Skocz do zawartości
Zamknięcie Forum PC LAB

Szanowny Użytkowniku,

Informujemy, że za 30 dni tj. 30 listopada 2024 r. serwis internetowy Forum PC LAB zostanie zamknięty.

Administrator Serwisu Forum PC LAB - Ringier Axel Springer Polska sp. z o.o. z siedzibą w Warszawie: wypowiada całość usług Serwisu Forum PC LAB z zachowaniem miesięcznego okresu wypowiedzenia.

Administrator Serwisu Forum PC LAB informuje, że:

  1. Z dniem 29 listopada 2024 r. zakończy się świadczenie wszystkich usług Serwisu Forum PC LAB. Ważną przyczyną uzasadniającą wypowiedzenie jest zamknięcie Serwisu Forum PC LAB
  2. Dotychczas zamowione przez Użytkownika usługi Serwisu Forum PC LAB będą świadczone w okresie wypowiedzenia tj. do dnia 29 listopada 2024 r.
  3. Po ogłoszeniu zamknięcia Serwisu Forum od dnia 30 października 2024 r. zakładanie nowych kont w serwisie Forum PC LAB nie będzie możliwe
  4. Wraz z zamknięciem Serwisu Forum PC LAB, tj. dnia 29 listopada 2024 r. nie będzie już dostępny katalog treści Forum PC LAB. Do tego czasu Użytkownicy Forum PC LAB mają dostęp do swoich treści w zakładce "Profil", gdzie mają możliwość ich skopiowania lub archiwizowania w formie screenshotów.
  5. Administrator danych osobowych Użytkowników - Ringier Axel Springer Polska sp. z o.o. z siedzibą w Warszawie zapewnia realizację praw podmiotów danych osobowych przez cały okres świadczenia usług Serwisu Forum PC LAB. Szczegółowe informacje znajdziesz w Polityce Prywatności

Administrator informuje, iż wraz z zamknięciem Serwisu Forum PC LAB, dane osobowe Użytkowników Serwisu Forum PC LAB zostaną trwale usunięte ze względu na brak podstawy ich dalszego przetwarzania. Proces trwałego usuwania danych z kopii zapasowych może przekroczyć termin zamknięcia Forum PC LAB o kilka miesięcy. Wyjątek może stanowić przetwarzanie danych użytkownika do czasu zakończenia toczących się postepowań.

Temat został przeniesiony do archiwum

Ten temat przebywa obecnie w archiwum. Dodawanie nowych odpowiedzi zostało zablokowane.

kubexx

Kilka wirusów w rejestrach

dodany przez kubexx, w Internet, sieci i bezpieczeństwo

Rekomendowane odpowiedzi

kubexx    0

kubexx
Napisano

Czołgiem !

Dostałem wczoraj od kumpla pendriva, niestety z paroma bonusami. Wkradł mi się wczoraj fiefoj.exe i waewa.src, uruchomiłem combofix'a, usunął wirusa, problem znikł. Po dzisiejszym skanie okazało sie, że jest jeszcze parę niespodzianek a mianowicie

Trojan murlo

Trojan generic

 

Dodaje logi z hijack this i OTL

 

OTL Extras logfile created on: 2011-03-25 20:16:05 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = F:\Rapid

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 24,41 Gb Total Space | 13,92 Gb Free Space | 57,00% Space Free | Partition Type: NTFS

Drive D: | 263,67 Gb Total Space | 66,73 Gb Free Space | 25,31% Space Free | Partition Type: NTFS

Drive F: | 312,50 Gb Total Space | 217,89 Gb Free Space | 69,72% Space Free | Partition Type: NTFS

Drive G: | 312,50 Gb Total Space | 232,46 Gb Free Space | 74,39% Space Free | Partition Type: NTFS

Drive H: | 306,51 Gb Total Space | 217,77 Gb Free Space | 71,05% Space Free | Partition Type: NTFS

 

Computer Name: KBX | User Name: Kubex | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-606747145-764733703-1801674531-1003\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htafile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Nowe Gadu-Gadu\gg.exe" = C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu -- (GG Network S.A.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"D:\Battlefield 2\BF2.exe" = D:\Battlefield 2\BF2.exe:*:Enabled:BF2 -- ()

