Loviricus Napisano Czerwiec 16, 2010 Zgłoś Share Napisano Czerwiec 16, 2010 Korzystając z okazji, podepnę się pod ten topic, bo problem mam w sumie podobny. Od jakiegoś czasu mój komputer strasznie "zmula", podobnie jest z szybkością działania internetu. Próbowałem antywirusa (COMODO z codzienną aktualizacją bazy wirusów) oraz Anti - Malware. Znalazło kilka wirusów, które usunąłem, ale szybkość pracy komputera/internetu nie poprawiła się. Log z OTL: OTL logfile created on: 2010-07-17 21:21:48 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = D:\Ściągane Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 4,09 Gb Free Space | 20,92% Space Free | Partition Type: NTFS Drive D: | 54,99 Gb Total Space | 4,66 Gb Free Space | 8,47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PRIVATE-GOL0G6G Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-07-17 21:20:46 | 000,572,416 | ---- | M] (OldTimer Tools) -- D:\Ściągane\OTL.exe PRC - [2010-05-03 21:01:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-01-30 17:26:02 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003-09-25 14:11:44 | 000,380,928 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\RaConfig.exe ========== Modules (SafeList) ========== MOD - [2010-07-17 21:20:46 | 000,572,416 | ---- | M] (OldTimer Tools) -- D:\Ściągane\OTL.exe MOD - [2010-02-02 11:37:51 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010-03-29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus? SRV - [2010-01-30 17:26:02 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) ========== Driver Services (SafeList) ========== DRV - [2010-02-02 11:37:48 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2010-01-30 17:28:16 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect) DRV - [2010-01-30 17:28:15 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2009-09-09 13:51:05 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-09-06 21:10:57 | 000,016,512 | ---- | M] (Windows ? 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009-08-17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-06-25 08:07:40 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009-06-25 08:07:40 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2008-09-04 07:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008-09-04 07:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008-09-04 07:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows ? Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-02-13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207) DRV - [2007-11-30 08:55:48 | 000,107,520 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2007-09-19 11:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005-05-31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2005-05-31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2005-04-30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum) DRV - [2005-04-30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2005-04-30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT) DRV - [2005-03-25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2005-02-23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2004-10-19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2004-10-15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb) DRV - [2003-10-08 13:14:38 | 000,051,712 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2400.sys -- (RT2400) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Allegro" FF - prefs.js..browser.startup.homepage: "http://www.google.pl/webhp?hl=pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-23 17:02:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-17 11:14:12 | 000,000,000 | ---D | M] [2009-09-06 19:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2010-07-17 11:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions [2010-02-03 12:44:11 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010-06-15 18:46:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-07-17 11:14:09 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus?)) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-05-06 13:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\battlefieldheroespatcher@ea.com [2010-07-17 11:14:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-04-24 10:32:29 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-04-24 10:32:29 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-04-24 10:32:29 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-04-24 10:32:29 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-04-24 10:32:29 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-04-24 10:32:29 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe () O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe () O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe () O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe () O4 - HKCU..\Run: [igndlm.exe] D:\programy\Download Manager\DLM.exe (IGN Entertainment) O4 - HKLM..\RunOnce: [uninstall Adobe Download Manager] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe (Ralink Technology, Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-09-06 20:46:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{281f9aac-a290-11de-a4f4-0080c6e787eb}\Shell - "" = AutoRun O33 - MountPoints2\{49a1fa56-51f5-11df-a6ed-0080c6e787eb}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-07-17 21:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie [2010-07-17 21:01:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2010-07-17 11:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\NOS [2010-07-16 13:05:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2010-07-16 13:05:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2010-07-16 07:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2010-07-14 18:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\gtk-2.0 [2010-07-14 18:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails [2010-07-14 18:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gimp-2.6 [2010-07-14 18:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gegl-0.0 [2010-07-13 19:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy [2010-06-30 13:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Facebook [2010-06-29 15:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 10 [2010-06-29 15:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-06-29 15:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2010-06-26 18:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\POP3Profiles [2010-06-21 11:56:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Brother [2004-11-24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-07-17 21:20:27 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat [2010-07-17 21:03:07 | 000,000,414 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2010-07-17 11:05:09 | 000,487,882 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-07-17 11:05:09 | 000,430,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-07-17 11:05:09 | 000,083,074 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-07-17 11:05:09 | 000,067,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-07-17 11:05:08 | 001,082,416 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-07-17 11:00:44 | 000,131,166 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-07-17 11:00:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-07-17 11:00:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-07-17 10:58:52 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-07-17 10:58:52 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-07-16 13:05:12 | 004,286,168 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-15 09:12:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-07-14 21:15:39 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Skrót do Torment.lnk [2010-07-14 19:07:51 | 000,001,437 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel [2010-07-14 18:38:53 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\GIMP 2.lnk [2010-07-14 10:12:19 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-07-12 17:41:52 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini [2010-07-12 17:18:08 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-26 18:58:38 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia T2T.lnk [2010-06-24 19:21:44 | 000,000,100 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-07-17 21:03:07 | 000,000,414 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2010-07-14 21:15:39 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Skrót do Torment.lnk [2010-07-14 19:07:51 | 000,001,437 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel [2010-07-14 18:38:53 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\GIMP 2.lnk [2010-06-26 18:58:38 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia T2T.lnk [2010-05-06 14:56:29 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-05-05 01:57:08 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010-01-30 17:22:24 | 000,000,152 | ---- | C] () -- C:\WINDOWS\cavscan.INI [2010-01-29 21:15:53 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009-12-30 13:58:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2009-12-29 20:31:46 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2009-12-25 19:05:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [2009-12-03 12:26:36 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2009-12-03 12:26:34 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini [2009-11-26 20:22:40 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-11-25 19:50:32 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI [2009-10-07 22:28:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009-09-25 14:13:33 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys [2009-09-25 14:13:33 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys [2009-09-18 11:03:13 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2009-09-13 17:44:36 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009-09-13 17:44:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009-09-13 17:39:37 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009-09-12 08:33:58 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-09-09 13:51:05 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-09-07 01:36:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\install.dll [2009-09-07 01:36:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SmartInstallCfg2.dll [2009-09-06 21:35:10 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-09-06 21:35:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-09-06 21:35:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-12-19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008-12-17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008-12-17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008-12-17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-12-17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008-12-17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008-12-11 12:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2004-10-03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2002-03-04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:888AFB86 < End of report > RSIT nie mogłem ściągnąć, bo folder, do którego zazwyczaj ściągam pliki został zablokowany przez... wirusa, którego podobnoż usunął mój antywirus (wirus perlovga jakby kto pytał), próby ściągnięcia go do innego folderu też spaliły na panewce. Proszę o pomoc i z góry za nią dziękuję Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Czerwiec 16, 2010 Zgłoś Share Napisano Czerwiec 16, 2010 Daj log z Malwarebytes' Anti-Malware, który powstał po ostatnim skanowaniu. Uruchom raz jeszcze OTL, pozaznaczaj opcje: Scan All Users, LOP Check, Purity Check. Zaznacz też opcję Use Safelist w Extra registry. Wklej oba wygenerowane przez OTL logi. Jeśli to rzeczywiście ten wirus, o którym pisałeś, to najprawdopodobniej będzie trzeba użyć Combofixa, ale wolę się upewnić. Link do komentarza Udostępnij na innych stronach More sharing options...
