Problem z dostępem do antywirusa

Dla specjalistów Bezpieczeństwo
#1

Mam problem. Jakiś wirus blokuje mi dostęp do serwerów antywirusów itp. Nie mogę nic pobrać ani aktualizować.

hijackthisa nie mogę pobrać bo zabrania mi dostępu do serwera ten wirus.

Logi z combofixa:

ComboFix 12-06-08.02 - Wojciech 2012-06-09 11:08:43.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.618 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Wojciech\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Wojciech\Pulpit\CFScript.txt

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\kbdblr32.exe

.

.

((((((((((((((((((((((((( Pliki utworzone od 2012-05-09 do 2012-06-09 )))))))))))))))))))))))))))))))

.

.

2012-06-09 08:16 . 2012-06-09 08:16	--------	d-----w-	c:\program files\CCleaner

2012-06-08 21:46 . 2012-06-08 21:46	0	----a-w-	c:\windows\system32\A2.tmp

2012-06-08 21:46 . 2012-06-08 21:46	0	----a-w-	c:\windows\system32\A1.tmp

2012-06-07 07:36 . 2012-06-07 07:36	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-07 07:36 . 2012-06-07 07:36	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-06 16:21 . 2012-06-06 16:21	0	----a-w-	c:\windows\system32\1D.tmp

2012-06-06 16:21 . 2012-06-06 16:21	0	----a-w-	c:\windows\system32\1C.tmp

2012-05-31 17:50 . 2012-05-31 17:50	0	----a-w-	c:\windows\system32\A0.tmp

2012-05-31 17:50 . 2012-05-31 17:50	0	----a-w-	c:\windows\system32\9F.tmp

2012-05-29 18:46 . 2012-05-29 18:46	0	----a-w-	c:\windows\system32\64.tmp

2012-05-29 18:45 . 2012-05-29 18:45	0	----a-w-	c:\windows\system32\63.tmp

2012-05-25 19:15 . 2012-05-25 19:15	0	----a-w-	c:\windows\system32\60.tmp

2012-05-25 19:14 . 2012-05-25 19:14	0	----a-w-	c:\windows\system32\5E.tmp

2012-05-24 18:26 . 2012-05-24 18:26	0	----a-w-	c:\windows\system32\94.tmp

2012-05-24 18:26 . 2012-05-24 18:26	0	----a-w-	c:\windows\system32\8F.tmp

2012-05-21 18:35 . 2012-05-21 18:35	0	----a-w-	c:\windows\system32\10A.tmp

2012-05-21 18:34 . 2012-05-21 18:34	0	----a-w-	c:\windows\system32\109.tmp

2012-05-17 14:35 . 2012-05-17 14:35	0	----a-w-	c:\windows\system32\5D.tmp

2012-05-17 14:35 . 2012-05-17 14:35	0	----a-w-	c:\windows\system32\5C.tmp

2012-05-14 14:06 . 2012-05-14 14:06	0	----a-w-	c:\windows\system32\1EB.tmp

2012-05-14 14:05 . 2012-05-14 14:05	0	----a-w-	c:\windows\system32\1EA.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-04 12:04 . 2012-05-04 12:04	0	----a-w-	c:\windows\system32\57.tmp

