jak i gdzie sprawdzić ładowanie alternatora + pytanie o akku
Dysk Twardy: nowy czy "z odzysku"_jak sprawdzić?
Prosze o pomoc w usunieciu win32 small EPJ
BARDZO PROSZE O SZYBKA POMOC, SPECJALISTY CO SIE ZNA ;]]]
głośniki blaupunkta JBL i GROUND ZERO..prosze o opinie
sprawdzie moje logi plx
moje logi - sprawdzcie plis
Prośba o sprawdzenie konfiguracji komputera
jak sprawdzić ilu bitowy jest mój procesor?
[delphi] sprawdzanie poprawności adresu
chomiki
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 13:44:15, on 2010-05-09
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.allplayer.org/thankyou.php?ver=V4.0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 5959 bytes
Odinstaluj DAEMON Tools Toolbar. HijackThis produkuje zbyt ubogi log jak na dzisiejsze czasy, więc podaj logi z: OTL i GMER
Log z OTL :
OTL logfile created on: 2010-05-09 14:37:11 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Fuks\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 65,98 Gb Free Space | 88,53% Space Free | Partition Type: NTFS
Drive D: | 74,51 Gb Total Space | 46,37 Gb Free Space | 62,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: W-2445EEDC12734
Current User Name: Fuks
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-05-09 14:35:45 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fuks\Pulpit\OTL.exe
PRC - [2010-05-07 11:21:32 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010-04-03 13:35:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-04-01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-12-04 16:36:33 | 000,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007-12-04 15:00:23 | 000,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007-12-04 15:00:16 | 000,140,664 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007-12-04 14:59:53 | 000,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2007-12-04 14:59:01 | 000,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2007-11-14 12:54:24 | 002,131,392 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2007-09-07 16:54:54 | 000,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2007-05-07 16:35:14 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2006-11-24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
PRC - [2006-06-27 17:21:14 | 001,449,984 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2006-06-15 13:36:18 | 000,229,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2006-06-09 11:37:18 | 000,471,552 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2006-06-05 14:59:18 | 000,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
========== Modules (SafeList) ==========
MOD - [2010-05-09 14:35:45 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fuks\Pulpit\OTL.exe
MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll
========== Win32 Services (SafeList) ==========
SRV - [2007-12-04 16:36:33 | 000,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-12-04 15:00:16 | 000,140,664 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2007-12-04 14:59:53 | 000,247,160 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2007-12-04 14:59:01 | 000,345,464 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2006-06-05 14:59:18 | 000,174,080 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
========== Driver Services (SafeList) ==========
DRV - [2010-04-24 21:59:57 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-05-21 06:12:56 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008-05-02 08:48:55 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2008-05-02 08:48:54 | 000,027,648 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteatapi.sys -- (ITEATAPI)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-12-04 16:55:46 | 000,094,544 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2007-12-04 16:53:39 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2007-12-04 16:51:52 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2007-12-04 16:49:02 | 000,026,624 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007-08-02 18:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2006-05-29 09:26:38 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006-05-29 09:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006-05-29 09:26:36 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006-05-29 09:26:36 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005-12-09 10:48:40 | 004,123,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004-12-06 18:55:20 | 000,126,720 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004-10-29 12:21:14 | 000,025,067 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iteraid.sys -- (iteraid)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.5.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.19
FF - prefs.js..network.proxy.no_proxies_on: "plimus.com,regnow.com"
FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.ssl: ""
FF - user.js..network.proxy.ssl_port: 0
FF - user.js..network.proxy.ftp: ""
FF - user.js..network.proxy.ftp_port: 0
FF - user.js..network.proxy.gopher: ""
FF - user.js..network.proxy.gopher_port: 0
FF - user.js..network.proxy.socks_version: 5
FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-05-06 20:49:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-05-06 20:49:57 | 000,000,000 | ---D | M]
[2010-03-16 20:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Extensions
[2010-05-09 12:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions
[2010-04-24 22:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010-04-29 21:20:57 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010-05-09 13:27:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010-03-16 20:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions\autofillForms@blueimp.net
[2010-05-09 14:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions\DTToolbar@toolbarnet.com
[2010-04-24 21:59:59 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\searchplugins\daemon-search.xml
[2010-05-09 12:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-02-21 12:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010-01-14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found.
