Jump to content

piterq1991

Stały użytkownik
  • Content Count

    459
  • Joined

  • Last visited

Community Reputation

0 Neutralna

About piterq1991

  • Rank
    Uczestnik

Contact Methods

  • Strona WWW
    http://
  • GG
    4162012

Profile Information

  • Skąd
    Końskie
  1. Jakiś taki sentyment do tej marki ;) ale to trzeba by dać lepszą kasę jednak za taką płytę jak widzę. Chyba się na tą MSI zdecyduję
  2. a jesli by płytę tak za 400zł. np Asus P8Z77-V LX2 http://allegro.pl/asus-p8p67-ddr3-sata3-oc-sklep-poznan-i2937422657.html
  3. tak właśnie po sprzedaży części chciałbym przeznaczyć 600zł. Ja myslałem: ASUS P8P67 300zł G860 200zł(używka) i jakąś pamięć za 100zł. które części będą lepsze? Za jakiś czas wymienię proca pewnie.
  4. Witam! Mój obecny zestaw to: C2D E6600 Asus P5W64WS PRO 2x1GB Crucial Ballistix Nvidia GTX 260 Creative X-Fi XtreneMusic Zasilacz Tagan TG-600W 2x320GB Seagate Mam problem z jedną kością pamięci. Nie za każdym razem chce mi wystartować komputer gdy włożone są obydwie kości. Żeby kupić teraz z 4GB pamięci trzeba dać prawie 200zł... Pomyślałem aby może zmnienić platformę gdyż ta jest już dość stara. Sprzedać procesor, płytę i pamięci. Dołożyć trochę kasy(nistki budżet) i przejść na platformę 1155. Myślałem o ASUS P8P67 jakiś procesor słabszy póki co do tego i pamięć. Mógłby ktoś doradzić coś w tym temacie? Za ile mógłbym sprzedać swoje części i ile trzeba by dać za nowe. Komputer ten mam już kilka dobrych lat. W grudniu padła mi grafika, a teraz z kolei pamięć. Nie chcę się denerwować i czekać, aż zaraz padnie proc albo płyta...
  5. 4 partycje scalone w 1 - odzyskanie danych gdyby ktoś miał taki lub podobny problem to polecam!
  6. Odzyskałem już to co programami się dało, ale to nadal nie wszystkie pliki... SMART mówi, że jest OK. To wygląda tylko na to, że źle widzi partycje. Jak wyżej na zdjęciu jest. Wszystkie stare partycje są widoczne. Wchodząc na nie mam wszystkie pliki. Więc tylko jeśli udało by się je odtworzyć.. Usunięta partycja - jak odzyskac ? tym się sugerowałem, ale niestety ten błąd mi wyskakuje...
  7. Witam! Mam problem z dyskiem 3.5" seagate 120gb. Miałem na niej 4 partycje na których miałem dużo ważnych dokumentów i zdjęć. Nie było zainstalowanego windowsa ponieważ ten dysk był tylko do przechowywania danych. Nagle na dysku z tych 4 partycji ukazała się jedna o wielkości całego dysku. Nazwa jej składa się ze znaków(hebrajskie czy jakieś takie). Jest możliwość otworzenia. Są na niej jakieś pliki i foldery. Również z takimi dziwnymi znakami. Ale już nie ma możliwości otwierania tych folderów. EasyRecovery użyłem do odzyskania plików. Znajduje pliki wszystkie, ale nie każdy plik działa poprawnie. Chciałbym przywrócić pierwotne partycje aby móc odzyskać wszystko. Nie wykonywałem na nim, żadnych innych operacji. Nie nadpisywałem dysku. Proszę o radę jak najlepiej się za to zabrać. Poniżej zamieszczam zdjęcie z DMDE. Partycje wykrywa, ale nie mogę ich wstawić ponieważ wyskakuje mi błąd jak na zdjęciu... Pozdrawiam Piotr
  8. Tak jak w temacie. Oferty proszę na PW.
  9. a na normalnym trybie wyskakuje pod koniec niebieski ekran. Nic się nie zmieniło
  10. Zainstalowałem ten plik. Dwa restarty i jedno wyłączenie poszło już tak jak należy. Zobaczymy czy tak zostanie. I w trybie awaryjnym udało się CF uruchomić i poszedł sprawnie. Zamieszczam loga z niego: ComboFix 10-04-10.02 - Dwojakowski 2010-04-13 23:13:42.13.2 - x86 MINIMALMicrosoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1787 [GMT 2:00]Uruchomiony z: e:\documents and settings\Dwojakowski\Pulpit\ComboFix.exeUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\winxp\system32\srsvc.dll . . . jest zainfekowany!!.((((((((((((((((((((((((( Pliki utworzone od 2010-03-13 do 2010-04-13 ))))))))))))))))))))))))))))))).2010-04-13 21:15 . 2010-04-13 21:15 53248 ----a-w- e:\documents and settings\Temp\catchme.dll2010-04-13 21:05 . 2010-04-13 21:05 -------- d-----w- e:\program files\Your Uninstaller 20102010-04-13 20:58 . 2010-04-13 20:58 -------- d-----w- e:\program files\UPHClean2010-04-06 22:32 . 2010-04-06 22:32 -------- d-----w- e:\documents and settings\Dwojakowski\Dane aplikacji\Simple Adblock2010-04-06 22:32 . 2010-04-06 22:32 -------- d-----w- e:\program files\Common Files\Simple Adblock2010-04-06 22:28 . 2010-04-06 22:28 -------- d-----w- e:\documents and settings\Dwojakowski\Dane aplikacji\GrabPro2010-04-06 22:28 . 2010-04-06 22:28 -------- d-----w- e:\program files\IEPro2010-04-06 22:28 . 2010-04-06 22:28 -------- d-----w- e:\documents and settings\Dwojakowski\Dane aplikacji\IEPro.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-13 21:09 . 2009-06-16 21:53 -------- d---a-w- e:\documents and settings\All Users\Dane aplikacji\TEMP2010-04-13 21:07 . 2009-10-22 22:37 -------- d-----w- e:\program files\FlashGet2010-04-13 21:05 . 2009-06-16 21:53 -------- d-----w- e:\documents and settings\Dwojakowski\Dane aplikacji\URSoft2010-04-08 15:25 . 2010-01-22 12:02 -------- d-----w- e:\program files\SpeedFan2010-03-29 19:30 . 2009-06-16 20:50 -------- d-----w- e:\documents and settings\All Users\Dane aplikacji\Creative2010-03-21 17:27 . 2009-12-16 17:18 -------- d-----w- e:\program files\Gadu-Gadu 102010-03-10 22:46 . 2010-03-10 22:46 -------- d-----w- e:\program files\Microsoft Silverlight2010-03-07 21:16 . 2009-06-16 21:41 -------- d-----w- e:\program files\Common Files\Adobe2010-03-01 18:51 . 