Problem jest taki że co jakiś czas mozna dostać szajby podczas pracy.
Nagle uruchamia się przeglądarka czy to było IE czy Mozilla potrafiła wyskoczyć 5 okien naraz
później podczas pracy w necie wracało wszystko do strony startowej google.pl i tak mogło być nawet kilka krotnie pod rząd aż od czasu wyłączenie kompa bo już nie było siły.
Komputer został również potraktowany programem ComboFix
Oto logi
OTL logfile created on: 2010-03-14 08:52:53 - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = E:\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 17,65 Gb Free Space | 60,26% Space Free | Partition Type: NTFS
Drive D: | 29,35 Gb Total Space | 26,20 Gb Free Space | 89,24% Space Free | Partition Type: NTFS
Drive E: | 90,40 Gb Total Space | 77,31 Gb Free Space | 85,52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 37,27 Gb Total Space | 23,53 Gb Free Space | 63,14% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Computer Name: ARTUR
Current User Name: ArturG
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2010-03-14 08:52:18 | 000,555,008 | ---- | M] (OldTimer Tools) -- E:\Pobieranie\OTL.exe
PRC - [2010-02-04 21:13:20 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010-01-27 21:13:28 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010-01-26 19:50:01 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programy\Mozilla Firefox\firefox.exe
PRC - [2009-08-14 11:27:21 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-08-14 11:27:21 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007-09-02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Programy\RocketDock\RocketDock.exe
PRC - [2004-12-13 03:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2010-03-14 08:52:18 | 000,555,008 | ---- | M] (OldTimer Tools) -- E:\Pobieranie\OTL.exe
MOD - [2007-09-02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Programy\RocketDock\RocketDock.dll
MOD - [2004-08-03 23:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2010-02-04 21:13:20 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009-08-14 11:27:21 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-08-14 11:27:21 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2004-12-13 03:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2010-01-11 20:16:10 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-11-21 03:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-09-23 13:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009-08-14 12:08:30 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-08-14 11:27:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-07-09 05:24:34 | 001,668,352 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2009-06-30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009-03-30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-18 17:31:04 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-02-13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-12-18 12:44:49 | 000,097,792 | ---- | M] (T0r0 & Tecar Forum 2009) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NSHE.SYS -- (NSHE)
DRV - [2008-08-05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2006-10-18 10:38:38 | 000,009,728 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cxavxbar.sys -- (CXAVXBAR)
DRV - [2006-10-18 10:37:56 | 000,050,816 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88tune.sys -- (CXTUNE)
DRV - [2006-10-18 10:37:26 | 000,162,944 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cx88vid.sys -- (CX23880)
DRV - [2006-07-11 14:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-07-11 14:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-06-18 22:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006-05-15 14:35:56 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006-05-15 14:35:48 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006-05-15 14:35:48 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006-05-15 14:35:46 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006-05-15 14:35:42 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006-05-15 14:35:42 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006-05-15 14:35:36 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006-01-13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vd_filedisk.sys -- (VD_FileDisk)
DRV - [2006-01-04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005-07-28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005-01-07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2005-01-06 15:55:38 | 000,009,446 | ---- | M] (Leadtek Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys -- (WFIOCTL)
DRV - [2004-08-03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.17
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programy\Mozilla Firefox\components [2010-02-26 20:12:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programy\Mozilla Firefox\plugins [2010-01-26 19:50:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programy\Mozilla Thunderbird\components [2010-01-23 22:35:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programy\Mozilla Thunderbird\plugins
[2009-08-14 10:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ArturG\Dane aplikacji\Mozilla\Extensions
[2010-03-13 12:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ArturG\Dane aplikacji\Mozilla\Firefox\Profiles\inrii2md.default\extensions
[2010-03-10 19:18:28 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\ArturG\Dane aplikacji\Mozilla\Firefox\Profiles\inrii2md.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010-01-29 21:23:07 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\ArturG\Dane aplikacji\Mozilla\Firefox\Profiles\inrii2md.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programy\FlashGet\ComDlls\bhoCATCH.dll (FlashGet)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Programy\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All by FlashGet - C:\Programy\FlashGet\ComDlls\Bhoall.htm ()
O8 - Extra context menu item: &Download by FlashGet - C:\Programy\FlashGet\ComDlls\Bholink.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Programy\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.201.2
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\ArturG\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ArturG\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-08-14 10:20:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010-03-13 21:13:55 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010-03-13 21:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010-03-13 20:54:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-03-13 20:42:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-03-12 19:17:50 | 000,000,000 | ---D | C] -- E:\Artur\Pobieranie
