 13:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Facebook
[2010-06-29 15:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 10
[2010-06-29 15:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-06-29 15:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2010-06-26 18:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\POP3Profiles
[2010-06-21 11:56:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Brother
[2004-11-24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010-07-17 21:20:27 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010-07-17 21:03:07 | 000,000,414 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-07-17 11:05:09 | 000,487,882 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-07-17 11:05:09 | 000,430,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-07-17 11:05:09 | 000,083,074 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-07-17 11:05:09 | 000,067,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-07-17 11:05:08 | 001,082,416 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-07-17 11:00:44 | 000,131,166 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-07-17 11:00:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-17 11:00:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-17 10:58:52 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-07-17 10:58:52 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-07-16 13:05:12 | 004,286,168 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-07-15 09:12:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-14 21:15:39 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Skrót do Torment.lnk
[2010-07-14 19:07:51 | 000,001,437 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010-07-14 18:38:53 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\GIMP 2.lnk
[2010-07-14 10:12:19 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-07-12 17:41:52 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010-07-12 17:18:08 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-26 18:58:38 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia T2T.lnk
[2010-06-24 19:21:44 | 000,000,100 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010-07-17 21:03:07 | 000,000,414 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-07-14 21:15:39 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Skrót do Torment.lnk
[2010-07-14 19:07:51 | 000,001,437 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010-07-14 18:38:53 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\GIMP 2.lnk
[2010-06-26 18:58:38 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia T2T.lnk
[2010-05-06 14:56:29 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-05-05 01:57:08 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010-01-30 17:22:24 | 000,000,152 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2010-01-29 21:15:53 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-12-30 13:58:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009-12-29 20:31:46 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009-12-25 19:05:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2009-12-03 12:26:36 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009-12-03 12:26:34 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2009-11-26 20:22:40 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-11-25 19:50:32 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009-10-07 22:28:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009-09-25 14:13:33 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2009-09-25 14:13:33 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2009-09-18 11:03:13 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009-09-13 17:44:36 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009-09-13 17:44:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009-09-13 17:39:37 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009-09-12 08:33:58 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-09-09 13:51:05 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-09-07 01:36:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\install.dll
[2009-09-07 01:36:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SmartInstallCfg2.dll
[2009-09-06 21:35:10 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-09-06 21:35:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-09-06 21:35:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-12-19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008-12-17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008-12-17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008-12-17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-12-17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008-12-17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008-12-11 12:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004-10-03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2002-03-04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:888AFB86
< End of report >

RSIT nie mogłem ściągnąć, bo folder, do którego zazwyczaj ściągam pliki został zablokowany przez... wirusa, którego podobnoż usunął mój antywirus (wirus perlovga jakby kto pytał), próby ściągnięcia go do innego folderu też spaliły na panewce.

Proszę o pomoc i z góry za nią dziękuję

Sevard · Czerwiec 16, 2010

Daj log z Malwarebytes' Anti-Malware, który powstał po ostatnim skanowaniu.

Uruchom raz jeszcze OTL, pozaznaczaj opcje: Scan All Users, LOP Check, Purity Check. Zaznacz też opcję Use Safelist w Extra registry. Wklej oba wygenerowane przez OTL logi.

Jeśli to rzeczywiście ten wirus, o którym pisałeś, to najprawdopodobniej będzie trzeba użyć Combofixa, ale wolę się upewnić.

Loviricus · Czerwiec 17, 2010

Malwarbytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Wersja bazy: 4052
Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 6.0.2900.5512
2010-07-13 19:09:03
mbam-log-2010-07-13 (19-09-03).txt
Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 117104
Upłynęło: 7 minut(y), 39 sekund(y)
Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 1
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 0
Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)
Zainfekowanych wartości rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Backdoor.Bot) -> Quarantined and deleted successfully.
Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)
Zainfekowanych folderów:
(Nie znaleziono zagrożeń)
Zainfekowanych plików:
(Nie znaleziono zagrożeń)

