Prośba o sprawdzenie loga - problemy z komputerem

mgrzybo2 · 9 Lipiec 2009 14:01

Witam,

Bardzo proszę o sprawdzenie poniższych logów. Komputer koleżanki od kilku dni szwankuje - wyskakują strony internetowe, programy nie chcą się otwierać po kliknięciu na ikony (np. następuje przekierowanie na strony).

Pomocy!

Log z HijackThis :

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:27:40, on 2009-07-09 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\sopidkc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe S:\Informatyczne\Instalacje\odsyfiacze\haxfix.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meetingspoland.pl/konferencj … lnosci.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ania2/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=C:\WINDOWS\system32\msivw.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\msljpo.exe O1 - Hosts: ::1 localhost O1 - Hosts: 209.44.111.62 antispy.microsoft.com O1 - Hosts: 209.44.111.62 antiaware-pro.com O1 - Hosts: 209.44.111.62 http://www.antiaware-pro.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: BHO - {8567EDFA-408C-43e9-B929-4C25C04F5003} - C:\WINDOWS\system32\iehelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM…\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [spamihilator] “C:\Program Files\Spamihilator\spamihilator.exe” O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM…\Run: [sysldtray] C:\WINDOWS\ld12.exe O4 - HKLM…\Run: [pp] C:\windows\pp10.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe O4 - HKLM…\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\msbuk.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://cached.gamedesire.com/g_bin/pl/p … 0_0_30.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://cached.gamedesire.com/g_bin/pl/m … 0_0_32.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Darkness - Unknown owner - C:\WINDOWS\system\svchost.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: sopidkc Service (sopidkc) - NewYork DVD LT - C:\WINDOWS\system32\sopidkc.exe – End of file - 6524 bytes

Log z OTL:

OTL logfile created on: 2009-07-09 14:51:48 - Run 1 OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\MM Stanowisko1\Moje dokumenty\Pobieranie Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,87 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 68,96% Memory free 3,72 Gb Paging File | 3,30 Gb Available in Paging File | 88,65% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 78,13 Gb Total Space | 35,25 Gb Free Space | 45,12% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 154,75 Gb Total Space | 131,95 Gb Free Space | 85,27% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive S: | 914,50 Gb Total Space | 706,20 Gb Free Space | 77,22% Space Free | Partition Type: NTFS Computer Name: MMSTANOWISKO1 Current User Name: MM Stanowisko1 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009-06-23 09:01:30 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2007-10-12 09:34:56 | 00,071,096 | ---- | M] () – C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2006-03-02 14:00:00 | 00,097,792 | ---- | M] (NewYork DVD LTD) – C:\WINDOWS\System32\sopidkc.exe PRC - [2009-06-23 09:01:34 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Explorer.EXE PRC - [2003-07-15 07:45:18 | 00,196,152 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE PRC - [2009-06-24 19:58:20 | 00,908,280 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-07-09 14:45:11 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\MM Stanowisko1\Moje dokumenty\Pobieranie\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2008-04-14 19:20:35 | 00,065,536 | ---- | M] () – C:\WINDOWS\System32\6to4v32.dll – (6to4 [Auto | Stopped]) SRV - [2007-10-24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe – (aspnet_state [On_Demand | Stopped]) SRV - [2007-06-15 03:50:12 | 00,479,232 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\Ati2evxx.exe – (Ati HotKey Poller [Disabled | Stopped]) SRV - [2009-06-23 09:01:30 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\Program Files\AVG\AVG8\avgwdsvc.exe – (avg8wd [Auto | Running]) SRV - [2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - File not found – -- (Darkness [Auto | Stopped]) SRV - [2009-04-30 13:31:15 | 00,182,768 | ---- | M] (Google) – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe – (gusvc [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll – (helpsvc [Auto | Running]) SRV - [2006-03-02 14:00:00 | 00,045,056 | ---- | M] (X-Ways Software Technology ) – C:\WINDOWS\System32\msncache.dll – (msncache [Auto | Running]) SRV - [2007-10-12 09:34:56 | 00,071,096 | ---- | M] () – C:\Program Files\CDBurnerXP\NMSAccessU.exe – (NMSAccessU [Auto | Running]) SRV - [2003-07-28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) – C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE – (ose [On_Demand | Stopped]) SRV - [2006-03-02 14:00:00 | 00,097,792 | ---- | M] (NewYork DVD LTD) – C:\WINDOWS\System32\sopidkc.exe – (sopidkc [Auto | Running]) SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) – C:\Program Files\Windows Media Player\WMPNetwk.exe – (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2006-06-19 00:51:32 | 00,043,520 | ---- | M] (Advanced Micro Devices) – C:\WINDOWS\System32\DRIVERS\AmdK8.sys – (AmdK8 [system | Running]) DRV - [2007-06-15 03:58:56 | 02,301,440 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\DRIVERS\ati2mtag.sys – (ati2mtag [On_Demand | Running]) DRV - [2009-06-23 09:01:34 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\WINDOWS\System32\Drivers\avgldx86.sys – (AvgLdx86 [system | Running]) DRV - [2009-06-23 09:01:34 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\WINDOWS\System32\Drivers\avgmfx86.sys – (AvgMfx86 [system | Running]) DRV - [2008-01-14 14:23:56 | 00,015,600 | ---- | M] (Windows ® 2000 DDK provider) – C:\WINDOWS\gdrv.sys – (gdrv [On_Demand | Stopped]) DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) – C:\WINDOWS\System32\DRIVERS\HDAudBus.sys – (HDAudBus [On_Demand | Running]) DRV - [2007-05-10 11:28:00 | 04,419,584 | R— | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\System32\drivers\RtkHDAud.sys – (IntcAzAudAddService [On_Demand | Running]) DRV - [2008-04-14 19:20:35 | 00,002,304 | ---- | M] () – C:\WINDOWS\System32\pcmstub.sys – (pcmstub [On_Demand | Stopped]) DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) – C:\WINDOWS\System32\DRIVERS\ptilink.sys – (Ptilink [On_Demand | Running]) DRV - [2006-12-14 10:44:06 | 00,085,120 | R— | M] (Realtek Semiconductor Corporation ) – C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys – (RTL8023xp [On_Demand | Running]) DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) – C:\WINDOWS\System32\DRIVERS\secdrv.sys – (Secdrv [On_Demand | Stopped]) DRV - [2008-01-15 10:17:38 | 00,685,816 | ---- | M] () – C:\WINDOWS\System32\Drivers\sptd.sys – (sptd [boot | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU.DEFAULT.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-1935655697-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1935655697-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch IE - HKU\S-1-5-21-1935655697-1647877149-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meetingspoland.pl/konferencj … lnosci.php IE - HKU\S-1-5-21-1935655697-1647877149-839522115-1004\S-1-5-21-1935655697-1647877149-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 ========== FireFox ========== FF - prefs.js…extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\Components: C:\Program Files\Mozilla Firefox\components [2009-07-03 11:52:37 | 00,000,000 | —D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-07-03 11:52:26 | 00,000,000 | —D | M] [2009-07-03 11:52:43 | 00,000,000 | —D | M] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji\mozilla\Extensions [2009-07-03 11:52:43 | 00,000,000 | —D | M] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji\mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-07-03 11:52:43 | 00,000,000 | —D | M] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji\mozilla\Firefox\Profiles\74qphbtw.default\extensions [2009-07-03 11:52:26 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions [2009-07-03 11:52:27 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-06-24 19:58:22 | 00,023,544 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-06-24 19:58:22 | 00,137,208 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-06-24 19:58:22 | 00,065,016 | ---- | M] (mozilla.org) – C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009-06-24 14:27:26 | 00,002,767 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-06-24 14:27:26 | 00,001,406 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-06-24 14:27:26 | 00,002,371 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-06-24 14:27:26 | 00,000,917 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-06-24 14:27:26 | 00,000,858 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-06-24 14:27:26 | 00,001,183 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-06-24 14:27:26 | 00,001,683 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (143 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 209.44.111.62 antispy.microsoft.com O1 - Hosts: 209.44.111.62 antiaware-pro.com O1 - Hosts: 209.44.111.62 http://www.antiaware-pro.com O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (BHO) - {8567EDFA-408C-43e9-B929-4C25C04F5003} - C:\WINDOWS\System32\iehelper.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O3 - HKLM…\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKU\S-1-5-21-1935655697-1647877149-839522115-1004…\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM…\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM…\Run: [pp] C:\windows\pp10.exe () O4 - HKLM…\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM…\Run: [spamihilator] C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer) O4 - HKLM…\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM…\Run: [sysldtray] C:\WINDOWS\ld12.exe () O4 - HKU\S-1-5-21-1935655697-1647877149-839522115-1004…\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe File not found O4 - HKU\S-1-5-21-1935655697-1647877149-839522115-1004…\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1935655697-1647877149-839522115-1004…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) F3 - HKU.DEFAULT WinNT: Load - (C:\WINDOWS\system32\mslasbny.exe) - C:\WINDOWS\System32\mslasbny.exe () F3 - HKU.DEFAULT WinNT: Run - (C:\WINDOWS\system32\msomuevg.exe) - C:\WINDOWS\System32\msomuevg.exe () F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\system32\mslasbny.exe) - C:\WINDOWS\System32\mslasbny.exe () F3 - HKU\S-1-5-18 WinNT: Run - (C:\WINDOWS\system32\msomuevg.exe) - C:\WINDOWS\System32\msomuevg.exe () F3 - HKU\S-1-5-21-1935655697-1647877149-839522115-1004 WinNT: Load - (C:\WINDOWS\system32\msivw.exe) - C:\WINDOWS\System32\msivw.exe () F3 - HKU\S-1-5-21-1935655697-1647877149-839522115-1004 WinNT: Run - (C:\WINDOWS\system32\msljpo.exe) - C:\WINDOWS\System32\msljpo.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1935655697-1647877149-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1935655697-1647877149-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra ‘Tools’ menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra ‘Tools’ menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM…Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} http://www.eska.pl/streamplayers/OggX.ocx (OggX Control) O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/pi/components/SignActivX.cab (SignActivX Control) O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} http://cached.gamedesire.com/g_bin/pl/p … 0_0_30.cab (GameDesire Pinball Pirate) O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} http://cached.gamedesire.com/g_bin/pl/m … 0_0_32.cab (GameDesire Marbles&Diamonds&Runes) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s … wflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-01-14 13:55:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS] O33 - MountPoints2{17c1abac-b4a4-11dd-8e7e-001a4df72d76}\Shell\AutoRun\command - “” = G:\Materiały_Szkoleniowe_Akademia_2008.exe – File not found O33 - MountPoints2{3a8fdf37-b4a5-11dd-8e7f-001a4df72d76}\Shell\AutoRun\command - “” = G:\Materiały_Szkoleniowe_Akademia_2008.exe – File not found O33 - MountPoints2{3a8fdf38-b4a5-11dd-8e7f-001a4df72d76}\Shell\AutoRun\command - “” = G:\Materiały_Szkoleniowe_Akademia_2008.exe – File not found O33 - MountPoints2{3a8fdf39-b4a5-11dd-8e7f-001a4df72d76}\Shell\AutoRun\command - “” = G:\Materiały_Szkoleniowe_Akademia_2008.exe – File not found O33 - MountPoints2{4d4235ae-b575-11dd-8e81-001a4df72d76}\Shell - “” = AutoRun O33 - MountPoints2{4d4235ae-b575-11dd-8e81-001a4df72d76}\Shell\Auto\command - “” = UFO.exe O33 - MountPoints2{4ee04815-b552-11dd-8e80-001a4df72d76}\Shell\AutoRun\command - “” = G:\Materiały_Szkoleniowe_Akademia_2008.exe – File not found O33 - MountPoints2{56d1f374-8489-11dd-8e71-001a4df72d76}\Shell\AutoRun\command - “” = G:\Materiały_Szkoleniowe_Akademia_2008.exe – File not found O33 - MountPoints2{9372e67c-6dc4-11dd-8e6f-001a4df72d76}\Shell\AutoRun\command - “” = G:\Materiały_Szkoleniowe_Akademia_2008.exe – File not found O33 - MountPoints2{9372e67d-6dc4-11dd-8e6f-001a4df72d76}\Shell\AutoRun\command - “” = G:\Materiały_Szkoleniowe_Akademia_2008.exe – File not found O33 - MountPoints2{9372e67e-6dc4-11dd-8e6f-001a4df72d76}\Shell\AutoRun\command - “” = G:\Materiały_Szkoleniowe_Akademia_2008.exe – File not found O33 - MountPoints2{9372e69a-6dc4-11dd-8e6f-001a4df72d76}\Shell\AutoRun\command - “” = G:\Materiały_Szkoleniowe_Akademia_2008.exe – File not found O33 - MountPoints2{94a945c5-608e-11de-8f0c-001a4df72d76}\Shell\AutoRun\command - “” = G:\mice.exe – File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32*.tmp files] [9 C:\WINDOWS*.tmp files] [2009-07-09 14:01:46 | 20,116,80768 | -HS- | C] () – C:\hiberfil.sys [2009-07-09 13:55:56 | 00,812,344 | ---- | C] (Trend Micro Inc.) – C:\Documents and Settings\MM Stanowisko1\Pulpit\HJTInstall.exe [2009-07-09 13:55:56 | 00,517,830 | ---- | C] (Marckie ) – C:\Documents and