x-kom hosting

Restart kompa i uszkodzenie ntfs.syf

Adwrond
utworzono
utworzono

Witam!

Komputer mi się restartuje zaraz po pojawieniu się napisu Windows XP. Żeby włączyć komputer muszę kopiować z płyty z windowsem plik ntfs.sys do katalogu C:\WINDOWS\system32\drivers.

Po wywołaniu BSODa jest napisane:

Informacje techniczne:

*** STOP: 0x0000007E (0xC0000005,0x80686C9F,0xF7A2B538,0xF7A2B234)

Wyskakują mi powiadomienia o wirusach:

nhgnghnhn.gif

sbfbsbf.gif

vdvfvdv.gif

fdxnbfdnn.gif

Oczywiście nie działa wybieranie DELETE ani żadnej innej z tych opcji. Usuwanie ręczne tych wirusów też nie pomaga.

Oto log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:33:59, on 2009-08-15

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\msword98.exe

C:\WINDOWS\system32\msword98.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Programy\Gadu-Gadu\gg.exe

C:\Documents and Settings\User\msword98.exe

C:\Documents and Settings\User\msword98.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\braviax.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

D:\Programy\Gadu-Gadu\spellchecker_gg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"

O4 - HKLM\..\Run: [LanTalk.NET] C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [Configuration Loader] syscfg32.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Nap\AiNap.exe"

O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe

O4 - HKCU\..\Run: [uruchamianie DeCe] C:\Program Files\DeCe\dc.exe -m

O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\User\msword98.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: ikowin32.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: BitBuddy - {8FCCDD73-C9F3-443a-AB53-7A25FD925808} - C:\Program Files\BitBuddy\BitBuddy.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)

O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 9660 bytes

Proszę pomóżcie! Potrzebuję jeszcze działającego normalnie systemu przez miesiąc i nie mogę zrobić teraz formatu C.

Mateusz J.
komentarz
komentarz

Masz rootkita, jest to duża infekcja, dlatego proszę Cię o loga z programu ComboFix: http://www.forumpc.pl/index.php?showtopic=120614 (na przyszłość: nie używaj tego programu bez wyraźnego zalecenia osoby sprawdzającej logi).

  • Dobra wypowiedź 1
Adwrond
komentarz
komentarz

Dzięki za zainteresowanie.

Niestety ComboFix się nie włącza. :( Zapisałem go na pulpicie i jak go uruchamiam to po prostu nic się nie dzieje...

dar55
komentarz
komentarz

combo zapisz jako -> blabla.exe podczas pobierania

do speców ja się nie wtrącam :)

Adwrond
komentarz
komentarz

Dzięki. :) Mam loga:

Log do sprawdzenia
ComboFix 09-08-10.06 - User 2009-08-15 21:28.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1022.665 [GMT 2:00]

Uruchomiony z: c:\documents and settings\User\Pulpit\gnnnf.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\User\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk

c:\documents and settings\User\Dane aplikacji\wiaserva.log

c:\documents and settings\User\Menu Start\Programy\Autostart\ikowin32.exe

c:\documents and settings\User\nowegg.exe

c:\documents and settings\User\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\documents and settings\User\Ustawienia lokalne\Temporary Internet Files\etiraqiti.lib

C:\System

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe

c:\windows\braviax.exe

c:\windows\cru629.dat

c:\windows\system32\braviax.exe

c:\windows\system32\cru629.dat

c:\windows\system32\Data

c:\windows\system32\dllcache\figaro.sys

c:\windows\system32\wisdstr.exe

Zainfekowana kopia c:\windows\system32\drivers\beep.sys została znaleziona. Problem naprawiono

Plik odzyskano z - c:\system volume information\_restore{2423CA2A-2F2F-4B30-BBF5-4ECB9F1181EC}\RP27\A0012311.sys

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_OREANS32

-------\Service_oreans32

((((((((((((((((((((((((( Pliki utworzone od 2009-07-15 do 2009-08-15 )))))))))))))))))))))))))))))))

.

2009-08-15 19:32 . 2009-08-15 19:38 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-08-15 19:32 . 2009-08-15 19:38 29184 ----a-w- c:\windows\system32\drivers\beep.sys

2009-08-15 10:33 . 2009-08-15 10:33 -------- d-----w- c:\program files\Trend Micro

2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)

2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)

2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

2009-08-14 11:20 . 2009-08-14 15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-14 11:14 . 2009-08-15 19:38 138 ----a-w- c:\documents and settings\User\delself.bat

2009-08-14 11:14 . 2009-08-15 19:38 606528 -c--a-w- c:\windows\system32\dllcache\ntfs.sys

2009-08-14 10:13 . 2009-08-14 10:13 27004 ----a-w- c:\windows\system32\msword98.exe

2009-08-14 10:13 . 2009-08-14 10:13 27004 ----a-w- c:\documents and settings\User\msword98.exe

2009-08-13 20:57 . 2009-08-15 12:32 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Hamachi

2009-08-13 20:57 . 2009-08-13 20:57 -------- d-----w- c:\program files\Hamachi

2009-08-13 11:55 . 2009-08-13 11:55 -------- d-----w- c:\program files\Aslan Wydawnictwa Elektroniczne

2009-08-05 07:16 . 2009-08-05 07:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\KB Piano

2009-08-05 07:16 . 2009-08-05 07:16 -------- d-----w- c:\program files\KB Piano 2

2009-08-04 22:16 . 2009-08-04 22:16 -------- d-----w- c:\program files\SoftwrapLicense

2009-08-03 07:26 . 2009-08-03 07:26 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Thunderbird

2009-08-03 07:26 . 2009-08-15 16:15 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-08-03 07:14 . 2009-08-03 07:14 -------- d-----w- c:\program files\MozBackup

2009-08-02 18:12 . 2009-08-02 18:13 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Thunderbird

2009-08-02 10:52 . 2009-08-02 10:52 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\LastPass

2009-07-24 21:44 . 2009-07-24 21:44 -------- d-----w- c:\program files\Neuro

2009-07-23 09:50 . 2009-07-23 09:50 -------- d-----w- C:\AV_LOGS

2009-07-23 09:49 . 2008-12-10 14:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys

2009-07-23 09:32 . 2009-07-23 09:32 -------- d-----r- c:\documents and settings\User\Moje dokumenty

2009-07-23 09:29 . 2009-07-23 09:29 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Screaming Bee

2009-07-23 09:29 . 2009-07-23 09:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Screaming Bee

2009-07-23 09:29 . 2009-07-23 09:29 -------- d-----w- c:\program files\Screaming Bee

2009-07-20 09:41 . 2009-07-20 09:41 -------- d-----w- c:\program files\ZoneAlarmSB

2009-07-20 09:41 . 2009-07-20 09:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MailFrontier

2009-07-20 09:00 . 2009-07-20 09:00 -------- d-----w- c:\program files\Unlocker

2009-07-20 09:00 . 2009-07-20 09:00 -------- d-----w- C:\!KillBox

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-15 19:38 . 2002-08-29 02:13 606528 ----a-w- c:\windows\system32\drivers\ntfs.sys