O3 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\Fuks\Menu Start\Programy\Autostart\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Fuks\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fuks\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-03-07 21:07:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4ecea372-4fdc-11df-ac85-0014857ce9a9}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-05-09 14:35:44 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fuks\Pulpit\OTL.exe
[2010-05-09 13:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-05-09 13:16:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-05-08 14:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Pulpit\paktofonika - kinematografia
[2010-05-06 20:50:19 | 000,000,000 | ---D | C] -- C:\Downloads
[2010-05-06 20:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Dane aplikacji\BitComet
[2010-05-05 13:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Ustawienia lokalne\Dane aplikacji\AskToolbar
[2010-05-01 19:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Dane aplikacji\TS3Client
[2010-05-01 19:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2010-04-24 22:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Dane aplikacji\GARMIN
[2010-04-24 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010-04-24 21:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010-04-24 21:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Dane aplikacji\DAEMON Tools Lite
[2010-04-24 21:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-04-13 18:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Steganos Internet Anonym 2006
[2010-04-12 22:24:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010-04-12 22:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Dane aplikacji\Sincell
[2010-04-12 22:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sincell
[2010-04-12 22:08:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sincell
[2010-04-11 21:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fuks\Dane aplikacji\Hide IP NG
[3 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]
========== Files - Modified Within 30 Days ==========
[2010-05-09 14:38:20 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Fuks\Pulpit\gmer.zip
[2010-05-09 14:35:45 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fuks\Pulpit\OTL.exe
[2010-05-09 14:27:18 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Fuks\Pulpit\HiJackThis.lnk
[2010-05-09 14:25:54 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-05-09 14:25:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-05-09 14:25:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-05-09 14:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-05-09 12:17:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-09 12:16:56 | 000,229,488 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-05-09 12:16:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-08 23:40:58 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Fuks\NTUSER.DAT
[2010-05-08 23:40:58 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Fuks\ntuser.ini
[2010-05-08 23:40:53 | 005,858,174 | -H-- | M] () -- C:\Documents and Settings\Fuks\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-05-05 11:51:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-04 14:50:37 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2010-05-01 19:01:40 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk
[2010-04-27 17:14:30 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk
[2010-04-27 15:26:45 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\Fuks\Pulpit\clubfm.m3u
[2010-04-24 21:59:58 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2010-04-24 21:59:57 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-04-20 17:57:09 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Fuks\Pulpit\Xfire.lnk
[2010-04-19 15:50:30 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010-04-17 22:08:22 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\Fuks\Pulpit\Counter-Strike.lnk
[2010-04-16 22:26:30 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[3 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]
========== Files Created - No Company Name ==========
[2010-05-09 14:38:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Fuks\Pulpit\gmer.exe
[2010-05-09 14:38:19 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Fuks\Pulpit\gmer.zip
[2010-05-09 13:35:02 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Fuks\Menu Start\Programy\Autostart\Xfire.lnk
[2010-05-09 13:23:33 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Fuks\Pulpit\HiJackThis.lnk
[2010-05-04 14:50:54 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-05-04 14:50:37 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk
[2010-05-01 19:01:40 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk
[2010-04-27 15:26:44 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\Fuks\Pulpit\clubfm.m3u
[2010-04-24 21:59:58 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2010-04-24 21:59:57 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-04-20 17:57:09 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Fuks\Pulpit\Xfire.lnk
[2010-04-19 15:50:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010-04-16 22:26:30 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010-03-07 21:23:30 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-03-07 21:23:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010-03-07 21:23:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-03-07 21:23:27 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-03-07 21:23:27 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010-03-07 21:19:04 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-03-07 21:14:30 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-05-21 06:12:56 | 000,007,274 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2009-05-01 00:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-05-01 00:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-05-01 00:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-05-01 00:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-05-03 09:24:01 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005-12-07 13:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
========== LOP Check ==========
[2010-04-24 21:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-03-07 21:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations
[2010-03-13 23:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-03-07 21:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-04-12 22:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sincell
[2010-05-06 20:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\BitComet
[2010-04-24 22:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\DAEMON Tools Lite
[2010-04-24 22:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Datalayer
[2010-03-07 22:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Gadu-Gadu
[2010-03-13 23:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Gadu-Gadu 10
[2010-04-24 22:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\GARMIN
[2010-04-11 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Hide IP NG
[2010-03-09 19:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Nokia
[2010-03-07 21:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\PC Suite
[2010-04-12 22:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Sincell
[2010-05-01 19:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\TS3Client
[2010-05-06 21:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\uTorrent
[2010-05-09 14:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
< End of report >
i log z gmer
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-09 14:57:39
Windows 5.1.2600 Dodatek Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Fuks\USTAWI~1\Temp\fwxyyfog.sys
.text ...