2012-05-04 12:04 . 2012-05-04 12:04	0	----a-w-	c:\windows\system32\54.tmp

2012-05-02 15:25 . 2012-05-02 15:25	0	----a-w-	c:\windows\system32\8D.tmp

2012-05-02 15:25 . 2012-05-02 15:25	0	----a-w-	c:\windows\system32\8B.tmp

2012-05-01 18:48 . 2012-05-01 18:48	0	----a-w-	c:\windows\system32\B9.tmp

2012-05-01 13:48 . 2012-05-01 13:48	0	----a-w-	c:\windows\system32\8A.tmp

2012-04-30 15:19 . 2012-04-30 15:19	0	----a-w-	c:\windows\system32\53.tmp

2012-04-30 15:19 . 2012-04-30 15:19	0	----a-w-	c:\windows\system32\4F.tmp

2012-04-27 18:21 . 2012-04-27 18:21	0	----a-w-	c:\windows\system32\4E.tmp

2012-04-27 18:21 . 2012-04-27 18:21	0	----a-w-	c:\windows\system32\4B.tmp

2012-04-25 19:29 . 2012-04-25 19:29	0	----a-w-	c:\windows\system32\32.tmp

2012-04-25 19:28 . 2012-04-25 19:28	0	----a-w-	c:\windows\system32\2F.tmp

2012-04-23 16:30 . 2012-04-23 16:30	0	----a-w-	c:\windows\system32\EC.tmp

2012-04-23 16:30 . 2012-04-23 16:30	0	----a-w-	c:\windows\system32\EB.tmp

2012-04-20 12:57 . 2012-04-20 12:57	0	----a-w-	c:\windows\system32\152.tmp

2012-04-20 12:56 . 2012-04-20 12:56	0	----a-w-	c:\windows\system32\151.tmp

2012-04-19 16:59 . 2012-04-19 16:59	0	----a-w-	c:\windows\system32\89.tmp

2012-04-19 16:59 . 2012-04-19 16:59	0	----a-w-	c:\windows\system32\87.tmp

2012-04-16 11:21 . 2012-04-16 11:21	0	----a-w-	c:\windows\system32\148.tmp

2012-04-16 11:21 . 2012-04-16 11:21	0	----a-w-	c:\windows\system32\147.tmp

2012-04-15 20:13 . 2012-04-15 20:13	0	----a-w-	c:\windows\system32\9E.tmp

2012-04-15 20:13 . 2012-04-15 20:13	0	----a-w-	c:\windows\system32\9D.tmp

2012-04-13 17:13 . 2012-04-13 17:13	0	----a-w-	c:\windows\system32\85.tmp

2012-04-13 12:13 . 2012-04-13 12:13	0	----a-w-	c:\windows\system32\5B.tmp

2012-04-11 17:55 . 2012-04-11 17:55	0	----a-w-	c:\windows\system32\12B.tmp

2012-04-11 12:54 . 2012-04-11 12:54	0	----a-w-	c:\windows\system32\9C.tmp

2012-04-10 11:19 . 2012-04-10 11:19	0	----a-w-	c:\windows\system32\B4.tmp

2012-04-10 11:19 . 2012-04-10 11:19	0	----a-w-	c:\windows\system32\B3.tmp

2012-04-07 15:17 . 2012-04-07 15:17	0	----a-w-	c:\windows\system32\E.tmp

2012-04-07 15:17 . 2012-04-07 15:17	0	----a-w-	c:\windows\system32\D.tmp

2012-04-05 16:54 . 2012-04-05 16:54	0	----a-w-	c:\windows\system32\83.tmp

2012-04-05 16:53 . 2012-04-05 16:53	0	----a-w-	c:\windows\system32\82.tmp

2012-04-04 12:09 . 2012-04-04 12:09	0	----a-w-	c:\windows\system32\4D.tmp

2012-04-04 12:09 . 2012-04-04 12:09	0	----a-w-	c:\windows\system32\4C.tmp

2012-04-03 17:55 . 2012-04-03 17:55	0	----a-w-	c:\windows\system32\BE.tmp

2012-04-03 12:55 . 2012-04-03 12:55	0	----a-w-	c:\windows\system32\62.tmp

2012-04-02 19:37 . 2012-04-02 19:37	0	----a-w-	c:\windows\system32\9B.tmp

2012-04-02 14:37 . 2012-04-02 14:37	0	----a-w-	c:\windows\system32\4A.tmp

2012-03-30 16:59 . 2012-03-30 16:59	0	----a-w-	c:\windows\system32\81.tmp

2012-03-30 16:58 . 2012-03-30 16:58	0	----a-w-	c:\windows\system32\80.tmp

2012-03-25 16:08 . 2012-03-25 16:08	0	----a-w-	c:\windows\system32\17.tmp

2012-03-25 16:07 . 2012-03-25 16:07	0	----a-w-	c:\windows\system32\16.tmp

2012-03-23 14:17 . 2012-03-23 14:17	0	----a-w-	c:\windows\system32\49.tmp

2012-03-23 14:17 . 2012-03-23 14:17	0	----a-w-	c:\windows\system32\47.tmp

2012-03-22 18:53 . 2012-03-22 18:53	0	----a-w-	c:\windows\system32\A7.tmp

2012-03-22 13:53 . 2012-03-22 13:53	0	----a-w-	c:\windows\system32\90.tmp

2012-03-21 16:04 . 2012-03-21 16:04	0	----a-w-	c:\windows\system32\46.tmp

2012-03-21 16:04 . 2012-03-21 16:04	0	----a-w-	c:\windows\system32\45.tmp

2012-03-20 20:04 . 2012-03-20 20:04	0	----a-w-	c:\windows\system32\2E.tmp

2012-03-20 20:04 . 2012-03-20 20:04	0	----a-w-	c:\windows\system32\2D.tmp

2012-03-18 21:07 . 2012-03-18 21:07	0	----a-w-	c:\windows\system32\2C.tmp

2012-03-18 21:06 . 2012-03-18 21:06	0	----a-w-	c:\windows\system32\2B.tmp