2009-08-15 00:35 . 2008-07-04 07:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-08-14 10:25 . 2009-03-16 14:57 -------- d-----w- c:\documents and settings\User\Dane aplikacji\uTorrent

2009-08-13 20:57 . 2006-09-04 12:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-08-06 07:15 . 2009-04-24 07:35 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-05 07:16 . 2009-08-04 22:16 560 ---ha-w- c:\windows\Fonts\SWFont9.fnt

2009-08-05 07:16 . 2009-08-04 22:16 560 ----a-w- c:\program files\Global.sw

2009-07-28 14:11 . 2008-01-31 05:46 60 ----a-w- c:\windows\wpd99.drv

2009-07-28 14:11 . 2008-01-31 05:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\pdf995

2009-07-08 19:38 . 2006-11-18 10:50 -------- d-----w- c:\program files\Winamp

2009-07-04 13:14 . 2007-07-21 11:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-07-04 13:14 . 2007-07-21 11:18 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-06-24 23:09 . 2009-06-24 23:09 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Bullzip

2009-06-24 23:04 . 2009-06-24 23:04 -------- d-----w- c:\program files\Bullzip

2009-06-11 18:29 . 2007-05-12 16:25 87538 ----a-w- c:\windows\War3Unin.dat

2009-06-08 17:08 . 2009-06-08 17:06 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-06-05 10:26 . 2009-06-05 10:26 6625744 ----a-w- c:\documents and settings\User\Dane aplikacji\FontCreator\FontCreatorSetup(2).exe

2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

2009-05-26 15:12 . 2009-05-26 15:12 11264 ----a-w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll

2008-07-04 10:51 . 2008-07-04 10:51 5 --sha-w- c:\windows\system32\edffcbabd_s.dll

.

------- Sigcheck -------

[-] 2009-08-15 19:38 29184 !HASH: COULD NOT OPEN FILE !!!!! c:\windows\system32\dllcache\beep.sys

[-] 2009-08-15 19:38 29184 !HASH: COULD NOT OPEN FILE !!!!! c:\windows\system32\drivers\beep.sys

[7] 2004-08-03 21:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2009-08-15 19:38 606528 C7D310BB29F691EB821E483B6E1A1986 c:\windows\system32\dllcache\ntfs.sys

[-] 2009-08-15 19:38 606528 C7D310BB29F691EB821E483B6E1A1986 c:\windows\system32\drivers\ntfs.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nowe Gadu-Gadu"="d:\programy\Gadu-Gadu\gg.exe" [2009-05-28 10486376]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 1953792]

"Gadu-Gadu"="d:\programy\Gadu-Gadu\gg.exe" [2009-05-28 10486376]

"msword98"="c:\documents and settings\User\msword98.exe" [2009-08-14 27004]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2005-12-14 176128]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"msword98"="c:\windows\system32\msword98.exe" [2009-08-14 27004]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 0 (0x0)

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Gry\\Quake III Arena\\quake3.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Programy\\Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15054:TCP"= 15054:TCP:BitComet 15054 TCP

"15054:UDP"= 15054:UDP:BitComet 15054 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-08 108289]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-07-23 17792]

S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-10-13 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C643131}]

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe

.

Zawartość folderu 'Zaplanowane zadania'

.

- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-Uruchamianie DeCe - c:\program files\DeCe\dc.exe

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe

HKCU-Run-CTSyncU.exe - c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

HKLM-Run-Launch Ai Booster - c:\program files\ASUS\Ai Booster\OverClk.exe

HKLM-Run-LanTalk.NET - c:\program files\CEZEO software\LanTalk NET\LanTalk.exe

HKLM-Run-Anti-Blaxx Manager - c:\program files\Anti-Blaxx\Anti-Blaxx.exe

HKLM-Run-Ai Nap - c:\program files\ASUS\Ai Nap\AiNap.exe

HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe

Notify-winrzf32 - winrzf32.dll

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Pobierz z &BitSpirit - c:\program files\BitSpirit\bsurl.htm

IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)

IE: {{8FCCDD73-C9F3-443a-AB53-7A25FD925808} - c:\program files\BitBuddy\BitBuddy.EXE

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\dqoqnkge.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - plugin: c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-15 21:38

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

c:\windows\system32\wisdstr.exe 192158 bytes executable

skanowanie pomyślnie ukończone

ukryte pliki: 1

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ţ»Ów*]

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(808)

c:\windows\system32\nvappfilter.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\rundll32.exe

c:\qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.virsys

c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTSVCCDA.EXE

c:\program files\Executive Software\DiskeeperLite\DKService.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

d:\programy\Gadu-Gadu\spellchecker_gg.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\MsPMSPSv.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

.

**************************************************************************

.

Czas ukończenia: 2009-08-15 21:43 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-08-15 19:43

Przed: 1 607 729 152 bajtów wolnych

Po: 1 500 569 600 bajtów wolnych

281

//na przyszłość , logi wstawiamy w tagi LOG //dar55

Mateusz J.
komentarz
komentarz

Do notatnika wklej:

File::c:\windows\system32\msword98.exec:\documents and settings\User\msword98.exec:\windows\system32\dllcache\ntfs.sysc:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exec:\windows\system32\wisdstr.exeRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"msword98"=-[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"msword98"=-[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX1C643131}]

Plik => zapisz jako pod nazwą CFScript.txt, następnie utworzony skrypt przeciągnij na ikonkę ComboFix.

Pokaż nowy log po usuwaniu.

Adwrond
komentarz
komentarz

Ok, mam loga

Log do sprawdzenia
ComboFix 09-08-10.06 - User 2009-08-15 23:34.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1022.665 [GMT 2:00]

Uruchomiony z: c:\documents and settings\User\Pulpit\gnnnf.exe

Użyto następujących komend :: c:\documents and settings\User\Pulpit\CFScript.txt

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::

"c:\documents and settings\User\msword98.exe"

"c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe"

"c:\windows\system32\dllcache\ntfs.sys"

"c:\windows\system32\msword98.exe"

"c:\windows\system32\wisdstr.exe"

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\User\msword98.exe

c:\documents and settings\User\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\braviax.exe

c:\windows\cru629.dat

c:\windows\system32\braviax.exe

c:\windows\system32\cru629.dat

c:\windows\system32\dllcache\ntfs.sys

c:\windows\system32\msword98.exe

Zainfekowana kopia c:\windows\system32\drivers\beep.sys została znaleziona. Problem naprawiono

Plik odzyskano z - c:\system volume information\_restore{2423CA2A-2F2F-4B30-BBF5-4ECB9F1181EC}\RP27\A0012311.sys

.

((((((((((((((((((((((((( Pliki utworzone od 2009-07-15 do 2009-08-15 )))))))))))))))))))))))))))))))

.

