Prośba o sprawdzenie logów CF i OTL

[piterq1991]

Witam! Mam problem z ciągle pojawiającymi się infekcjami. Tymi usuniętymi przez CF. Po jakimś czasie pojawiają się z powrotem. Nie ma związku i jakimiś pendrive, ponieważ nie są podłączane do laptopa. Jest jedynie do internetu używany. Korzystam z Firefox'a i czasem z IE 8

 

CF

 

ComboFix 10-04-06.05 - Izabela 2010-04-07  22:23:39.4.1 - x86Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1407.918 [GMT 2:00]Uruchomiony z: c:\documents and settings\Izabela\Pulpit\ComboFix.exeUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\docume~1\Izabela\USTAWI~1\Temp\E_N4c:\docume~1\Izabela\USTAWI~1\Temp\E_N4\cnvpe.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\dp1.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\eAPI.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\HtmlView.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\internet.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\krnln.fnrc:\docume~1\Izabela\USTAWI~1\Temp\E_N4\shell.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\spec.fnec:\windows\system32\625048c:\windows\system32\625048\0e7e81.txtc:\windows\system32\625048\45a000.txtc:\windows\system32\681144c:\windows\system32\681144\a7.inic:\windows\system32\681144\cnvpe.fnec:\windows\system32\681144\dp1.fnec:\windows\system32\681144\eAPI.fnec:\windows\system32\681144\GC-8N5.EXEc:\windows\system32\681144\HtmlView.fnec:\windows\system32\681144\internet.fnec:\windows\system32\681144\krnln.fnrc:\windows\system32\681144\QI578BFB.EXEc:\windows\system32\681144\RegEx.fnrc:\windows\system32\681144\shell.fnec:\windows\system32\681144\spec.fnec:\windows\system32\681144\TC-3N5.EXEc:\windows\system32\681144\WG375349.EXE.(((((((((((((((((((((((((   Pliki utworzone od 2010-03-07 do 2010-04-07  ))))))))))))))))))))))))))))))).2010-04-04 14:05 . 2010-04-04 17:26	--------	d-----w-	c:\documents and settings\Izabela\Dane aplikacji\Skype2010-04-04 14:05 . 2010-04-04 14:05	674138	----a-w-	c:\documents and settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe2010-04-04 14:05 . 2006-12-11 18:38	67112	----a-w-	c:\documents and settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\PNRComponent.dll2010-04-04 14:05 . 2010-04-04 14:05	--------	d-----w-	c:\program files\Common Files\Skype2010-04-04 14:05 . 2010-04-04 14:05	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype2010-04-04 14:05 . 2010-04-04 14:05	--------	d-----w-	c:\program files\Skype.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-07 19:52 . 2009-09-10 13:45	51166	----a-w-	c:\windows\system32\perfc015.dat2010-04-07 19:52 . 2009-09-10 13:45	359416	----a-w-	c:\windows\system32\perfh015.dat2010-04-06 20:40 . 2009-12-15 20:39	--------	d-----w-	c:\program files\Gadu-Gadu 102010-02-04 19:07 . 2010-02-04 19:07	1924744	----a-w-	c:\documents and settings\Izabela\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe2009-09-10 13:45 . 2009-09-10 13:45	163185	--sha-r-	c:\windows\system32\ozezmm.dll.------- Sigcheck -------[-] 2009-09-10 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]"2B091E"="c:\windows\system32\EDE282\2B091E.EXE" [2010-03-01 1406935]c:\documents and settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnk - c:\windows\system32\EDE282\2B091E.EXE [2010-3-1 1406935]Skr˘t do bannerkiller2-[www.legalne.lnk - c:\program files\Gadu-Gadu 10\bannerkiller2-[www.legalne.info].exe [2010-4-6 6144]SynTPEnh.lnk - c:\program files\Synaptics\SynTP\SynTPEnh.exe [2009-12-15 761945][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2009-10-03 03:08	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]2005-05-03 17:43	69632	----a-w-	c:\windows\Alcmtr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]2006-03-08 21:43	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]2006-03-08 20:05	344064	----a-w-	c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]2006-02-23 11:40	106496	----a-w-	c:\windows\ATK0100\HControl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2006-01-12 15:40	155648	----a-w-	c:\windows\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2006-11-14 16:21	16270848	----a-w-	c:\windows\RTHDCPL.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]2006-05-16 17:04	2879488	----a-w-	c:\windows\SkyTel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]2006-01-20 11:34	544768	----a-w-	c:\windows\sm56hlpr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]2005-10-21 13:26	761945	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Gadu-Gadu 10\\gg.exe"="c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"7600:TCP"= 7600:TCP:yrozrR0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-09-10 69248]R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-09-10 212520]R1 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [2010-02-03 49720]R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [2009-12-15 1056512]R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2009-12-15 8064]S2 klnwnw;Center Universal;c:\windows\system32\svchost.exe -k netsvcs [2009-09-10 14336]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-17 136704]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-17 8320]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcsklnwnw..------- Skan uzupełniający -------.uStart Page = hxxp://google.pl/IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/FF - plugin: c:\documents and settings\Izabela\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll---- FIREFOX - SPOSÓB POSTĘPOWANIA ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url=http://www.gmer.net]GMER - Rootkit Detector and Remover[/url]Rootkit scan 2010-04-07 22:26Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klnwnw]"ServiceDll"="c:\windows\system32\ozezmm.dll".--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(720)c:\windows\system32\Ati2evxx.dll.Czas ukończenia: 2010-04-07  22:28:21ComboFix-quarantined-files.txt  2010-04-07 20:28Przed: 6 038 712 320 bajtów wolnychPo: 6 012 252 160 bajtów wolnych- - End Of File - - 4F1642D455498025C8A11B336E1742A2