Settings\MM Stanowisko1\Pulpit\haxfix.exe [2009-07-09 13:55:56 | 00,051,232 | ---- | C] (gkweb) – C:\Documents and Settings\MM Stanowisko1\Pulpit\wwdc_141_(dobreprogramy.pl).exe [2009-07-09 13:55:44 | 00,000,000 | —D | C] – C:\Documents and Settings\MM Stanowisko1\Pulpit\SmitfraudFix [2009-07-09 13:24:57 | 00,001,740 | ---- | C] () – C:\Documents and Settings\MM Stanowisko1\Pulpit\HijackThis.lnk [2009-07-09 13:24:56 | 00,000,000 | —D | C] – C:\Program Files\Trend Micro [2009-07-09 13:11:30 | 00,000,000 | —D | C] – C:\HaxFix [2009-07-06 09:15:51 | 00,015,360 | -H-- | C] () – C:\WINDOWS\pp10.exe [2009-07-06 09:15:51 | 00,000,002 | ---- | C] () – C:\WINDOWS\0101120101464849.dat [2009-07-06 09:15:51 | 00,000,001 | ---- | C] () – C:\WINDOWS\934fdfg34fgjf23 [2009-07-03 14:51:43 | 00,000,002 | ---- | C] () – C:\WINDOWS\0535251103110107106.lio [2009-07-03 14:51:42 | 00,065,536 | ---- | C] () – C:\WINDOWS\freddy49.exe [2009-07-03 14:51:42 | 00,000,001 | -H-- | C] () – C:\WINDOWS\bf23567.dat [2009-07-03 13:26:43 | 00,000,000 | —D | C] – C:\WINDOWS\System32\XPToolsLicenseComponent [2009-07-03 13:26:13 | 00,000,000 | —D | C] – C:\Documents and Settings\MM Stanowisko1\Pulpit\Downloads [2009-07-03 13:26:08 | 00,000,000 | —D | C] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji\GetRightToGo [2009-07-03 13:04:13 | 00,000,000 | —D | C] – C:\Documents and Settings\MM Stanowisko1\Moje dokumenty\Pobieranie [2009-07-03 11:52:40 | 00,000,000 | ---- | C] () – C:\WINDOWS\nsreg.dat [2009-07-03 11:52:34 | 00,000,000 | —D | C] – C:\Documents and Settings\MM Stanowisko1\Ustawienia lokalne\Dane aplikacji\Mozilla [2009-07-03 11:52:34 | 00,000,000 | —D | C] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji\Mozilla [2009-07-03 11:52:29 | 00,001,608 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-07-03 11:52:26 | 00,000,000 | —D | C] – C:\Program Files\Mozilla Firefox [2009-07-03 10:50:05 | 00,000,000 | —D | C] – C:\WINDOWS\ie8updates [2009-07-03 10:46:21 | 00,000,000 | -H-D | C] – C:\WINDOWS\ie8 [2009-07-03 10:27:34 | 00,012,544 | ---- | C] () – C:\WINDOWS\System32\iehelper.dll [2009-07-03 10:17:48 | 00,000,008 | ---- | C] () – C:\WINDOWS\System32\comsa32.sys [2009-07-03 10:17:34 | 00,000,002 | ---- | C] () – C:\WINDOWS\010112010146118114.dat [2009-07-03 10:17:16 | 00,000,002 | ---- | C] () – C:\813648803 [2009-07-03 10:17:14 | 00,031,232 | ---- | C] () – C:\WINDOWS\ld12.exe [2008-01-15 10:37:44 | 00,010,752 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll [2008-01-15 10:37:44 | 00,000,547 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-01-15 10:35:00 | 00,081,920 | ---- | C] () – C:\WINDOWS\System32\cpwmon2k.dll [2008-01-15 10:24:13 | 00,000,421 | ---- | C] () – C:\WINDOWS\ODBC.INI [2008-01-15 10:17:38 | 00,685,816 | ---- | C] () – C:\WINDOWS\System32\drivers\sptd.sys [2006-03-02 14:00:00 | 00,135,168 | ---- | C] () – C:\WINDOWS\System32\tpszxyd.sys [2006-03-02 14:00:00 | 00,065,536 | ---- | C] () – C:\WINDOWS\System32\6to4v32.dll [2006-03-02 14:00:00 | 00,002,304 | ---- | C] () – C:\WINDOWS\System32\pcmstub.sys [2006-03-02 14:00:00 | 00,000,638 | ---- | C] () – C:\WINDOWS\win.ini [2006-03-02 14:00:00 | 00,000,231 | ---- | C] () – C:\WINDOWS\system.ini [2006-03-02 14:00:00 | 00,000,006 | ---- | C] () – C:\WINDOWS\System32\FInstall.sys [2003-04-08 12:40:22 | 00,005,679 | ---- | C] () – C:\WINDOWS\System32\OUTLPERF.INI ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32*.tmp files] [9 C:\WINDOWS*.tmp files] [2009-07-09 14:01:50 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT [2009-07-09 14:01:49 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat [2009-07-09 14:01:46 | 20,116,80768 | -HS- | M] () – C:\hiberfil.sys [2009-07-09 13:24:57 | 00,001,740 | ---- | M] () – C:\Documents and Settings\MM Stanowisko1\Pulpit\HijackThis.lnk [2009-07-09 12:33:40 | 00,812,344 | ---- | M] (Trend Micro Inc.) – C:\Documents and Settings\MM Stanowisko1\Pulpit\HJTInstall.exe [2009-07-09 12:20:39 | 00,517,830 | ---- | M] (Marckie ) – C:\Documents and Settings\MM