"Smart Forest Secutiry 2012" - Virus/t

Wszystko co dotyczy bezpieczeństwa systemów oraz walki z malware, w szczególności analiza logów
golima

Użytkownik
Posty: 4
Rejestracja: 15 mar 2012, 18:26

"Smart Forest Secutiry 2012" - Virus/t

Post15 mar 2012, 18:30

Witam

Siedzę sobie przed kompem i naglę wyskoczyła mi "chmurka" windowsa, że mój komputer jest zagrożony i skanowanie potrzebne, co się okazało to prawdopodobnie virut, albo inne "g**no". Już mam combofixa za niedługo poślę logi. Jednakże może jesteście już w stanie określić cóż to mnie "napadło" ?
Na górę
filutka78

Użytkownik
Posty: 1485
Rejestracja: 28 sty 2009, 17:40

"Smart Forest Secutiry 2012" - Virus/t

Post15 mar 2012, 18:49

Daj logi z OTL >http://www.hotfix.pl/obsluga-programu-otl-a143.htm
Wybierz OTL.scr. (Dostępne tylko dla zarejestrowanych użytkowników

A "dopadło" Cię to >Dostępne tylko dla zarejestrowanych użytkowników

F.
Ostatnio zmieniony 15 mar 2012, 18:52 przez filutka78, łącznie zmieniany 1 raz.
Na górę
golima

Użytkownik
Posty: 4
Rejestracja: 15 mar 2012, 18:26

"Smart Forest Secutiry 2012" - Virus/t

Post15 mar 2012, 18:53

Kod: Zaznacz cały

ComboFix 12-03-15.03 - Golima92 2012-03-15  18:37:27.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.2047.1442 [GMT 1:00]
Uruchomiony z: C:\ComboFix.exe
 * Utworzono nowy punkt przywracania
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\data
f:\documents and settings\Golima92\Dane aplikacji\facemoods.com
f:\documents and settings\Golima92\Dane aplikacji\Uninstal.exe
f:\documents and settings\Golima92\WINDOWS
f:\program files\facemoods.com
f:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
f:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.crx
f:\program files\facemoods.com\facemoods\1.4.17.7\facemoods.png
f:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
f:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
f:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
f:\program files\facemoods.com\facemoods\1.4.17.7\faCEmoodstlbr.dll
f:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
f:\program files\facemoods.com\sqlite3.dll
f:\windows\IsUn0415.exe
f:\windows\pkunzip.pif
f:\windows\pkzip.pif
f:\windows\SwSys1.bmp
f:\windows\SwSys2.bmp
f:\windows\system32\drivers\npf.sys
f:\windows\system32\Packet.dll
f:\windows\system32\roboot.exe
f:\windows\system32\wpcap.dll
f:\windows\Temp\_ex-68.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-02-15 do 2012-03-15  )))))))))))))))))))))))))))))))
.
.
2012-03-15 17:17 . 2012-03-15 17:17   --------   d-----w-   f:\documents and settings\All Users\Dane aplikacji\F4D561D20025C356000138630CDF108C
2012-03-14 13:22 . 2012-03-14 14:56   --------   d-----w-   f:\documents and settings\Golima92\Dane aplikacji\phpDesigner
2012-03-14 13:22 . 2012-03-14 13:23   --------   d-----w-   f:\program files\phpDesigner
2012-03-12 17:12 . 2012-03-12 17:12   --------   d-----w-   f:\documents and settings\Golima92\Dane aplikacji\eMule
2012-03-12 17:12 . 2012-03-12 17:26   --------   d-----w-   f:\program files\eMule
2012-03-12 16:55 . 2012-03-14 16:24   --------   d-----w-   f:\documents and settings\Golima92\Ustawienia lokalne\Dane aplikacji\Ares
2012-03-12 16:55 . 2012-03-12 16:55   --------   d-----w-   f:\program files\Ares
2012-03-08 15:42 . 2012-03-08 16:01   --------   d-----w-   f:\documents and settings\Golima92\Dane aplikacji\Mount&Blade With Fire and Sword
2012-03-08 15:13 . 2010-06-02 03:55   74072   ----a-w-   f:\windows\system32\XAPOFX1_5.dll
2012-03-08 15:13 . 2010-06-02 03:55   527192   ----a-w-   f:\windows\system32\XAudio2_7.dll
2012-03-08 15:13 . 2010-06-02 03:55   239960   ----a-w-   f:\windows\system32\xactengine3_7.dll
2012-03-08 15:13 . 2010-05-26 10:41   1868128   ----a-w-   f:\windows\system32\d3dcsx_43.dll
2012-03-04 20:08 . 2012-03-04 20:08   --------   d-----w-   f:\documents and settings\Golima92\Ustawienia lokalne\Dane aplikacji\DFH
2012-03-02 17:19 . 2012-03-02 18:55   --------   d-----w-   f:\documents and settings\Golima92\Dane aplikacji\Media Player Classic
2012-03-02 17:19 . 2008-07-09 09:05   421888   ----a-w-   f:\windows\system32\ac3filter.acm
2012-03-02 17:19 . 2012-03-02 17:19   --------   d-----w-   f:\program files\XP Codec Pack
2012-03-01 14:38 . 2012-03-01 14:38   --------   d-----w-   f:\documents and settings\Golima92\Dane aplikacji\e-pity
2012-03-01 14:37 . 2012-03-01 14:37   --------   d-----w-   f:\program files\e-file
2012-02-29 14:44 . 2012-02-29 14:44   --------   d-----w-   f:\program files\LogMeIn Hamachi
2012-02-28 14:09 . 2012-02-28 14:09   --------   d-----w-   f:\documents and settings\Golima92\Dane aplikacji\JCreator
2012-02-28 14:09 . 2012-02-28 14:09   --------   d-----w-   f:\documents and settings\All Users\Dane aplikacji\JCreator
2012-02-28 14:09 . 2012-02-28 14:09   33824   ----a-w-   f:\windows\system32\drivers\oreans32.sys
2012-02-28 14:09 . 2012-02-28 14:09   --------   d-----w-   f:\program files\Xinox Software
2012-02-25 23:11 . 2008-09-04 18:17   447752   ----a-r-   f:\windows\system32\vp6vfw.dll
2012-02-25 23:11 . 2012-02-25 23:11   --------   d-----w-   f:\program files\Microsoft WSE
2012-02-25 22:31 . 2012-02-25 22:31   --------   d-----w-   f:\program files\Sunflower
2012-02-24 19:42 . 2012-02-24 19:42   --------   d-----w-   F:\Microgaming
2012-02-24 19:42 . 2012-02-24 19:42   --------   d-----w-   f:\documents and settings\All Users\Dane aplikacji\MGS
2012-02-23 13:55 . 2012-02-23 14:00   --------   d-----w-   f:\documents and settings\Golima92\Dane aplikacji\Dropbox
2012-02-20 20:02 . 2012-02-20 20:02   --------   d-----w-   f:\documents and settings\Golima92\Dane aplikacji\VirtuaWin
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 14:25 . 2012-03-15 14:25   26066   ----a-w-   F:\MCDocs_v13.5.zip
2012-03-15 16:59 . 2012-01-17 14:27   134104   ----a-w-   f:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="f:\program files\Skype\Phone\Skype.exe" [2011-08-18 17360520]
"AQQ"="f:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2012-02-24 10441728]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="f:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"RaidTool"="f:\program files\VIA\RAID\raid_tool.exe" [2005-11-23 1060864]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinampAgent"="f:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"AdobeCS4ServiceManager"="f:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"PWRISOVM.EXE"="f:\program files\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"LogMeIn Hamachi Ui"="f:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
f:\documents and settings\Golima92\Menu Start\Programy\Autostart\
Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - f:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