"H:\Battlefield play 4 free\BFP4f.exe" = H:\Battlefield play 4 free\BFP4f.exe:*:Enabled:BFP4f -- ()

"D:\TDU\TestDriveUnlimited.exe" = D:\TDU\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited -- (Eden Games)

"H:\TDU2 Gra\UpLauncher.exe" = H:\TDU2 Gra\UpLauncher.exe:*:Enabled:UpLauncher -- (Eden Games)

"H:\TDU2 Gra\TestDrive2.exe" = H:\TDU2 Gra\TestDrive2.exe:*:Enabled:Test Drive Unlimited 2 -- (Eden Games)

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver

"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23

"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5

"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network

"{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10

"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B079C58-860B-4715-BDEC-5FBAAB1719AF}" = Browser Configuration Utility

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700

"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2

"{E12683F4-89CF-4C10-BB15-013B415AA03A}" = USB FireWall 1.1.3

"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0

"{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk

"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 4.5)

"AcMgrDDL" = DDL and DTS Connect License Activation

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"All Free Disc Burner_is1" = All Free Disc Burner 2.7.1.2

"ALLPlayer_is1" = ALLPlayer V4.X

"AudioCS" = Creative Audio Control Panel

"Cities XL 2011" = Cities XL 2011

"Console Launcher" = Creative Console Launcher

"Creative Volume Panel" = Volume Panel

"CWK" = CWK (Czasowy Wyłącznik Komputera)

"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1

"Dolby Digital Live Pack" = Dolby Digital Live Pack

"Easy Wallpaper Changer_is1" = Easy Wallpaper Changer v2.0

"EEEE705096F837B7907659F100C9FE6DA001970F" = Pakiet sterowników systemu Windows - Nokia Modem (06/09/2010 7.01.0.7)

"EMDB_is1" = EMDB 1.23

"HaaliMkx" = Haali Media Splitter

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.8 (Full) BETA

"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5

"Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended

"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)

"Nokia PC Suite" = Nokia PC Suite

"Nowe Gadu-Gadu" = Nowe Gadu-Gadu

"NVIDIA Drivers" = NVIDIA Drivers

"OpenAL" = OpenAL

"PunkBusterSvc" = PunkBuster Services

"RaceRoom The Game_is1" = RaceRoom The Game

"SFBM" = SoundFont Bank Manager

"sp6" = Logitech SetPoint 6.20

"Spyware Doctor" = Spyware Doctor z modulem Antivirus 8.0

"Stellarium_is1" = Stellarium 0.10.6.1

"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2

"THX_Console_Unicode" = THX Setup Console

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"WinRAR archiver" = Archiwizator WinRAR

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-606747145-764733703-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2010-12-31 04:48:26 | Computer Name = KBX | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Tried to start a service that wasn't the latest version of CLR Optimization service.

Will shutdown

 

Error - 2011-01-17 17:43:16 | Computer Name = KBX | Source = Microsoft Office 12 | ID = 5000

Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.4518.1014, P3

mso.dll, P4 12.0.4518.1014, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

 

Error - 2011-02-07 06:19:34 | Computer Name = KBX | Source = MsiInstaller | ID = 1013

Description = Product: Test Drive Unlimited -- 1: The InstallScript engine is missing

from this machine. If available, please run ISScript.msi, or contact your support

personnel for further assistance.

 

Error - 2011-02-13 04:42:26 | Computer Name = KBX | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Tried to start a service that wasn't the latest version of CLR Optimization service.

Will shutdown

 

[ System Events ]

Error - 2011-03-23 18:25:56 | Computer Name = KBX | Source = Service Control Manager | ID = 7001

Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie

można uruchomić z powodu następującego błędu: %%31

 

Error - 2011-03-23 18:25:56 | Computer Name = KBX | Source = Service Control Manager | ID = 7001

Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której

nie można uruchomić z powodu następującego błędu: %%31

 

Error - 2011-03-23 18:25:56 | Computer Name = KBX | Source = Service Control Manager | ID = 7001

Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można

uruchomić z powodu następującego błędu: %%31

 

Error - 2011-03-23 18:25:56 | Computer Name = KBX | Source = Service Control Manager | ID = 7001

Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można

uruchomić z powodu następującego błędu: %%31

 

Error - 2011-03-23 18:25:56 | Computer Name = KBX | Source = Service Control Manager | ID = 7026