Loviricus Napisano Czerwiec 17, 2010 Autor Zgłoś Share Napisano Czerwiec 17, 2010 Malwarbytes' Anti-Malware: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Wersja bazy: 4052 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 6.0.2900.5512 2010-07-13 19:09:03 mbam-log-2010-07-13 (19-09-03).txt Typ skanowania: Szybkie skanowanie Przeskanowano obiektów: 117104 Upłynęło: 7 minut(y), 39 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 1 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Backdoor.Bot) -> Quarantined and deleted successfully. Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń) OTL # 1 OTL logfile created on: 2010-07-18 16:12:27 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = D:\Ściągane Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free 5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 4,12 Gb Free Space | 21,10% Space Free | Partition Type: NTFS Drive D: | 54,99 Gb Total Space | 4,66 Gb Free Space | 8,47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PRIVATE-GOL0G6G Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-07-17 21:20:46 | 000,572,416 | ---- | M] (OldTimer Tools) -- D:\Ściągane\OTL.exe PRC - [2010-05-03 21:01:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003-09-25 14:11:44 | 000,380,928 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\RaConfig.exe ========== Modules (SafeList) ========== MOD - [2010-07-17 21:20:46 | 000,572,416 | ---- | M] (OldTimer Tools) -- D:\Ściągane\OTL.exe MOD - [2010-02-02 11:37:51 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010-01-30 17:26:02 | 000,723,632 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) ========== Driver Services (SafeList) ========== DRV - [2010-02-02 11:37:48 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2010-01-30 17:28:16 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect) DRV - [2010-01-30 17:28:15 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2009-09-09 13:51:05 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-09-06 21:10:57 | 000,016,512 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009-08-17 00:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-06-25 08:07:40 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009-06-25 08:07:40 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2008-09-04 07:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008-09-04 07:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008-09-04 07:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-02-13 14:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207) DRV - [2007-11-30 08:55:48 | 000,107,520 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2007-09-19 11:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005-05-31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2005-05-31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2005-04-30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum) DRV - [2005-04-30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2005-04-30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT) DRV - [2005-03-25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2005-02-23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2004-10-19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2004-10-15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb) DRV - [2003-10-08 13:14:38 | 000,051,712 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2400.sys -- (RT2400) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1960408961-448539723-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Allegro" FF - prefs.js..browser.startup.homepage: "http://www.google.pl/webhp?hl=pl" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-23 17:02:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-18 11:06:54 | 000,000,000 | ---D | M] [2009-09-06 19:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2010-07-18 11:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions [2010-02-03 12:44:11 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010-06-15 18:46:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-05-06 13:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\battlefieldheroespatcher@ea.com [2010-07-18 11:26:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-04-24 10:32:29 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-04-24 10:32:29 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-04-24 10:32:29 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-04-24 10:32:29 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-04-24 10:32:29 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-04-24 10:32:29 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe () O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Programy\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe () O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe () O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe () O4 - HKU\S-1-5-21-1960408961-448539723-725345543-500..\Run: [igndlm.exe] D:\programy\Download Manager\DLM.exe (IGN Entertainment) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe (Ralink Technology, Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1960408961-448539723-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Reg Error: Key error.) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-09-06 20:46:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{281f9aac-a290-11de-a4f4-0080c6e787eb}\Shell - "" = AutoRun O33 - MountPoints2\{49a1fa56-51f5-11df-a6ed-0080c6e787eb}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-07-17 21:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie [2010-07-17 21:01:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2010-07-16 13:05:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2010-07-16 13:05:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2010-07-16 07:58:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2010-07-14 18:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\gtk-2.0 [2010-07-14 18:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.thumbnails [2010-07-14 18:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gimp-2.6 [2010-07-14 18:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.gegl-0.0 [2010-07-13 19:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy [2010-06-30 13:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Facebook [2010-06-29 15:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 10 [2010-06-29 15:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-06-29 15:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2010-06-26 18:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\POP3Profiles [2010-06-21 11:56:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Brother [2004-11-24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-07-18 16:12:29 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat [2010-07-18 15:46:55 | 000,487,882 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-07-18 15:46:55 | 000,430,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-07-18 15:46:55 | 000,083,074 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-07-18 15:46:55 | 000,067,356 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-07-18 15:46:54 | 001,082,416 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-07-18 15:42:55 | 000,131,166 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-07-18 15:42:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-07-18 15:42:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-07-18 12:59:46 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-07-18 12:59:46 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-07-18 11:06:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-07-17 22:18:05 | 002,108,706 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-17 21:03:07 | 000,000,414 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2010-07-14 21:15:39 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Skrót do Torment.lnk [2010-07-14 19:07:51 | 000,001,437 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel [2010-07-14 18:38:53 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\GIMP 2.lnk [2010-07-14 10:12:19 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-07-12 17:41:52 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini [2010-07-12 17:18:08 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-26 18:58:38 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia T2T.lnk [2010-06-24 19:21:44 | 000,000,100 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-07-17 21:03:07 | 000,000,414 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2010-07-14 21:15:39 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Skrót do Torment.lnk [2010-07-14 19:07:51 | 000,001,437 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel [2010-07-14 18:38:53 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\GIMP 2.lnk [2010-06-26 18:58:38 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prince of Persia T2T.lnk [2010-05-06 14:56:29 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-05-05 01:57:08 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010-01-30 17:22:24 | 000,000,152 | ---- | C] () -- C:\WINDOWS\cavscan.INI [2010-01-29 21:15:53 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009-12-30 13:58:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2009-12-29 20:31:46 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2009-12-25 19:05:06 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [2009-12-03 12:26:36 | 000,000,399 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2009-12-03 12:26:34 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini [2009-11-26 20:22:40 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-11-25 19:50:32 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI [2009-10-07 22:28:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009-09-25 14:13:33 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys [2009-09-25 14:13:33 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys [2009-09-18 11:03:13 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2009-09-13 17:44:36 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2009-09-13 17:44:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2009-09-13 17:39:37 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009-09-12 08:33:58 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-09-09 13:51:05 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-09-07 01:36:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\install.dll [2009-09-07 01:36:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SmartInstallCfg2.dll [2009-09-06 21:35:10 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-09-06 21:35:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-09-06 21:35:09 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-12-19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008-12-17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008-12-17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008-12-17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-12-17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008-12-17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008-12-11 12:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2004-10-03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2002-03-04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll ========== LOP Check ========== [2009-11-26 20:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\BESTplayer [2009-12-27 17:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\com.adobe.example.wilq.31780CAEAAA26670054AA51B21F17F0B86A843CE.1 [2009-09-09 13:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools Lite [2010-06-30 13:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Facebook [2009-12-25 19:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\FarStone [2010-06-29 15:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 10 [2010-07-14 19:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\gtk-2.0 [2010-02-25 20:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\id Software [2010-02-12 11:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\LG Electronics [2009-09-06 22:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu [2009-09-06 22:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenFM [2009-10-18 11:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Publish Providers [2009-11-10 12:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ScanSoft [2009-10-18 11:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Sony [2009-10-18 10:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Sony Setup [2009-09-18 10:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\The Creative Assembly [2009-09-17 19:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft [2009-09-10 16:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Uniblue [2010-05-07 18:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Unity [2009-10-16 16:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2009-09-09 13:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-06-29 15:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-02-25 20:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\id Software [2010-07-16 12:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-06-26 18:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\POP3Profiles [2009-09-13 17:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft [2010-04-20 21:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Soulseek [2010-02-10 20:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-09-17 19:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:888AFB86 < End of report > OTL #2 (Extras) OTL Extras logfile created on: 2010-07-18 16:12:27 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = D:\Ściągane Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free 5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 4,12 Gb Free Space | 21,10% Space Free | Partition Type: NTFS Drive D: | 54,99 Gb Total Space | 4,66 Gb Free Space | 8,47% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PRIVATE-GOL0G6G Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1960408961-448539723-725345543-500\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.) "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- File not found "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google) "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- File not found "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{12B224EF-BA30-4B3D-8137-82CD9C67C776}_is1" = ACP 2.0.5 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II "{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007 "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{D109D808-3D2D-433C-BAA2-C7853E5B1589}" = "{9198A23F-C33C-4907-9715-96DE7D4AF27D}" = RT2400 Wireless LAN Card "{95CC887F-91B2-45E9-AE29-0D51995192CB}" = USB Game Controller "{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite "{9AFC93C3-EEE0-497C-9341-27753FAC7233}" = Prince of Persia The Two Thrones "{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = PC Camer@ "{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T "{E01662A1-BF0F-4DA8-A2FC-4E7F685884B8}" = Rome - Total War "{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FE335B6E-EEE3-4B78-A6C1-B7F20679CCB2}" = Planescape Torment "7-Zip" = 7-Zip 3.13 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALLPlayer_is1" = ALLPlayer V4.X "CDisplay_is1" = CDisplay 1.8 "Cheat Engine 5.5_is1" = Cheat Engine 5.5 "CodInstl" = Intel A/V Codecs V2.0 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "COMODO Internet Security" = COMODO Internet Security "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX Setup "Download Manager" = Download Manager 2.3.10 "Ekspert CD_is1" = Ekspert CD "Fraps" = Fraps (remove only) "Gadu-Gadu 10" = Gadu-Gadu 10 "InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6 "Kain 2" = Legacy of Kain: Soul Reaver "KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "Nero - Burning Rom!UninstallKey" = Nero 6 Demo "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "OpenAL" = OpenAL "PunkBusterSvc" = PunkBuster Services "RealPlayer 12.0" = RealPlayer "Soulseek2" = SoulSeek 157 NS 13e "ULTIMATER" = Microsoft Office Ultimate 2007 "Winamp" = Winamp "WinAudio Recorder_is1" = WinAudio Recorder version 2.2.2 "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.6 "WinRAR archiver" = Archiwizator WinRAR "XP Codec Pack" = XP Codec Pack "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1960408961-448539723-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Administrator) "Facebook Plug-In" = Facebook Plug-In "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2010-01-31 07:16:10 | Computer Name = PRIVATE-GOL0G6G | Source = MsiInstaller | ID = 11309 Description = Produkt: Call of Duty® 4 - Modern Warfare -- Błąd 1309. Błąd odczytu z pliku: D:\instalki\cod4\Setup\Data\main\video\hunted_load.bik. Błąd systemowy 3. Zweryfikuj, czy plik istnieje i czy masz do niego dostęp. Error - 2010-01-31 07:16:11 | Computer Name = PRIVATE-GOL0G6G | Source = MsiInstaller | ID = 11309 Description = Produkt: Call of Duty® 4 - Modern Warfare -- Błąd 1309. Błąd odczytu z pliku: D:\instalki\cod4\Setup\Data\main\video\icbm_fade.bik. Błąd systemowy 3. Zweryfikuj, czy plik istnieje i czy masz do niego dostęp. Error - 2010-01-31 07:16:12 | Computer Name = PRIVATE-GOL0G6G | Source = MsiInstaller | ID = 11309 Description = Produkt: Call of Duty® 4 - Modern Warfare -- Błąd 1309. Błąd odczytu z pliku: D:\instalki\cod4\Setup\Data\main\video\icbm_load.bik. Błąd systemowy 3. Zweryfikuj, czy plik istnieje i czy masz do niego dostęp. Error - 2010-02-12 11:28:08 | Computer Name = PRIVATE-GOL0G6G | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd swkotor2.exe, wersja 2.0.0.0, moduł powodujący błąd swkotor2.exe, wersja 2.0.0.0, adres błędu 0x001750ab. Error - 2010-02-14 06:42:06 | Computer Name = PRIVATE-GOL0G6G | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd swkotor2.exe, wersja 2.0.0.0, moduł powodujący błąd swkotor2.exe, wersja 2.0.0.0, adres błędu 0x001750ab. Error - 2010-02-25 10:57:37 | Computer Name = PRIVATE-GOL0G6G | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd swkotor2.exe, wersja 2.0.0.0, moduł powodujący błąd swkotor2.exe, wersja 2.0.0.0, adres błędu 0x00260b8e. Error - 2010-03-03 12:52:40 | Computer Name = PRIVATE-GOL0G6G | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca LG_MobileSync_Launcher.exe, wersja 2.0.7.2, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-03-17 15:27:39 | Computer Name = PRIVATE-GOL0G6G | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd kain2.exe, wersja 0.0.0.0, moduł powodujący błąd kain2.exe, wersja 0.0.0.0, adres błędu 0x000cd3e5. Error - 2010-04-20 11:31:18 | Computer Name = PRIVATE-GOL0G6G | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd swkotor2.exe, wersja 2.0.0.