Stanowisko1\Pulpit\haxfix.exe [2009-07-09 12:19:23 | 00,051,232 | ---- | M] (gkweb) – C:\Documents and Settings\MM Stanowisko1\Pulpit\wwdc_141_(dobreprogramy.pl).exe [2009-07-09 09:05:43 | 00,016,302 | ---- | M] () – C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009-07-09 09:05:42 | 37,946,531 | ---- | M] () – C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009-07-09 09:04:02 | 00,013,646 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl [2009-07-06 11:29:03 | 00,208,896 | ---- | M] () – C:\Documents and Settings\MM Stanowisko1\Pulpit\Firmówka MM 2009.doc [2009-07-06 09:15:51 | 00,015,360 | -H-- | M] () – C:\WINDOWS\pp10.exe [2009-07-06 09:15:51 | 00,000,002 | ---- | M] () – C:\WINDOWS\0101120101464849.dat [2009-07-06 09:15:51 | 00,000,001 | ---- | M] () – C:\WINDOWS\934fdfg34fgjf23 [2009-07-03 14:51:43 | 00,000,002 | ---- | M] () – C:\WINDOWS\0535251103110107106.lio [2009-07-03 14:51:42 | 00,065,536 | ---- | M] () – C:\WINDOWS\freddy49.exe [2009-07-03 14:51:42 | 00,000,001 | -H-- | M] () – C:\WINDOWS\bf23567.dat [2009-07-03 11:52:40 | 00,000,000 | ---- | M] () – C:\WINDOWS\nsreg.dat [2009-07-03 11:52:29 | 00,001,608 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2009-07-03 11:18:56 | 00,012,544 | ---- | M] () – C:\WINDOWS\System32\iehelper.dll [2009-07-03 10:49:26 | 00,001,355 | ---- | M] () – C:\WINDOWS\imsins.BAK [2009-07-03 10:17:34 | 00,000,002 | ---- | M] () – C:\WINDOWS\010112010146118114.dat [2009-07-03 10:17:17 | 00,000,002 | ---- | M] () – C:\813648803 [2009-07-03 10:17:14 | 00,031,232 | ---- | M] () – C:\WINDOWS\ld12.exe [2009-06-30 09:53:23 | 00,463,779 | ---- | M] () – C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009-06-23 09:01:34 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\WINDOWS\System32\drivers\avgldx86.sys [2009-06-23 09:01:34 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\WINDOWS\System32\drivers\avgmfx86.sys [2009-06-23 09:01:34 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) – C:\WINDOWS\System32\avgrsstx.dll [2009-06-21 10:22:58 | 00,000,008 | ---- | M] () – C:\WINDOWS\System32\comsa32.sys [2009-06-15 08:21:45 | 00,142,832 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2008-01-14 14:42:01 | 00,000,000 | RH-D | M] – C:\Documents and Settings\Administrator\Dane aplikacji [2008-01-14 14:42:01 | 00,000,000 | RH-D | M] – C:\Documents and Settings\Administrator.MMSTANOWISKO1\Dane aplikacji [2009-04-01 16:21:10 | 00,000,000 | RH-D | M] – C:\Documents and Settings\All Users\Dane aplikacji [2008-01-14 14:36:30 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\ATI [2008-01-15 10:15:26 | 00,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ [2008-01-14 14:42:01 | 00,000,000 | RH-D | M] – C:\Documents and Settings\Default User\Dane aplikacji [2009-07-06 10:04:41 | 00,000,000 | —D | M] – C:\Documents and Settings\LocalService\Dane aplikacji [2009-07-03 13:26:08 | 00,000,000 | RH-D | M] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji [2008-01-14 14:36:30 | 00,000,000 | —D | M] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji\ATI [2008-02-01 12:42:40 | 00,000,000 | —D | M] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji\Corel [2008-02-28 14:38:35 | 00,000,000 | —D | M] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji\Gadu-Gadu [2009-02-20 13:28:48 | 00,000,000 | —D | M] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji\GanymedeNet [2009-07-03 13:26:32 | 00,000,000 | —D | M] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji\GetRightToGo [2008-01-26 14:47:47 | 00,000,000 | —D | M] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji\SmartDraw [2009-07-09 09:53:41 | 00,000,000 | —D | M] – C:\Documents and Settings\MM Stanowisko1\Dane aplikacji\Spamihilator [2009-07-03 14:14:05 | 00,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Dane aplikacji [2006-03-02 14:00:00 | 00,000,065 | RH-- | M] () – C:\WINDOWS\Tasks\desktop.ini [2009-07-09 14:01:50 | 00,000,006 | -H-- | M] () – C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== < End of report >