2009-06-16 21:34 -------- d-----w- e:\documents and settings\All Users\Dane aplikacji\Microsoft Help2010-02-03 20:06 . 2010-02-03 20:06 10454 ----a-w- c:\winxp\system32\drivers\parldr2k.sys2010-01-26 12:46 . 2010-01-26 12:46 232712 ----a-w- c:\winxp\system32\PDBoot.exe.------- Sigcheck -------[-] 2009-06-16 . E248A8391D7388A0A3679D1FB33E003D . 361600 . . [5.1.2600.5625] . . c:\winxp\system32\drivers\tcpip.sys[-] 2009-06-16 . D4272D94DD8D6DC9AA0293ADA00DDC7B . 1571840 . . [5.1.2600.5512] . . c:\winxp\system32\sfcfiles.dllc:\winxp\System32\srsvc.dll ... - brak elementu !!c:\winxp\System32\wscntfy.exe ... - brak elementu !!c:\winxp\System32\regsvc.dll ... - brak elementu !!.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\winxp\system32\CTFMON.EXE" [2009-06-09 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_3"="advpack.dll" [2009-06-09 128512]e:\documents and settings\Dwojakowski\Menu Start\Programy\Autostart\BannerKiller2.lnk - g:\programy\bannerkiller2.exe [2009-12-15 6144][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMHelp"= 1 (0x1)"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]"NoSMHelp"= 1 (0x1)"ForceClassicControlPanel"= 1 (0x1)"NoSMMyPictures"= 1 (0x1)"NoSMConfigurePrograms"= 1 (0x1)"StartMenuLogoff"= 1 (0x1)[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ PDBoot.exe[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"nvsvc"=2 (0x2)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="e:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="e:\\Program Files\\Gadu-Gadu\\gg.exe"="f:\\Soldier of Fortune II - Double Helix MP TEST\\SoF2MP-Test.exe"="e:\\Program Files\\FlashGet\\flashget.exe"="e:\\Program Files\\Gadu-Gadu 10\\gg.exe"="e:\\Program Files\\Java\\jre6\\bin\\javaw.exe"="f:\\DiRT2\\dirt2_game.exe"="e:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"="f:\\S.T.A.L.K.E.R. - Zew Prypeci\\bin\\xrEngine.exe"="f:\\S.T.A.L.K.E.R. - Zew Prypeci\\bin\\dedicated\\xrEngine.exe"="e:\\Program Files\\IEPro\\MiniDM.exe"=S0 sptd;sptd;c:\winxp\system32\drivers\sptd.sys [2009-06-16 685816]S1 dk2drv;DK2 WindowsNT Driver;c:\winxp\system32\drivers\dk2drv.sys [2010-02-03 49720]S2 PARLDR2K;ParLdr2k;c:\winxp\system32\drivers\parldr2k.sys [2010-02-03 10454]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;e:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-16 79360]S3 CT20XUT.SYS;CT20XUT.SYS;c:\winxp\system32\drivers\CT20XUT.sys [2008-10-08 171032]S3 CT20XUT;CT20XUT;c:\winxp\system32\drivers\CT20XUT.sys [2008-10-08 171032]S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\winxp\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056]S3 CTEXFIFX;CTEXFIFX;c:\winxp\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056]S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\winxp\system32\drivers\CTHWIUT.sys [2008-10-08 72728]S3 CTHWIUT;CTHWIUT;c:\winxp\system32\drivers\CTHWIUT.sys [2008-10-08 72728]S3 ggflt;SEMC USB Flash Driver Filter;c:\winxp\system32\drivers\ggflt.sys [2010-01-13 13224]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\winxp\system32\drivers\nmwcdnsu.sys [2010-02-03 136704]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\winxp\system32\drivers\nmwcdnsuc.sys [2010-02-03 8320]S3 PRODIGY;PRODIGY;c:\winxp\system32\drivers\prodigy.sys [2009-06-26 32377][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12.Zawartość folderu 'Zaplanowane zadania'2010-04-13 c:\winxp\Tasks\User_Feed_Synchronization-{DC5D16C0-B1D7-44BB-AB85-78DB670F0CBA}.job- c:\winxp\system32\msfeedssync.exe [2009-06-09 22:45]..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/IE: &Ściągnij przy pomocy FlashGet'a - e:\program files\FlashGet\jc_link.htmIE: &Ściągnij wszystko przy pomocy FlashGet'a - e:\program files\FlashGet\jc_all.htmIE: E&ksportuj do programu Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000DPF: Microsoft XML Parser for Java - file:///C:/WINXP/Java/classes/xmldso.cabFF - ProfilePath - e:\documents and settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\FF - prefs.js: browser.startup.homepage - hxxp://poczta.onet.pl/FF - plugin: e:\documents and settings\Dwojakowski\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dllFF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dllFF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll---- FIREFOX - SPOSÓB POSTĘPOWANIA ----e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);e:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);e:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url=http://www.gmer.net]GMER - Rootkit Detector and Remover[/url]Rootkit scan 2010-04-13 23:15Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1482476501-1284227242-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (Administrator)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,0a,16,2c,73,dc,be,49,a2,68,70,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4c,04,47,c8,5a,28,a5,40,92,df,82,\.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'explorer.exe'(1000)c:\winxp\system32\WININET.dllc:\winxp\system32\wpdshext.dllc:\winxp\system32\PortableDeviceApi.dllc:\winxp\system32\Audiodev.dllc:\winxp\system32\WMVCore.DLLc:\winxp\system32\WMASF.DLL.Czas ukończenia: 2010-04-13 23:15:39ComboFix-quarantined-files.txt 2010-04-13 21:15Przed: 5 077 078 016 bajtów wolnychPo: 5 067 485 184 bajtów wolnych- - End Of File - - 07C2F3FA7BF103840B0A1D9CE7467DFD