2012-03-15 14:14 . 2012-03-15 14:14	0	----a-w-	c:\windows\system32\56.tmp

2012-03-15 14:14 . 2012-03-15 14:14	0	----a-w-	c:\windows\system32\55.tmp

2012-03-14 21:22 . 2012-03-14 21:22	0	----a-w-	c:\windows\system32\C6.tmp

2012-03-13 14:29 . 2012-03-13 14:29	0	----a-w-	c:\windows\system32\7F.tmp

2012-03-13 14:28 . 2012-03-13 14:28	0	----a-w-	c:\windows\system32\78.tmp

2012-03-12 16:53 . 2012-03-12 16:53	0	----a-w-	c:\windows\system32\A4.tmp

2012-03-12 16:52 . 2012-03-12 16:52	0	----a-w-	c:\windows\system32\A3.tmp

2003-03-21 12:37 . 2003-03-21 12:37	16056	----a-w-	c:\program files\owcstp16.dll

2012-06-07 07:36 . 2011-12-04 18:24	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll

2011-11-17 12:30	512512	--sh--w-	c:\windows\wdigestwow.exe

2011-06-29 16:50	522752	--sh--w-	c:\windows\wmerrorwow.exe

2011-03-06 09:07	203776	--sh--w-	c:\windows\system32\unrar.exe

2011-03-06 09:07	203776	--sh--w-	c:\windows\system32\567B5433A72B8D858EA715178277C159\unrar.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-09_08.54.01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-09 09:04 . 2012-06-09 09:04	16384 c:\windows\Temp\Perflib_Perfdata_170.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06230520-1E04-4807-AAB0-AF88A6459735}]

2011-03-06 09:07	413184	----a-w-	c:\windows\system32\atmpvcno32.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-12-05 8523776]

"nwiz"="nwiz.exe" [2007-12-05 1626112]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-12-05 81920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"wdigestwow.exe"="c:\windows\wdigestwow.exe" [2011-11-17 512512]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\mll_mtf32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 17:43	69632	----a-w-	c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2005-12-10 14:57	133016	----a-w-	c:\program files\DAEMON Tools\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 20:51	1695232	--sh--w-	c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 10:50	155648	----a-w-	c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OWCWebCamDV]

2004-05-20 07:59	1056768	----a-w-	c:\windows\system\wcdvtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-07-05 15:08	16380416	----a-w-	c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2008-04-01 18:49	36352	----a-w-	c:\program files\Winamp\winampa.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmerrorwow.exe]

2011-06-29 16:50	522752	--sh--w-	c:\windows\wmerrorwow.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ServiceLayer"=3 (0x3)

"SbPF.Launcher"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\wmerrorwow.exe"=

"c:\\Documents and Settings\\Wojciech\\Dane aplikacji\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"d:\\Gry\\Medieval 2\\kingdoms.exe"=

"c:\\WINDOWS\\system32\\kbdpl132.exe"=

"c:\\WINDOWS\\wdigestwow.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2049:TCP"= 2049:TCP:iklei

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-01-05 639224]

R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-09-17 212608]

S2 izdqojflw;Monitor Config;c:\windows\system32\svchost.exe -k netsvcs [2001-10-26 14336]

S2 TrkWks32;Klient śledzenia łączy rozproszonych ;c:\windows\system32\kbdpl132.exe [2011-03-06 1421824]

S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2009-02-01 219136]

S3 cpuz130;cpuz130;\??\c:\docume~1\Wojciech\USTAWI~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Wojciech\USTAWI~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 koobnsa;koobnsa;c:\windows\system32\02.tmp [2011-06-05 4096]

S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2008-06-24 65024]

S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 113120]

S3 TESTCAP;Mobicam, Video Capture Device;c:\windows\system32\drivers\mobicam.sys [2009-01-31 230144]

.

--- Inne Usługi/Sterowniki w Pamięci ---

.