OTL # 1

OTL logfile created on: 2010-07-18 16:12:27 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = D:\Ściągane
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 4,12 Gb Free Space | 21,10% Space Free | Partition Type: NTFS
Drive D: | 54,99 Gb Total Space | 4,66 Gb Free Space | 8,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PRIVATE-GOL0G6G
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-07-17 21:20:46 | 000,572,416 | ---- | M] (OldTimer Tools) -- D:\Ściągane\OTL.exe
PRC - [2010-05-03 21:01:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-09-25 14:11:44 | 000,380,928 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\RaConfig.exe
========== Modules (SafeList) ==========
MOD - [2010-07-17 21:20:46 | 000,572,416 | ---- | M] (OldTimer Tools) -- D:\Ściągane\OTL.exe
MOD - [2010-02-02 11:37:51 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010-01-30 17:26:02 | 000,723,632 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
========== Driver Services (SafeList) ==========
DRV - [2010-02-02 11:37:48 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010-01-30 17:28:16 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010-01-30 17:28:15 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009-09-09 13:51:05 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-09-06 21:10:57 | 000,016,512 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009-08-17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-06-25 08:07:40 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009-06-25 08:07:40 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2008-09-04 07:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008-09-04 07:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008-09-04 07:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007-11-30 08:55:48 | 000,107,520 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2007-09-19 11:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005-05-31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005-05-31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005-04-30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005-04-30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005-04-30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005-03-25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005-02-23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004-10-19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004-10-15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003-10-08 13:14:38 | 000,051,712 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2400.sys -- (RT2400)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-448539723-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Allegro"
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/webhp?hl=pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-23 17:02:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-18 11:06:54 | 000,000,000 | ---D | M]
[2009-09-06 19:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2010-07-18 11:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions
[2010-02-03 12:44:11 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010-06-15 18:46:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-05-06 13:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\battlefieldheroespatcher@ea.com
[2010-07-18 11:26:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-04-24 10:32:29 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-04-24 10:32:29 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-04-24 10:32:29 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-04-24 10:32:29 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-04-24 10:32:29 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-04-24 10:32:29 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Programy\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
O4 - HKU\S-1-5-21-1960408961-448539723-725345543-500..\Run: [igndlm.exe] D:\programy\Download Manager\DLM.exe (IGN Entertainment)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-448539723-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-09-06 20:46:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{281f9aac-a290-11de-a4f4-0080c6e787eb}\Shell - "" = AutoRun
O33 - MountPoints2\{49a1fa56-51f5-11df-a6ed-0080c6e787eb}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-07-17 21:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
[2010-07-17 21:01:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010-07-16 13:05:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010-07-16 13:05:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010-07-16 07:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010-07-14 18:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\gtk-2.0
[2010-07-14 18:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails
[2010-07-14 18:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gimp-2.6
[2010-07-14 18:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gegl-0.0
[2010-07-13 19:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2010-06-30 13:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Facebook
[2010-06-29 15:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 10
[2010-06-29 15:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-06-29 15:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2010-06-26 18:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\POP3Profiles
[2010-06-21 11:56:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Brother
[2004-11-24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010-07-18 16:12:29 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010-07-18 15:46:55 | 000,487,882 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-07-18 15:46:55 | 000,430,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-07-18 15:46:55 | 000,083,074 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-07-18 15:46:55 | 000,067,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-07-18 15:46:54 | 001,082,416 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-07-18 15:42:55 | 000,131,166 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-07-18 15:42:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-18 15:42:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-18 12:59:46 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-07-18 12:59:46 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-07-18 11:06:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-17 22:18:05 | 002,108,706 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-07-17 21:03:07 | 000,000,414 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-07-14 21:15:39 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Skrót do Torment.lnk
[2010-07-14 19:07:51 | 000,001,437 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010-07-14 18:38:53 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\GIMP 2.lnk
[2010-07-14 10:12:19 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-07-12 17:41:52 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010-07-12 17:18:08 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-26 18:58:38 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia T2T.lnk
[2010-06-24 19:21:44 | 000,000,100 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010-07-17 21:03:07 | 000,000,414 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-07-14 21:15:39 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Skrót do Torment.lnk
[2010-07-14 19:07:51 | 000,001,437 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010-07-14 18:38:53 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\GIMP 2.lnk
[2010-06-26 18:58:38 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia T2T.lnk
[2010-05-06 14:56:29 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-05-05 01:57:08 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010-01-30 17:22:24 | 000,000,152 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2010-01-29 21:15:53 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-12-30 13:58:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009-12-29 20:31:46 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009-12-25 19:05:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2009-12-03 12:26:36 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009-12-03 12:26:34 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2009-11-26 20:22:40 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-11-25 19:50:32 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009-10-07 22:28:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009-09-25 14:13:33 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2009-09-25 14:13:33 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2009-09-18 11:03:13 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009-09-13 17:44:36 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009-09-13 17:44:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009-09-13 17:39:37 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009-09-12 08:33:58 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-09-09 13:51:05 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-09-07 01:36:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\install.dll
[2009-09-07 01:36:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SmartInstallCfg2.dll
[2009-09-06 21:35:10 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-09-06 21:35:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-09-06 21:35:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-12-19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008-12-17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008-12-17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008-12-17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-12-17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008-12-17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008-12-11 12:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004-10-03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2002-03-04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
========== LOP Check ==========
[2009-11-26 20:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\BESTplayer
[2009-12-27 17:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\com.adobe.example.wilq.31780CAEAAA26670054AA51B21F17F0B86A843CE.1
[2009-09-09 13:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools Lite
[2010-06-30 13:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Facebook
[2009-12-25 19:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\FarStone
[2010-06-29 15:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 10
[2010-07-14 19:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\gtk-2.0
[2010-02-25 20:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\id Software
[2010-02-12 11:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\LG Electronics
[2009-09-06 22:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu
[2009-09-06 22:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenFM
[2009-10-18 11:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Publish Providers
[2009-11-10 12:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ScanSoft
[2009-10-18 11:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Sony
[2009-10-18 10:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Sony Setup
[2009-09-18 10:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\The Creative Assembly
[2009-09-17 19:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft
[2009-09-10 16:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Uniblue
[2010-05-07 18:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Unity
[2009-10-16 16:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
[2009-09-09 13:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-06-29 15:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-02-25 20:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software
[2010-07-16 12:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-06-26 18:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\POP3Profiles
[2009-09-13 17:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft
[2010-04-20 21:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Soulseek
[2010-02-10 20:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-09-17 19:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:888AFB86
< End of report >