  11. Gdyż jest to inny komupter i nie chciałem mieszać z logami.
  12. Witam! Proszę o sprawdzenie loga OLT. Po skanie combofixem już gdy ma wygenerować loga to następuje blue screen i muszę restartować komputer. Mam jeszcze taki problem iż w 80% podczas gdy wyłączam PC, kliknę zamknij komputer normalnie chodzi po czym dopiero po ok 2 minutach następuje jego zamykanie. Czasem od razu się wyłącza, ale rzadziej. OTL logfile created on: 2010-04-11 23:13:12 - Run 1OTL by OldTimer - Version 3.2.1.1 Folder = e:\Documents and Settings\Dwojakowski\PulpitWindows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free3,00 Gb Paging File | 3,00 Gb Available in Paging File | 92,00% Paging File freePaging file location(s): D:\pagefile.sys 1600 2043 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = e:\Program FilesDrive C: | 8,00 Gb Total Space | 4,72 Gb Free Space | 58,98% Space Free | Partition Type: NTFSDrive D: | 2,00 Gb Total Space | 0,43 Gb Free Space | 21,70% Space Free | Partition Type: FAT32Drive E: | 20,00 Gb Total Space | 12,83 Gb Free Space | 64,13% Space Free | Partition Type: NTFSDrive F: | 60,00 Gb Total Space | 29,22 Gb Free Space | 48,70% Space Free | Partition Type: NTFSDrive G: | 253,08 Gb Total Space | 71,79 Gb Free Space | 28,37% Space Free | Partition Type: NTFSDrive H: | 253,09 Gb Total Space | 184,14 Gb Free Space | 72,76% Space Free | Partition Type: NTFSDrive I: | 15,12 Gb Total Space | 5,37 Gb Free Space | 35,51% Space Free | Partition Type: NTFS Computer Name: ASUS_P5W64Current User Name: DwojakowskiLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-04-11 23:12:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- e:\Documents and Settings\Dwojakowski\Pulpit\OTL.exePRC - [2010-04-03 15:01:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exePRC - [2010-01-26 14:46:14 | 000,939,272 | ---- | M] (Raxco Software, Inc.) -- e:\Program Files\Raxco\PerfectDisk10\PDAgent.exePRC - [2009-12-06 20:32:20 | 000,006,144 | ---- | M] () -- G:\Programy\bannerkiller2.exePRC - [2009-06-10 00:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINXP\explorer.exePRC - [2009-06-04 01:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\WINXP\system32\Ctxfihlp.exePRC - [2009-06-04 01:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- C:\WINXP\system32\CTxfispi.exePRC - [2009-04-10 19:30:40 | 001,435,488 | ---- | M] (Nullsoft) -- E:\Program Files\Winamp\winamp.exePRC - [2009-04-07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- e:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exePRC - [2009-02-23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- E:\Program Files\Creative\Shared Files\CTAudSvc.exePRC - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-04-11 23:12:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- e:\Documents and Settings\Dwojakowski\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (WMPNetworkSvc)SRV - File not found [On_Demand | Stopped] -- -- (UPS)SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)SRV - File not found [On_Demand | Stopped] -- -- (CiSvc)SRV - [2010-01-26 14:46:16 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- e:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)SRV - [2010-01-26 14:46:14 | 000,939,272 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- e:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)SRV - [2009-06-16 22:49:35 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- e:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)SRV - [2009-04-07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- e:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)SRV - [2009-02-23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- E:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)SRV - [2007-05-28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- e:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-02-03 22:06:36 | 000,010,454 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\parldr2k.sys -- (PARLDR2K)DRV - [2010-02-03 19:08:41 | 000,049,720 | ---- | M] (Data Encryption Systems Limited) [Kernel | System | Running] -- C:\WINXP\system32\drivers\dk2drv.sys -- (dk2drv)DRV - [2010-01-13 01:27:02 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ggsemc.sys -- (ggsemc)DRV - [2010-01-13 01:27:02 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ggflt.sys -- (ggflt)DRV - [2009-08-20 11:11:30 | 000,073,232 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINXP\system32\drivers\DefragFs.sys -- (DefragFS)DRV - [2009-06-30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINXP\system32\drivers\pavboot.sys -- (pavboot)DRV - [2009-06-16 23:31:05 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINXP\System32\Drivers\sptd.sys -- (sptd)DRV - [2009-06-10 00:45:00 | 000,329,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINXP\system32\DRIVERS\iaStor.sys -- (iaStor)DRV - [2009-06-04 03:48:12 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ha20x2k.sys -- (ha20x2k)DRV - [2009-06-04 03:48:00 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\emupia2k.sys -- (emupia)DRV - [2009-06-04 03:47:50 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ctsfm2k.sys -- (ctsfm2k)DRV - [2009-06-04 03:47:42 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ctprxy2k.sys -- (ctprxy2k)DRV - [2009-06-04 03:47:34 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ctoss2k.sys -- (ossrv)DRV - [2009-06-04 03:47:24 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ctdvda2k.sys -- (ctdvda2k)DRV - [2009-06-04 03:47:14 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)DRV - [2009-06-04 03:47:06 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ctac32k.sys -- (ctac32k)DRV - [2009-06-04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINXP\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)DRV - [2009-06-04 03:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)DRV - [2009-06-04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINXP\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)DRV - [2009-06-04 03:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\CTHWIUT.sys -- (CTHWIUT)DRV - [2009-06-04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINXP\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)DRV - [2009-06-04 03:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\CT20XUT.sys -- (CT20XUT)DRV - [2009-04-30 22:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\nv4_mini.sys -- (nv)DRV - [2009-04-21 10:09:00 | 000,297,344 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\yk51x86.sys -- (yukonwxp)DRV - [2009-04-07 16:33:08 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\purendis.sys -- (purendis)DRV - [2009-04-07 16:33:08 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINXP\system32\drivers\pnarp.sys -- (pnarp)DRV - [2009-03-19 15:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)DRV - [2009-03-19 15:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)DRV - [2009-02-09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ccdcmbo.sys -- (nmwcdc)DRV - [2009-02-09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2006-10-19 03:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\WINXP\system32\drivers\AsIO.sys -- (AsIO)DRV - [2006-09-24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINXP\system32\speedfan.sys -- (speedfan)DRV - [2006-08-29 16:56:20 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- C:\WINXP\system32\drivers\prodigy.sys -- (PRODIGY)DRV - [2004-08-13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINXP\system32\drivers\ASACPI.sys -- (MTsensor)DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINXP\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.google.pl/]Google[/url]IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = [url=http://www.google.com/search?q=%s]%s - Google Search[/url]IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.openintab: trueFF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://poczta.onet.pl/"FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.18FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100314FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010-04-03 15:01:16 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010-04-03 15:01:16 | 000,000,000 | ---D | M] [2009-06-16 22:56:01 | 000,000,000 | ---D | M] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Extensions[2010-04-11 08:02:56 | 000,000,000 | ---D | M] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions[2010-02-05 15:08:02 | 000,000,000 | ---D | M] (Forecastfox) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}[2010-03-29 18:12:48 | 000,000,000 | ---D | M] (FlashGot) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}[2010-02-10 19:17:37 | 000,000,000 | ---D | M] (Image Zoom) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}[2010-02-09 18:37:19 | 000,000,000 | ---D | M] (Aero Fox) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}[2010-02-24 00:38:52 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}[2010-04-06 23:40:40 | 000,000,000 | ---D | M] (Adblock Plus) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}[2009-10-20 19:11:55 | 000,000,000 | ---D | M] (ImageTweak) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}[2009-10-20 19:11:55 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{dc572301-7619-498c-a57d-39143191b318}[2010-04-10 16:22:08 | 000,000,000 | ---D | M] (Greasemonkey) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}[2010-03-16 16:55:17 | 000,000,000 | ---D | M] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\nasanightlaunch@example.com[2010-02-24 00:38:52 | 000,000,000 | ---D | M] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\noia2_option@kk.noia[2010-02-09 18:37:20 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions[2010-02-09 18:37:20 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions[2010-02-09 18:37:20 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions[2010-02-09 18:37:20 | 000,000,000 | ---D | M] (No name found) -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions[2010-04-08 14:15:07 | 000,000,000 | ---D | M] -- e:\Program Files\Mozilla Firefox\extensions[2010-03-12 00:57:34 | 000,002,767 | ---- | M] () -- e:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2010-03-12 00:57:34 | 000,001,406 | ---- | M] () -- e:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2010-03-12 00:57:34 | 000,000,917 | ---- | M] () -- e:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2010-03-12 00:57:34 | 000,000,858 | ---- | M] () -- e:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2010-03-12 00:57:34 | 000,001,183 | ---- | M] () -- e:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2010-03-12 00:57:34 | 000,001,683 | ---- | M] () -- e:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-12-15 23:07:04 | 000,000,027 | ---- | M]) - C:\WINXP\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - e:\Program Files\IEPro\IEPro.dll (IE7Pro.com)O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll (www.flashget.com)O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll (www.flashget.com)O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - e:\Documents and Settings\Dwojakowski\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - e:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - e:\Program Files\IEPro\IEProRecorder.dll ()O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - e:\Program Files\IEPro\IEProRecorder.dll ()O4 - HKLM..\Run: [CTxfiHlp] C:\WINXP\System32\Ctxfihlp.exe (Creative Technology Ltd)O4 - Startup: e:\Documents and Settings\Dwojakowski\Menu Start\Programy\Autostart\BannerKiller2.lnk = G:\Programy\bannerkiller2.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - E:\Program Files\FlashGet\JC_LINK.HTM ()O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - E:\Program Files\FlashGet\JC_ALL.HTM ()O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - e:\Program Files\IEPro\IEPro.dll (IE7Pro.com)O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - e:\Program Files\IEPro\IEPro.dll (IE7Pro.com)O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - e:\Program Files\IEPro\IEPro.dll (IE7Pro.com)O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - e:\Program Files\IEPro\IEPro.dll (IE7Pro.com)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\flashget.exe (FlashGet.com)O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\flashget.exe (FlashGet.com)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab[/url][/url] (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab[/url][/url] (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab][url=http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab]http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab[/url][/url] (Java Plug-in 1.6.0_16)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab][url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url][/url] (Shockwave Flash Object)O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} [url=http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab][url=http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab]http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab[/url][/url] (Creative Software AutoUpdate Support Package)O16 - DPF: Microsoft XML Parser for Java file:///C:/WINXP/Java/classes/xmldso.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 111.111.111.111 222.222.222.222O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - e:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmpO24 - Desktop BackupWallPaper: e:\Documents and Settings\Dwojakowski\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-06-16 17:30:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINXP\System32\PDBoot.exe (Raxco Software, Inc.)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-04-11 23:12:45 | 000,561,664 | ---- | C] (OldTimer Tools) -- e:\Documents and Settings\Dwojakowski\Pulpit\OTL.exe[2010-04-11 23:04:27 | 000,000,000 | RH-D | C] -- e:\Documents and Settings\Dwojakowski\Recent[2010-04-07 00:32:14 | 000,000,000 | ---D | C] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\Simple Adblock[2010-04-07 00:32:13 | 000,000,000 | ---D | C] -- e:\Program Files\Common Files\Simple Adblock[2010-04-07 00:28:38 | 000,000,000 | ---D | C] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\GrabPro[2010-04-07 00:28:36 | 000,000,000 | ---D | C] -- e:\Program Files\IEPro[2010-04-07 00:28:36 | 000,000,000 | ---D | C] -- e:\Documents and Settings\Dwojakowski\Dane aplikacji\IEPro[2010-04-06 23:58:37 | 000,000,000 | ---D | C] -- e:\Documents and Settings\Dwojakowski\Moje dokumenty\Pobieranie[2010-04-05 14:47:42 | 000,000,000 | R--D | C] -- e:\Documents and Settings\Dwojakowski\Moje dokumenty\Moja muzyka[2010-04-05 14:07:12 | 000,000,000 | ---D | C] -- e:\Documents and Settings\All Users\Dokumenty\S.T.A.L.K.E.R. - Zew Prypeci[2010-03-28 22:42:49 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINXP\System32\drivers\pavboot.sys[2010-03-28 22:42:23 | 000,000,000 | ---D | C] -- e:\Program Files\Panda Security[2010-03-18 23:42:13 | 001,774,080 | ---- | C] (Gabest) -- e:\Documents and Settings\Dwojakowski\Pulpit\mplayerc.exe[2010-03-16 21:12:02 | 000,000,000 | ---D | C] -- e:\Documents and Settings\Dwojakowski\Pulpit\kosz ktm[2009-06-26 10:58:05 | 000,000,000 | --SD | M] -- e:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft[2009-06-16 23:36:20 | 000,000,000 | --SD | M] -- e:\Documents and Settings\LocalService\Dane aplikacji\Microsoft[2009-06-16 17:30:37 | 000,000,000 | --SD | M] -- e:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft[2009-06-16 17:30:37 | 000,000,000 | --SD | M] -- e:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft[2008-10-07 23:42:42 | 000,060,928 | ---- | C] ( ) -- C:\WINXP\System32\a3d.dll[4 