[2010-03-11 19:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ArturG\Dane aplikacji\WinRAR
[2010-03-05 19:49:53 | 000,685,056 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\hardlock.sys
[2010-03-05 19:49:11 | 000,191,488 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\hlvdd.dll
[2010-03-05 18:52:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ArturG\Recent
[2010-03-05 18:20:54 | 000,097,792 | ---- | C] (T0r0 & Tecar Forum 2009) -- C:\WINDOWS\System32\drivers\NSHE.SYS
[2010-03-05 18:20:08 | 003,063,808 | ---- | C] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\hinstd.dll
[2010-03-05 18:20:08 | 002,164,411 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\haspds_windows.dll
[2010-03-05 18:03:02 | 000,000,000 | ---D | C] -- C:\Tecar Forum
[2010-02-26 21:37:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010-02-26 21:28:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010-02-26 17:51:29 | 001,668,352 | R--- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athuw.sys
[2009-08-14 10:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-08-14 10:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-08-14 10:20:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-08-14 10:20:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010-03-14 08:46:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-03-14 08:46:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010-03-14 08:46:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010-03-14 08:46:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010-03-14 08:46:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010-03-14 08:45:48 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-03-14 08:45:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2010-03-14 08:45:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-03-14 08:45:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-03-13 21:45:13 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\ArturG\NTUSER.DAT
[2010-03-13 21:38:27 | 000,043,752 | ---- | M] () -- C:\Documents and Settings\ArturG\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-03-13 21:37:31 | 000,189,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-03-13 20:48:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-03-13 20:37:50 | 000,001,481 | ---- | M] () -- C:\Documents and Settings\ArturG\Pulpit\HijackThis.lnk
[2010-03-13 19:38:20 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\ArturG\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-12 18:44:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-07 14:54:44 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-03-07 10:49:55 | 000,009,348 | ---- | M] () -- E:\Artur\APC - 2010.03.07 10.49 - 002.jpg
[2010-03-07 10:40:26 | 000,045,098 | ---- | M] () -- E:\Artur\APC - 2010.03.07 10.40 - 001.jpg
[2010-03-07 10:39:01 | 000,018,694 | ---- | M] () -- E:\Artur\APC - 2010.03.07 10.38 - 001.jpg
[2010-03-06 21:37:31 | 000,068,507 | ---- | M] () -- E:\Artur\Aleks_098.jpg
[2010-03-05 19:49:11 | 000,191,488 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\hlvdd.dll
[2010-03-05 19:48:58 | 000,001,605 | ---- | M] () -- C:\Documents and Settings\ArturG\Pulpit\ETKA.lnk
[2010-02-28 17:49:19 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-02-28 17:49:19 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2010-02-19 17:54:50 | 000,002,778 | ---- | M] () -- C:\Documents and Settings\ArturG\.recently-used.xbel
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010-03-13 20:43:11 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-03-13 20:43:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-03-13 20:37:50 | 000,001,481 | ---- | C] () -- C:\Documents and Settings\ArturG\Pulpit\HijackThis.lnk
[2010-03-07 10:49:55 | 000,009,348 | ---- | C] () -- E:\Artur\APC - 2010.03.07 10.49 - 002.jpg
[2010-03-07 10:40:26 | 000,045,098 | ---- | C] () -- E:\Artur\APC - 2010.03.07 10.40 - 001.jpg
[2010-03-07 10:39:01 | 000,018,694 | ---- | C] () -- E:\Artur\APC - 2010.03.07 10.38 - 001.jpg
[2010-03-06 21:37:31 | 000,068,507 | ---- | C] () -- E:\Artur\Aleks_098.jpg
[2010-03-05 19:49:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TempFile
[2010-03-05 19:48:58 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\ArturG\Pulpit\ETKA.lnk
[2010-03-05 18:20:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe
[2010-03-05 18:20:10 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2010-02-19 17:54:50 | 000,002,778 | ---- | C] () -- C:\Documents and Settings\ArturG\.recently-used.xbel
[2010-01-12 08:48:54 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-01-11 20:12:29 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\ArturG\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-14 12:08:30 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-08-14 12:05:11 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-08-14 11:35:30 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-08-14 11:35:29 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-08-14 11:35:28 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-08-14 11:35:27 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-08-14 11:35:26 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-08-14 11:35:26 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004-08-03 23:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-07-17 10:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8FF81EB0
< End of report >
i jeszcze z Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:09, on 2010-03-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Programy\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programy\Mozilla Firefox\firefox.exe
C:\Programy\Ashampoo\apc.exe
C:\Programy\Nowe Gadu-Gadu\gg.exe
C:\Programy\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Programy\TC UP\totalcmd.exe
c:\Programy\Screamer\screamer.exe
C:\Programy\FlashGet\flashget.exe
C:\Programy\Mozilla Thunderbird\thunderbird.exe
C:\Programy\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programy\FlashGet\ComDlls\bhoCATCH.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [RocketDock] "C:\Programy\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All by FlashGet - C:\Programy\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Programy\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\Programy\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
ktoś jest w stanie pomóc??
problem wrócił po kilku dniach spokoju