f:\documents and settings\All Users\Menu Start\Programy\Autostart\
Wireless Utility.lnk - f:\program files\EDIMAX\Common\RaUI.exe [2011-7-10 716800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"f:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"f:\\Program Files\\Ares\\Ares.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"53:UDP"= 53:UDP:Promo
.
R1 oreans32;oreans32;f:\windows\system32\drivers\oreans32.sys [2012-02-28 33824]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;f:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;f:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-07-10 2214504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;f:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 DAUpdaterSvc;Dragon Age: Origins Updater;"c:\gry\Dragon Age - Ultimate Edition\bin_ship\daupdatersvc.service.exe" --> c:\gry\Dragon Age - Ultimate Edition\bin_ship\daupdatersvc.service.exe [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\wolfteam\GameGuard\dump_wmimmc.sys --> c:\wolfteam\GameGuard\dump_wmimmc.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\f:\program files\Garena\safedrv.sys --> f:\program files\Garena\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;f:\windows\system32\GameMon.des -service --> f:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;f:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-03-13 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1078081533-1417001333-1003Core.job
- f:\documents and settings\Golima92\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-10 10:55]
.
2012-03-15 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1078081533-1417001333-1003UA.job
- f:\documents and settings\Golima92\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-07-10 10:55]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
IE: E&ksportuj do programu Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.30.129.149 192.168.0.1
TCP: Interfaces\{D007D47B-D5B6-423C-B867-F5BF475C5C21}: NameServer = 217.30.129.149,217.30.137.200
FF - ProfilePath - f:\documents and settings\Golima92\Dane aplikacji\Mozilla\Firefox\Profiles\nzfj1uq5.default\
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-Akamai NetSession Interface - f:\documents and settings\Golima92\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe
HKLM-Run-SunJavaUpdateSched - f:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-facemoods - f:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
AddRemove-Dragon Age - Ultimate Edition_is1 - c:\gry\Dragon Age - Ultimate Edition\unins000.exe
AddRemove-facemoods - f:\program files\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-Minecraft 1.2.0_02 - f:\documents and settings\Golima92\Dane aplikacji\Uninstal.exe
AddRemove-Rise And Fall - c:\gry\Rise And Fall\uninstall.exe
AddRemove-Total Annihilation - d:\cavedog\TOTALA\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 18:44
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ... 
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ... 
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="f:\windows\system32\GameMon.des -service"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
f:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(876)
f:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(1076)
f:\program files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
f:\program files\Microsoft Office\Office12\1045\GrooveIntlResource.dll
f:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
f:\program files\Java\jre6\bin\jqs.exe
f:\windows\system32\nvsvc32.exe
f:\windows\system32\wdfmgr.exe
f:\windows\system32\wscntfy.exe
f:\windows\RTHDCPL.EXE
f:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Czas ukończenia: 2012-03-15  18:46:50 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2012-03-15 17:46
.
Przed: 8 270 548 992 bajtów wolnych
Po: 9 472 364 544 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CABE38ABEEB5015A72A2DBFD6ECE9BDA


-- 15 mar 2012, 18:53 --

Idę teraz zrobić OTL
Na górę
filutka78

Użytkownik
Posty: 1485
Rejestracja: 28 sty 2009, 17:40

"Smart Forest Secutiry 2012" - Virus/t

Post15 mar 2012, 18:58

ComboFix tego chyba nie wykrył.
Wróć do mojego poprzedniego postu.

F.
Na górę
golima

Użytkownik
Posty: 4
Rejestracja: 15 mar 2012, 18:26

"Smart Forest Secutiry 2012" - Virus/t

Post15 mar 2012, 19:10

OTL.txt

Kod: Zaznacz cały

OTL logfile created on: 2012-03-15 18:59:00 - Run 1
OTL by OldTimer - Version 3.2.37.0     Folder = C:\
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 87,20% Memory free
3,85 Gb Paging File | 3,77 Gb Available in Paging File | 97,92% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 1,92 Gb Total Space | 0,40 Gb Free Space | 20,69% Space Free | Partition Type: FAT
Drive D: | 124,63 Gb Total Space | 79,28 Gb Free Space | 63,61% Space Free | Partition Type: NTFS
Drive F: | 24,41 Gb Total Space | 8,85 Gb Free Space | 36,24% Space Free | Partition Type: NTFS
Drive I: | 4,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: GOLIMA | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012-03-15 18:50:52 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2012-02-28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- F:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011-07-18 22:04:08 | 000,296,448 | ---- | M] () -- F:\Program Files\Notepad++\NppShell_04.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [On_Demand | Stopped] -- C:\GRY\Dragon Age -- (DAUpdaterSvc)
SRV - [2012-02-28 17:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- F:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011-09-04 16:40:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011-05-25 08:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-05-08 20:30:00 | 004,100,400 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- F:\WINDOWS\system32\GameMon.des -- (npggsvc)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WolfTeam\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\ComboFix\catchme.sys -- (catchme)
DRV - [2012-02-28 15:09:40 | 000,033,824 | ---- | M] () [Kernel | System | Stopped] -- F:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2011-06-15 09:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- F:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-04-14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2008-01-15 20:50:50 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006-04-17 09:31:26 | 004,262,912 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2001-10-26 17:52:04 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: F:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2012-03-15 17:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins
 