OTL #2 (Extras)

OTL Extras logfile created on: 2010-07-18 16:12:27 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = D:\Ściągane
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 4,12 Gb Free Space | 21,10% Space Free | Partition Type: NTFS
Drive D: | 54,99 Gb Total Space | 4,66 Gb Free Space | 8,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PRIVATE-GOL0G6G
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1960408961-448539723-725345543-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- File not found
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- File not found
"C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12B224EF-BA30-4B3D-8137-82CD9C67C776}_is1" = ACP 2.0.5
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{D109D808-3D2D-433C-BAA2-C7853E5B1589}" =
"{9198A23F-C33C-4907-9715-96DE7D4AF27D}" = RT2400 Wireless LAN Card
"{95CC887F-91B2-45E9-AE29-0D51995192CB}" = USB Game Controller
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9AFC93C3-EEE0-497C-9341-27753FAC7233}" = Prince of Persia The Two Thrones
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camer@
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E01662A1-BF0F-4DA8-A2FC-4E7F685884B8}" = Rome - Total War
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE335B6E-EEE3-4B78-A6C1-B7F20679CCB2}" = Planescape Torment
"7-Zip" = 7-Zip 3.13
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALLPlayer_is1" = ALLPlayer V4.X
"CDisplay_is1" = CDisplay 1.8
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CodInstl" = Intel A/V Codecs V2.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO Internet Security" = COMODO Internet Security
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.10
"Ekspert CD_is1" = Ekspert CD
"Fraps" = Fraps (remove only)
"Gadu-Gadu 10" = Gadu-Gadu 10
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"Kain 2" = Legacy of Kain: Soul Reaver
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Soulseek2" = SoulSeek 157 NS 13e
"ULTIMATER" = Microsoft Office Ultimate 2007
"Winamp" = Winamp
"WinAudio Recorder_is1" = WinAudio Recorder version 2.2.2
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = Archiwizator WinRAR
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1960408961-448539723-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Administrator)
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2010-01-31 07:16:10 | Computer Name = PRIVATE-GOL0G6G | Source = MsiInstaller | ID = 11309
Description = Produkt: Call of Duty® 4 - Modern Warfare -- Błąd 1309. Błąd
odczytu z pliku: D:\instalki\cod4\Setup\Data\main\video\hunted_load.bik. Błąd
systemowy 3. Zweryfikuj, czy plik istnieje i czy masz do niego dostęp.
Error - 2010-01-31 07:16:11 | Computer Name = PRIVATE-GOL0G6G | Source = MsiInstaller | ID = 11309
Description = Produkt: Call of Duty® 4 - Modern Warfare -- Błąd 1309. Błąd
odczytu z pliku: D:\instalki\cod4\Setup\Data\main\video\icbm_fade.bik. Błąd systemowy
3. Zweryfikuj, czy plik istnieje i czy masz do niego dostęp.
Error - 2010-01-31 07:16:12 | Computer Name = PRIVATE-GOL0G6G | Source = MsiInstaller | ID = 11309
Description = Produkt: Call of Duty® 4 - Modern Warfare -- Błąd 1309. Błąd
odczytu z pliku: D:\instalki\cod4\Setup\Data\main\video\icbm_load.bik. Błąd systemowy
3. Zweryfikuj, czy plik istnieje i czy masz do niego dostęp.
Error - 2010-02-12 11:28:08 | Computer Name = PRIVATE-GOL0G6G | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd swkotor2.exe, wersja 2.0.0.0, moduł powodujący
błąd swkotor2.exe, wersja 2.0.0.0, adres błędu 0x001750ab.
Error - 2010-02-14 06:42:06 | Computer Name = PRIVATE-GOL0G6G | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd swkotor2.exe, wersja 2.0.0.0, moduł powodujący
błąd swkotor2.exe, wersja 2.0.0.0, adres błędu 0x001750ab.
Error - 2010-02-25 10:57:37 | Computer Name = PRIVATE-GOL0G6G | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd swkotor2.exe, wersja 2.0.0.0, moduł powodujący
błąd swkotor2.exe, wersja 2.0.0.0, adres błędu 0x00260b8e.
Error - 2010-03-03 12:52:40 | Computer Name = PRIVATE-GOL0G6G | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca LG_MobileSync_Launcher.exe, wersja 2.0.7.2,
moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2010-03-17 15:27:39 | Computer Name = PRIVATE-GOL0G6G | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd kain2.exe, wersja 0.0.0.0, moduł powodujący
błąd kain2.exe, wersja 0.0.0.0, adres błędu 0x000cd3e5.
Error - 2010-04-20 11:31:18 | Computer Name = PRIVATE-GOL0G6G | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd swkotor2.exe, wersja 2.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5512, adres błędu 0x0001a48b.
Error - 2010-04-20 11:40:53 | Computer Name = PRIVATE-GOL0G6G | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd swkotor2.exe, wersja 2.0.0.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.5512, adres błędu 0x000106f7.
[ System Events ]
Error - 2010-07-17 14:10:21 | Computer Name = PRIVATE-GOL0G6G | Source = NetBT | ID = 4319
Description = W sieci TCP wykryto zduplikowaną nazwę. Adres IP komputera, który
wysłał wiadomość, przedstawiono w danych. Użyj polecenia nbtstat -n w oknie wiersza
polecenia, aby stwierdzić, która nazwa znajduje się w stanie konfliktu.
Error - 2010-07-17 14:42:35 | Computer Name = PRIVATE-GOL0G6G | Source = NetBT | ID = 4319
Description = W sieci TCP wykryto zduplikowaną nazwę. Adres IP komputera, który
wysłał wiadomość, przedstawiono w danych. Użyj polecenia nbtstat -n w oknie wiersza
polecenia, aby stwierdzić, która nazwa znajduje się w stanie konfliktu.
Error - 2010-07-17 15:14:46 | Computer Name = PRIVATE-GOL0G6G | Source = NetBT | ID = 4319
Description = W sieci TCP wykryto zduplikowaną nazwę. Adres IP komputera, który
wysłał wiadomość, przedstawiono w danych. Użyj polecenia nbtstat -n w oknie wiersza
polecenia, aby stwierdzić, która nazwa znajduje się w stanie konfliktu.
Error - 2010-07-18 05:06:49 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego
błędu: %%5
Error - 2010-07-18 05:06:51 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: FGXSCSI
Error - 2010-07-18 09:42:51 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego
błędu: %%5
Error - 2010-07-18 09:42:54 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: FGXSCSI
Error - 2010-07-18 09:45:07 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7034
Description = Usługa COMODO Internet Security Helper Service niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.
Error - 2010-07-18 09:45:10 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7034
Description = Usługa PnkBstrA niespodziewanie zakończyła pracę. Wystąpiło to razy:
1.
Error - 2010-07-18 09:45:40 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7034
Description = Usługa Windows User Mode Driver Framework niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1.
< End of report >

Sevard · Czerwiec 17, 2010

ruchom OTL, w Custom Scans/Fixes w OTL wklej to co poniżej:

:Processes

killallprocesses


:Reg

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


:Commands

[emptytemp]

i kliknij run fix. Wrzuć na forum log z tej operacji. Nic więcej nie ma, a i to nie powinno odpowiadać za takie zachowanie.