2009-08-15 21:39 . 2001-08-23 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-08-15 21:39 . 2001-08-23 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2009-08-15 10:33 . 2009-08-15 10:33 -------- d-----w- c:\program files\Trend Micro

2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)

2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)

2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

2009-08-14 11:20 . 2009-08-14 15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-14 11:14 . 2009-08-15 20:19 138 ----a-w- c:\documents and settings\User\delself.bat

2009-08-13 20:57 . 2009-08-15 12:32 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Hamachi

2009-08-13 20:57 . 2009-08-13 20:57 -------- d-----w- c:\program files\Hamachi

2009-08-13 11:55 . 2009-08-13 11:55 -------- d-----w- c:\program files\Aslan Wydawnictwa Elektroniczne

2009-08-05 07:16 . 2009-08-05 07:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\KB Piano

2009-08-05 07:16 . 2009-08-05 07:16 -------- d-----w- c:\program files\KB Piano 2

2009-08-04 22:16 . 2009-08-04 22:16 -------- d-----w- c:\program files\SoftwrapLicense

2009-08-03 07:26 . 2009-08-03 07:26 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Thunderbird

2009-08-03 07:26 . 2009-08-15 20:09 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-08-03 07:14 . 2009-08-03 07:14 -------- d-----w- c:\program files\MozBackup

2009-08-02 18:12 . 2009-08-02 18:13 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Thunderbird

2009-08-02 10:52 . 2009-08-02 10:52 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\LastPass

2009-07-24 21:44 . 2009-07-24 21:44 -------- d-----w- c:\program files\Neuro

2009-07-23 09:50 . 2009-07-23 09:50 -------- d-----w- C:\AV_LOGS

2009-07-23 09:49 . 2008-12-10 14:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys

2009-07-23 09:32 . 2009-07-23 09:32 -------- d-----r- c:\documents and settings\User\Moje dokumenty

2009-07-23 09:29 . 2009-07-23 09:29 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Screaming Bee

2009-07-23 09:29 . 2009-07-23 09:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Screaming Bee

2009-07-23 09:29 . 2009-07-23 09:29 -------- d-----w- c:\program files\Screaming Bee

2009-07-20 09:41 . 2009-07-20 09:41 -------- d-----w- c:\program files\ZoneAlarmSB

2009-07-20 09:41 . 2009-07-20 09:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MailFrontier

2009-07-20 09:00 . 2009-07-20 09:00 -------- d-----w- c:\program files\Unlocker

2009-07-20 09:00 . 2009-07-20 09:00 -------- d-----w- C:\!KillBox

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-15 00:35 . 2008-07-04 07:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-08-14 10:25 . 2009-03-16 14:57 -------- d-----w- c:\documents and settings\User\Dane aplikacji\uTorrent

2009-08-13 20:57 . 2006-09-04 12:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-08-06 07:15 . 2009-04-24 07:35 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-05 07:16 . 2009-08-04 22:16 560 ---ha-w- c:\windows\Fonts\SWFont9.fnt

2009-08-05 07:16 . 2009-08-04 22:16 560 ----a-w- c:\program files\Global.sw

2009-07-28 14:11 . 2008-01-31 05:46 60 ----a-w- c:\windows\wpd99.drv

2009-07-28 14:11 . 2008-01-31 05:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\pdf995

2009-07-08 19:38 . 2006-11-18 10:50 -------- d-----w- c:\program files\Winamp

2009-07-04 13:14 . 2007-07-21 11:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-07-04 13:14 . 2007-07-21 11:18 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-06-24 23:09 . 2009-06-24 23:09 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Bullzip

2009-06-24 23:04 . 2009-06-24 23:04 -------- d-----w- c:\program files\Bullzip

2009-06-11 18:29 . 2007-05-12 16:25 87538 ----a-w- c:\windows\War3Unin.dat

2009-06-08 17:08 . 2009-06-08 17:06 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-06-05 10:26 . 2009-06-05 10:26 6625744 ----a-w- c:\documents and settings\User\Dane aplikacji\FontCreator\FontCreatorSetup(2).exe

2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

2009-05-26 15:12 . 2009-05-26 15:12 11264 ----a-w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll

2008-07-04 10:51 . 2008-07-04 10:51 5 --sha-w- c:\windows\system32\edffcbabd_s.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-08-15_19.39.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-15 21:45 . 2009-08-15 21:45 16384 c:\windows\Temp\Perflib_Perfdata_28c.dat

+ 2002-08-29 02:13 . 2002-08-29 02:13 561920 c:\windows\system32\drivers\ntfs.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nowe Gadu-Gadu"="d:\programy\Gadu-Gadu\gg.exe" [2009-05-28 10486376]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 1953792]

"Gadu-Gadu"="d:\programy\Gadu-Gadu\gg.exe" [2009-05-28 10486376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2005-12-14 176128]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 0 (0x0)

"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Gry\\Quake III Arena\\quake3.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Programy\\Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15054:TCP"= 15054:TCP:BitComet 15054 TCP

"15054:UDP"= 15054:UDP:BitComet 15054 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-08 108289]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-07-23 17792]

S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-10-13 16896]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Pobierz z &BitSpirit - c:\program files\BitSpirit\bsurl.htm

IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)

IE: {{8FCCDD73-C9F3-443a-AB53-7A25FD925808} - c:\program files\BitBuddy\BitBuddy.EXE

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\dqoqnkge.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - plugin: c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-15 23:45

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ţ»Ów*]

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(808)

c:\windows\system32\nvappfilter.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\rundll32.exe

c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\CTSVCCDA.EXE

c:\program files\Executive Software\DiskeeperLite\DKService.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\MsPMSPSv.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Czas ukończenia: 2009-08-15 23:49 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-08-15 21:49

ComboFix2.txt 2009-08-15 19:43

Przed: 1 487 417 344 bajtów wolnych

Po: 1 437 044 736 bajtów wolnych

253

Mateusz J.
komentarz
komentarz

Usuń folder c:\QooBox.

Czy problem ustąpił?

Przeskanuj komputer programem: http://www.forumpc.pl/index.php?showtopic=107753 (pamiętaj o: Jeśli będą zainfekowane pliki itp. to zaznaczamy i wciskamy "Usuń Zaznaczone" i jeśli będzie trzeba restartujemy komputer i dajemy raport na Forum)

Proszę również o loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338

Temat przenoszę do subforum Logi do sprawdzenia

Adwrond
komentarz
komentarz

Wielkie dzięki! :) Komputer już się nie restartuje i z traya zniknęła ikona o infekcji.

Aczkolwiek przy skanowaniu Malwarebytes' AviraAV wyrzuca mi jeszcze że np. w C:\System Volume Information są infekcje, m. in. rootkit. To się długo skanuje więc jeszcze nie mam efektu.