[2012-01-17 15:27:52 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2012-03-15 17:59:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-03-15 17:59:18 | 000,002,767 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-03-15 17:59:18 | 000,001,406 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2011-07-10 12:42:17 | 000,002,048 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012-03-15 17:59:18 | 000,000,917 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-03-15 17:59:18 | 000,000,858 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-03-15 17:59:18 | 000,001,183 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-03-15 17:59:18 | 000,001,683 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2012-03-15 18:43:54 | 000,000,027 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] F:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] F:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] F:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] F:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RaidTool] F:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [WinampAgent] F:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - Startup: F:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Wireless Utility.lnk = F:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co., Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-1078081533-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O12 - Plugin for: .spop - F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D007D47B-D5B6-423C-B867-F5BF475C5C21}: NameServer = 217.30.129.149,217.30.137.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA5F05B5-3985-43F5-A295-4650FFC023EA}: DhcpNameServer = 217.30.129.149 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012-03-15 18:57:24 | 000,000,000 | ---D | C] -- F:\WINDOWS\CSC
[2012-03-15 18:35:39 | 000,000,000 | RHSD | C] -- F:\cmdcons
[2012-03-15 18:32:59 | 000,518,144 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe
[2012-03-15 18:32:59 | 000,406,528 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe
[2012-03-15 18:32:59 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe
[2012-03-15 18:32:59 | 000,060,416 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe
[2012-03-15 18:32:42 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2012-03-15 18:32:34 | 000,000,000 | ---D | C] -- F:\Qoobox
[2012-03-15 18:17:55 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dane aplikacji\F4D561D20025C356000138630CDF108C
[2012-03-14 14:23:11 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Start\Programy\phpDesigner
[2012-03-14 14:22:52 | 000,000,000 | ---D | C] -- F:\Program Files\phpDesigner
[2012-03-12 18:12:19 | 000,000,000 | ---D | C] -- F:\Program Files\eMule
[2012-03-12 17:55:09 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Start\Programy\Ares
[2012-03-12 17:55:08 | 000,000,000 | ---D | C] -- F:\Program Files\Ares
[2012-03-08 16:13:01 | 000,527,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAudio2_7.dll
[2012-03-08 16:13:01 | 000,239,960 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xactengine3_7.dll
[2012-03-08 16:13:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAPOFX1_5.dll
[2012-03-08 16:13:00 | 001,868,128 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dcsx_43.dll
[2012-03-08 16:12:59 | 000,470,880 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dx10_43.dll
[2012-03-08 16:12:59 | 000,248,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dx11_43.dll
[2012-03-08 16:12:58 | 000,528,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAudio2_6.dll
[2012-03-08 16:12:58 | 000,238,936 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xactengine3_6.dll
[2012-03-08 16:12:58 | 000,074,072 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAPOFX1_4.dll
[2012-03-08 16:12:58 | 000,022,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\X3DAudio1_7.dll
[2012-03-08 16:12:57 | 000,515,416 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAudio2_5.dll
[2012-03-08 16:12:57 | 000,238,936 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xactengine3_5.dll
[2012-03-08 16:12:56 | 005,501,792 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dcsx_42.dll
[2012-03-08 16:12:56 | 001,974,616 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\D3DCompiler_42.dll
[2012-03-08 16:12:55 | 000,453,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dx10_42.dll
[2012-03-08 16:12:55 | 000,235,344 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dx11_42.dll
[2012-03-08 16:12:54 | 001,846,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\D3DCompiler_41.dll
[2012-03-08 16:12:54 | 000,453,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dx10_41.dll
[2012-03-08 16:12:53 | 004,178,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\D3DX9_41.dll
[2012-03-08 16:12:52 | 000,517,448 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAudio2_4.dll
[2012-03-08 16:12:52 | 000,235,352 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xactengine3_4.dll
[2012-03-08 16:12:52 | 000,069,464 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAPOFX1_3.dll
[2012-03-08 16:12:51 | 000,022,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\X3DAudio1_6.dll
[2012-03-04 21:08:28 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dokumenty\Softwrap
[2012-03-04 21:08:28 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dokumenty\Fonts
[2012-03-04 21:08:28 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dokumenty\Config
[2012-03-02 18:19:20 | 000,000,000 | ---D | C] -- F:\Program Files\XP Codec Pack