*NewlyCreated* - WS2IFSL

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

izdqojflw

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.onet.pl/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Pobierz z &BitSpirit - d:\bartek\BitSpirit\bsurl.htm

TCP: DhcpNameServer = 82.139.8.7 88.156.63.9

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Wojciech\Dane aplikacji\Mozilla\Firefox\Profiles\m959ucrs.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1408409&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-09 11:12

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

.

skanowanie ukrytych procesów ...  

.

skanowanie ukrytych wpisów autostartu ... 

.

skanowanie ukrytych plików ...  

.

skanowanie pomyślnie ukończone

ukryte pliki: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\koobnsa]

"ImagePath"="\??\c:\windows\system32\02.tmp"

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\izdqojflw]

"ServiceDll"="c:\windows\system32\lbysv.dll"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

.

[HKEY_USERS\S-1-5-21-343818398-630328440-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{507DDBB2-0FC3-4A72-E0B7-88141908C1BC}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"paebemiimebnpmpfkdoampngiapbeann"=hex:6a,61,6e,64,6c,64,6a,69,63,67,69,67,64,

   6e,69,62,68,65,67,65,00,fb

"oagcaepbgiljnhpcjdjedfejbmcojj"=hex:6a,61,6e,64,6c,64,6a,69,63,67,69,67,64,6e,

   69,62,68,65,67,65,00,fb

"abackgmhbfjnnfibammnkbnmamdaanmidi"=hex:61,61,00,00

"manbjgmcochjnkeelimfihfiie"=hex:61,61,00,00

.

[HKEY_USERS\S-1-5-21-343818398-630328440-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A04AC9A1-9008-974E-45EA-26EF41FB1EDF}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaaigmlbpfjpmldffk"=hex:69,61,64,66,69,6a,62,68,68,6b,6a,6c,6d,64,61,70,70,63,

   00,00

"haoimfkkilociaca"=hex:69,61,64,66,69,6a,62,68,68,6b,6a,6c,6d,64,61,70,70,63,

   00,00

.

[HKEY_USERS\S-1-5-21-343818398-630328440-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DAEDDC80-BB95-B937-AC12-1B991C077167}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iabppeeabmahodblhi"=hex:69,61,6b,64,68,6d,65,64,70,6e,62,63,66,69,66,65,66,6a,

   00,02

"hahpjjojeplofdae"=hex:69,61,6b,64,68,6d,65,64,70,6e,62,63,66,69,66,65,66,6a,

   00,02

.

Czas ukończenia: 2012-06-09 11:14:02

ComboFix-quarantined-files.txt 2012-06-09 09:13

ComboFix2.txt 2012-06-09 08:55

.

Przed: 12 418 871 296 bajtów wolnych

Po: 12 407 566 336 bajtów wolnych

.

- - End Of File - - EB106608A64A39295A5E2862348826F9

logi z avegera:

//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 3)

Sat Jun 09 11:02:30 2012


11:02:22: Error: Invalid registry syntax in command:

"HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78420468-dbff-11dd-8bb7-0011a3031bf2}"

Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.

Skipping line. (Registry key deletion mode)  

11:02:28: Error: Invalid registry syntax in command:

"HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb3c8af0-d0e3-11dd-a804-806d6172696f}"

Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.

Skipping line. (Registry key deletion mode)  

11:02:30: Error: Execution aborted by user!



//////////////////////////////////////////



//////////////////////////////////////////

  Avenger Pre-Processor log

//////////////////////////////////////////


Platform: Windows XP (build 2600, Dodatek Service Pack 3)

Sat Jun 09 11:02:47 2012


11:02:45: Error: Invalid registry syntax in command:

"HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78420468-dbff-11dd-8bb7-0011a3031bf2}"

Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.

Skipping line. (Registry key deletion mode)  

11:02:47: Error: Invalid registry syntax in command:

"HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb3c8af0-d0e3-11dd-a804-806d6172696f}"

Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.

Skipping line. (Registry key deletion mode)  

11:02:47: Error: Execution aborted by user!



//////////////////////////////////////////



Logfile of The Avenger Version 2.0, (c) by Swandog46

http://swandog46.geekstogo.com


Platform: Windows XP


*******************


Script file opened successfully.

Script file read successfully.


Backups directory opened successfully at C:\Avenger


*******************


Beginning to process script file:


Rootkit scan active.

No rootkits found!



Completed script processing.


*******************


Finished! Terminate.
#2

Pobierz i uruchom OTL

  1. Do okna Własne opcje skanowania / skrypt wklej:

Kliknij Wykonaj skrypt i zatwierdź restart.