A log z OTL wygląda tak:

Log do sprawdzenia

OTL logfile created on: 2009-08-16 09:12:35 - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\User\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1022,48 Mb Total Physical Memory | 617,09 Mb Available Physical Memory | 60,35% Memory free

2,40 Gb Paging File | 2,07 Gb Available in Paging File | 86,37% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19,87 Gb Total Space | 1,37 Gb Free Space | 6,88% Space Free | Partition Type: NTFS

Drive D: | 113,01 Gb Total Space | 5,16 Gb Free Space | 4,57% Space Free | Partition Type: NTFS

Drive E: | 100,01 Gb Total Space | 0,45 Gb Free Space | 0,45% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CENTRAL

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009-06-11 01:07:06 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2005-12-14 16:14:26 | 00,176,128 | ---- | M] (A4Tech Co., Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe

PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2006-01-30 11:00:00 | 00,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

PRC - [2003-09-17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

PRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009-05-28 11:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- D:\Programy\Gadu-Gadu\gg.exe

PRC - [2004-12-14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

PRC - [2009-05-28 10:33:44 | 00,077,824 | ---- | M] () -- D:\Programy\Gadu-Gadu\spellchecker_gg.exe

PRC - [2009-08-06 09:15:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2007-02-04 00:57:51 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

PRC - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe

PRC - [2002-10-16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

PRC - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2006-03-30 14:54:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

PRC - [2006-03-30 14:54:18 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

PRC - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2007-12-26 14:17:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe

PRC - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe

PRC - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe

PRC - [2006-03-30 14:58:14 | 00,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

PRC - [2004-08-04 00:44:30 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

PRC - [2009-08-16 00:02:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-01-10 12:54:54 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

SRV - [2009-06-11 01:07:06 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])

SRV - [2009-08-06 09:15:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])

SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2007-02-04 00:57:51 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])

SRV - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])

SRV - [2002-10-16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper [Auto | Running])

SRV - [2008-07-11 21:56:21 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

SRV - [2006-03-30 14:58:14 | 00,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])

SRV - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running])

SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008-06-08 14:47:28 | 00,078,536 | ---- | M] (Macrovision ) -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service [On_Demand | Stopped])

SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2006-03-30 14:54:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])

SRV - [2006-03-30 14:54:18 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])

SRV - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2007-12-26 14:17:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])

SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

SRV - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running])

DRV - [2005-12-08 02:38:12 | 00,007,168 | R--- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amfilter.sys -- (Amfilter [system | Running])

DRV - [2005-12-08 02:38:40 | 00,013,312 | R--- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amusbprt.sys -- (Amusbprt [On_Demand | Running])

DRV - [2005-12-22 04:22:18 | 00,005,685 | R--- | M] () -- C:\WINDOWS\System32\drivers\AsIO.sys -- (AsIO [system | Running])

DRV - [2002-08-14 15:03:36 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])

DRV - [2005-09-26 11:24:38 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [system | Running])

DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running])

DRV - [2009-08-06 09:15:53 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])

DRV - [2009-06-08 19:08:55 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])

DRV - [2003-09-22 02:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])

DRV - [2004-10-25 20:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.SYS -- (ENTECH [On_Demand | Stopped])

DRV - [2009-08-13 22:57:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])

DRV - [2004-08-13 04:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])

DRV - [2008-06-01 09:13:10 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (npf [Auto | Running])

DRV - [2006-10-22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2006-04-24 17:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [boot | Running])

DRV - [2006-03-22 14:24:00 | 00,052,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])

DRV - [2006-03-22 14:24:02 | 00,018,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])

DRV - [2006-03-22 14:23:50 | 00,109,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVTcp.sys -- (NVTCP [system | Running])

DRV - [2003-09-22 02:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])

DRV - [2004-06-04 10:27:46 | 00,840,960 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])

DRV - [2003-03-05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])

DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2009-03-27 14:23:12 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER [On_Demand | Running])

DRV - [2006-08-29 18:06:50 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

DRV - [2005-08-10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running])

DRV - [2005-05-16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running])

DRV - [2005-12-12 21:12:01 | 00,049,664 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04 [boot | Running])

DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running])

DRV - [2009-04-18 10:35:41 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2009-06-11 01:07:06 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])

DRV - [2006-01-29 12:48:22 | 00,016,896 | ---- | M] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\SynasUSB.sys -- (SynasUSB [On_Demand | Stopped])

DRV - [2006-08-27 16:52:13 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])

DRV - [2008-12-10 16:56:26 | 00,017,792 | ---- | M] (Avnex) -- C:\WINDOWS\System32\DRIVERS\vcsvad.sys -- (VCSVADHWSer [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.order.1: "Yahoo"

FF - prefs.js..browser.search.order.2: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "megaup"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-01 19:05:42 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-06 14:04:56 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-05 11:20:25 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-08-03 09:26:54 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008-08-29 09:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions

[2008-08-29 09:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-08-02 19:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Firefox\Profiles\dqoqnkge.default\extensions

[2009-08-15 12:33:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-08-05 11:20:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-03-01 19:05:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

[2009-04-20 09:40:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009-08-05 11:20:22 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-08-05 11:20:22 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009-03-09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009-08-05 11:20:24 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2008-04-28 05:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2008-04-28 05:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2009-07-20 11:41:31 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll

[2009-07-15 21:00:25 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2009-07-15 21:00:25 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-07-15 21:00:25 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-07-15 21:00:25 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-07-15 21:00:25 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-07-15 21:00:25 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-07-15 21:00:25 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co., Ltd.)

O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [Gadu-Gadu] D:\Programy\Gadu-Gadu\gg.exe (GG Network S.A.)

O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)

O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [Nowe Gadu-Gadu] D:\Programy\Gadu-Gadu\gg.exe (GG Network S.A.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: ÓñČĚŘľ«ÁéĎÂÔŘ(&B) - Reg Error: Value error. File not found

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm ()

O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()

O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()

O9 - Extra Button: BitBuddy - {8FCCDD73-C9F3-443a-AB53-7A25FD925808} - C:\Program Files\BitBuddy\BitBuddy.EXE (BtVampire,Inc.)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..Trusted Domains: ([]msn in Mój komputer)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-08-23 20:42:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-08-16 00:03:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Malwarebytes

[2009-08-16 00:03:12 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-08-16 00:03:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-08-16 00:03:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-08-16 00:03:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2009-08-16 00:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009-08-16 00:02:44 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

[2009-08-16 00:02:40 | 00,050,013 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\beztytuulrs.png

[2009-08-16 00:01:26 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe

[2009-08-15 23:53:57 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009-08-15 23:48:25 | 00,561,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys

[2009-08-15 23:48:24 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys

[2009-08-15 23:39:09 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys

[2009-08-15 23:39:09 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys

[2009-08-15 23:32:38 | 00,000,000 | --SD | C] -- C:\gnnnf

[2009-08-15 21:42:12 | 03,003,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll

[2009-08-15 21:42:12 | 02,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe

[2009-08-15 21:42:12 | 02,058,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe

[2009-08-15 21:42:12 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll

[2009-08-15 21:42:12 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe

[2009-08-15 21:42:12 | 01,012,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll

[2009-08-15 21:42:12 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll

[2009-08-15 21:42:12 | 00,822,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll

[2009-08-15 21:42:12 | 00,658,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll

[2009-08-15 21:42:12 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll

[2009-08-15 21:42:12 | 00,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe

[2009-08-15 21:42:12 | 00,435,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll

[2009-08-15 21:42:12 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll

[2009-08-15 21:42:12 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll

[2009-08-15 21:42:12 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll

[2009-08-15 21:42:12 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys

[2009-08-15 21:42:12 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll

[2009-08-15 21:42:12 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll

[2009-08-15 21:42:12 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys

[2009-08-15 21:42:12 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll

[2009-08-15 21:42:12 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll

[2009-08-15 21:42:12 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys

[2009-08-15 21:42:12 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe

[2009-08-15 21:42:12 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll

[2009-08-15 21:42:12 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe

[2009-08-15 21:42:12 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll

[2009-08-15 21:42:12 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll

[2009-08-15 21:42:12 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe

[2009-08-15 21:42:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll

[2009-08-15 21:42:12 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys

[2009-08-15 21:42:12 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe

[2009-08-15 21:42:12 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys

[2009-08-15 21:42:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll

[2009-08-15 21:42:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll

[2009-08-15 21:42:12 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe

[2009-08-15 21:42:12 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys

[2009-08-15 21:42:12 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe

[2009-08-15 21:42:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe

[2009-08-15 21:42:12 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys

[2009-08-15 21:42:12 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll

[2009-08-15 21:42:12 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys

[2009-08-15 21:42:11 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll

[2009-08-15 21:42:11 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe

[2009-08-15 21:42:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache

[2009-08-15 21:26:57 | 00,216,064 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009-08-15 21:26:57 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009-08-15 21:26:08 | 03,124,187 | R--- | C] () -- C:\Documents and Settings\User\Pulpit\gnnnf.exe

[2009-08-15 21:13:42 | 00,019,975 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr

[2009-08-15 21:13:42 | 00,019,590 | ---- | C] () -- C:\Program Files\Common Files\ifice.dat

[2009-08-15 21:13:42 | 00,019,082 | ---- | C] () -- C:\WINDOWS\lysuw.reg

[2009-08-15 21:13:42 | 00,018,777 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg

[2009-08-15 21:13:42 | 00,018,417 | ---- | C] () -- C:\WINDOWS\efejoxivax.dl

[2009-08-15 21:13:42 | 00,018,388 | ---- | C] () -- C:\WINDOWS\xakesyxup._sy

[2009-08-15 21:13:42 | 00,018,011 | ---- | C] () -- C:\Program Files\Common Files\gonucyxyko.inf

[2009-08-15 21:13:42 | 00,017,874 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib

[2009-08-15 21:13:42 | 00,017,700 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs

[2009-08-15 21:13:42 | 00,016,780 | ---- | C] () -- C:\WINDOWS\vaxuna.pif

[2009-08-15 21:13:42 | 00,016,114 | ---- | C] () -- C:\Program Files\Common Files\aloquni.reg

[2009-08-15 21:13:42 | 00,014,911 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf

[2009-08-15 21:13:42 | 00,014,735 | ---- | C] () -- C:\WINDOWS\eqify.vbs

[2009-08-15 21:13:42 | 00,014,687 | ---- | C] () -- C:\WINDOWS\magycodyk.com

[2009-08-15 21:13:42 | 00,013,735 | ---- | C] () -- C:\WINDOWS\System32\bije._sy

[2009-08-15 21:13:42 | 00,013,445 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll

[2009-08-15 21:13:42 | 00,013,317 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib

[2009-08-15 21:13:42 | 00,013,083 | ---- | C] () -- C:\WINDOWS\System32\isirina.scr

[2009-08-15 21:13:42 | 00,012,539 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif

[2009-08-15 21:13:42 | 00,012,004 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com

[2009-08-15 21:13:42 | 00,011,432 | ---- | C] () -- C:\WINDOWS\bodole.dl

[2009-08-15 21:13:42 | 00,011,301 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com

[2009-08-15 21:13:42 | 00,011,221 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif

[2009-08-15 21:13:42 | 00,010,442 | ---- | C] () -- C:\WINDOWS\tysuliwa.db

[2009-08-15 21:13:42 | 00,010,360 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe

[2009-08-15 21:13:42 | 00,010,009 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr

[2009-08-15 17:11:09 | 00,034,564 | ---- | C] () -- D:\Dokumenty\1570995_podloga1.jpg

[2009-08-15 17:04:20 | 00,028,545 | ---- | C] () -- D:\Dokumenty\IMAGE0006.JPG

[2009-08-15 17:03:13 | 00,128,836 | ---- | C] () -- D:\Dokumenty\przekroj_podlogi_2.jpg

[2009-08-15 17:01:54 | 00,217,636 | ---- | C] () -- D:\Dokumenty\P-01.jpg

[2009-08-15 12:33:13 | 00,001,737 | ---- | C] () -- D:\Dokumenty\HijackThis.lnk

[2009-08-15 12:33:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009-08-14 13:22:44 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)

[2009-08-14 13:22:42 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)

[2009-08-14 13:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)

[2009-08-14 13:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

[2009-08-14 13:20:09 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009-08-13 22:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Hamachi

[2009-08-13 22:57:16 | 00,000,000 | ---D | C] -- C:\Program Files\Hamachi

[2009-08-13 16:25:18 | 00,000,469 | ---- | C] () -- D:\Dokumenty\Co jest.lnk

[2009-08-13 13:56:11 | 00,000,152 | ---- | C] () -- C:\WINDOWS\Aslan.INI

[2009-08-13 13:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\Aslan Wydawnictwa Elektroniczne

[2009-08-06 11:47:45 | 00,000,599 | ---- | C] () -- D:\Dokumenty\Lancraft.lnk

[2009-08-05 09:16:50 | 00,030,520 | ---- | C] () -- C:\WINDOWS\System32\midiwrap3405.deu

[2009-08-05 09:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\KB Piano

[2009-08-05 09:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\KB Piano 2

[2009-08-05 00:16:45 | 00,000,560 | ---- | C] () -- C:\Program Files\Global.sw

[2009-08-05 00:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\SoftwrapLicense

[2009-08-03 09:26:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Thunderbird

[2009-08-03 09:26:50 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[2009-08-03 09:14:55 | 00,000,000 | ---D | C] -- C:\Program Files\MozBackup

[2009-08-02 20:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Thunderbird

[2009-08-02 12:52:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\LastPass

[2009-07-24 23:44:15 | 00,000,000 | ---D | C] -- C:\Program Files\Neuro

[2009-07-23 11:50:12 | 00,000,000 | ---D | C] -- C:\AV_LOGS

[2009-07-23 11:49:17 | 00,017,792 | ---- | C] (Avnex) -- C:\WINDOWS\System32\drivers\vcsvad.sys

[2009-07-23 11:29:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Screaming Bee

[2009-07-23 11:29:17 | 00,001,838 | ---- | C] () -- D:\Dokumenty\MorphVOX Pro.lnk

[2009-07-23 11:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\Screaming Bee

[2009-07-23 11:29:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee

[2009-07-23 09:04:44 | 00,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk

[2009-07-21 09:49:38 | 00,000,531 | ---- | C] () -- D:\Dokumenty\Diablo II.lnk

[2009-07-20 11:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmSB

[2009-07-20 11:41:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier

[2009-07-20 11:00:37 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker

[2009-07-20 11:00:20 | 00,000,000 | ---D | C] -- C:\!KillBox

[2009-07-17 13:03:31 | 00,001,950 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutoCAD Startup Accelerator.lnk