[2012-03-01 15:37:50 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Start\Programy\e-pity
[2012-03-01 15:37:46 | 000,000,000 | ---D | C] -- F:\Program Files\e-file
[2012-02-29 15:44:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Start\Programy\LogMeIn Hamachi
[2012-02-29 15:44:22 | 000,000,000 | ---D | C] -- F:\Program Files\LogMeIn Hamachi
[2012-02-28 15:09:57 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dane aplikacji\JCreator
[2012-02-28 15:09:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Start\Programy\JCreator Pro
[2012-02-28 15:09:36 | 000,000,000 | ---D | C] -- F:\Program Files\Xinox Software
[2012-02-26 00:11:08 | 000,447,752 | R--- | C] (On2.com) -- F:\WINDOWS\System32\vp6vfw.dll
[2012-02-26 00:11:07 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft WSE
[2012-02-26 00:10:25 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Menu Start\Programy\Electronic Arts
[2012-02-25 23:31:56 | 000,000,000 | ---D | C] -- F:\Program Files\Sunflower
[2012-02-24 20:42:47 | 000,000,000 | ---D | C] -- F:\Microgaming
[2012-02-24 20:42:47 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Dane aplikacji\MGS
[3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012-03-15 19:02:53 | 000,524,288 | -H-- | M] () -- F:\Documents and Settings\Administrator\NTUSER.DAT
[2012-03-15 18:57:22 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2012-03-15 18:56:17 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2012-03-15 18:44:08 | 000,000,227 | ---- | M] () -- F:\WINDOWS\system.ini
[2012-03-15 18:43:54 | 000,000,027 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\hosts
[2012-03-15 18:35:42 | 000,000,327 | RHS- | M] () -- F:\boot.ini
[2012-03-15 18:20:00 | 000,001,144 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1078081533-1417001333-1003UA.job
[2012-03-15 18:17:57 | 000,182,788 | ---- | M] () -- F:\WINDOWS\System32\c_7265170.nls
[2012-03-15 16:07:04 | 000,014,530 | ---- | M] () -- F:\PlugMan.jar
[2012-03-15 16:06:29 | 000,094,953 | ---- | M] () -- F:\DeathCounter.jar
[2012-03-15 15:51:39 | 000,001,919 | ---- | M] () -- F:\settings.yml
[2012-03-15 15:25:15 | 000,026,066 | ---- | M] () -- F:\MCDocs_v13.5.zip
[2012-03-15 15:21:49 | 000,008,575 | ---- | M] () -- F:\permissions.yml
[2012-03-15 15:19:16 | 000,002,171 | ---- | M] () -- F:\config.yml
[2012-03-13 21:20:00 | 000,001,092 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1078081533-1417001333-1003Core.job
[2012-03-12 17:55:10 | 000,000,635 | ---- | M] () -- F:\Documents and Settings\All Users\Pulpit\Ares.lnk
[2012-03-08 15:39:21 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2012-03-06 12:46:26 | 000,021,771 | ---- | M] () -- F:\MCDocs.jar
[2012-03-04 21:08:34 | 000,002,601 | ---- | M] () -- F:\Documents and Settings\All Users\Dokumenty\Global.sw2
[2012-02-29 15:44:23 | 000,000,694 | ---- | M] () -- F:\Documents and Settings\All Users\Pulpit\LogMeIn Hamachi.lnk
[2012-02-28 15:09:40 | 000,033,824 | ---- | M] () -- F:\WINDOWS\System32\drivers\oreans32.sys
[2012-02-26 01:05:34 | 000,000,643 | ---- | M] () -- F:\Documents and Settings\All Users\Pulpit\The Sims™ 3 Zwierzaki.lnk
[2012-02-26 00:49:48 | 000,000,629 | ---- | M] () -- F:\Documents and Settings\All Users\Pulpit\The Sims™ 3 Kariera.lnk
[2012-02-26 00:40:15 | 000,000,643 | ---- | M] () -- F:\Documents and Settings\All Users\Pulpit\The Sims™ 3 Po zmroku.lnk
[2012-02-26 00:10:25 | 000,000,547 | ---- | M] () -- F:\Documents and Settings\All Users\Pulpit\The Sims™ 3.lnk
[2012-02-16 18:02:34 | 000,519,008 | ---- | M] () -- F:\WINDOWS\System32\perfh015.dat
[2012-02-16 18:02:34 | 000,458,280 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2012-02-16 18:02:34 | 000,096,920 | ---- | M] () -- F:\WINDOWS\System32\perfc015.dat
[2012-02-16 18:02:34 | 000,076,194 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2012-02-16 18:02:33 | 001,158,926 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012-03-15 18:35:42 | 000,000,210 | ---- | C] () -- F:\Boot.bak
[2012-03-15 18:35:40 | 000,262,400 | RHS- | C] () -- F:\cmldr
[2012-03-15 18:32:59 | 000,256,000 | ---- | C] () -- F:\WINDOWS\PEV.exe
[2012-03-15 18:32:59 | 000,208,896 | ---- | C] () -- F:\WINDOWS\MBR.exe
[2012-03-15 18:32:59 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe
[2012-03-15 18:32:59 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe
[2012-03-15 18:32:59 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe
[2012-03-15 18:17:57 | 000,182,788 | ---- | C] () -- F:\WINDOWS\System32\c_7265170.nls
[2012-03-15 16:07:05 | 000,014,530 | ---- | C] () -- F:\PlugMan.jar
[2012-03-15 16:06:30 | 000,094,953 | ---- | C] () -- F:\DeathCounter.jar
[2012-03-15 15:47:35 | 000,001,919 | ---- | C] () -- F:\settings.yml
[2012-03-15 15:25:43 | 000,021,771 | ---- | C] () -- F:\MCDocs.jar
[2012-03-15 15:25:30 | 000,026,066 | ---- | C] () -- F:\MCDocs_v13.5.zip
[2012-03-15 15:21:09 | 000,008,575 | ---- | C] () -- F:\permissions.yml
[2012-03-15 15:18:34 | 000,002,171 | ---- | C] () -- F:\config.yml
[2012-03-12 17:55:10 | 000,000,635 | ---- | C] () -- F:\Documents and Settings\All Users\Pulpit\Ares.lnk
[2012-03-04 21:08:29 | 000,002,601 | ---- | C] () -- F:\Documents and Settings\All Users\Dokumenty\Global.sw2
[2012-03-02 18:19:27 | 000,421,888 | ---- | C] () -- F:\WINDOWS\System32\ac3filter.acm
[2012-02-28 15:09:40 | 000,033,824 | ---- | C] () -- F:\WINDOWS\System32\drivers\oreans32.sys
[2012-02-26 01:05:34 | 000,000,643 | ---- | C] () -- F:\Documents and Settings\All Users\Pulpit\The Sims™ 3 Zwierzaki.lnk
[2012-02-26 00:49:48 | 000,000,629 | ---- | C] () -- F:\Documents and Settings\All Users\Pulpit\The Sims™ 3 Kariera.lnk