OTL

 

OTL logfile created on: 2010-04-07 22:33:20 - Run 1OTL by OldTimer - Version 3.2.1.0     Folder = C:\Documents and Settings\Izabela\PulpitWindows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 20,00 Gb Total Space | 5,61 Gb Free Space | 28,07% Space Free | Partition Type: NTFSDrive D: | 54,52 Gb Total Space | 34,48 Gb Free Space | 63,25% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: ASUS_A6RPCurrent User Name: IzabelaLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-04-07 22:33:04 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Izabela\Pulpit\OTL.exePRC - [2010-04-05 19:00:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2010-01-20 14:05:04 | 012,067,432 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exePRC - [2009-09-10 15:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe  [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-04-07 22:33:04 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Izabela\Pulpit\OTL.exe  [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)  [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)DRV - [2010-02-03 18:59:52 | 000,049,720 | ---- | M] (Data Encryption Systems Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dk2drv.sys -- (dk2drv)DRV - [2009-09-10 15:45:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Si3132r5.sys -- (Si3132r5)DRV - [2009-09-10 15:45:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Si3531.sys -- (Si3531)DRV - [2009-09-10 15:45:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (Si3114r5)DRV - [2009-09-10 15:45:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)DRV - [2009-09-10 15:45:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3132.sys -- (Si3132)DRV - [2009-09-10 15:45:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3124.sys -- (Si3124)DRV - [2009-09-10 15:45:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)DRV - [2009-09-10 15:45:00 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)DRV - [2009-03-19 15:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)DRV - [2009-03-19 15:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)DRV - [2009-02-09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)DRV - [2009-02-09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)DRV - [2009-02-09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)DRV - [2009-02-09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)DRV - [2008-04-13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)DRV - [2006-11-15 15:34:40 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2006-07-03 11:33:24 | 001,056,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynMini.sys -- (SynMini)DRV - [2006-06-30 11:40:52 | 000,008,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynScan.sys -- (SynScan)DRV - [2006-03-08 23:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2006-01-20 13:44:42 | 000,862,340 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)DRV - [2005-10-21 15:13:08 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)DRV - [2005-02-18 00:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)DRV - [2005-02-11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)DRV - [2002-09-09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)DRV - [2001-08-17 21:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)  [color=#E56717]========== Standard Registry (SafeList) ==========[/color]  [color=#E56717]========== Internet Explorer ==========[/color]  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url=http://google.pl/]Google[/url]IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color]  FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-05 19:01:04 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-05 19:01:04 | 000,000,000 | ---D | M] [2009-12-15 23:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Extensions[2010-04-07 21:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions[2010-02-05 21:33:36 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}[2010-03-30 16:26:28 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}[2010-03-30 16:26:27 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}[2010-03-30 16:26:17 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}[2010-03-30 16:26:27 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}[2010-04-04 16:05:56 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}[2010-02-05 21:33:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}[2009-12-15 23:17:48 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}[2009-12-15 23:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{dc572301-7619-498c-a57d-39143191b318}[2010-03-30 16:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\nasanightlaunch@example.com[2010-03-30 16:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\noia2_option@kk.noia[2010-03-30 16:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions[2010-03-30 16:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions[2010-03-30 16:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions[2010-03-30 16:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions[2009-12-15 23:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\zbr97yao.default\extensions[2009-12-15 23:18:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010-03-12 14:06:48 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml[2010-03-12 14:06:48 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml[2010-03-12 14:06:48 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml[2010-03-12 14:06:48 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml[2010-03-12 14:06:48 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml[2010-03-12 14:06:48 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-09-10 15:45:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Izabela\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)O4 - HKLM..