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-04-11 23:12:45 | 000,561,664 | ---- | M] (OldTimer Tools) -- e:\Documents and Settings\Dwojakowski\Pulpit\OTL.exe[2010-04-11 23:10:50 | 005,767,168 | -H-- | M] () -- e:\Documents and Settings\Dwojakowski\NTUSER.DAT[2010-04-11 23:10:07 | 000,000,006 | -H-- | M] () -- C:\WINXP\tasks\SA.DAT[2010-04-11 23:10:05 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat[2010-04-11 23:04:53 | 000,055,612 | ---- | M] () -- C:\WINXP\System32\BMXStateBkp-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx[2010-04-11 23:04:53 | 000,055,612 | ---- | M] () -- C:\WINXP\System32\BMXState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx[2010-04-11 23:04:53 | 000,000,788 | ---- | M] () -- C:\WINXP\System32\DVCState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx[2010-04-11 23:04:31 | 000,000,188 | -HS- | M] () -- e:\Documents and Settings\Dwojakowski\ntuser.ini[2010-04-11 23:04:27 | 004,841,834 | -H-- | M] () -- e:\Documents and Settings\Dwojakowski\Ustawienia lokalne\Dane aplikacji\IconCache.db[2010-04-11 23:03:50 | 003,911,676 | R--- | M] () -- e:\Documents and Settings\Dwojakowski\Pulpit\ComboFix.exe[2010-04-11 22:59:03 | 003,329,121 | ---- | M] () -- e:\Documents and Settings\Dwojakowski\Pulpit\stromae - alors on danse.mp3[2010-04-11 22:11:17 | 000,000,470 | -H-- | M] () -- C:\WINXP\tasks\User_Feed_Synchronization-{DC5D16C0-B1D7-44BB-AB85-78DB670F0CBA}.job[2010-04-10 16:21:11 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl[2010-04-08 14:19:11 | 042,281,152 | ---- | M] () -- e:\Documents and Settings\Dwojakowski\Pulpit\avira_antivir_personal_en.exe[2010-04-07 21:08:51 | 000,001,729 | ---- | M] () -- e:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk[2010-04-05 14:07:38 | 000,000,715 | ---- | M] () -- e:\Documents and Settings\All Users\Pulpit\S.T.A.L.K.E.R. - Zew Prypeci.lnk[2010-03-29 23:59:26 | 000,001,572 | ---- | M] () -- C:\WINXP\System32\settingsbkup.sfm[2010-03-29 23:59:26 | 000,001,572 | ---- | M] () -- C:\WINXP\System32\settings.sfm[2010-03-18 23:45:00 | 000,000,155 | ---- | M] () -- C:\WINXP\NeroDigital.ini[2010-03-17 13:49:35 | 000,053,992 | ---- | M] () -- C:\WINXP\System32\BMXStateBkp-{00000001-00000000-00000000-00001102-00000005-00211102}.rfx[2010-03-17 13:49:35 | 000,053,992 | ---- | M] () -- C:\WINXP\System32\BMXState-{00000001-00000000-00000000-00001102-00000005-00211102}.rfx[2010-03-17 13:49:35 | 000,000,788 | ---- | M] () -- C:\WINXP\System32\DVCState-{00000001-00000000-00000000-00001102-00000005-00211102}.rfx[4 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-11 23:03:43 | 003,911,676 | R--- | C] () -- e:\Documents and Settings\Dwojakowski\Pulpit\ComboFix.exe[2010-04-11 22:16:21 | 003,329,121 | ---- | C] () -- e:\Documents and Settings\Dwojakowski\Pulpit\stromae - alors on danse.mp3[2010-04-08 14:16:13 | 042,281,152 | ---- | C] () -- e:\Documents and Settings\Dwojakowski\Pulpit\avira_antivir_personal_en.exe[2010-04-05 14:07:38 | 000,000,715 | ---- | C] () -- e:\Documents and Settings\All Users\Pulpit\S.T.A.L.K.E.R. - Zew Prypeci.lnk[2010-03-17 15:46:38 | 000,055,612 | ---- | C] () -- C:\WINXP\System32\BMXState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx[2010-03-17 15:46:38 | 000,000,788 | ---- | C] () -- C:\WINXP\System32\DVCState-{00000001-00000000-00000001-00001102-00000005-00211102}.rfx[2010-02-25 19:53:37 | 000,004,085 | ---- | C] () -- C:\WINXP\SONYMAP.INI[2010-02-03 19:08:40 | 002,325,304 | ---- | C] () -- C:\WINXP\System32\DK2INST.DLL[2009-12-31 19:04:07 | 000,002,272 | ---- | C] () -- e:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat[2009-12-21 16:43:39 | 008,892,928 | ---- | C] () -- e:\Documents and Settings\All Users\Dane aplikacji\atscie.msi[2009-10-20 02:23:46 | 000,178,960 | ---- | C] () -- C:\WINXP\System32\xlive.dll.cat[2009-09-30 19:28:04 | 000,002,199 | ---- | C] () -- C:\WINXP\apcs_bak.ini[2009-09-30 19:22:19 | 000,002,204 | ---- | C] () -- C:\WINXP\apcs.ini[2009-06-25 16:51:03 | 000,000,083 | ---- | C] () -- e:\Documents and Settings\Dwojakowski\Ustawienia lokalne\Dane aplikacji\FASTWiz.log[2009-06-25 12:28:53 | 000,168,448 | ---- | C] () -- C:\WINXP\System32\unrar.dll[2009-06-25 12:28:53 | 000,000,038 | ---- | C] () -- C:\WINXP\avisplitter.ini[2009-06-25 12:28:52 | 003,596,288 | ---- | C] () -- C:\WINXP\System32\qt-dx331.dll[2009-06-25 12:28:52 | 000,881,664 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll[2009-06-25 12:28:52 | 000,205,824 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll[2009-06-25 12:28:51 | 000,085,504 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll[2009-06-25 12:28:51 | 000,000,547 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll.manifest[2009-06-18 22:50:41 | 000,008,704 | ---- | C] () -- e:\Documents and Settings\Dwojakowski\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-06-18 22:49:11 | 000,000,067 | ---- | C] () -- C:\WINXP\#1 Video Converter.INI[2009-06-17 13:38:36 | 000,000,155 | ---- | C] () -- C:\WINXP\NeroDigital.ini[2009-06-16 23:38:47 | 000,190,976 | ---- | C] () -- C:\WINXP\System32\WgaLogon.dll[2009-06-16 23:31:05 | 000,685,816 | ---- | C] () -- C:\WINXP\System32\drivers\sptd.sys[2009-06-16 23:30:45 | 000,024,576 | ---- | C] () -- C:\WINXP\System32\AsIO.dll[2009-06-16 23:30:45 | 000,012,664 | ---- | C] () -- C:\WINXP\System32\drivers\AsIO.sys[2009-06-16 23:30:44 | 000,012,096 | ---- | C] () -- C:\WINXP\System32\drivers\AsInsHelp64.sys[2009-06-16 23:30:44 | 000,010,304 | ---- | C] () -- C:\WINXP\System32\drivers\AsInsHelp32.sys[2009-06-16 23:30:28 | 000,005,810 | ---- | C] () -- C:\WINXP\System32\drivers\ASACPI.sys[2009-06-16 22:56:59 | 000,000,687 | ---- | C] () -- e:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log[2009-06-16 17:33:01 | 005,767,168 | -H-- | C] () -- e:\Documents and Settings\Dwojakowski\NTUSER.DAT[2009-06-16 17:33:01 | 000,020,480 | -H-- | C] () -- e:\Documents and Settings\Dwojakowski\ntuser.dat.LOG[2009-06-16 17:33:01 | 000,000,188 | -HS- | C] () -- e:\Documents and Settings\Dwojakowski\ntuser.ini[2009-06-04 02:37:08 | 000,021,093 | ---- | C] () -- C:\WINXP\System32\instwdm.ini[2009-06-04 02:37:06 | 000,000,054 | ---- | C] () -- C:\WINXP\System32\ctzapxx.ini[2009-06-04 01:55:20 | 000,002,560 | ---- | C] () -- C:\WINXP\CTXFIRES.DLL[2009-05-01 00:31:06 | 001,724,416 | ---- | C] () -- C:\WINXP\System32\nvwdmcpl.dll[2009-05-01 00:31:06 | 001,507,328 | ---- | C] () -- C:\WINXP\System32\nview.dll[2009-05-01 00:31:06 | 001,101,824 | ---- | C] () -- C:\WINXP\System32\nvwimg.dll[2009-05-01 00:31:06 | 000,466,944 | ---- | C] () -- C:\WINXP\System32\nvshell.dll[2008-10-07 23:41:40 | 000,002,560 | ---- | C] () -- C:\WINXP\System32\CtxfiRes.dll[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINXP\System32\physxcudart_20.dll[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelTraditionalChinese.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelSwedish.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelSpanish.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelSimplifiedChinese.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelPortugese.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelKorean.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelJapanese.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelGerman.dll[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINXP\System32\AgCPanelFrench.dll[2008-08-19 18:39:18 | 000,000,285 | ---- | C] () -- C:\WINXP\System32\kill.ini[2001-08-29 15:11:40 | 000,398,848 | R--- | C] () -- C:\WINXP\System32\DK2WIN32.DLL[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINXP\System32\giveio.sys [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 281 bytes -> e:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13< End of report > dodam, że dzieje się tak już od dłuższego czasu. Z wyłączaniem trochę krócej, a z CF od dłuższego czasu taki problem mam.