Description = Nie można załadować następujących sterowników startu rozruchowego

lub systemowego: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

 

Error - 2011-03-23 18:27:27 | Computer Name = KBX | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 2011-03-23 18:27:32 | Computer Name = KBX | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

StiSvc z argumentami „” w celu uruchomienia serwera: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 2011-03-23 18:27:38 | Computer Name = KBX | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 2011-03-23 18:28:17 | Computer Name = KBX | Source = DCOM | ID = 10005

Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi

EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 2011-03-23 18:42:09 | Computer Name = KBX | Source = PlugPlayManager | ID = 11

Description = Urządzenie Root\LEGACY_RKHIT\0000 zniknęło z systemu bez uprzedniego

przygotowania go do usunięcia.

 

 

< End of report >

 

 

 

OTL logfile created on: 2011-03-25 20:16:05 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = F:\Rapid

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 24,41 Gb Total Space | 13,92 Gb Free Space | 57,00% Space Free | Partition Type: NTFS

Drive D: | 263,67 Gb Total Space | 66,73 Gb Free Space | 25,31% Space Free | Partition Type: NTFS

Drive F: | 312,50 Gb Total Space | 217,89 Gb Free Space | 69,72% Space Free | Partition Type: NTFS

Drive G: | 312,50 Gb Total Space | 232,46 Gb Free Space | 74,39% Space Free | Partition Type: NTFS

Drive H: | 306,51 Gb Total Space | 217,77 Gb Free Space | 71,05% Space Free | Partition Type: NTFS

 

Computer Name: KBX | User Name: Kubex | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011-03-25 20:15:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\Rapid\OTL.exe

PRC - [2011-03-17 08:15:04 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Kubex\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

PRC - [2010-11-09 21:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

PRC - [2010-10-29 00:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe

PRC - [2010-09-29 16:00:56 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe

PRC - [2010-09-29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe

PRC - [2010-03-15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe

PRC - [2009-07-13 09:19:56 | 010,707,560 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe

PRC - [2009-02-03 11:48:32 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Volume Panel\VolPanlu.exe

PRC - [2009-01-21 21:42:38 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe

PRC - [2009-01-19 17:50:22 | 000,515,920 | ---- | M] (Smart PC Solutions) -- C:\Program Files\Smart PC Solutions\Easy Wallpaper Changer\EasyWallpaperChanger.exe

PRC - [2008-12-29 22:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe

PRC - [2008-09-01 08:44:42 | 001,330,688 | ---- | M] (Net-Studio.org) -- C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe

PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011-03-25 20:15:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\Rapid\OTL.exe

MOD - [2010-08-04 13:19:26 | 000,157,768 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\smum32.dll

MOD - [2010-08-04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll

MOD - [2008-04-14 21:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010-12-24 19:17:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)

SRV - [2010-12-24 19:16:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2010-10-28 11:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010-09-29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)

SRV - [2010-05-04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010-03-15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)

SRV - [2009-10-15 14:11:48 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)

SRV - [2008-12-29 22:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)

DRV - [2010-10-05 11:10:56 | 000,249,616 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)

DRV - [2010-08-27 09:26:40 | 000,070,536 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)

DRV - [2010-08-24 18:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2010-08-24 18:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2010-08-24 18:30:40 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)

DRV - [2010-08-24 18:30:40 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)

DRV - [2010-08-24 18:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2010-08-18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2010-07-16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)

DRV - [2010-07-16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)

DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2009-11-27 08:20:06 | 000,177,152 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009-01-21 23:30:38 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)

DRV - [2009-01-21 23:30:26 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)

DRV - [2009-01-21 23:30:18 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2009-01-21 23:30:10 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV - [2009-01-21 23:30:00 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2009-01-21 23:29:52 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)

DRV - [2009-01-21 23:29:40 | 000,526,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV - [2009-01-21 23:29:30 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

DRV - [2009-01-21 23:29:18 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)

DRV - [2009-01-21 23:29:18 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV - [2009-01-21 23:29:06 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)

DRV - [2009-01-21 23:29:06 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV - [2009-01-21 23:28:58 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)

DRV - [2009-01-21 23:28:58 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)

DRV - [2008-05-02 07:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

 

IE - HKU\S-1-5-21-606747145-764733703-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-606747145-764733703-1801674531-1003\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)