Pokaż raport z usuwania.

  1. Wklej do OTL i kliknij Skanuj :

Pokaż ten log.

#3

nie mogę niestety wykonać tego skryptu, zwiesza mi się komputer, próbowałem dwa razy. Czekałem ponad 10 minut i nic. Przeskanuję jeszcze z tymi wskazaniami.

#4

Uruchom komputer w trybie awaryjnym i wtedy użyj skryptu.

Po uruchomieniu komputera naciskaj klawisz F8 i wybierz tryb awaryjny.

#5

wykonanie skryptu

All processes killed

========== SERVICES/DRIVERS ==========

Service izdqojflw stopped successfully!

Service izdqojflw deleted successfully!

Service koobnsa stopped successfully!

Service koobnsa deleted successfully!

========== FILES ==========

File\Folder c:\windows\system32\*.tmp not found.

File\Folder c:\windows\system32\atmpvcno32.dll not found.

c:\windows\system32\lbysv.dll moved successfully.

File\Folder c:\windows\wdigestwow.exe not found.

File\Folder c:\windows\wmerrorwow.exe not found.

c:\windows\system32\unrar.exe moved successfully.

c:\windows\system32\567B5433A72B8D858EA715178277C159\h folder moved successfully.

c:\windows\system32\567B5433A72B8D858EA715178277C159\b folder moved successfully.

c:\windows\system32\567B5433A72B8D858EA715178277C159 folder moved successfully.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06230520-1E04-4807-AAB0-AF88A6459735}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06230520-1E04-4807-AAB0-AF88A6459735}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\WINDOWS\wmerrorwow.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\WINDOWS\system32\kbdpl132.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\WINDOWS\wdigestwow.exe deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmerrorwow.exe\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wdigestwow.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2049:TCP deleted successfully.

========== COMMANDS ==========


[EMPTYTEMP]


User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


User: All Users


User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes


User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


User: Wojciech

->Temp folder emptied: 37686 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 48683928 bytes

->Flash cache emptied: 670 bytes


%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes


Total Files Cleaned = 47,00 mb



OTL by OldTimer - Version 3.2.48.0 log created on 06092012_125328

sekunda i będą logi ze skanu. Ogólnie to pomogło. Już śmiga strona MS’a i antywirusy. Tam niektóre foldery są nieznalezione bo wcześniej jeszcze uruchomiłem MLB i usunąłem trochę shitu skan:

OTL logfile created on: 2012-06-09 12:57:15 - Run 2

OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Wojciech\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1023,36 Mb Total Physical Memory | 718,44 Mb Available Physical Memory | 70,20% Memory free

1,66 Gb Paging File | 1,49 Gb Available in Paging File | 89,78% Paging File free

Paging file location(s): C:\pagefile.sys 768 768 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 20,00 Gb Total Space | 11,84 Gb Free Space | 59,21% Space Free | Partition Type: NTFS

Drive D: | 212,87 Gb Total Space | 134,95 Gb Free Space | 63,40% Space Free | Partition Type: NTFS

Unable to calculate disk information.


Computer Name: ANIOL | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2012-06-09 11:40:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojciech\Moje dokumenty\Pobieranie\OTL.exe

PRC - [2012-06-07 09:36:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2012-06-07 09:36:42 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012-04-04 07:54:04 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL

MOD - [2010-09-21 16:05:59 | 005,969,360 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2012-06-07 09:36:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2008-11-11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\kwflower.sys -- (kwflower)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Wojciech\USTAWI~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Wojciech\USTAWI~1\Temp\catchme.sys -- (catchme)

DRV - [2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2008-09-28 14:10:09 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2008-09-15 08:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2008-09-15 08:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008-09-15 08:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008-09-15 08:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008-06-24 10:36:14 | 000,065,024 | ---- | M] (Kerio Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev)

DRV - [2008-03-24 12:10:08 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)

DRV - [2008-01-05 01:03:43 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2007-07-18 20:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007-06-28 22:19:00 | 000,230,144 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mobicam.sys -- (TESTCAP)

DRV - [2006-01-11 16:55:48 | 000,219,136 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTCamDrv.sys -- (BTCAMDRV)

DRV - [2005-04-18 02:26:00 | 000,230,912 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2005-01-19 08:37:40 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2004-05-11 07:27:32 | 000,212,608 | ---- | M] (OrangeWare, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\WebCamDV.sys -- (WebCamDV)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - user.js - File not found