[2009-07-17 13:03:31 | 00,001,760 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

[2009-07-17 13:03:31 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

[2009-07-17 13:03:31 | 00,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk

[2009-03-30 13:37:03 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll

[2009-02-27 01:34:26 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009-01-10 12:30:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wordpad.ini

[2008-07-04 20:22:25 | 00,000,417 | ---- | C] () -- C:\WINDOWS\WGPLAYER.INI

[2008-07-04 20:22:08 | 00,000,827 | ---- | C] () -- C:\WINDOWS\WINGROOV.INI

[2008-07-04 13:14:35 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini

[2008-07-04 12:51:01 | 00,000,005 | -HS- | C] () -- C:\WINDOWS\System32\edffcbabd_s.dll

[2008-06-01 09:13:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2008-02-11 17:17:55 | 00,000,058 | ---- | C] () -- C:\WINDOWS\ISIS.INI

[2008-02-11 17:12:49 | 00,001,615 | ---- | C] () -- C:\WINDOWS\ISISAIHP.INI

[2008-02-11 17:12:49 | 00,000,736 | ---- | C] () -- C:\WINDOWS\ISISAIM.INI

[2008-01-31 07:47:36 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2008-01-31 07:46:09 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2008-01-31 07:46:09 | 00,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2007-10-01 15:02:24 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll

[2007-07-21 13:19:03 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2007-05-25 21:07:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2007-02-18 21:05:49 | 00,720,896 | ---- | C] () -- C:\WINDOWS\EAInstall.dll

[2007-01-02 13:59:13 | 00,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2007-01-02 13:59:12 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2007-01-02 13:59:12 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007-01-02 13:59:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007-01-02 13:59:10 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007-01-02 13:59:10 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2006-11-06 20:04:20 | 00,000,320 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini

[2006-11-06 20:02:59 | 00,000,666 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2006-11-03 20:44:11 | 00,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI

[2006-10-01 22:13:20 | 00,000,870 | ---- | C] () -- C:\WINDOWS\VPlayer.INI

[2006-09-12 16:31:10 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2006-09-03 10:43:27 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2006-08-31 10:05:10 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2006-08-31 10:04:51 | 00,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini

[2006-08-31 10:04:51 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2006-08-31 10:04:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2006-08-31 10:04:50 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll

[2006-08-31 10:04:48 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[2006-08-29 23:27:36 | 00,000,113 | ---- | C] () -- C:\WINDOWS\ksjp.ini

[2006-08-29 20:33:24 | 00,000,030 | ---- | C] () -- C:\WINDOWS\nfsulan.ini

[2006-08-28 19:54:45 | 00,033,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys

[2006-08-28 10:22:39 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006-08-27 19:48:13 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2006-08-25 19:44:59 | 00,001,768 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI

[2006-08-25 19:12:50 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2006-08-25 19:12:43 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2006-08-25 15:45:09 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2006-08-25 08:49:24 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2006-08-25 08:49:24 | 00,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2006-08-25 08:49:22 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2006-08-25 08:49:22 | 00,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2006-08-25 08:46:19 | 00,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini

[2006-08-25 08:46:19 | 00,000,402 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini

[2006-08-25 08:45:15 | 00,023,145 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2006-08-25 08:45:15 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2006-08-25 08:45:03 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2006-08-24 11:15:43 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2006-08-24 09:49:17 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2006-08-23 22:49:46 | 00,003,101 | ---- | C] () -- C:\WINDOWS\bestplayer.ini

[2006-08-23 22:23:15 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2006-08-23 22:18:23 | 00,000,532 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006-08-23 21:56:24 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2006-08-23 21:55:44 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2006-06-01 17:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006-06-01 17:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006-06-01 17:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006-06-01 17:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006-06-01 17:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006-06-01 17:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006-06-01 17:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005-10-21 00:58:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\vspxvfw.dll

[2005-09-26 11:24:38 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys

[2005-09-01 16:20:46 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll

[2001-10-26 17:45:34 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL

[2001-07-22 00:16:20 | 00,001,059 | ---- | C] () -- C:\WINDOWS\win.ini

[2001-07-22 00:15:52 | 00,000,462 | ---- | C] () -- C:\WINDOWS\system.ini

[1999-01-22 22:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]

[2009-08-16 09:10:00 | 00,088,399 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-08-16 09:09:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-08-16 09:09:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-08-16 00:03:12 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-08-16 00:02:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

[2009-08-16 00:02:40 | 00,050,013 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\beztytuulrs.png

[2009-08-16 00:01:45 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe

[2009-08-15 23:45:15 | 00,000,462 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-08-15 23:44:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009-08-15 23:32:15 | 00,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini

[2009-08-15 21:26:22 | 03,124,187 | R--- | M] () -- C:\Documents and Settings\User\Pulpit\gnnnf.exe

[2009-08-15 21:13:42 | 00,019,975 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr

[2009-08-15 21:13:42 | 00,019,590 | ---- | M] () -- C:\Program Files\Common Files\ifice.dat

[2009-08-15 21:13:42 | 00,019,082 | ---- | M] () -- C:\WINDOWS\lysuw.reg

[2009-08-15 21:13:42 | 00,018,777 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg

[2009-08-15 21:13:42 | 00,018,417 | ---- | M] () -- C:\WINDOWS\efejoxivax.dl

[2009-08-15 21:13:42 | 00,018,388 | ---- | M] () -- C:\WINDOWS\xakesyxup._sy

[2009-08-15 21:13:42 | 00,018,011 | ---- | M] () -- C:\Program Files\Common Files\gonucyxyko.inf

[2009-08-15 21:13:42 | 00,017,874 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib

[2009-08-15 21:13:42 | 00,017,700 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs

[2009-08-15 21:13:42 | 00,016,780 | ---- | M] () -- C:\WINDOWS\vaxuna.pif

[2009-08-15 21:13:42 | 00,016,114 | ---- | M] () -- C:\Program Files\Common Files\aloquni.reg

[2009-08-15 21:13:42 | 00,014,911 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf

[2009-08-15 21:13:42 | 00,014,735 | ---- | M] () -- C:\WINDOWS\eqify.vbs

[2009-08-15 21:13:42 | 00,014,687 | ---- | M] () -- C:\WINDOWS\magycodyk.com

[2009-08-15 21:13:42 | 00,013,735 | ---- | M] () -- C:\WINDOWS\System32\bije._sy

[2009-08-15 21:13:42 | 00,013,445 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll

[2009-08-15 21:13:42 | 00,013,317 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib

[2009-08-15 21:13:42 | 00,013,083 | ---- | M] () -- C:\WINDOWS\System32\isirina.scr

[2009-08-15 21:13:42 | 00,012,539 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif

[2009-08-15 21:13:42 | 00,012,004 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com