[2012-02-26 00:40:15 | 000,000,643 | ---- | C] () -- F:\Documents and Settings\All Users\Pulpit\The Sims™ 3 Po zmroku.lnk
[2012-02-26 00:10:25 | 000,000,547 | ---- | C] () -- F:\Documents and Settings\All Users\Pulpit\The Sims™ 3.lnk
[2011-11-04 16:09:44 | 000,354,816 | ---- | C] () -- F:\WINDOWS\System32\psisdecd.dll
[2011-09-05 16:10:54 | 003,184,656 | -H-- | C] () -- F:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2011-07-25 15:52:41 | 000,000,754 | ---- | C] () -- F:\WINDOWS\WORDPAD.INI
[2011-07-21 14:14:24 | 000,000,404 | ---- | C] () -- F:\WINDOWS\BRWMARK.INI
[2011-07-21 14:14:24 | 000,000,027 | ---- | C] () -- F:\WINDOWS\BRPP2KA.INI
[2011-07-14 23:09:40 | 000,165,376 | ---- | C] () -- F:\WINDOWS\System32\unrar.dll
[2011-07-13 03:31:41 | 000,024,576 | ---- | C] () -- F:\WINDOWS\VMPipe.dll
[2011-07-10 13:23:36 | 001,158,926 | ---- | C] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2011-07-10 13:23:35 | 000,004,293 | ---- | C] () -- F:\WINDOWS\ODBCINST.INI
[2011-07-10 13:20:47 | 002,141,272 | ---- | C] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2011-07-10 12:25:35 | 000,273,344 | ---- | C] () -- F:\WINDOWS\System32\nvdrsdb1.bin
[2011-07-10 12:25:35 | 000,273,344 | ---- | C] () -- F:\WINDOWS\System32\nvdrsdb0.bin
[2011-07-10 12:25:35 | 000,000,001 | ---- | C] () -- F:\WINDOWS\System32\nvdrssel.bin
[2011-07-10 12:25:23 | 002,123,582 | ---- | C] () -- F:\WINDOWS\System32\nvdata.data
[2011-07-10 11:57:51 | 000,135,168 | R--- | C] () -- F:\WINDOWS\System32\RtlCPAPI.dll
[2011-07-10 11:57:51 | 000,040,960 | R--- | C] () -- F:\WINDOWS\System32\ChCfg.exe
[2011-07-10 11:56:31 | 000,004,549 | ---- | C] () -- F:\WINDOWS\Ascd_tmp.ini
[2011-07-10 11:56:28 | 000,005,824 | ---- | C] () -- F:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011-07-10 11:52:05 | 000,376,832 | ---- | C] () -- F:\WINDOWS\System32\AegisI5Installer.exe
[2011-07-10 11:51:59 | 000,002,048 | ---- | C] () -- F:\WINDOWS\System32\rt73.bin
[2011-07-10 11:37:07 | 000,002,048 | --S- | C] () -- F:\WINDOWS\bootstat.dat
[2011-07-10 11:35:01 | 000,000,000 | ---- | C] () -- F:\WINDOWS\control.ini
[2011-07-10 11:34:05 | 000,000,488 | RH-- | C] () -- F:\WINDOWS\System32\logonui.exe.manifest
[2011-07-10 11:34:00 | 000,000,749 | RH-- | C] () -- F:\WINDOWS\System32\cdplayer.exe.manifest
[2011-07-10 11:32:06 | 000,021,856 | ---- | C] () -- F:\WINDOWS\System32\emptyregdb.dat
[2011-07-10 11:31:55 | 000,000,037 | ---- | C] () -- F:\WINDOWS\vbaddin.ini
[2011-07-10 11:31:55 | 000,000,036 | ---- | C] () -- F:\WINDOWS\vb.ini
[2011-07-10 11:31:17 | 000,026,717 | ---- | C] () -- F:\WINDOWS\System32\tslabels.ini
[2011-07-10 11:31:16 | 000,003,813 | ---- | C] () -- F:\WINDOWS\System32\msdtcprf.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011-09-13 14:44:01 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dane aplikacji\ashampoo
[2011-12-22 18:30:18 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dane aplikacji\BioWare
[2012-03-15 18:17:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dane aplikacji\F4D561D20025C356000138630CDF108C
[2011-07-10 13:00:51 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2012-02-28 15:09:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dane aplikacji\JCreator
[2012-02-24 20:42:47 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dane aplikacji\MGS
[2011-11-30 21:50:31 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\.craftblock
[2012-03-15 18:32:50 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\.minecraft
[2011-11-30 19:32:43 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\.minecraft_xray
[2011-09-13 14:44:31 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\Ashampoo
[2012-03-02 18:13:56 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\BESTplayer
[2012-02-07 01:01:31 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\BitTorrent
[2012-02-23 15:00:02 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\Dropbox
[2012-03-01 15:38:01 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\e-pity
[2012-03-12 18:12:20 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\eMule
[2012-02-28 16:30:17 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\EurekaLog
[2012-03-14 17:20:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\FileZilla
[2011-10-14 11:39:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\fretsonfire
[2011-07-10 13:00:55 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\Gadu-Gadu 10
[2011-08-12 12:24:23 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\GHISLER
[2011-07-10 12:30:13 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\InterTrust
[2012-02-28 15:09:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\JCreator
[2011-08-22 22:05:31 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\LolClient
[2012-03-08 17:01:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\Mount&Blade With Fire and Sword
[2012-03-06 16:39:49 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\Mumble
[2011-08-08 09:18:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\Notepad++
[2011-07-26 22:02:24 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\Opera
[2012-03-14 15:56:32 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\phpDesigner
[2012-02-13 20:02:14 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\TeamViewer
[2011-07-17 10:55:36 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\TS3Client
[2012-02-20 21:02:53 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Golima92\Dane aplikacji\VirtuaWin
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >


Extras.txt

Kod: Zaznacz cały

OTL Extras logfile created on: 2012-03-15 18:59:00 - Run 1
OTL by OldTimer - Version 3.2.37.0     Folder = C:\
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 87,20% Memory free
3,85 Gb Paging File | 3,77 Gb Available in Paging File | 97,92% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 1,92 Gb Total Space | 0,40 Gb Free Space | 20,69% Space Free | Partition Type: FAT
Drive D: | 124,63 Gb Total Space | 79,28 Gb Free Space | 63,61% Space Free | Partition Type: NTFS
Drive F: | 24,41 Gb Total Space | 8,85 Gb Free Space | 36,24% Space Free | Partition Type: NTFS
Drive I: | 4,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: GOLIMA | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- "F:\Program Files\Opera\Opera.exe" "%1"
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "F:\Program Files\Opera\Opera.exe" "%1"
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\svc]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"53:UDP" = 53:UDP:*:Enabled:Promo
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = F:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"F:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = F:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"F:\Program Files\BitTorrent\BitTorrent.exe" = F:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"F:\Program Files\Ares\Ares.exe" = F:\Program Files\Ares\Ares.exe:*:Enabled:Ares -- (Ares Development Group)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{32A3A4F4-B792-11D6-A78A-00B0D0160000}" = Java(TM) SE Development Kit 6
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Po zmroku
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{670A2206-F20A-490C-8C13-25EA88BF8E54}_is1" = e-pity 2011 wersja 3.0
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Kariera
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{A66C1C60-A589-4210-87D7-3F758EFE51B2}" = Ogniem i Mieczem - Dzikie Pola
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Zwierzaki
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = A4 TECH USB PC Camera H
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Edimax Wireless LAN
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F86B5FF0-E0C0-41AA-9FD3-5E9090FED323}" = Mumble 1.2.3
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AQQ" = WapSter AQQ
"Ares" = Ares 2.1.8
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 v.10.0.10
"BitTorrent" = BitTorrent
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.2
"Garena" = Garena 2010
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"JCreator Pro_is1" = JCreator Pro 5.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"L4D2SPUC" = Left 4 Dead 2 Standalone Patch™
"LogMeIn Hamachi" = LogMeIn Hamachi
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.2.8
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 10.0.2 (x86 pl)" = Mozilla Firefox 10.0.2 (x86 pl)
"Notepad++" = Notepad++
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"phpDesigner_is1" = phpDesigner version 6.2.5.1
"PowerISO" = PowerISO
"Settlers 2 GOLD" = Settlers 2 GOLD
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR 4.00 (32-bitowy)
"XP Codec Pack" = XP Codec Pack
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2012-02-08 10:42:07 | Computer Name = GOLIMA | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
 zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.
 
Error - 2012-02-08 16:11:05 | Computer Name = GOLIMA | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
 zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.
 
Error - 2012-02-08 16:36:03 | Computer Name = GOLIMA | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
 zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.
 
Error - 2012-02-09 06:05:28 | Computer Name = GOLIMA | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
 zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.
 
Error - 2012-02-09 11:12:09 | Computer Name = GOLIMA | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
 zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.
 
Error - 2012-02-10 05:57:28 | Computer Name = GOLIMA | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
 zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.
 
Error - 2012-02-10 09:34:26 | Computer Name = GOLIMA | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
 zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.
 
Error - 2012-02-10 11:52:07 | Computer Name = GOLIMA | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd chrome.exe, wersja 17.0.963.46, moduł powodujący
 błąd chrome.dll, wersja 17.0.963.46, adres błędu 0x00997095.
 
Error - 2012-02-11 06:29:45 | Computer Name = GOLIMA | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
 zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.
 
Error - 2012-02-11 17:09:58 | Computer Name = GOLIMA | Source = SecurityCenter | ID = 1802
Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend
 zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.
 
[ System Events ]
Error - 2012-03-14 12:22:40 | Computer Name = GOLIMA | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
 DNS  ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
 próbę  wyszukania serwera DNS za 15 min.  Wystąpił błąd: Próba przeprowadzenia operacji,
 wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)
 
Error - 2012-03-14 12:22:40 | Computer Name = GOLIMA | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
 z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
   Przez 15 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego
 czasu.
 
Error - 2012-03-14 12:22:40 | Computer Name = GOLIMA | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
 DNS  ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
 próbę  wyszukania serwera DNS za 15 min.  Wystąpił błąd: Próba przeprowadzenia operacji,
 wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)
 
Error - 2012-03-14 12:22:40 | Computer Name = GOLIMA | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
 z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
   Przez 14 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego
 czasu.
 
Error - 2012-03-14 17:47:39 | Computer Name = GOLIMA | Source = System Error | ID = 1003
Description = Kod błędu 0000004e, parametr 1 00000099, parametr 2 00000000, parametr
 3 00000001, parametr 4 00000000.
 
Error - 2012-03-15 13:42:17 | Computer Name = GOLIMA | Source = PlugPlayManager | ID = 11
Description = Urządzenie Root\LEGACY_NPF\0000 zniknęło z systemu bez uprzedniego
 przygotowania go do usunięcia.
 
Error - 2012-03-15 13:43:50 | Computer Name = GOLIMA | Source = Service Control Manager | ID = 7023
Description = Usługa Automatic Updates zakończyła działanie; wystąpił następujący
 błąd:   %%126
 
Error - 2012-03-15 13:57:57 | Computer Name = GOLIMA | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „”  w celu uruchomienia serwera:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 2012-03-15 13:58:01 | Computer Name = GOLIMA | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
StiSvc z argumentami „”  w celu uruchomienia serwera:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 2012-03-15 13:59:02 | Computer Name = GOLIMA | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego:   Fips  intelppm  oreans32  SCDEmu
 
 
< End of report >
Na górę
filutka78

Użytkownik
Posty: 1485
Rejestracja: 28 sty 2009, 17:40

"Smart Forest Secutiry 2012" - Virus/t

Post15 mar 2012, 19:24

Hm, to rzeczywiście "wredna" infekcja: w logach OTL też jej nie widać.

Uruchom OTL i w dolne białe pole wklej to:

Kod: Zaznacz cały

:OTL
[2012-03-15 18:17:57 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Dane aplikacji\F4D561D20025C356000138630CDF108C
[2012-03-15 18:17:57 | 000,182,788 | ---- | C] () -- F:\WINDOWS\System32\c_7265170.nls

:Files
sc config wscsvc start= delayed-auto /C
sc start wscsvc /C

:Commands
[emptytemp]
[resethosts]


Kliknij w Wykonaj Script. Zapisz raport, który się pokaże.
Pokaż nowy log OTL.txt oraz raport z usuwania.