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5512, adres błędu 0x0001a48b. Error - 2010-04-20 11:40:53 | Computer Name = PRIVATE-GOL0G6G | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd swkotor2.exe, wersja 2.0.0.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.5512, adres błędu 0x000106f7. [ System Events ] Error - 2010-07-17 14:10:21 | Computer Name = PRIVATE-GOL0G6G | Source = NetBT | ID = 4319 Description = W sieci TCP wykryto zduplikowaną nazwę. Adres IP komputera, który wysłał wiadomość, przedstawiono w danych. Użyj polecenia nbtstat -n w oknie wiersza polecenia, aby stwierdzić, która nazwa znajduje się w stanie konfliktu. Error - 2010-07-17 14:42:35 | Computer Name = PRIVATE-GOL0G6G | Source = NetBT | ID = 4319 Description = W sieci TCP wykryto zduplikowaną nazwę. Adres IP komputera, który wysłał wiadomość, przedstawiono w danych. Użyj polecenia nbtstat -n w oknie wiersza polecenia, aby stwierdzić, która nazwa znajduje się w stanie konfliktu. Error - 2010-07-17 15:14:46 | Computer Name = PRIVATE-GOL0G6G | Source = NetBT | ID = 4319 Description = W sieci TCP wykryto zduplikowaną nazwę. Adres IP komputera, który wysłał wiadomość, przedstawiono w danych. Użyj polecenia nbtstat -n w oknie wiersza polecenia, aby stwierdzić, która nazwa znajduje się w stanie konfliktu. Error - 2010-07-18 05:06:49 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego błędu: %%5 Error - 2010-07-18 05:06:51 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: FGXSCSI Error - 2010-07-18 09:42:51 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Java Quick Starter z powodu następującego błędu: %%5 Error - 2010-07-18 09:42:54 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7026 Description = Nie można załadować następujących sterowników startu rozruchowego lub systemowego: FGXSCSI Error - 2010-07-18 09:45:07 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7034 Description = Usługa COMODO Internet Security Helper Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-07-18 09:45:10 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7034 Description = Usługa PnkBstrA niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-07-18 09:45:40 | Computer Name = PRIVATE-GOL0G6G | Source = Service Control Manager | ID = 7034 Description = Usługa Windows User Mode Driver Framework niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. < End of report > Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Czerwiec 17, 2010 Zgłoś Share Napisano Czerwiec 17, 2010 ruchom OTL, w Custom Scans/Fixes w OTL wklej to co poniżej: :Processes killallprocesses :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp] i kliknij run fix. Wrzuć na forum log z tej operacji. Nic więcej nie ma, a i to nie powinno odpowiadać za takie zachowanie. Niestety w logu z Malwarebytes' nie widzę nazwy wirusa, jeśli dobrze zapamiętałeś nazwę wirusa, to będzie trzeba użyć narzędzia o większej sile rażenia. Zapoznaj się z instrukcją obsługi ComboFixa. Następnie ściągnij ten program (jeśli dasz radę to u siebie, jeśli nie, to na innym kompie i przenieść plik z ComboFixem za pomocą pendrive'a, czy czegoś podobnego). Uruchom program (trzymaj się instrukcji), po wszystkim zostanie wygenerowany log z tym, co ComboFix zrobił. Wklej go na forum. Link do komentarza Udostępnij na innych stronach More sharing options...
Loviricus Napisano Czerwiec 17, 2010 Autor Zgłoś Share Napisano Czerwiec 17, 2010 Perlovga była usunięta przez antywirusa, a nie Malwarebyte'a, więc pewnie dlatego nie ma o niej nic w logu. Dziś już nie miałem problemu z zassaniem ComboFixa, więc może pozbyłem się Perlovgi na dobre. Log z OTL: All processes killed ========== PROCESSES ========== ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 62701227 bytes ->Temporary Internet Files folder emptied: 562886834 bytes ->Java cache emptied: 53578819 bytes ->FireFox cache emptied: 51887050 bytes ->Flash cache emptied: 226659 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 16699670 bytes %systemroot%\System32 .tmp files removed: 1613396 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 715,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 07182010_174107 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Log z ComboFixa: ComboFix 10-06-16.04 - Administrator 2010-06-18 18:30:44.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3069.2714 [GMT 2:00] Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Menu Start\Programy\PC Camer@ c:\documents and settings\All Users\Menu Start\Programy\PC Camer@ \Amcap.lnk c:\documents and settings\All Users\Menu Start\Programy\PC Camer@ \Uninstall.lnk c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe c:\program files\Brother\Brmfcmon\BrMfcWnd.exe c:\program files\Common Files\InstallShield\UpdateService\issch.exe c:\program files\Common Files\Real\Update_OB\realsched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Java\jre6\bin\jusched.exe c:\windows\PixArt\PAC207\Monitor.exe c:\windows\system32\win.com . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_JavaQuickStarterService -------\Service_JavaQuickStarterService ((((((((((((((((((((((((( Pliki utworzone od 2010-05-18 do 2010-06-18 ))))))))))))))))))))))))))))))) . 2010-07-17 19:01 . 2010-07-17 19:01 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-07-17 09:14 . 2010-07-17 09:14 71680 ----a-w- c:\documents and settings\All Users\Dane aplikacji\NOS\Adobe_Downloads\arh.exe 2010-07-16 11:05 . 2010-07-16 13:59 -------- d--h--w- c:\windows\$hf_mig$ 2010-07-14 16:40 . 2010-07-14 17:07 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\gtk-2.0 2010-07-14 16:40 . 2010-07-14 16:40 -------- d-----w- c:\documents and settings\Administrator\.thumbnails 2010-07-14 16:39 . 2010-07-16 14:03 -------- d-----w- c:\documents and settings\Administrator\.gimp-2.6 2010-07-14 16:38 . 2010-07-14 16:39 -------- d-----w- c:\documents and settings\Administrator\.gegl-0.0 2010-07-13 17:55 . 