IE - HKU\S-1-5-21-606747145-764733703-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.27.2

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732

 

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-27 22:55:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011-01-19 17:09:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-06 02:07:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-06 02:07:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

 

[2010-12-28 21:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kubex\Dane aplikacji\Mozilla\Extensions

[2011-03-17 18:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kubex\Dane aplikacji\Mozilla\Firefox\Profiles\b8imau01.default\extensions

[2011-01-15 16:09:18 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Kubex\Dane aplikacji\Mozilla\Firefox\Profiles\b8imau01.default\extensions\battlefieldplay4free@ea.com

[2011-03-17 18:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011-01-02 18:07:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011-01-02 18:07:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011-01-19 17:09:48 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC

[2011-01-02 18:07:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2011-03-06 02:07:45 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2011-03-06 02:07:45 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2011-03-06 02:07:46 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2011-03-06 02:07:46 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2011-03-06 02:07:46 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2011-03-06 02:07:46 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

 

O1 HOSTS File: ([2011-03-23 23:43:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [iSTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [uSBFW] C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe (Net-Studio.org)

O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-21-606747145-764733703-1801674531-1003..\Run: [EasyWallpaperChanger] C:\Program Files\Smart PC Solutions\Easy Wallpaper Changer\EasyWallpaperChanger.exe (Smart PC Solutions)

O4 - HKU\S-1-5-21-606747145-764733703-1801674531-1003..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)

O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-606747145-764733703-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-606747145-764733703-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-606747145-764733703-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-606747145-764733703-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O15 - HKU\S-1-5-21-606747145-764733703-1801674531-1003\..Trusted Ranges: Range1 ([http] in Trusted sites)

O15 - HKU\S-1-5-21-606747145-764733703-1801674531-1003\..Trusted Ranges: Range1 ([https] in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-12-24 18:49:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011-03-25 20:15:18 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011-03-25 19:36:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011-03-24 00:30:30 | 000,000,000 | ---D | C] -- C:\Program Files\Net Studio

[2011-03-24 00:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Net Studio

[2011-03-23 23:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\xerox

[2011-03-23 23:43:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom

[2011-03-23 23:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage

[2011-03-23 23:38:35 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011-03-23 23:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011-03-23 23:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\HijackThis

[2011-03-23 23:33:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011-03-23 22:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2011-03-23 22:38:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2011-03-08 09:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kubex\Pulpit\x

[2011-03-07 21:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kubex\Moje dokumenty\Moje skanowanie

[2011-03-07 09:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kubex\Pulpit\Zippo

[2011-03-07 08:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kubex\Dane aplikacji\Stellarium

[2011-03-07 08:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Stellarium

[2011-02-28 09:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\All Free Disc Burner

[2011-02-28 09:31:27 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll

[2011-02-28 09:31:27 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll

[2011-02-28 09:31:27 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll

[2011-02-28 09:31:27 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll

[2011-02-28 09:31:27 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll

[2011-02-27 15:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kubex\Dane aplikacji\Canneverbe Limited

[2011-02-27 15:14:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited

[2009-04-24 17:44:17 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

[2009-04-24 17:44:15 | 000,012,800 | ---- | C] ( ) -- C:\WINDOWS\System32\killapps.exe

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011-03-25 19:35:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-764733703-1801674531-1003UA.job

[2011-03-25 16:03:45 | 000,188,689 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011-03-25 16:03:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011-03-25 02:08:01 | 000,055,300 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000005-00291102}.rfx

[2011-03-25 02:08:01 | 000,055,300 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000001-00001102-00000005-00291102}.rfx

[2011-03-25 02:08:01 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000005-00291102}.rfx

[2011-03-24 22:08:17 | 000,007,849 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\zagadka.JPG

[2011-03-24 22:06:45 | 000,037,367 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\LeftRear2.jpg

[2011-03-24 00:54:30 | 000,630,444 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\05.jpg

[2011-03-24 00:54:03 | 000,208,149 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\anjanette-2_080.jpg

[2011-03-24 00:53:48 | 000,265,928 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\1011.jpg

[2011-03-24 00:53:32 | 000,392,514 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\15.jpg

[2011-03-23 23:43:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011-03-23 23:38:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011-03-23 23:34:33 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\HijackThis.lnk