\Run: [2B091E] C:\WINDOWS\system32\EDE282\2B091E.EXE ()O4 - Startup: C:\Documents and Settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnk = C:\WINDOWS\system32\EDE282\2B091E.EXE ()O4 - Startup: C:\Documents and Settings\Izabela\Menu Start\Programy\Autostart\Skrót do bannerkiller2-[www.legalne.lnk = C:\Program Files\Gadu-Gadu 10\bannerkiller2-[www.legalne.info].exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab][url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url][/url] (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 111.111.111.111 222.222.222.222O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\Izabela\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Izabela\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-12-15 21:26:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2009-12-15 23:42:16 | 000,000,000 | ---D | M] - D:\autocad 2008 PL -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-04-07 22:32:30 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Izabela\Pulpit\OTL.exe[2010-04-07 22:28:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp[2010-04-07 22:22:50 | 000,000,000 | ---D | C] -- C:\Qoobox[2010-04-04 16:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Izabela\Moje dokumenty\My Skype Content[2010-04-04 16:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Izabela\Dane aplikacji\Skype[2010-04-04 16:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype[2010-04-04 16:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Skype[2010-04-04 16:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Izabela\Moje dokumenty\My Skype Pictures[2010-04-04 16:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Skype[2010-03-21 23:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Izabela\Pulpit\Nowy folder (4)[2010-03-21 23:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Izabela\Pulpit\Nowy folder (3)[2009-12-17 21:53:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft[2009-12-15 21:31:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft[2009-12-15 21:30:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft[2009-12-15 21:30:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-04-07 22:33:04 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Izabela\Pulpit\OTL.exe[2010-04-07 22:28:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-04-07 22:26:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2010-04-07 22:22:30 | 003,909,453 | R--- | M] () -- C:\Documents and Settings\Izabela\Pulpit\ComboFix.exe[2010-04-07 22:03:43 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnk[2010-04-07 21:52:37 | 000,772,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010-04-07 21:52:37 | 000,359,416 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2010-04-07 21:52:37 | 000,314,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-04-07 21:52:37 | 000,051,166 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2010-04-07 21:52:37 | 000,041,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010-04-07 21:48:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010-04-07 21:47:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-04-06 23:18:10 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Izabela\NTUSER.DAT[2010-04-06 23:18:10 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Izabela\ntuser.ini[2010-04-06 22:41:14 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Izabela\Menu Start\Programy\Autostart\Skrót do bannerkiller2-[www.legalne.lnk[2010-04-05 22:05:48 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Izabela\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-04-04 16:05:47 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk[2010-03-18 20:41:00 | 000,070,739 | ---- | M] () -- C:\Documents and Settings\Izabela\Pulpit\CV.docx[2010-03-14 11:57:08 | 000,010,797 | ---- | M] () -- C:\Documents and Settings\Izabela\Pulpit\http2.docx[2010-03-12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe[2010-03-08 23:05:03 | 067,573,696 | ---- | M] () -- C:\Documents and Settings\Izabela\Pulpit\opel.rar[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-07 22:22:01 | 003,909,453 | R--- | C] () -- C:\Documents and Settings\Izabela\Pulpit\ComboFix.exe[2010-04-07 21:48:11 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnk[2010-04-06 22:41:14 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Izabela\Menu Start\Programy\Autostart\Skrót do bannerkiller2-[www.legalne.lnk[2010-04-04 16:05:47 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk[2010-03-14 11:57:08 | 000,010,797 | ---- | C] () -- C:\Documents and Settings\Izabela\Pulpit\http2.docx[2010-03-08 23:03:58 | 067,573,696 | ---- | C] () -- C:\Documents and Settings\Izabela\Pulpit\opel.rar[2010-02-03 18:59:51 | 002,325,304 | ---- | C] () -- C:\WINDOWS\System32\DK2INST.DLL[2010-01-04 00:17:16 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log[2009-12-19 14:19:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2009-12-15 22:40:12 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2009-12-15 22:40:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2009-12-15 22:40:10 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2009-12-15 22:40:10 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2009-12-15 22:40:08 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2009-12-15 22:40:07 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2009-12-15 22:01:22 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynSam.sys[2009-12-15 22:01:22 | 000,008,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynScan.sys[2009-12-15 22:01:21 | 001,056,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynMini.sys[2009-12-15 22:01:21 | 000,498,688 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynPin.sys[2009-12-15 22:01:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56spn.dll[2009-12-15 22:01:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56itl.dll[2009-12-15 22:01:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56eng.dll[2009-12-15 22:01:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\sm56brz.dll[2009-12-15 22:01:21 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56ger.dll[2009-12-15 22:01:21 | 000,061,440 | ---- | C] () -- C:\WINDOWS\sm56fra.dll[2009-12-15 22:01:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll[2009-12-15 22:01:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56cht.dll[2009-12-15 22:01:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56chs.dll[2009-12-15 22:01:21 | 000,030,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\SynCamd.sys[2009-12-15 22:00:43 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Izabela\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-12-15 21:55:30 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys[2009-12-15 21:32:18 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\Izabela\ntuser.dat.LOG[2009-12-15 21:32:18 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Izabela\ntuser.ini[2009-12-15 21:32:17 | 003,407,872 | -H-- | C] () -- C:\Documents and Settings\Izabela\NTUSER.DAT[2009-09-10 15:45:00 | 000,163,185 | RHS- | C] () -- C:\WINDOWS\System32\ozezmm.dll[2001-07-06 16:30:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI< End of report >