2010-07-13 18:18 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2010-06-30 11:25 . 2010-06-30 11:25 50354 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Facebook\uninstall.exe 2010-06-30 11:25 . 2010-06-30 11:25 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Facebook 2010-06-29 13:28 . 2010-06-29 13:28 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 10 2010-06-29 13:28 . 2009-08-31 16:07 42088 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.1.dll 2010-06-29 13:28 . 2009-08-31 15:21 11264 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.1.dll 2010-06-29 13:28 . 2010-06-29 13:28 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-06-29 13:27 . 2010-06-29 13:28 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-06-26 16:58 . 2010-06-26 16:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\POP3Profiles 2010-06-21 09:56 . 2010-06-21 09:56 -------- d-----r- c:\documents and settings\Administrator\Dane aplikacji\Brother 2010-06-11 09:26 . 2009-04-06 08:08 4682 ----a-w- c:\windows\system32\npptNT2.sys 2010-06-10 09:25 . 2010-06-10 09:25 57344 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\RunAsUser\RUNASUSERPROCESS.dll 2010-06-10 09:25 . 2010-06-10 09:19 754984 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\Setup\Resource.dll 2010-06-10 09:25 . 2010-06-10 09:19 1180952 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\Setup\DivXSetup.exe 2010-06-10 09:25 . 2009-10-23 10:05 530158 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe 2010-06-10 09:25 . 2009-10-23 10:05 530158 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe 2010-06-10 09:24 . 2010-06-10 09:24 56766 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-06-10 09:24 . 2009-10-23 10:05 530158 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe 2010-06-10 09:24 . 2010-06-10 09:24 57054 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DSDesktopComponents\Uninstaller.exe 2010-06-10 09:24 . 2010-06-10 09:24 53600 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\Update\Uninstaller.exe 2010-06-10 09:24 . 2010-06-10 09:24 57532 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DSASPDecoder\Uninstaller.exe 2010-06-10 09:24 . 2010-06-10 09:24 54166 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DSAVCDecoder\Uninstaller.exe 2010-06-10 09:24 . 2010-06-10 09:24 56458 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-06-10 09:24 . 2010-06-10 09:24 54174 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\DSAACDecoder\Uninstaller.exe 2010-06-10 09:24 . 2010-06-10 09:24 57409 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\ControlPanel\Uninstaller.exe 2010-06-10 09:24 . 2010-06-10 09:24 52963 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-06-10 09:24 . 2010-06-10 09:24 54073 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\Qt4.5\Uninstaller.exe 2010-06-10 09:24 . 2010-06-10 09:24 56969 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DivX\ASPEncoder\Uninstaller.exe 2010-06-06 15:52 . 2010-06-06 15:52 -------- d-----w- c:\program files\WinAudioRecorder 2010-06-05 09:09 . 2010-07-13 16:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DivX . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-18 15:58 . 2009-09-06 19:25 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-07-18 09:07 . 2009-09-16 21:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NOS 2010-07-17 09:06 . 2009-09-16 22:09 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-16 10:31 . 2009-09-06 20:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2010-07-14 18:55 . 2009-09-06 19:20 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-18 16:42 . 2001-10-26 16:15 487882 ----a-w- c:\windows\system32\perfh015.dat 2010-06-18 16:42 . 2001-10-26 16:15 83074 ----a-w- c:\windows\system32\perfc015.dat 2010-06-16 18:00 . 2010-05-06 12:56 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-06-16 18:00 . 2010-02-25 18:35 215016 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-06-10 09:25 . 2009-10-23 10:04 -------- d-----w- c:\program files\DivX 2010-06-10 09:24 . 2009-10-23 10:04 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-06-09 11:07 . 2010-02-10 10:07 -------- d-----w- c:\program files\LG PC Suite II 2010-05-20 20:27 . 2010-05-06 12:56 138056 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\PnkBstrK.sys 2010-05-20 20:27 . 2010-05-06 12:56 138056 ----a-w- c:\documents and settings\Administrator\Dane aplikacji\PnkBstrK.sys 2010-05-20 20:25 . 2010-05-06 12:54 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe 2010-05-20 20:25 . 2010-02-25 18:35 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-05-07 16:34 . 2010-05-07 16:34 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Unity 2010-05-04 21:20 . 2010-05-04 06:38 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\IGN_DLM 2010-05-04 14:05 . 2010-05-04 14:05 42080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2010-05-04 14:05 . 2010-05-04 14:05 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll 2010-04-29 13:39 . 2009-11-20 16:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2009-11-20 16:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 17:15 . 2009-11-08 14:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2010-04-28 12:14 . 2009-10-07 20:28 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2010-04-20 19:59 . 2010-04-20 19:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Soulseek 2010-04-20 19:59 . 2010-04-20 19:59 -------- d-----w- c:\program files\SoulseekNS . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igndlm.exe"="d:\programy\Download Manager\DLM.exe" [2009-10-27 1103216] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960] "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-30 1800464] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ RaConfig.lnk - c:\windows\system32\RaConfig.exe [2009-9-7 380928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Wilq - Kalendarz 2010.lnk] path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Wilq - Kalendarz 2010.lnk backup=c:\windows\pss\Wilq - Kalendarz 2010.