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-06-07 09:36:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-04-12 18:52:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-02-23 22:05:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins


[2012-06-09 12:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions

[2012-01-09 22:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012-06-07 09:36:42 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011-10-03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010-07-21 12:26:44 | 000,197,224 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll

[2012-01-09 22:48:34 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2012-01-09 22:48:34 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2012-01-09 22:48:34 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2012-01-09 22:48:34 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2012-01-09 22:48:34 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-01-09 22:48:34 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2012-06-09 11:25:59 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.139.8.7 88.156.63.9

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B358F024-A545-4FD9-9029-943A7C71A08A}: DhcpNameServer = 82.139.8.7 88.156.63.9

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-01-02 21:12:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: izdqojflw - File not found


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2012-06-09 12:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie

[2012-06-09 12:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Temp

[2012-06-09 12:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Adobe

[2012-06-09 12:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Macromedia

[2012-06-09 12:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe

[2012-06-09 12:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla

[2012-06-09 12:55:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla

[2012-06-09 11:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware

[2012-06-09 11:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2012-06-09 11:45:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012-06-09 11:41:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012-06-09 11:41:24 | 000,000,000 | ---D | C] -- C:\_OTL

[2012-06-09 11:23:15 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll

[2012-06-09 11:19:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2012-06-09 11:19:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies

[2012-06-09 11:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft

[2012-06-09 11:19:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft

[2012-06-09 11:19:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo

[2012-06-09 11:19:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji

[2012-06-09 11:19:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Start

[2012-06-09 11:19:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart

[2012-06-09 11:19:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\Akcesoria

[2012-06-09 11:19:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne

[2012-06-09 11:19:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Szablony

[2012-06-09 11:19:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent

[2012-06-09 11:19:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood

[2012-06-09 11:19:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood

[2012-06-09 11:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ulubione

[2012-06-09 11:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit

[2012-06-09 11:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty

[2012-06-09 11:18:50 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012-06-09 11:16:43 | 000,000,000 | ---D | C] -- C:\SDFix

[2012-06-09 10:49:12 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012-06-09 10:47:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012-06-09 10:47:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012-06-09 10:47:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012-06-09 10:47:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012-06-09 10:47:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012-06-09 10:47:05 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012-06-09 10:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner

[2012-06-09 10:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2012-06-09 12:59:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012-06-09 12:54:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-06-09 11:45:54 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

[2012-06-09 11:43:44 | 000,000,849 | ---- | M] () -- C:\WINDOWS\System32\44574f6b

[2012-06-09 11:25:59 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2012-06-09 11:23:15 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll

[2012-06-09 10:49:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012-06-09 10:16:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

[2012-05-16 14:27:09 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2012-06-09 11:45:54 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

[2012-06-09 11:19:08 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Menu Start\Programy\Pomoc zdalna.lnk

[2012-06-09 10:49:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012-06-09 10:49:15 | 000,262,400 | RHS- | C] () -- C:\cmldr

[2012-06-09 10:47:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012-06-09 10:47:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012-06-09 10:47:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012-06-09 10:47:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012-06-09 10:47:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012-06-09 10:16:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

[2011-12-01 09:08:11 | 000,000,353 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2011-02-08 22:19:56 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011-01-07 20:20:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat


[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List >[/color]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008


< End of report >
#6

Zaloguj się na własne imienne konto, bo teraz korzystasz z wbudowanego konta Administrator.

Wklej i kliknij Wykonaj skrypt:

Pokaż nowy log Skanuj:

#7

wykonywanie

========== OTL ==========

Service kwflower stopped successfully!

Service kwflower deleted successfully!

File system32\DRIVERS\kwflower.sys not found.

Service cpuz130 stopped successfully!

Service cpuz130 deleted successfully!

File C:\DOCUME~1\Wojciech\USTAWI~1\Temp\cpuz130\cpuz_x32.sys not found.

Error: No service named cpuz130 was found to stop!

Service\Driver key cpuz130 not found.

File C:\DOCUME~1\Wojciech\USTAWI~1\Temp\cpuz130\cpuz_x32.sys not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\ not found.

Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}

C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.

Starting removal of ActiveX control {33564D57-9980-0010-8000-00AA00389B71}

C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-9980-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.

File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.