---- System - GMER 1.0.15 ----
INT 0x62 ? 89BE6BF8
INT 0x63 ? 89C57BF8
INT 0x82 ? 89BE6BF8
INT 0x83 ? 89943BF8
INT 0xA4 ? 89943BF8
INT 0xB4 ? 89943BF8
---- Devices - GMER 1.0.15 ----
Device \Driver\ahvnoaci \Device\Scsi\ahvnoaci1 898CA1F8
Device \Driver\ahvnoaci \Device\Scsi\ahvnoaci1Port3Path0Target0Lun0 898CA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom0 898F91F8
Device \Driver\Cdrom \Device\CdRom1 898F91F8
Device \Driver\dmio \Device\DmControl\DmConfig 89C551F8
Device \Driver\dmio \Device\DmControl\DmInfo 89C551F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C551F8
Device \Driver\dmio \Device\DmControl\DmPnP 89C551F8
Device \Driver\Ftdisk \Device\FtControl 89BE71F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89BE71F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89BE71F8
Device \Driver\iteraid \Device\Scsi\iteraid1 89BE51F8
Device \Driver\NetBT \Device\NetbiosSmb 8964A368
Device \Driver\NetBT \Device\NetBT_Tcpip_{3571FE5A-5F06-4547-ACDB-154E97E41A6D} 8964A368
Device \Driver\NetBT \Device\NetBt_Wins_Export 8964A368
Device \Driver\PCI_PNP8172 \Device\00000041 spcz.sys
Device \Driver\sptd \Device\3026714422 spcz.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbehci \Device\USBFDO-4 899261F8
Device \Driver\usbehci \Device\USBPDO-4 899261F8
Device \Driver\usbuhci \Device\USBFDO-0 89942318
Device \Driver\usbuhci \Device\USBFDO-1 89942318
Device \Driver\usbuhci \Device\USBFDO-2 89942318
Device \Driver\usbuhci \Device\USBFDO-3 89942318
Device \Driver\usbuhci \Device\USBPDO-0 89942318
Device \Driver\usbuhci \Device\USBPDO-1 89942318
Device \Driver\usbuhci \Device\USBPDO-2 89942318
Device \Driver\usbuhci \Device\USBPDO-3 89942318
Device \FileSystem\Cdfs \Cdfs 898B6500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89915500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89915500
Device \FileSystem\Ntfs \Ntfs 89C521F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\System32\Drivers\ahvnoaci.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spcz.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ahvnoaci.SYS B6F5B386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ahvnoaci.SYS B6F5B3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ahvnoaci.SYS B6F5B3C4 3 Bytes [00, 80, 02]
.text ahvnoaci.SYS B6F5B3C9 1 Byte [30]
.text ahvnoaci.SYS B6F5B3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spcz.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spcz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spcz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spcz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spcz.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[2328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01197C38 C:\Program Files\Xfire\xfire_toucan_42424.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2328] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01197D38 C:\Program Files\Xfire\xfire_toucan_42424.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2328] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7062360, 0x3CEED5, 0xE8000020]
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0xA1 0xB7 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD4 0xF4 0xBC 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2C 0x93 0x0C 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x95 0xA1 0xB7 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD4 0xF4 0xBC 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2C 0x93 0x0C 0x62 ...
SSDT spcz.sys ZwCreateKey [0xB7EB50E0]
SSDT spcz.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spcz.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT spcz.sys ZwOpenKey [0xB7EB50C0]
SSDT spcz.sys ZwQueryKey [0xB7ECE20A]
SSDT spcz.sys ZwQueryValueKey [0xB7ECE08A]
SSDT spcz.sys ZwSetValueKey [0xB7ECE29C]
---- Kernel code sections - GMER 1.0.15 ----
? spcz.sys Nie można odnaleźć określonego pliku. !
.text USBPORT.SYS!DllUnload B6FFB8AC 5 Bytes JMP 899431D8
---- EOF - GMER 1.0.15 ----
Praktycznie nic tu nie ma.
Uruchom OTL w oknie Custom Scans/Fixes wklej:
:OTL
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
[2010-05-09 14:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\extensions\DTToolbar@toolbarnet.com
[2010-04-24 21:59:59 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Fuks\Dane aplikacji\Mozilla\Firefox\Profiles\qld0bduq.default\searchplugins\daemon-search.xml
O3 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found.
O3 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1229272821-492894223-1417001333-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2010-05-04 14:50:54 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=-
:Commands
[emptytemp]
Klikasz Run Fix. Następnie:
W OTL kliknij CleanUp
Przeczyść dysk oraz rejestr CCleaner
Wyłącz i włącz przywracanie systemu na wszystkich dyskach Instrukcja
Wykonaj pełne skanowanie Malwarebytes' Anti-Malware - jeśli coś znajdzie usuń i daj raport
Zainstaluj najnowszą wersję Avasta http://www.instalki.pl/pr..._Antivirus.html
log z malwarebytes :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Wersja bazy: 4052
Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 7.0.5730.13
2010-05-09 19:15:53
mbam-log-2010-05-09 (19-15-53).txt
Typ skanowania: Pełne skanowanie (A:\|C:\|D:\|E:\|G:\|)
Przeskanowano obiektów: 129575
Upłynęło: 12 minut(y), 20 sekund(y)
Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 1
Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)
Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)
Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)
Zainfekowanych folderów:
(Nie znaleziono zagrożeń)
Zainfekowanych plików:
D:\System Volume Information\_restore{431A4DC6-B071-4CAE-B631-37716FAD2C73}\RP78\A0031567.dll (Malware.Packer.T) No action taken.
Wyłącz i włącz przywracanie systemu na wszystkich dyskach Instrukcja
I powinno być ok.