Spróbuj użyć MBAM >http://www.hotfix.pl/obsluga-programu-malwarebytes-anti-malware-a55.htm
Na końcu kliknij na Usuń zaznaczone.
Podaj z tego raport.

Potem zrób też log z Farbar Service Scanner >Dostępne tylko dla zarejestrowanych użytkowników (do skanowania zaznacz wszystko).

F.
Na górę
golima

Użytkownik
Posty: 4
Rejestracja: 15 mar 2012, 18:26

"Smart Forest Secutiry 2012" - Virus/t

Post15 mar 2012, 20:58

Kod: Zaznacz cały

All processes killed
========== OTL ==========
Folder F:\Documents and Settings\All Users\Dane aplikacji\F4D561D20025C356000138630CDF108C\ not found.
File move failed. F:\WINDOWS\system32\c_7265170.nls scheduled to be moved on reboot.
========== FILES ==========
[color=#A23BEC]< sc config wscsvc start= delayed-auto /C >[/color]
invalid start= field
Modifies a service entry in the registry and Service Database.
SYNTAX:
sc <server> config [service name] <option1> <option2>...
CONFIG OPTIONS:
NOTE: The option name includes the equal sign.
 type= <own|share|interact|kernel|filesys|rec|adapt>
 start= <boot|system|auto|demand|disabled>
 error= <normal|severe|critical|ignore>
 binPath= <BinaryPathName>
 group= <LoadOrderGroup>
 tag= <yes|no>
 depend= <Dependencies(separated by / (forward slash))>
 obj= <AccountName|ObjectName>
 DisplayName= <display name>
 password= <password>
F:\Documents and Settings\Golima92\Pulpit\cmd.bat deleted successfully.
F:\Documents and Settings\Golima92\Pulpit\cmd.txt deleted successfully.
[color=#A23BEC]< sc start wscsvc /C >[/color]
[SC] StartService FAILED 1056:
Jedno wyst
F:\Documents and Settings\Golima92\Pulpit\cmd.bat deleted successfully.
F:\Documents and Settings\Golima92\Pulpit\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 8251589 bytes
->Flash cache emptied: 434 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Golima92
->Temp folder emptied: 555123 bytes
->Temporary Internet Files folder emptied: 217848 bytes
->Java cache emptied: 811832 bytes
->FireFox cache emptied: 49484072 bytes
->Google Chrome cache emptied: 175739466 bytes
->Flash cache emptied: 121463 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352022 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6028 bytes
RecycleBin emptied: 410536 bytes
 
Total Files Cleaned = 227,00 mb
 
F:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.37.0 log created on 03152012_193041

Files\Folders moved on Reboot...
File move failed. F:\WINDOWS\system32\c_7265170.nls scheduled to be moved on reboot.

Registry entries deleted on Reboot...


-- 15 mar 2012, 20:48 --

Kod: Zaznacz cały

Malwarebytes Anti-Malware (Okres testowy) 1.60.1.1000
www.malwarebytes.org

Wersja bazy: v2012.03.15.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Golima92 :: GOLIMA [administrator]

Ochrona: Włączona

2012-03-15 19:38:02
mbam-log-2012-03-15 (19-38-02).txt

Typ skanowania: Pełne skanowanie
Zaznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | System plików | Heurystyka/Dodatkowe | Heuristyka/Shuriken | PUP | PUM
Odznaczone opcje skanowania: P2P
Przeskanowano obiektów: 434012
Upłynęło: 1 godzin(y), 8 minut(y), 13 sekund(y)

Wykrytych procesów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych modułów w pamięci: 0
(Nie znaleziono zagrożeń)

Wykrytych kluczy rejestru: 0
(Nie znaleziono zagrożeń)

Wykrytych wartości rejestru: 0
(Nie znaleziono zagrożeń)

Wykryte wpisy rejestru systemowego: 0
(Nie znaleziono zagrożeń)

wykrytych folderów: 0
(Nie znaleziono zagrożeń)

Wykrytych plików: 13
F:\Documents and Settings\Golima92\Moje dokumenty\Pobieranie\casinoaction.exe (PUP.Casino.Gen) -> Nie wykonano akcji.
F:\System Volume Information\_restore{EB584D82-C2C0-42E4-94D2-D8A804483C4F}\RP67\A0070766.exe (PUP.Casino.Gen) -> Nie wykonano akcji.
C:\GRY\INSTALKI\The Sims 2\keygen.exe (RiskWare.Tool.CK) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
C:\GRY\INSTALKI\The Sims 2\TS2 Aktualizacja\Data.acd (Spyware.Passwords) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
C:\PROGRAMY\Adobe Photoshop CS4 Extended [PL]\Aktywacja\Crack\x32\Crack (patching by).exe (Trojan.Downloader) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
C:\PROGRAMY\Adobe Photoshop CS4 Extended [PL]\Aktywacja\Keygen\Multi-keygen_CORE-with-AutoPatch.exe (RiskWare.Tool.CK) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
C:\PROGRAMY\Adobe Photoshop CS4 Extended [PL]\Crack\Aktywacja\Crack\x32\Crack (patching by).exe (Trojan.Downloader) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
C:\PROGRAMY\Adobe Photoshop CS4 Extended [PL]\Crack\Aktywacja\Keygen\Multi-keygen_CORE-with-AutoPatch.exe (RiskWare.Tool.CK) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
C:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Worm.Conficker) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
C:\System Volume Information\_restore{EB584D82-C2C0-42E4-94D2-D8A804483C4F}\RP67\A0070917.dll (Malware.Packer.T) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
F:\Documents and Settings\Golima92\Pulpit\PHP Designer 6251 Multilanguage 2009\keygen\keygen.exe (Trojan.Agent) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
F:\Program Files\MegaDev\MD-Trainers\MT-X\MT-eXperience.exe (Trojan.AVKiller.Gen) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.
F:\System Volume Information\_restore{EB584D82-C2C0-42E4-94D2-D8A804483C4F}\RP75\A0082091.exe (Trojan.FakeAlert) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem.