Starting removal of ActiveX control Microsoft XML Parser for Java

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

izdqojflw removed from NetSvcs value successfully!


OTL by OldTimer - Version 3.2.48.0 log created on 06092012_133407

skan

OTL logfile created on: 2012-06-09 13:34:28 - Run 1

OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Wojciech\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1023,36 Mb Total Physical Memory | 705,00 Mb Available Physical Memory | 68,89% Memory free

1,66 Gb Paging File | 1,48 Gb Available in Paging File | 89,08% Paging File free

Paging file location(s): C:\pagefile.sys 768 768 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 20,00 Gb Total Space | 11,41 Gb Free Space | 57,04% Space Free | Partition Type: NTFS

Drive D: | 212,87 Gb Total Space | 134,95 Gb Free Space | 63,40% Space Free | Partition Type: NTFS

Unable to calculate disk information.


Computer Name: ANIOL | User Name: Wojciech | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2012-06-09 13:33:53 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wojciech\Moje dokumenty\Pobieranie\OTL.exe

PRC - [2012-06-07 09:36:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2012-06-07 09:36:42 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012-04-04 07:54:04 | 000,300,544 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2012-06-07 09:36:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2008-11-11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012-03-07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012-03-07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012-03-07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012-03-07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012-03-07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012-03-07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012-03-07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2008-09-28 14:10:09 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2008-09-15 08:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2008-09-15 08:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008-09-15 08:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008-09-15 08:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008-06-24 10:36:14 | 000,065,024 | ---- | M] (Kerio Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev)

DRV - [2008-03-24 12:10:08 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)

DRV - [2008-01-05 01:03:43 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2007-07-18 20:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007-06-28 22:19:00 | 000,230,144 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mobicam.sys -- (TESTCAP)

DRV - [2006-01-11 16:55:48 | 000,219,136 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTCamDrv.sys -- (BTCAMDRV)

DRV - [2005-04-18 02:26:00 | 000,230,912 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2005-01-19 08:37:40 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2004-05-11 07:27:32 | 000,212,608 | ---- | M] (OrangeWare, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\WebCamDV.sys -- (WebCamDV)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 20 05 23 06 04 1E 07 48 AA B0 AF 88 A6 45 97 35 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}

IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaultthis.engineName: "References.TV Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1408409&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.17.1

FF - prefs.js..extensions.enabledItems: player@vividas.com:4.0.0

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

FF - user.js - File not found


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-09 13:06:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-06-07 09:36:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-04-12 18:52:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011-02-23 22:05:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins


[2011-02-23 22:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wojciech\Dane aplikacji\Mozilla\Extensions

[2011-02-23 22:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wojciech\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012-05-16 14:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wojciech\Dane aplikacji\Mozilla\Firefox\Profiles\m959ucrs.default\extensions

[2012-05-16 14:29:31 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Documents and Settings\Wojciech\Dane aplikacji\Mozilla\Firefox\Profiles\m959ucrs.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

[2011-02-08 22:12:56 | 000,000,000 | ---D | M] (Vividas player plugin) -- C:\Documents and Settings\Wojciech\Dane aplikacji\Mozilla\Firefox\Profiles\m959ucrs.default\extensions\player@vividas.com

[2009-07-16 14:02:04 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\Wojciech\Dane aplikacji\Mozilla\Firefox\Profiles\m959ucrs.default\searchplugins\conduit.xml

[2009-03-27 10:10:11 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Wojciech\Dane aplikacji\Mozilla\Firefox\Profiles\m959ucrs.default\searchplugins\winamp-search.xml

[2012-01-09 22:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012-01-07 11:34:17 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\WOJCIECH\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\M959UCRS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012-06-09 13:06:19 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2011-08-25 10:30:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2012-06-07 09:36:42 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011-10-03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010-07-21 12:26:44 | 000,197,224 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npVividasPlayer.dll

[2012-01-09 22:48:34 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2012-01-09 22:48:34 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2012-01-09 22:48:34 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2012-01-09 22:48:34 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2012-01-09 22:48:34 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-01-09 22:48:34 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2012-06-09 11:25:59 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: Pobierz z &BitSpirit - D:\Bartek\BitSpirit\bsurl.htm File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.139.8.7 88.156.63.9

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B358F024-A545-4FD9-9029-943A7C71A08A}: DhcpNameServer = 82.139.8.7 88.156.63.9

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Wojciech\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Wojciech\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-01-02 21:12:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1045" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast")