[2011-03-23 23:17:01 | 005,292,054 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\bez tytułu.bmp

[2011-03-23 23:15:31 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd

[2011-03-23 23:06:39 | 000,000,048 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2011-03-23 22:32:54 | 000,071,680 | ---- | M] () -- C:\Documents and Settings\Kubex\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-03-23 06:35:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-764733703-1801674531-1003Core.job

[2011-03-22 20:41:53 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2011-03-21 13:26:13 | 000,140,233 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\12 (1).jpg

[2011-03-21 13:23:57 | 000,216,879 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\raven_s2-057.jpg

[2011-03-21 13:23:35 | 000,228,904 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\7.jpg

[2011-03-21 13:22:58 | 000,324,428 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\12.jpg

[2011-03-21 13:21:53 | 000,197,279 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\DBP_2909.jpg

[2011-03-21 13:21:05 | 000,269,109 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\16.jpg

[2011-03-16 20:16:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kubex\DSC03082.JPG

[2011-03-13 14:48:16 | 004,954,294 | ---- | M] () -- C:\Documents and Settings\Kubex\Pulpit\4000_UB0001.pdf

[2011-02-28 08:11:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011-03-24 22:08:17 | 000,007,849 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\zagadka.JPG

[2011-03-24 22:06:55 | 000,037,367 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\LeftRear2.jpg

[2011-03-24 00:54:31 | 000,630,444 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\05.jpg

[2011-03-24 00:53:49 | 000,265,928 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\1011.jpg

[2011-03-24 00:53:34 | 000,392,514 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\15.jpg

[2011-03-23 23:38:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011-03-23 23:38:35 | 000,262,400 | RHS- | C] () -- C:\cmldr

[2011-03-23 23:34:33 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\HijackThis.lnk

[2011-03-23 23:17:00 | 005,292,054 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\bez tytułu.bmp

[2011-03-23 23:15:31 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd

[2011-03-23 23:06:39 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2011-03-21 13:26:14 | 000,140,233 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\12 (1).jpg

[2011-03-21 13:23:58 | 000,216,879 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\raven_s2-057.jpg

[2011-03-21 13:23:35 | 000,228,904 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\7.jpg

[2011-03-21 13:22:57 | 000,324,428 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\12.jpg

[2011-03-21 13:21:53 | 000,197,279 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\DBP_2909.jpg

[2011-03-21 13:21:07 | 000,269,109 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\16.jpg

[2011-03-16 20:16:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kubex\DSC03082.JPG

[2011-03-13 14:48:03 | 004,954,294 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\4000_UB0001.pdf

[2011-03-08 09:11:53 | 000,866,675 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\Zdjęcie0043.jpg

[2011-03-08 09:11:52 | 000,771,681 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\Zdjęcie0042.jpg

[2011-03-08 09:11:50 | 001,018,671 | ---- | C] () -- C:\Documents and Settings\Kubex\Pulpit\Zdjęcie0044.jpg

[2011-02-28 09:31:27 | 000,113,486 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx

[2011-02-12 10:09:35 | 000,092,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2011-02-08 22:04:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2011-02-08 22:04:42 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011-02-08 22:04:42 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011-02-08 22:04:40 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011-01-15 16:17:49 | 000,138,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2011-01-15 16:17:49 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Kubex\Dane aplikacji\PnkBstrK.sys

[2011-01-15 16:17:35 | 000,234,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2010-12-31 01:29:44 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010-12-31 01:29:40 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2010-12-30 17:27:17 | 000,000,675 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat.temp

[2010-12-29 17:52:31 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2010-12-28 21:42:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010-12-27 22:47:50 | 000,209,360 | ---- | C] () -- C:\WINDOWS\hpoins43.dat

[2010-12-27 22:47:50 | 000,000,675 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat

[2010-12-25 11:22:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010-12-24 19:25:40 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\Kubex\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-12-24 18:54:38 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2010-12-24 18:49:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010-12-24 18:49:14 | 000,050,105 | ---- | C] () -- C:\WINDOWS\activ.exe

[2010-12-24 18:46:46 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010-12-24 02:33:01 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010-12-24 02:31:57 | 000,151,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-09-30 02:44:52 | 000,000,127 | ---- | C] () -- C:\WINDOWS\zraidtray.ini