[2009-08-15 21:13:42 | 00,011,432 | ---- | M] () -- C:\WINDOWS\bodole.dl

[2009-08-15 21:13:42 | 00,011,301 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com

[2009-08-15 21:13:42 | 00,011,221 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif

[2009-08-15 21:13:42 | 00,010,442 | ---- | M] () -- C:\WINDOWS\tysuliwa.db

[2009-08-15 21:13:42 | 00,010,360 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe

[2009-08-15 21:13:42 | 00,010,009 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr

[2009-08-15 17:11:09 | 00,034,564 | ---- | M] () -- D:\Dokumenty\1570995_podloga1.jpg

[2009-08-15 17:04:20 | 00,028,545 | ---- | M] () -- D:\Dokumenty\IMAGE0006.JPG

[2009-08-15 17:03:13 | 00,128,836 | ---- | M] () -- D:\Dokumenty\przekroj_podlogi_2.jpg

[2009-08-15 17:01:54 | 00,217,636 | ---- | M] () -- D:\Dokumenty\P-01.jpg

[2009-08-15 12:33:13 | 00,001,737 | ---- | M] () -- D:\Dokumenty\HijackThis.lnk

[2009-08-15 00:10:15 | 00,133,300 | ---- | M] () -- C:\WINDOWS\bestplayer.bbt

[2009-08-15 00:10:15 | 00,003,101 | ---- | M] () -- C:\WINDOWS\bestplayer.ini

[2009-08-15 00:10:15 | 00,000,035 | ---- | M] () -- C:\WINDOWS\bestplayer.bpp

[2009-08-14 23:22:25 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-08-14 23:22:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-08-13 22:57:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys

[2009-08-13 16:25:18 | 00,000,469 | ---- | M] () -- D:\Dokumenty\Co jest.lnk

[2009-08-13 15:43:38 | 00,000,666 | ---- | M] () -- C:\WINDOWS\wincmd.ini

[2009-08-13 13:56:11 | 00,000,152 | ---- | M] () -- C:\WINDOWS\Aslan.INI

[2009-08-13 12:59:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009-08-11 11:40:39 | 00,001,059 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-08-11 11:40:39 | 00,000,223 | -HS- | M] () -- C:\boot.ini

[2009-08-08 12:10:14 | 00,216,064 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009-08-06 11:47:45 | 00,000,599 | ---- | M] () -- D:\Dokumenty\Lancraft.lnk

[2009-08-06 09:15:53 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009-08-05 09:16:50 | 00,030,520 | ---- | M] () -- C:\WINDOWS\System32\midiwrap3405.deu

[2009-08-05 09:16:04 | 00,000,560 | ---- | M] () -- C:\Program Files\Global.sw

[2009-08-03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-08-03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-07-30 16:44:36 | 03,169,804 | -H-- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-07-28 16:11:18 | 00,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv

[2009-07-27 18:23:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-07-23 11:29:17 | 00,001,838 | ---- | M] () -- D:\Dokumenty\MorphVOX Pro.lnk

[2009-07-23 09:04:44 | 00,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk

[2009-07-21 09:49:38 | 00,000,531 | ---- | M] () -- D:\Dokumenty\Diablo II.lnk

========== LOP Check ==========

[2009-08-16 00:03:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji

[2008-12-06 12:52:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{66F5A32C-70B3-414C-92F3-56D2AF967193}

[2009-05-20 09:43:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{92E7A367-8E12-4830-AA70-29C32E331A81}

[2008-09-08 09:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo

[2008-07-04 23:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk

[2009-03-01 18:16:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus

[2008-10-20 23:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard

[2008-07-13 18:03:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\espionServerData

[2008-07-11 22:05:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet

[2009-08-05 09:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KB Piano

[2006-09-03 13:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Locktime

[2009-07-20 11:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier

[2006-12-29 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MSN6

[2009-07-28 16:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\pdf995

[2009-07-23 11:30:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee

[2009-05-04 09:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2006-08-23 21:35:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji

[2009-05-16 10:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji

[2006-08-23 20:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji

[2009-08-16 00:03:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\User\Dane aplikacji

[2006-09-01 09:54:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\.bittorrent

[2008-09-06 13:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ahead

[2008-09-08 09:19:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ashampoo

[2006-11-27 09:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Autodesk

[2009-04-13 10:29:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Azureus

[2009-03-17 13:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BitSpirit

[2009-06-25 01:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Bullzip

[2008-10-11 23:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Cakewalk

[2006-09-04 14:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\CEZEO software

[2007-07-12 11:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Command & Conquer 3 Tiberium Wars

[2006-09-05 16:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Czat

[2007-02-10 22:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\EAST Technologies

[2009-06-05 13:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\FontCreator

[2009-01-05 23:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\foobar2000

[2009-08-15 14:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Hamachi

[2008-12-06 11:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\HEXelon

[2008-05-18 16:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\iLibrary Reader

[2006-12-24 22:31:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Kingston

[2006-09-03 13:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Locktime

[2006-12-29 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\MSN6

[2008-07-03 22:58:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Music Recognition

[2009-06-11 19:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nokia

[2009-02-27 10:20:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nowe Gadu-Gadu

[2008-07-04 12:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Offline Explorer

[2009-01-25 01:16:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Opera

[2008-01-31 07:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\pdf995

[2009-07-23 11:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Screaming Bee

[2007-07-01 21:06:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\User\Dane aplikacji\SecuROM

[2009-05-04 12:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Softi Software

[2008-04-27 19:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Softplicity

[2009-04-19 01:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Steinberg

[2006-09-04 15:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\teamspeak2

[2009-08-03 09:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Thunderbird

[2007-08-30 14:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Tlen.pl

[2009-08-14 12:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\uTorrent

[2006-09-04 15:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ventrilo

[2001-07-22 00:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-08-16 09:09:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C8B8CEBD

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:364682BC

< End of report >

Gość
komentarz
komentarz

Infekcja jakaś inna powróciła.!

Wklej ponownie log z ComboFixa (najnowszy).

.

Adwrond
komentarz
komentarz

Malwarebytes' w końcu zakończył skanowanie, usunął 16 infekcji i wyrzucił loga:

Log do sprawdzenia

Malwarebytes' Anti-Malware 1.40

Wersja bazy definicji: 2631

Windows 5.1.2600 Dodatek Service Pack 2

2009-08-16 19:06:03

mbam-log-2009-08-16 (19-06-03).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)

Przeskanowane obiekty: 463609

Upłynęło: 8 hour(s), 8 minute(s), 18 second(s)

Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 2

Zainfekowane wartości rejestru: 1

Zainfekowane pliki rejestru: 4

Zainfekowane foldery: 1

Zainfekowane pliki: 8

Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:

HKEY_CURRENT_USER\SOFTWARE\ByteLinker (Pup.BitSpirit) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Zainfekowane pliki rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Zainfekowane foldery:

C:\Documents and Settings\User\Menu Start\Programy\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Zainfekowane pliki:

C:\WINDOWS\system32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

D:\Instalki\Guitar Pro 4.10\keygen.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.