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] 2009-06-04 21:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-04-23 13:51 691656 ----a-w- d:\programy\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-04-29 13:39 1090952 ----a-w- d:\programy\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 20:51 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-09-19 10:14 16844800 ----a-w- c:\windows\RTHDCPL.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-09-06 134344] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-09-06 25160] S0 FGXSCSI;FGXSCSI;c:\windows\system32\DRIVERS\fgxscsi.sys --> c:\windows\system32\DRIVERS\fgxscsi.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-09-06 1684736] S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2009-12-03 618112] S3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [2009-09-07 51712] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-09-09 721904] . . ------- Skan uzupełniający ------- . uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {F76045DB-A54C-48DB-9379-BD0EFD6647D0} = 192.168.0.2,194.204.159.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\ FF - prefs.js: browser.search.selectedEngine - Allegro FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/webhp?hl=pl FF - plugin: c:\documents and settings\Administrator\Dane aplikacji\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6cru307w.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll FF - plugin: d:\programy\Download Manager\npfpdlm.dll FF - plugin: d:\programy\realplayer\Netscape6\nppl3260.dll FF - plugin: d:\programy\realplayer\Netscape6\nprjplug.dll FF - plugin: d:\programy\realplayer\Netscape6\nprpjplug.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-BrMfcWnd - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe HKLM-Run-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe HKLM-Run-PAC207_Monitor - c:\windows\PixArt\PAC207\Monitor.exe HKLM-Run-Monitor - c:\windows\PixArt\PAC207\Monitor.exe HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe HKLM-Run-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe AddRemove-CDisplay_is1 - d:\komiksy\cdsplay\unins000.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-18 18:38 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Brother\ControlCenter3\brccMCtl.exe c:\windows\system32\msiexec.exe . ************************************************************************** . Czas ukończenia: 2010-06-18 18:44:13 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-06-18 16:44 Przed: 5 044 850 688 bajtów wolnych Po: 4 930 265 088 bajtów wolnych Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - F3E58FDB244F9B95ABAFBE7C09091257 Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Czerwiec 17, 2010 Zgłoś Share Napisano Czerwiec 17, 2010 No ok, to wygląda na to, że Combofix pousuwał resztki wirusa. Tylko usunął też trochę za dużo, by to naprawić zrób następujące rzeczy: Wejdź do katalogu C:\QooBox\Quarantine i: znajdź w nim plik Reader_sl.exe.vir, zmień jego nazwę na Reader_sl.exe i przenieść ten plik do katalogu c:\program files\Adobe\Reader 9.0\Reader\. dalej, zmień nazwę pliku issch.exe.vir na issch.exe i przenieś to do katalogu c:\program files\Common Files\InstallShield\UpdateService\. następnie zmień nazwę pliku realsched.exe.vir na realsched.exe i przenieś to do katalogu c:\program files\Common Files\Real\Update_OB\. zmień nazwę pliku jqs.exe.vir na jqs.exe, a pliku jusched.exe.vir na jusched.exe, obydwa te pliki przenieś do katalogu c:\program files\Java\jre6\bin\. nazwę pliku BrMfcWnd.exe.vir zmień na BrMfcWnd.exe i przenieś go do katalogu c:\program files\Brother\Brmfcmon\. Opisz jak teraz działa system. Link do komentarza Udostępnij na innych stronach More sharing options...
Loviricus Napisano Czerwiec 18, 2010 Autor Zgłoś Share Napisano Czerwiec 18, 2010 Kiedy próbuję skopiować zmienione pliki wyskakuje mi błąd odmowy dostępu (sprawdź, czy dysk nie jest zapełniony lub chroniony przed zapisem, oraz czy program nie jest aktualnie używany) Na chwilę obecną system działa ok (oprócz tego, że przy starcie włącza mi się instalator sterowników do drukarki, co spowodowane jest pewnie tym, że combofix ma je pod kwarantanną^^). Za to internet jak był wolny, tak jest dalej Gdy dziś sprawdzałem szybkość łącza wyskoczyło mi 147,1 kb/s zamiast 1024 kb/s ... Jeśli to nie jest już winą żadnych szkodników to czuję, że będę musiał wykonać krótki acz gwałtowny telefon do mojego providera Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Czerwiec 18, 2010 Zgłoś Share Napisano Czerwiec 18, 2010 Pewnie tak, dlatego między innymi nie lubię ComboFixa (potrafi usunąć za dużo). Możesz spróbować przenieść (ewentualnie skopiować) plik za pomocą Total Commandera, czy czegoś podobnego. Najczęściej tego typu programy lepiej sobie z czymś takim radzą niż Windows. Ewentualnie przeinstalowanie sterowników da ten sam efekt w przypadku drukarki. Jeszcze jedna rzecz, zaktualizuj Internet Explorera do najnowszej wersji. Link do komentarza Udostępnij na innych stronach More sharing options...
Loviricus Napisano Czerwiec 18, 2010 Autor Zgłoś Share Napisano Czerwiec 18, 2010 Telefon do providera wykonany, okazało się, że przyczyną spowolnienia szybkości internetu jest awaria jednego z nadajników (nie ma to jak radiówka^^). IE zaktualizuję jak tylko awaria zostanie usunięta, a stery zwyczajnie przeinstaluję Wielkie dzięki za pomoc, Smoku Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Czerwiec 18, 2010 Zgłoś Share Napisano Czerwiec 18, 2010 Skoro to wszystko, to na koniec wyczyść śmieci po OTL i ComboFixie. Najprościej zrobić to za pomocą programu OTC. Wystarczy go uruchomić i kliknąć CleanUP. Reszta dzieje się sama. Link do komentarza Udostępnij na innych stronach More sharing options...
Loviricus Napisano Czerwiec 18, 2010 Autor Zgłoś Share Napisano Czerwiec 18, 2010 Zrobiłem, jak kazałeś. Jeszcze raz "mersi" i "szapoba" Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Czerwiec 18, 2010 Zgłoś Share Napisano Czerwiec 18, 2010 Problem rozwiązany, więc temat zamykam.W razie potrzeby otwarcia tematu, proszę o kontakt przez PW. Link do komentarza Udostępnij na innych stronach More sharing options...