  13. zrobiłem jak mówiłeś i podaje log wygenerowany przy tym przez combofix'a ComboFix 10-04-08.02 - Izabela 2010-04-09 7:48.5.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1407.952 [GMT 2:00]Uruchomiony z: c:\documents and settings\Izabela\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\Izabela\Pulpit\CFScript.txt * Utworzono nowy punkt przywracaniaUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!FILE ::"c:\documents and settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnk""c:\windows\system32\ozezmm.dll".((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\docume~1\Izabela\USTAWI~1\Temp\E_N4c:\docume~1\Izabela\USTAWI~1\Temp\E_N4\cnvpe.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\dp1.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\eAPI.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\HtmlView.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\internet.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\krnln.fnrc:\docume~1\Izabela\USTAWI~1\Temp\E_N4\shell.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\spec.fnec:\documents and settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnkc:\windows\system32\625048c:\windows\system32\625048\0e7e81.txtc:\windows\system32\625048\45a000.txtc:\windows\system32\681144c:\windows\system32\681144\a7.inic:\windows\system32\681144\cnvpe.fnec:\windows\system32\681144\dp1.fnec:\windows\system32\681144\eAPI.fnec:\windows\system32\681144\GC-8N5.EXEc:\windows\system32\681144\HtmlView.fnec:\windows\system32\681144\internet.fnec:\windows\system32\681144\krnln.fnrc:\windows\system32\681144\QI578BFB.EXEc:\windows\system32\681144\RegEx.fnrc:\windows\system32\681144\shell.fnec:\windows\system32\681144\spec.fnec:\windows\system32\681144\TC-3N5.EXEc:\windows\system32\681144\WG375349.EXEc:\windows\system32\EDE282\c:\windows\system32\EDE282\\2B091E.EXEc:\windows\system32\ozezmm.dll.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_KLNWNW((((((((((((((((((((((((( Pliki utworzone od 2010-03-09 do 2010-04-09 ))))))))))))))))))))))))))))))).2010-04-04 14:05 . 2010-04-04 17:26 -------- d-----w- c:\documents and settings\Izabela\Dane aplikacji\Skype2010-04-04 14:05 . 2010-04-04 14:05 674138 ----a-w- c:\documents and settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe2010-04-04 14:05 . 2006-12-11 18:38 67112 ----a-w- c:\documents and settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\PNRComponent.dll2010-04-04 14:05 . 2010-04-04 14:05 -------- d-----w- c:\program files\Common Files\Skype2010-04-04 14:05 . 2010-04-04 14:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype2010-04-04 14:05 . 2010-04-04 14:05 -------- d-----w- c:\program files\Skype.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-09 05:48 . 2009-09-10 13:45 51166 ----a-w- c:\windows\system32\perfc015.dat2010-04-09 05:48 . 2009-09-10 13:45 359416 ----a-w- c:\windows\system32\perfh015.dat2010-04-06 20:40 . 2009-12-15 20:39 -------- d-----w- c:\program files\Gadu-Gadu 102010-02-04 19:07 . 2010-02-04 19:07 1924744 ----a-w- c:\documents and settings\Izabela\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe.------- Sigcheck -------[-] 2009-09-10 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((( SnapShot@2010-04-07_20.26.55 ))))))))))))))))))))))))))))))))))))))))).- 2009-09-10 13:45 . 2010-04-07 19:52 41170 c:\windows\system32\perfc009.dat+ 2009-09-10 13:45 . 2010-04-09 05:48 41170 c:\windows\system32\perfc009.dat+ 2009-09-10 13:45 . 2010-04-09 05:48 314842 c:\windows\system32\perfh009.dat- 2009-09-10 13:45 . 2010-04-07 19:52 314842 c:\windows\system32\perfh009.dat.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4c:\documents and settings\Izabela\Menu Start\Programy\Autostart\Skr˘t do bannerkiller2-[www.legalne.lnk - c:\program files\Gadu-Gadu 10\bannerkiller2-[www.legalne.info].exe [2010-4-6 6144]SynTPEnh.lnk - c:\program files\Synaptics\SynTP\SynTPEnh.exe [2009-12-15 761945][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]2006-03-08 21:43 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]2006-03-08 20:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]2006-02-23 11:40 106496 ----a-w- c:\windows\ATK0100\HControl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2006-01-12 15:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2006-11-14 16:21 16270848 ----a-w- c:\windows\RTHDCPL.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]2006-05-16 17:04 2879488 ----a-w- c:\windows\SkyTel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]2006-01-20 11:34 544768 ----a-w- c:\windows\sm56hlpr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]2005-10-21 13:26 761945 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Gadu-Gadu 10\\gg.exe"="c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"=R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-09-10 69248]R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-09-10 212520]R1 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [2010-02-03 49720]R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [2009-12-15 1056512]R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2009-12-15 8064]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-17 136704]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-17 8320]..------- Skan uzupełniający -------.uStart Page = hxxp://google.pl/IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/FF - plugin: c:\documents and settings\Izabela\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll---- FIREFOX - SPOSÓB POSTĘPOWANIA ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url=http://www.gmer.net]GMER - Rootkit Detector and Remover[/url]Rootkit scan 2010-04-09 07:53Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(724)c:\windows\system32\Ati2evxx.dll- - - - - - - > 'explorer.exe'(3340)c:\windows\system32\WININET.dllc:\windows\system32\wpdshext.dllc:\windows\system32\portabledeviceapi.dllc:\windows\system32\audiodev.dllc:\windows\system32\WMVCore.DLLc:\windows\system32\WMASF.DLLc:\windows\system32\webcheck.dllc:\windows\system32\wpdshserviceobj.dllc:\windows\system32\portabledevicetypes.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\Ati2evxx.exec:\windows\system32\Ati2evxx.exec:\program files\Gadu-Gadu 10\bannerkiller2-[www.legalne.info].exec:\windows\system32\HPZipm12.exec:\program files\Mozilla Firefox\firefox.exe.**************************************************************************.Czas ukończenia: 2010-04-09 07:55:38 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2010-04-09 05:55ComboFix2.txt 2010-04-07 20:28Przed: 5 920 800 768 bajtów wolnychPo: 5 922 787 328 bajtów wolnych- - End Of File - - 0AEA5A84CA614CDE5A52F0B11FE90E73
  14. Witam! Mam problem z ciągle pojawiającymi się infekcjami. Tymi usuniętymi przez CF. Po jakimś czasie pojawiają się z powrotem. Nie ma związku i jakimiś pendrive, ponieważ nie są podłączane do laptopa. Jest jedynie do internetu używany. Korzystam z Firefox'a i czasem z IE 8 CF ComboFix 10-04-06.05 - Izabela 2010-04-07 22:23:39.4.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1407.918 [GMT 2:00]Uruchomiony z: c:\documents and settings\Izabela\Pulpit\ComboFix.exeUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\docume~1\Izabela\USTAWI~1\Temp\E_N4c:\docume~1\Izabela\USTAWI~1\Temp\E_N4\cnvpe.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\dp1.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\eAPI.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\HtmlView.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\internet.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\krnln.fnrc:\docume~1\Izabela\USTAWI~1\Temp\E_N4\shell.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\spec.fnec:\windows\system32\625048c:\windows\system32\625048\0e7e81.txtc:\windows\system32\625048\45a000.txtc:\windows\system32\681144c:\windows\system32\681144\a7.inic:\windows\system32\681144\cnvpe.fnec:\windows\system32\681144\dp1.fnec:\windows\system32\681144\eAPI.fnec:\windows\system32\681144\GC-8N5.EXEc:\windows\system32\681144\HtmlView.fnec:\windows\system32\681144\internet.fnec:\windows\system32\681144\krnln.fnrc:\windows\system32\681144\QI578BFB.EXEc:\windows\system32\681144\RegEx.fnrc:\windows\system32\681144\shell.fnec:\windows\system32\681144\spec.fnec:\windows\system32\681144\TC-3N5.EXEc:\windows\system32\681144\WG375349.EXE.