Niestety w logu z Malwarebytes' nie widzę nazwy wirusa, jeśli dobrze zapamiętałeś nazwę wirusa, to będzie trzeba użyć narzędzia o większej sile rażenia. Zapoznaj się z instrukcją obsługi ComboFixa. Następnie ściągnij ten program (jeśli dasz radę to u siebie, jeśli nie, to na innym kompie i przenieść plik z ComboFixem za pomocą pendrive'a, czy czegoś podobnego). Uruchom program (trzymaj się instrukcji), po wszystkim zostanie wygenerowany log z tym, co ComboFix zrobił. Wklej go na forum.

Loviricus · Czerwiec 17, 2010

Perlovga była usunięta przez antywirusa, a nie Malwarebyte'a, więc pewnie dlatego nie ma o niej nic w logu. Dziś już nie miałem problemu z zassaniem ComboFixa, więc może pozbyłem się Perlovgi na dobre.

Log z OTL:

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 62701227 bytes
->Temporary Internet Files folder emptied: 562886834 bytes
->Java cache emptied: 53578819 bytes
->FireFox cache emptied: 51887050 bytes
->Flash cache emptied: 226659 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 16699670 bytes
%systemroot%\System32 .tmp files removed: 1613396 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 715,00 mb
OTL by OldTimer - Version 3.2.6.0 log created on 07182010_174107
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

Log z ComboFixa:

ComboFix 10-06-16.04 - Administrator 2010-06-18 18:30:44.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3069.2714 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Menu Start\Programy\PC Camer@
c:\documents and settings\All Users\Menu Start\Programy\PC Camer@ \Amcap.lnk
c:\documents and settings\All Users\Menu Start\Programy\PC Camer@ \Uninstall.lnk
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\windows\PixArt\PAC207\Monitor.exe
c:\windows\system32\win.com
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_JavaQuickStarterService
-------\Service_JavaQuickStarterService
((((((((((((((((((((((((( Pliki utworzone od 2010-05-18 do 2010-06-18 )))))))))))))))))))))))))))))))
.
2010-07-17 19:01 . 2010-07-17 19:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-07-17 09:14 . 2010-07-17 09:14 71680 ----a-w- c:\documents and settings\All Users\Dane aplikacji\NOS\Adobe_Downloads\arh.exe
2010-07-16 11:05 . 2010-07-16 13:59 -------- d--h--w- c:\windows\$hf_mig$
2010-07-14 16:40 . 2010-07-14 17:07 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\gtk-2.0
2010-07-14 16:40 . 2010-07-14 16:40 -------- d-----w- c:\documents and settings\Administrator\.thumbnails
2010-07-14 16:39 . 2010-07-16 14:03 -------- d-----w- c:\documents and settings\Administrator\.gimp-2.6
2010-07-14 16:38 . 2010-07-14 16:39 -------- d-----w- c:\documents and settings\Administrator\.gegl-0.0
2010-07-13 17:55 . 2010-07-13 18:18 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2010-06-30 11:25 . 2010-06-30 11:25 50354 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Facebook\uninstall.exe
2010-06-30 11:25 . 2010-06-30 11:25 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Facebook
2010-06-29 13:28 . 2010-06-29 13:28 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 10
2010-06-29 13:28 . 2009-08-31 16:07 42088 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.1.dll
2010-06-29 13:28 . 2009-08-31 15:21 11264 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.1.dll
2010-06-29 13:28 . 2010-06-29 13:28 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-06-29 13:27 . 2010-06-29 13:28 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-06-26 16:58 . 2010-06-26 16:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\POP3Profiles
2010-06-21 09:56 . 2010-06-21 09:56 -------- d-----r- c:\documents and settings\Administrator\Dane aplikacji\Brother
2010-06-11 09:26 . 2009-04-06 08:08 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-06-10 09:25 . 2010-06-10 09:25 57344 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-10 09:25 . 2010-06-10 09:19 754984 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\Setup\Resource.dll
2010-06-10 09:25 . 2010-06-10 09:19 1180952 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\Setup\DivXSetup.exe
2010-06-10 09:25 . 2009-10-23 10:05 530158 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe
2010-06-10 09:25 . 2009-10-23 10:05 530158 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-06-10 09:24 . 2010-06-10 09:24 56766 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-10 09:24 . 2009-10-23 10:05 530158 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-06-10 09:24 . 2010-06-10 09:24 57054 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-10 09:24 . 2010-06-10 09:24 53600 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\Update\Uninstaller.exe
2010-06-10 09:24 . 2010-06-10 09:24 57532 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DSASPDecoder\Uninstaller.exe
2010-06-10 09:24 . 2010-06-10 09:24 54166 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-10 09:24 . 2010-06-10 09:24 56458 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-10 09:24 . 2010-06-10 09:24 54174 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DSAACDecoder\Uninstaller.exe
2010-06-10 09:24 . 2010-06-10 09:24 57409 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\ControlPanel\Uninstaller.exe
2010-06-10 09:24 . 2010-06-10 09:24 52963 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-10 09:24 . 2010-06-10 09:24 54073 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\Qt4.5\Uninstaller.exe
2010-06-10 09:24 . 2010-06-10 09:24 56969 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\ASPEncoder\Uninstaller.exe
2010-06-06 15:52 . 2010-06-06 15:52 -------- d-----w- c:\program files\WinAudioRecorder
2010-06-05 09:09 . 2010-07-13 16:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DivX
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 15:58 . 2009-09-06 19:25 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-07-18 09:07 . 2009-09-16 21:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NOS