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


NetSvcs: 6to4 - File not found

NetSvcs: ias - File not found

NetSvcs: iprip - File not found

NetSvcs: irmon - File not found

NetSvcs: nwcworkstation - File not found

NetSvcs: nwsapagent - File not found

NetSvcs: wmdmpmsp - File not found


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2012-06-09 13:34:07 | 000,000,000 | ---D | C] -- C:\_OTL

[2012-06-09 13:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Internet Security

[2012-06-09 13:06:31 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012-06-09 13:06:30 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012-06-09 13:06:29 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012-06-09 13:06:29 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012-06-09 13:06:29 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012-06-09 13:06:28 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012-06-09 13:06:28 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012-06-09 13:06:27 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012-06-09 13:06:03 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012-06-09 13:06:02 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012-06-09 13:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012-06-09 13:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software

[2012-06-09 11:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wojciech\Dane aplikacji\Malwarebytes

[2012-06-09 11:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware

[2012-06-09 11:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2012-06-09 11:45:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012-06-09 11:41:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012-06-09 11:23:15 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll

[2012-06-09 11:19:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2012-06-09 11:18:50 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2012-06-09 11:07:22 | 004,538,510 | R--- | C] (Swearware) -- C:\Documents and Settings\Wojciech\Pulpit\ComboFix.exe

[2012-06-09 10:49:12 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012-06-09 10:47:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012-06-09 10:47:05 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012-06-09 10:47:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Wojciech\Menu Start\Programy\Narzędzia administracyjne

[2012-06-09 10:18:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wojciech\Recent

[2012-06-09 10:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\CCleaner

[2012-06-09 10:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[1 C:\Documents and Settings\Wojciech\*.tmp files -> C:\Documents and Settings\Wojciech\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2012-06-09 13:36:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012-06-09 13:32:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012-06-09 13:20:34 | 000,002,644 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012-06-09 13:10:37 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Internet Security.lnk

[2012-06-09 13:08:55 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012-06-09 11:45:54 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

[2012-06-09 11:43:44 | 000,000,849 | ---- | M] () -- C:\WINDOWS\System32\44574f6b

[2012-06-09 11:25:59 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2012-06-09 11:23:15 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll

[2012-06-09 10:49:17 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012-06-09 10:46:42 | 004,538,510 | R--- | M] (Swearware) -- C:\Documents and Settings\Wojciech\Pulpit\ComboFix.exe

[2012-06-09 10:16:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

[2012-05-16 14:27:09 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[1 C:\Documents and Settings\Wojciech\*.tmp files -> C:\Documents and Settings\Wojciech\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2012-06-09 13:10:37 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Internet Security.lnk

[2012-06-09 11:45:54 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk

[2012-06-09 10:49:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012-06-09 10:49:15 | 000,262,400 | RHS- | C] () -- C:\cmldr

[2012-06-09 10:16:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CCleaner.lnk

[2011-12-01 09:08:11 | 000,000,353 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2011-03-06 11:11:17 | 000,005,510 | ---- | C] () -- C:\Documents and Settings\Wojciech\Dane aplikacji\Cabos.plist

[2011-02-08 22:19:56 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011-01-07 20:20:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat


[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List >[/color]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008


[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List >[/color]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- [2008-04-14 22:51:40 | 000,142,336 | ---- | M] (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- [2008-04-14 00:23:34 | 000,558,080 | ---- | M] (Microsoft Corporation)

"C:\Documents and Settings\Wojciech\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Wojciech\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player

"D:\Gry\Medieval 2\kingdoms.exe" = D:\Gry\Medieval 2\kingdoms.exe:*:Enabled:Medieval 2 Total War: Kingdoms -- [2008-02-29 04:16:12 | 025,632,768 | ---- | M] (The Creative Assembly Ltd)


[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Wojciech\Pulpit\kont.txt.603:SummaryInformation


< End of report >
#8

Wklej i kliknij Wykonaj skrypt:

Odinstaluj ComboFix:

Start -> Uruchom (logo Windows + R) i do okienka Uruchamianie wklej to:

“C:\Documents and Settings\Wojciech\Pulpit\ComboFix.exe” /uninstall

Uruchom OTL i kliknij Sprzątanie.

Wyłącz i ponownie włącz przywracanie systemu:

http://support.microsoft.com/kb/310405/pl

Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date

Dysk przeskanuj Kaspersky Virus Removal Tool 2011

#9

dziękuje za po,oc