((((((((((((((((((((((((( Pliki utworzone od 2010-03-07 do 2010-04-07 ))))))))))))))))))))))))))))))).2010-04-04 14:05 . 2010-04-04 17:26 -------- d-----w- c:\documents and settings\Izabela\Dane aplikacji\Skype2010-04-04 14:05 . 2010-04-04 14:05 674138 ----a-w- c:\documents and settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe2010-04-04 14:05 . 2006-12-11 18:38 67112 ----a-w- c:\documents and settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\PNRComponent.dll2010-04-04 14:05 . 2010-04-04 14:05 -------- d-----w- c:\program files\Common Files\Skype2010-04-04 14:05 . 2010-04-04 14:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype2010-04-04 14:05 . 2010-04-04 14:05 -------- d-----w- c:\program files\Skype.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-07 19:52 . 2009-09-10 13:45 51166 ----a-w- c:\windows\system32\perfc015.dat2010-04-07 19:52 . 2009-09-10 13:45 359416 ----a-w- c:\windows\system32\perfh015.dat2010-04-06 20:40 . 2009-12-15 20:39 -------- d-----w- c:\program files\Gadu-Gadu 102010-02-04 19:07 . 2010-02-04 19:07 1924744 ----a-w- c:\documents and settings\Izabela\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe2009-09-10 13:45 . 2009-09-10 13:45 163185 --sha-r- c:\windows\system32\ozezmm.dll.------- Sigcheck -------[-] 2009-09-10 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]"2B091E"="c:\windows\system32\EDE282\2B091E.EXE" [2010-03-01 1406935]c:\documents and settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnk - c:\windows\system32\EDE282\2B091E.EXE [2010-3-1 1406935]Skr˘t do bannerkiller2-[www.legalne.lnk - c:\program files\Gadu-Gadu 10\bannerkiller2-[www.legalne.info].exe [2010-4-6 6144]SynTPEnh.lnk - c:\program files\Synaptics\SynTP\SynTPEnh.exe [2009-12-15 761945][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]2006-03-08 21:43 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]2006-03-08 20:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]2006-02-23 11:40 106496 ----a-w- c:\windows\ATK0100\HControl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2006-01-12 15:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2006-11-14 16:21 16270848 ----a-w- c:\windows\RTHDCPL.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]2006-05-16 17:04 2879488 ----a-w- c:\windows\SkyTel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]2006-01-20 11:34 544768 ----a-w- c:\windows\sm56hlpr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]2005-10-21 13:26 761945 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Gadu-Gadu 10\\gg.exe"="c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"7600:TCP"= 7600:TCP:yrozrR0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-09-10 69248]R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-09-10 212520]R1 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [2010-02-03 49720]R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [2009-12-15 1056512]R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2009-12-15 8064]S2 klnwnw;Center Universal;c:\windows\system32\svchost.exe -k netsvcs [2009-09-10 14336]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-17 136704]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-17 8320]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsklnwnw..------- Skan uzupełniający -------.uStart Page = hxxp://google.pl/IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/FF - plugin: c:\documents and settings\Izabela\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll---- FIREFOX - SPOSÓB POSTĘPOWANIA ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url=http://www.gmer.net]GMER - Rootkit Detector and Remover[/url]Rootkit scan 2010-04-07 22:26Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klnwnw]"ServiceDll"="c:\windows\system32\ozezmm.dll".--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(720)c:\windows\system32\Ati2evxx.dll.Czas ukończenia: 2010-04-07 22:28:21ComboFix-quarantined-files.txt 2010-04-07 20:28Przed: 6 038 712 320 bajtów wolnychPo: 6 012 252 160 bajtów wolnych- - End Of File - - 4F1642D455498025C8A11B336E1742A2 OTL OTL logfile created on: 2010-04-07 22:33:20 - Run 1OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Izabela\PulpitWindows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 20,00 Gb Total Space | 5,61 Gb Free Space | 28,07% Space Free | Partition Type: NTFSDrive D: | 54,52 Gb Total Space | 34,48 Gb Free Space | 63,25% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: ASUS_A6RPCurrent User Name: IzabelaLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-04-07 22:33:04 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Izabela\Pulpit\OTL.exePRC - [2010-04-05 19:00:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2010-01-20 14:05:04 | 012,067,432 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exePRC - [2009-09-10 15:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-04-07 22:33:04 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Izabela\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)DRV - [2010-02-03 18:59:52 | 000,049,720 | ---- | M] (Data Encryption Systems Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dk2drv.sys -- (dk2drv)DRV - [2009-09-10 15:45:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Si3132r5.sys -- (Si3132r5)DRV - [2009-09-10 15:45:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Si3531.sys -- (Si3531)DRV - [2009-09-10 15:45:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (Si3114r5)DRV - [2009-09-10 15:45:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)DRV - [2009-09-10 15:45:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3132.sys -- (Si3132)DRV - [2009-09-10 15:45:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3124.sys -- (Si3124)DRV - [2009-09-10 15:45:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)DRV - [2009-09-10 15:45:00 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)DRV - [2009-03-19 15:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)DRV - [2009-03-19 15:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)DRV - [2009-02-09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)DRV - [2009-02-09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)DRV - [2009-02-09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)DRV - [2009-02-09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2008-04-13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)DRV - [2006-11-15 15:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2006-07-03 11:33:24 | 001,056,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini)DRV - [2006-06-30 11:40:52 | 000,008,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan)DRV - [2006-03-08 23:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2006-01-20 13:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)DRV - [2005-10-21 15:13:08 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)DRV - [2005-02-18 00:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)DRV - [2005-02-11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)DRV - [2002-09-09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)DRV - [2001-08-17 21:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url=http://google.pl/]Google[/url]IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-05 19:01:04 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-05 19:01:04 | 000,000,000 | ---D | M] [2009-12-15 23:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Extensions[2010-04-07 21:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions[2010-02-05 21:33:36 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}[2010-03-30 16:26:28 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}[2010-03-30 16:26:27 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}[2010-03-30 16:26:17 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}[2010-03-30 16:26:27 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}[2010-04-04 16:05:56 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}[2010-02-05 21:33:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}[2009-12-15 23:17:48 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}[2009-12-15 23:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{dc572301-7619-498c-a57d-39143191b318}[2010-03-30 16:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\nasanightlaunch@example.com[2010-03-30 16:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\noia2_option@kk.noia[2010-03-30 16:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions[2010-03-30 16:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions[2010-03-30 16:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions[2010-03-30 16:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions[2009-12-15 23:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\zbr97yao.default\extensions[2009-12-15 23:18:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010-03-12 14:06:48 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2010-03-12 14:06:48 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2010-03-12 14:06:48 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2010-03-12 14:06:48 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2010-03-12 14:06:48 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2010-03-12 14:06:48 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-09-10 15:45:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Izabela\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)O4 - HKLM..