Log z GMER:

GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-09 15:46:24 Windows 5.1.2600 Dodatek Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT sptd.sys ZwCreateKey [0xBA6BE0D0] SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2] SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340] SSDT sptd.sys ZwOpenKey [0xBA6BE0B0] SSDT sptd.sys ZwQueryKey [0xBA6C4418] SSDT sptd.sys ZwQueryValueKey [0xBA6C4298] SSDT sptd.sys ZwSetValueKey [0xBA6C44AA] ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload B81FB8AC 5 Bytes JMP 8A4551C8 ? System32\Drivers\aihh4qpr.SYS System nie może odnaleźć określonej ścieżki. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [bA6BEAD4] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [bA6BEC1A] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [bA6BEB9C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [bA6BF748] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [bA6BF61E] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [bA6D429A] sptd.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A66E1E8 Device \Driver\usbohci \Device\USBPDO-0 8A4541E8 Device \Driver\usbohci \Device\USBPDO-1 8A4541E8 Device \Driver\usbohci \Device\USBPDO-2 8A4541E8 Device \Driver\usbohci \Device\USBPDO-3 8A4541E8 Device \Driver\usbohci \Device\USBPDO-4 8A4541E8 Device \Driver\usbehci \Device\USBPDO-5 8A41C1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5FF1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5FF1E8 Device \Driver\Cdrom \Device\CdRom0 8A47F1E8 Device \Driver\Cdrom \Device\CdRom1 8A47F1E8 Device \Driver\PCI_NTPNP4362 \Device\0000003c sptd.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1E5790 Device \Driver\NetBT \Device\NetBT_Tcpip_{E24D5503-9C19-43E9-AE49-C7576A7AFBCA} 8A1E5790 Device \Driver\usbohci \Device\USBFDO-0 8A4541E8 Device \Driver\usbohci \Device\USBFDO-1 8A4541E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A731E8 Device \Driver\usbohci \Device\USBFDO-2 8A4541E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A731E8 Device \Driver\usbohci \Device\USBFDO-3 8A4541E8 Device \Driver\usbohci \Device\USBFDO-4 8A4541E8 Device \Driver\Ftdisk \Device\FtControl 8A5FF1E8 Device \Driver\usbehci \Device\USBFDO-5 8A41C1E8 Device \Driver\aihh4qpr \Device\Scsi\aihh4qpr1 8A40A410 Device \Driver\aihh4qpr \Device\Scsi\aihh4qpr1Port4Path0Target0Lun0 8A40A410 Device \FileSystem\Cdfs \Cdfs 8A36E790 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0xB7 0x37 0x06 … Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 … Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA6 0x2B 0xD4 0x30 … Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0xBF 0x9D 0x44 … Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0xB7 0x37 0x06 … Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 … Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA6 0x2B 0xD4 0x30 … Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0xBF 0x9D 0x44 … Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0xB7 0x37 0x06 … Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 … Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA6 0x2B 0xD4 0x30 … Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0xBF 0x9D 0x44 … ---- EOF - GMER 1.0.15 ----

deFco247 · 9 Lipiec 2009 14:07

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link

Niestety tutaj jest Virut i znacznie więcej… :shock:

Zastosuj sie do jednej z metod zawartych w tym poście.

mgrzybo2 · 9 Lipiec 2009 15:06

Dziękuję za odpowiedź, co do wklejania logów, to będę się stosować do zasad.

Tego się spodziewałam, że jest ostro zasyfiony. Chyba nie będę wymyślać i skończy się na formacie i przeinstalowaniu. Ech…