(zakończone)


-- 15 mar 2012, 20:58 --

Kod: Zaznacz cały

Farbar Service Scanner Version: 01-03-2012
Ran by Golima92 (administrator) on 15-03-2012 at 20:57:46
Running from "F:\Documents and Settings\Golima92\Pulpit"
Microsoft Windows XP Professional Dodatek Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


File Check:
========
F:\WINDOWS\system32\dhcpcsvc.dll
[2008-04-15 13:00] - [2008-04-15 13:00] - 0126464 ____A (Microsoft Corporation) 6B4AFE7C676CFF3EFF2DC06A4EE945F7

F:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
F:\WINDOWS\system32\dnsrslvr.dll
[2008-04-15 13:00] - [2008-04-15 13:00] - 0045568 ____A (Microsoft Corporation) 4F7E82841ED3CF026BD8D5CE7C7379DB

F:\WINDOWS\system32\ipnathlp.dll
[2008-04-15 13:00] - [2008-04-15 13:00] - 0330752 ____A (Microsoft Corporation) DA5C015911F68F22ED821E9EE49AB233

F:\WINDOWS\system32\netman.dll
[2008-04-15 13:00] - [2008-04-15 13:00] - 0198144 ____A (Microsoft Corporation) 4FE97D0B1B182DF2A9BDD4C02155EF5E

F:\WINDOWS\system32\wbem\WMIsvc.dll
[2011-07-10 11:31] - [2008-04-15 13:00] - 0145408 ____A (Microsoft Corporation) 70C22297534A88B0AD0568900AB5A6D9

F:\WINDOWS\system32\srsvc.dll
[2011-07-10 11:32] - [2008-04-15 13:00] - 0171520 ____A (Microsoft Corporation) 316D0E66074AE4CDE641C50D3A1C5148

F:\WINDOWS\system32\Drivers\sr.sys
[2011-07-10 11:32] - [2008-04-15 13:00] - 0073472 ____A (Microsoft Corporation) EB032822BE406EF220D546DDFFCF0002

F:\WINDOWS\system32\wscsvc.dll
[2008-04-15 13:00] - [2008-04-15 13:00] - 0080896 ____A (Microsoft Corporation) B6669F49D42E09BC0F9889FAA0F3336D

F:\WINDOWS\system32\wbem\WMIsvc.dll
[2011-07-10 11:31] - [2008-04-15 13:00] - 0145408 ____A (Microsoft Corporation) 70C22297534A88B0AD0568900AB5A6D9

F:\WINDOWS\system32\wuauserv.dll
[2011-07-10 11:33] - [2008-04-15 13:00] - 0006656 ____A (Microsoft Corporation) 04550D5EB7EE82C115DB547C01DF09FD

F:\WINDOWS\system32\qmgr.dll
[2011-07-10 11:33] - [2008-04-15 13:00] - 0409088 ____A (Microsoft Corporation) 78200FAA6FD9C69394134C238C87FB7F

F:\WINDOWS\system32\es.dll
[2008-04-15 13:00] - [2008-04-15 13:00] - 0246272 ____A (Microsoft Corporation) BE1B1412A3D488C50B8F67F792196108

F:\WINDOWS\system32\cryptsvc.dll
[2008-04-15 13:00] - [2008-04-15 13:00] - 0062464 ____A (Microsoft Corporation) 6B105FE95F2E9F0B6346044BA59D41C9

F:\WINDOWS\system32\svchost.exe
[2008-04-15 13:00] - [2008-04-15 13:00] - 0014336 ____A (Microsoft Corporation) 8607D35D92528E2DF386F19A960D23CE

F:\WINDOWS\system32\rpcss.dll
[2008-04-15 13:00] - [2008-04-15 13:00] - 0399360 ____A (Microsoft Corporation) 02396DAB9DD407B06539981F477F3FEC

F:\WINDOWS\system32\services.exe
[2008-04-15 13:00] - [2008-04-15 13:00] - 0109056 ____A (Microsoft Corporation) 3E3AE424E27C4CEFE4CAB368C7B570EA


Extra List:
=======
AegisP(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****
Na górę
filutka78

Użytkownik
Posty: 1485
Rejestracja: 28 sty 2009, 17:40

"Smart Forest Secutiry 2012" - Virus/t

Post15 mar 2012, 21:38

MBAM też nie wykrył tego "SMART Fortress 2012".
Czy to jeszcze aktualne?

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)


The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".


F:\WINDOWS\system32\wuauserv.dll

Okazało się, że aktualizacja Systemu nie może działać, bo Rejestr nie zgadza się z rzeczywistą lokalizacją pliku - w rejestrze jest na dysku "C", a w rzeczywistości na dysku "F".

F.
Na górę
Awatar użytkownika
kominekl

Ekspert
Posty: 5855
Rejestracja: 27 lis 2011, 14:25
Kontaktowanie:
Skontaktuj się z kominekl

"Smart Forest Secutiry 2012" - Virus/t

Post18 mar 2012, 14:28

filutka78 pisze:Okazało się, że aktualizacja Systemu nie może działać, bo Rejestr nie zgadza się z rzeczywistą lokalizacją pliku - w rejestrze jest na dysku "C", a w rzeczywistości na dysku "F".


Co należy przerobić ;) .

golima


Wejdź w Start -> Uruchom -> regedit -> wejdź do klucza -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters -> dwuklik w wartość ServiceDll -> zamień aktualnie widzialną tam ścieżkę na -> F:\WINDOWS\system32\wuauserv.dll .
Kiedy komputery staną się twoim jedynym życiem, jedynym totemem odstraszającym klątwę nudy, wtedy prędzej czy później granica między tymi dwoma wymiarami zniknie i postacie z Błękitnej Pustki zaczną pojawiać się w Realu. Czasem są twoimi przyjaciółmi. A czasem nie.
Na górę

  • Reklama

Wróć do „Bezpieczeństwo”



Kto jest online

Użytkownicy przeglądający to forum: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 3 gości