2010-07-17 09:06 . 2009-09-16 22:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-16 10:31 . 2009-09-06 20:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2010-07-14 18:55 . 2009-09-06 19:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-18 16:42 . 2001-10-26 16:15 487882 ----a-w- c:\windows\system32\perfh015.dat
2010-06-18 16:42 . 2001-10-26 16:15 83074 ----a-w- c:\windows\system32\perfc015.dat
2010-06-16 18:00 . 2010-05-06 12:56 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-16 18:00 . 2010-02-25 18:35 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-10 09:25 . 2009-10-23 10:04 -------- d-----w- c:\program files\DivX
2010-06-10 09:24 . 2009-10-23 10:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-09 11:07 . 2010-02-10 10:07 -------- d-----w- c:\program files\LG PC Suite II
2010-05-20 20:27 . 2010-05-06 12:56 138056 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\PnkBstrK.sys
2010-05-20 20:27 . 2010-05-06 12:56 138056 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\PnkBstrK.sys
2010-05-20 20:25 . 2010-05-06 12:54 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-05-20 20:25 . 2010-02-25 18:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-07 16:34 . 2010-05-07 16:34 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Unity
2010-05-04 21:20 . 2010-05-04 06:38 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\IGN_DLM
2010-05-04 14:05 . 2010-05-04 14:05 42080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2010-05-04 14:05 . 2010-05-04 14:05 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
2010-04-29 13:39 . 2009-11-20 16:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-11-20 16:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 17:15 . 2009-11-08 14:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-04-28 12:14 . 2009-10-07 20:28 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-20 19:59 . 2010-04-20 19:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Soulseek
2010-04-20 19:59 . 2010-04-20 19:59 -------- d-----w- c:\program files\SoulseekNS
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="d:\programy\Download Manager\DLM.exe" [2009-10-27 1103216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-30 1800464]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
RaConfig.lnk - c:\windows\system32\RaConfig.exe [2009-9-7 380928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Wilq - Kalendarz 2010.lnk]
path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Wilq - Kalendarz 2010.lnk
backup=c:\windows\pss\Wilq - Kalendarz 2010.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2009-06-04 21:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- d:\programy\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- d:\programy\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:51 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-19 10:14 16844800 ----a-w- c:\windows\RTHDCPL.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-09-06 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-09-06 25160]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-09-06 1684736]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2009-12-03 618112]
S3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2009-09-07 51712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-09-09 721904]
.
.
------- Skan uzupełniający -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {F76045DB-A54C-48DB-9379-BD0EFD6647D0} = 192.168.0.2,194.204.159.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/webhp?hl=pl
FF - plugin: c:\documents and settings\Administrator\Dane aplikacji\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll
FF - plugin: d:\programy\Download Manager\npfpdlm.dll
FF - plugin: d:\programy\realplayer\Netscape6\nppl3260.dll
FF - plugin: d:\programy\realplayer\Netscape6\nprjplug.dll
FF - plugin: d:\programy\realplayer\Netscape6\nprpjplug.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-BrMfcWnd - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
HKLM-Run-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
HKLM-Run-PAC207_Monitor - c:\windows\PixArt\PAC207\Monitor.exe
HKLM-Run-Monitor - c:\windows\PixArt\PAC207\Monitor.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-CDisplay_is1 - d:\komiksy\cdsplay\unins000.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 18:38
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Czas ukończenia: 2010-06-18 18:44:13 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-06-18 16:44
Przed: 5 044 850 688 bajtów wolnych
Po: 4 930 265 088 bajtów wolnych
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F3E58FDB244F9B95ABAFBE7C09091257