[ULLISSES]

Jak puściłeś CF, to posprzątało. Ewentualne resztki może znaleźć i usunąć antywirus, którego u Ciebie nie widzę. Polecam ten.

Wcześniej odinstaluj CF, żeby się go antywirus nie uczepił, bo może się skończyć na ekranie śmierci.

[Kolobos]

Zrob skan przy pomocy mbam oraz cureit i usun to co wykryja.

 

Uzyj CFScript.txt z combofix:

 

Folder::

c:\windows\system32\EDE282\

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"2B091E"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"7600:TCP"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klnwnw]

 

File::

c:\documents and settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnk

c:\windows\system32\ozezmm.dll

 

Driver::

klnwnw

 

NetSvcs::

klnwnw

[piterq1991]

zrobiłem jak mówiłeś i podaje log wygenerowany przy tym przez combofix'a

 

ComboFix 10-04-08.02 - Izabela 2010-04-09   7:48.5.1 - x86Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1407.952 [GMT 2:00]Uruchomiony z: c:\documents and settings\Izabela\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\Izabela\Pulpit\CFScript.txt * Utworzono nowy punkt przywracaniaUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!FILE ::"c:\documents and settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnk""c:\windows\system32\ozezmm.dll".(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\docume~1\Izabela\USTAWI~1\Temp\E_N4c:\docume~1\Izabela\USTAWI~1\Temp\E_N4\cnvpe.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\dp1.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\eAPI.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\HtmlView.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\internet.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\krnln.fnrc:\docume~1\Izabela\USTAWI~1\Temp\E_N4\shell.fnec:\docume~1\Izabela\USTAWI~1\Temp\E_N4\spec.fnec:\documents and settings\Izabela\Menu Start\Programy\Autostart\2B091E.lnkc:\windows\system32\625048c:\windows\system32\625048\0e7e81.txtc:\windows\system32\625048\45a000.txtc:\windows\system32\681144c:\windows\system32\681144\a7.inic:\windows\system32\681144\cnvpe.fnec:\windows\system32\681144\dp1.fnec:\windows\system32\681144\eAPI.fnec:\windows\system32\681144\GC-8N5.EXEc:\windows\system32\681144\HtmlView.fnec:\windows\system32\681144\internet.fnec:\windows\system32\681144\krnln.fnrc:\windows\system32\681144\QI578BFB.EXEc:\windows\system32\681144\RegEx.fnrc:\windows\system32\681144\shell.fnec:\windows\system32\681144\spec.fnec:\windows\system32\681144\TC-3N5.EXEc:\windows\system32\681144\WG375349.EXEc:\windows\system32\EDE282\c:\windows\system32\EDE282\\2B091E.EXEc:\windows\system32\ozezmm.dll.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_KLNWNW(((((((((((((((((((((((((   Pliki utworzone od 2010-03-09 do 2010-04-09  ))))))))))))))))))))))))))))))).2010-04-04 14:05 . 2010-04-04 17:26	--------	d-----w-	c:\documents and settings\Izabela\Dane aplikacji\Skype2010-04-04 14:05 . 2010-04-04 14:05	674138	----a-w-	c:\documents and settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe2010-04-04 14:05 . 2006-12-11 18:38	67112	----a-w-	c:\documents and settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\PNRComponent.dll2010-04-04 14:05 . 2010-04-04 14:05	--------	d-----w-	c:\program files\Common Files\Skype2010-04-04 14:05 . 2010-04-04 14:05	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Skype2010-04-04 14:05 . 2010-04-04 14:05	--------	d-----w-	c:\program files\Skype.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-04-09 05:48 . 2009-09-10 13:45	51166	----a-w-	c:\windows\system32\perfc015.dat2010-04-09 05:48 . 2009-09-10 13:45	359416	----a-w-	c:\windows\system32\perfh015.dat2010-04-06 20:40 . 2009-12-15 20:39	--------	d-----w-	c:\program files\Gadu-Gadu 102010-02-04 19:07 . 2010-02-04 19:07	1924744	----a-w-	c:\documents and settings\Izabela\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe.------- Sigcheck -------[-] 2009-09-10 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll.(((((((((((((((((((((((((((((   SnapShot@2010-04-07_20.26.55   ))))))))))))))))))))))))))))))))))))))))).- 2009-09-10 13:45 . 2010-04-07 19:52	41170              c:\windows\system32\perfc009.dat+ 2009-09-10 13:45 . 2010-04-09 05:48	41170              c:\windows\system32\perfc009.dat+ 2009-09-10 13:45 . 2010-04-09 05:48	314842              c:\windows\system32\perfh009.dat- 2009-09-10 13:45 . 2010-04-07 19:52	314842              c:\windows\system32\perfh009.dat.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4c:\documents and settings\Izabela\Menu Start\Programy\Autostart\Skr˘t do bannerkiller2-[www.legalne.lnk - c:\program files\Gadu-Gadu 10\bannerkiller2-[www.legalne.info].exe [2010-4-6 6144]SynTPEnh.lnk - c:\program files\Synaptics\SynTP\SynTPEnh.exe [2009-12-15 761945][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2009-10-03 03:08	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]2005-05-03 17:43	69632	----a-w-	c:\windows\Alcmtr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]2006-03-08 21:43	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]2006-03-08 20:05	344064	----a-w-	c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]2006-02-23 11:40	106496	----a-w-	c:\windows\ATK0100\HControl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2006-01-12 15:40	155648	----a-w-	c:\windows\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]2006-11-14 16:21	16270848	----a-w-	c:\windows\RTHDCPL.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]2006-05-16 17:04	2879488	----a-w-	c:\windows\SkyTel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]2006-01-20 11:34	544768	----a-w-	c:\windows\sm56hlpr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]2005-10-21 13:26	761945	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Gadu-Gadu 10\\gg.exe"="c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"=R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-09-10 69248]R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-09-10 212520]R1 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [2010-02-03 49720]R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [2009-12-15 1056512]R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2009-12-15 8064]S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-17 136704]S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-17 8320]..------- Skan uzupełniający -------.uStart Page = hxxp://google.pl/IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\documents and settings\Izabela\Dane aplikacji\Mozilla\Firefox\Profiles\nhiaiql5.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/FF - plugin: c:\documents and settings\Izabela\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll---- FIREFOX - SPOSÓB POSTĘPOWANIA ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url=http://www.gmer.net]GMER - Rootkit Detector and Remover[/url]Rootkit scan 2010-04-09 07:53Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(724)c:\windows\system32\Ati2evxx.dll- - - - - - - > 'explorer.exe'(3340)c:\windows\system32\WININET.dllc:\windows\system32\wpdshext.dllc:\windows\system32\portabledeviceapi.dllc:\windows\system32\audiodev.dllc:\windows\system32\WMVCore.DLLc:\windows\system32\WMASF.DLLc:\windows\system32\webcheck.dllc:\windows\system32\wpdshserviceobj.dllc:\windows\system32\portabledevicetypes.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\windows\system32\Ati2evxx.exec:\windows\system32\Ati2evxx.exec:\program files\Gadu-Gadu 10\bannerkiller2-[www.legalne.info].exec:\windows\system32\HPZipm12.exec:\program files\Mozilla Firefox\firefox.exe.**************************************************************************.Czas ukończenia: 2010-04-09  07:55:38 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2010-04-09 05:55ComboFix2.txt  2010-04-07 20:28Przed: 5 920 800 768 bajtów wolnychPo: 5 922 787 328 bajtów wolnych- - End Of File - - 0AEA5A84CA614CDE5A52F0B11FE90E73

[Kolobos]

Czy jeszcze wystepuje jakis problem? Dla pewnosci mozesz dac nowy log wykonany po resecie.