[2009-04-24 17:44:21 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll

[2009-04-24 17:44:21 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL

[2009-04-24 17:44:16 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\regplib.exe

[2009-04-24 17:44:15 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\enlocstr.exe

[2009-04-24 17:44:07 | 000,321,512 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat

[2009-04-24 17:44:07 | 000,056,509 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2009-04-24 17:44:06 | 000,020,939 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini

[2009-04-24 17:44:06 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

[2009-04-24 17:44:06 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2008-06-25 20:57:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008-06-25 20:57:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2008-06-25 20:57:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008-06-25 20:57:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2008-06-25 20:57:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008-06-25 20:57:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008-06-25 20:57:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2008-06-25 20:57:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2008-06-25 20:57:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008-05-03 08:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2008-04-14 22:16:20 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2006-12-31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2001-10-26 17:15:16 | 000,554,730 | ---- | C] () -- C:\WINDOWS\System32\perfh015.dat

[2001-10-26 17:15:16 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat

[2001-10-26 17:15:16 | 000,104,320 | ---- | C] () -- C:\WINDOWS\System32\perfc015.dat

[2001-10-26 17:15:16 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat

[2001-08-23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001-08-23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001-08-17 22:30:24 | 000,493,000 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001-08-17 22:30:24 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001-08-17 22:30:24 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001-08-17 22:30:22 | 000,083,522 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001-08-17 22:15:38 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001-07-21 23:36:48 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001-07-21 23:36:04 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001-07-21 23:24:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

 

========== LOP Check ==========

 

[2011-02-27 15:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited

[2010-12-24 19:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2011-01-19 17:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations

[2011-01-19 17:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

[2011-03-25 16:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2011-02-07 11:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited

[2011-02-27 15:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubex\Dane aplikacji\Canneverbe Limited

[2011-03-25 20:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubex\Dane aplikacji\EasyWallpaperChanger

[2010-12-24 19:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubex\Dane aplikacji\ESET

[2011-01-06 09:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubex\Dane aplikacji\Leadertech

[2011-01-19 17:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubex\Dane aplikacji\Nokia

[2011-02-23 00:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubex\Dane aplikacji\Nowe Gadu-Gadu

[2011-01-19 17:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubex\Dane aplikacji\PC Suite

[2011-03-07 08:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kubex\Dane aplikacji\Stellarium

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:430C6D84

 

< End of report >

 

 

Hijack this

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:32:35, on 2011-03-25

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Program Files\Creative\Volume Panel\VolPanlu.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Smart PC Solutions\Easy Wallpaper Changer\EasyWallpaperChanger.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\windows media player\wmplayer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Kubex\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kubex\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kubex\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kubex\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kubex\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kubex\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI

O4 - HKLM\..\Run: [uSBFW] C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe

O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [EasyWallpaperChanger] C:\Program Files\Smart PC Solutions\Easy Wallpaper Changer\EasyWallpaperChanger.exe /m

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted IP range: http://127.0.0.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

 

--

End of file - 7939 bytes

 

 

 

 

oraz foto z tego co wykrył spyware doctor

 

http://www.fotosik.pl/pokaz_obrazek/bd76b729ed6d5c15.html

 

Się tak zastanawiam, jak teraz je usunąć. Zakładam, że za pomocą combofix'a da radę, ale nie wiem jak to zrobić. Proszę pomóżcie :)

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

tehawanka    0

tehawanka
Napisano

Żaden trojan Murlo tylko klucz utworzony przez ComboFix

Jeżeli masz ComboFix na dysku to prawidłowo odinstaluj.

Jeżeli nie masz to pobierz ComboFix i zapisz w tej samej lokalizacji.

Naciśnij logo Windows + R i wpisz:

"Ścieżka dostępu do pliku\ComboFix.exe" /uninstall

Wyczyść foldery przywracania systemu - Klik

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach

kubexx    0

kubexx
Napisano

No dobra combofix usunąłem, a co z tym generic, bo dalej mi si to pojawia po skanowaniu.

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi
Udostępnij na innych stronach
Przejdź do listy tematów

  • Ostatnio przeglądający   0 użytkowników

    Brak zarejestrowanych użytkowników przeglądających tę stronę.

×
×
  • Dodaj nową pozycję...