\Run: [2B091E] C:\WINDOWS\system32\EDE282\2B091E.EXE ()O4 - Startup: C:\Documents and Settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnk = C:\WINDOWS\system32\EDE282\2B091E.EXE ()O4 - Startup: C:\Documents and Settings\Izabela\Menu Start\Programy\Autostart\Skrót do bannerkiller2-[www.legalne.lnk = C:\Program Files\Gadu-Gadu 10\bannerkiller2-[www.legalne.info].exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab][url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url][/url] (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 111.111.111.111 222.222.222.222O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\Izabela\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Izabela\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-12-15 21:26:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2009-12-15 23:42:16 | 000,000,000 | ---D | M] - D:\autocad 2008 PL -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-04-07 22:32:30 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Izabela\Pulpit\OTL.exe[2010-04-07 22:28:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp[2010-04-07 22:22:50 | 000,000,000 | ---D | C] -- C:\Qoobox[2010-04-04 16:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Izabela\Moje dokumenty\My Skype Content[2010-04-04 16:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Izabela\Dane aplikacji\Skype[2010-04-04 16:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype[2010-04-04 16:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Skype[2010-04-04 16:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Izabela\Moje dokumenty\My Skype Pictures[2010-04-04 16:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Skype[2010-03-21 23:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Izabela\Pulpit\Nowy folder (4)[2010-03-21 23:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Izabela\Pulpit\Nowy folder (3)[2009-12-17 21:53:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft[2009-12-15 21:31:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft[2009-12-15 21:30:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft[2009-12-15 21:30:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-04-07 22:33:04 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Izabela\Pulpit\OTL.exe[2010-04-07 22:28:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-04-07 22:26:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2010-04-07 22:22:30 | 003,909,453 | R--- | M] () -- C:\Documents and Settings\Izabela\Pulpit\ComboFix.exe[2010-04-07 22:03:43 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnk[2010-04-07 21:52:37 | 000,772,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010-04-07 21:52:37 | 000,359,416 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2010-04-07 21:52:37 | 000,314,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-04-07 21:52:37 | 000,051,166 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2010-04-07 21:52:37 | 000,041,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010-04-07 21:48:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010-04-07 21:47:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-04-06 23:18:10 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Izabela\NTUSER.DAT[2010-04-06 23:18:10 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Izabela\ntuser.ini[2010-04-06 22:41:14 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Izabela\Menu Start\Programy\Autostart\Skrót do bannerkiller2-[www.legalne.lnk[2010-04-05 22:05:48 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Izabela\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-04-04 16:05:47 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk[2010-03-18 20:41:00 | 000,070,739 | ---- | M] () -- C:\Documents and Settings\Izabela\Pulpit\CV.docx[2010-03-14 11:57:08 | 000,010,797 | ---- | M] () -- C:\Documents and Settings\Izabela\Pulpit\http2.docx[2010-03-12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe[2010-03-08 23:05:03 | 067,573,696 | ---- | M] () -- C:\Documents and Settings\Izabela\Pulpit\opel.rar[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-07 22:22:01 | 003,909,453 | R--- | C] () -- C:\Documents and Settings\Izabela\Pulpit\ComboFix.exe[2010-04-07 21:48:11 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnk[2010-04-06 22:41:14 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Izabela\Menu Start\Programy\Autostart\Skrót do bannerkiller2-[www.legalne.lnk[2010-04-04 16:05:47 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk[2010-03-14 11:57:08 | 000,010,797 | ---- | C] () -- C:\Documents and Settings\Izabela\Pulpit\http2.docx[2010-03-08 23:03:58 | 067,573,696 | ---- | C] () -- C:\Documents and Settings\Izabela\Pulpit\opel.rar[2010-02-03 18:59:51 | 002,325,304 | ---- | C] () -- C:\WINDOWS\System32\DK2INST.DLL[2010-01-04 00:17:16 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log[2009-12-19 14:19:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2009-12-15 22:40:12 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2009-12-15 22:40:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2009-12-15 22:40:10 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2009-12-15 22:40:10 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2009-12-15 22:40:08 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2009-12-15 22:40:07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2009-12-15 22:01:22 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynSam.sys[2009-12-15 22:01:22 | 000,008,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynScan.sys[2009-12-15 22:01:21 | 001,056,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynMini.sys[2009-12-15 22:01:21 | 000,498,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynPin.sys[2009-12-15 22:01:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll[2009-12-15 22:01:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll[2009-12-15 22:01:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll[2009-12-15 22:01:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll[2009-12-15 22:01:21 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll[2009-12-15 22:01:21 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll[2009-12-15 22:01:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll[2009-12-15 22:01:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll[2009-12-15 22:01:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll[2009-12-15 22:01:21 | 000,030,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynCamd.sys[2009-12-15 22:00:43 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Izabela\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-12-15 21:55:30 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys[2009-12-15 21:32:18 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\Izabela\ntuser.dat.LOG[2009-12-15 21:32:18 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Izabela\ntuser.ini[2009-12-15 21:32:17 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Izabela\NTUSER.DAT[2009-09-10 15:45:00 | 000,163,185 | RHS- | C] () -- C:\WINDOWS\System32\ozezmm.dll[2001-07-06 16:30:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI< End of report >
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.