Sevard · Czerwiec 17, 2010

No ok, to wygląda na to, że Combofix pousuwał resztki wirusa. Tylko usunął też trochę za dużo, by to naprawić zrób następujące rzeczy:

Wejdź do katalogu C:\QooBox\Quarantine i:

znajdź w nim plik Reader_sl.exe.vir, zmień jego nazwę na Reader_sl.exe i przenieść ten plik do katalogu c:\program files\Adobe\Reader 9.0\Reader\.

dalej, zmień nazwę pliku issch.exe.vir na issch.exe i przenieś to do katalogu c:\program files\Common Files\InstallShield\UpdateService\.

następnie zmień nazwę pliku realsched.exe.vir na realsched.exe i przenieś to do katalogu c:\program files\Common Files\Real\Update_OB\.

zmień nazwę pliku jqs.exe.vir na jqs.exe, a pliku jusched.exe.vir na jusched.exe, obydwa te pliki przenieś do katalogu c:\program files\Java\jre6\bin\.

nazwę pliku BrMfcWnd.exe.vir zmień na BrMfcWnd.exe i przenieś go do katalogu c:\program files\Brother\Brmfcmon\.

Opisz jak teraz działa system.

Loviricus · Czerwiec 18, 2010

Kiedy próbuję skopiować zmienione pliki wyskakuje mi błąd odmowy dostępu (sprawdź, czy dysk nie jest zapełniony lub chroniony przed zapisem, oraz czy program nie jest aktualnie używany) :dry: Na chwilę obecną system działa ok (oprócz tego, że przy starcie włącza mi się instalator sterowników do drukarki, co spowodowane jest pewnie tym, że combofix ma je pod kwarantanną^^).

Za to internet jak był wolny, tak jest dalej Gdy dziś sprawdzałem szybkość łącza wyskoczyło mi 147,1 kb/s zamiast 1024 kb/s ... Jeśli to nie jest już winą żadnych szkodników to czuję, że będę musiał wykonać krótki acz gwałtowny telefon do mojego providera

Sevard · Czerwiec 18, 2010

Pewnie tak, dlatego między innymi nie lubię ComboFixa (potrafi usunąć za dużo). Możesz spróbować przenieść (ewentualnie skopiować) plik za pomocą Total Commandera, czy czegoś podobnego. Najczęściej tego typu programy lepiej sobie z czymś takim radzą niż Windows. Ewentualnie przeinstalowanie sterowników da ten sam efekt w przypadku drukarki.

Jeszcze jedna rzecz, zaktualizuj Internet Explorera do najnowszej wersji.

Loviricus · Czerwiec 18, 2010

Telefon do providera wykonany, okazało się, że przyczyną spowolnienia szybkości internetu jest awaria jednego z nadajników (nie ma to jak radiówka^^). IE zaktualizuję jak tylko awaria zostanie usunięta, a stery zwyczajnie przeinstaluję

Wielkie dzięki za pomoc, Smoku

Sevard · Czerwiec 18, 2010

Skoro to wszystko, to na koniec wyczyść śmieci po OTL i ComboFixie.

Najprościej zrobić to za pomocą programu OTC. Wystarczy go uruchomić i kliknąć CleanUP. Reszta dzieje się sama.

Loviricus · Czerwiec 18, 2010

Zrobiłem, jak kazałeś.

Jeszcze raz "mersi" i "szapoba" :happy:

Sevard · Czerwiec 18, 2010

Problem rozwiązany, więc temat zamykam.

W razie potrzeby otwarcia tematu, proszę o kontakt przez PW.

Zaloguj się

Zarchiwizowany

Rozwiązany: Zmulony (zawirusowany) komp

Polecane posty

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Link do komentarza

Udostępnij na innych stronach

Kto przegląda 0 użytkowników