D:\Almost lost\Instalki\HDD Regenerator 1.51\crack\HDD Regenerator.exe (Malware.Packer.Morphine) -> Quarantined and deleted successfully.

D:\Almost lost\Instalki\Sonic Foundry Vegas Video 5 + DVD\Sony Vegas 5.0a (Build 134)\Vegas5_Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

D:\Almost lost\Instalki\Sony Vegas 6.0c\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Menu Start\Programy\PC_Antispyware2010\PC_Antispyware2010.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Menu Start\Programy\PC_Antispyware2010\Uninstall.lnk (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

A nowy log z ComboFixa wygląda tak:

Log do sprawdzenia

ComboFix 09-08-10.06 - User 2009-08-16 19:11.3.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1022.652 [GMT 2:00]

Uruchomiony z: c:\documents and settings\User\Pulpit\gnnnf.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

.

((((((((((((((((((((((((( Pliki utworzone od 2009-07-16 do 2009-08-16 )))))))))))))))))))))))))))))))

.

2009-08-15 22:03 . 2009-08-15 22:03 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Malwarebytes

2009-08-15 22:03 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-15 22:03 . 2009-08-15 22:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes

2009-08-15 22:03 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-15 22:03 . 2009-08-15 22:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-15 21:39 . 2001-08-23 12:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys

2009-08-15 21:39 . 2001-08-23 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys

2009-08-15 10:33 . 2009-08-15 10:33 -------- d-----w- c:\program files\Trend Micro

2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)

2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)

2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

2009-08-14 11:22 . 2009-08-14 11:22 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

2009-08-14 11:20 . 2009-08-14 15:51 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-13 20:57 . 2009-08-15 12:32 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Hamachi

2009-08-13 20:57 . 2009-08-13 20:57 -------- d-----w- c:\program files\Hamachi

2009-08-13 11:55 . 2009-08-13 11:55 -------- d-----w- c:\program files\Aslan Wydawnictwa Elektroniczne

2009-08-05 07:16 . 2009-08-05 07:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\KB Piano

2009-08-05 07:16 . 2009-08-05 07:16 -------- d-----w- c:\program files\KB Piano 2

2009-08-04 22:16 . 2009-08-04 22:16 -------- d-----w- c:\program files\SoftwrapLicense

2009-08-03 07:26 . 2009-08-03 07:26 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Thunderbird

2009-08-03 07:26 . 2009-08-16 13:19 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-08-03 07:14 . 2009-08-03 07:14 -------- d-----w- c:\program files\MozBackup

2009-08-02 18:12 . 2009-08-02 18:13 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Thunderbird

2009-08-02 10:52 . 2009-08-02 10:52 -------- d-----w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\LastPass

2009-07-24 21:44 . 2009-07-24 21:44 -------- d-----w- c:\program files\Neuro

2009-07-23 09:50 . 2009-07-23 09:50 -------- d-----w- C:\AV_LOGS

2009-07-23 09:49 . 2008-12-10 14:56 17792 ----a-w- c:\windows\system32\drivers\vcsvad.sys

2009-07-23 09:32 . 2009-07-23 09:32 -------- d-----r- c:\documents and settings\User\Moje dokumenty

2009-07-23 09:29 . 2009-07-23 09:29 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Screaming Bee

2009-07-23 09:29 . 2009-07-23 09:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Screaming Bee

2009-07-23 09:29 . 2009-07-23 09:29 -------- d-----w- c:\program files\Screaming Bee

2009-07-20 09:41 . 2009-07-20 09:41 -------- d-----w- c:\program files\ZoneAlarmSB

2009-07-20 09:41 . 2009-07-20 09:41 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MailFrontier

2009-07-20 09:00 . 2009-07-20 09:00 -------- d-----w- c:\program files\Unlocker

2009-07-20 09:00 . 2009-07-20 09:00 -------- d-----w- C:\!KillBox

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-15 00:35 . 2008-07-04 07:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-08-14 10:25 . 2009-03-16 14:57 -------- d-----w- c:\documents and settings\User\Dane aplikacji\uTorrent

2009-08-13 20:57 . 2006-09-04 12:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-08-06 07:15 . 2009-04-24 07:35 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-05 07:16 . 2009-08-04 22:16 560 ---ha-w- c:\windows\Fonts\SWFont9.fnt

2009-08-05 07:16 . 2009-08-04 22:16 560 ----a-w- c:\program files\Global.sw

2009-07-28 14:11 . 2008-01-31 05:46 60 ----a-w- c:\windows\wpd99.drv

2009-07-28 14:11 . 2008-01-31 05:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\pdf995

2009-07-08 19:38 . 2006-11-18 10:50 -------- d-----w- c:\program files\Winamp

2009-07-04 13:14 . 2007-07-21 11:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-07-04 13:14 . 2007-07-21 11:18 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-06-24 23:09 . 2009-06-24 23:09 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Bullzip

2009-06-24 23:04 . 2009-06-24 23:04 -------- d-----w- c:\program files\Bullzip

2009-06-11 18:29 . 2007-05-12 16:25 87538 ----a-w- c:\windows\War3Unin.dat

2009-06-08 17:08 . 2009-06-08 17:06 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-06-05 10:26 . 2009-06-05 10:26 6625744 ----a-w- c:\documents and settings\User\Dane aplikacji\FontCreator\FontCreatorSetup(2).exe

2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

2009-05-26 15:12 . 2009-05-26 15:12 11264 ----a-w- c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll

2008-07-04 10:51 . 2008-07-04 10:51 5 --sha-w- c:\windows\system32\edffcbabd_s.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nowe Gadu-Gadu"="d:\programy\Gadu-Gadu\gg.exe" [2009-05-28 10486376]

"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 1953792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2005-12-14 176128]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]

"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Gry\\Quake III Arena\\quake3.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Programy\\Gadu-Gadu\\gg.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15054:TCP"= 15054:TCP:BitComet 15054 TCP

"15054:UDP"= 15054:UDP:BitComet 15054 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-08 108289]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-03-27 23064]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2009-07-23 17792]

S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys --> c:\windows\system32\DRIVERS\AmdTools.sys [?]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-10-13 16896]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Pobierz z &BitSpirit - c:\program files\BitSpirit\bsurl.htm

IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)

IE: {{8FCCDD73-C9F3-443a-AB53-7A25FD925808} - c:\program files\BitBuddy\BitBuddy.EXE

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\dqoqnkge.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - plugin: c:\documents and settings\User\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-16 19:14

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|˙˙˙˙"•€|ţ»Ów*]

"AB141C35E9F4BF344B9FC010BB17F68A"=""

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(812)

c:\windows\system32\nvappfilter.dll

.

Czas ukończenia: 2009-08-16 19:17

ComboFix-quarantined-files.txt 2009-08-16 17:16

ComboFix2.txt 2009-08-15 21:49

Przed: 1 458 491 392 bajtów wolnych

Po: 1 408 200 704 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn

211

Gość
komentarz
komentarz

Hmm...

Pokaż najnowszy log z OTL.

.

Adwrond
komentarz
komentarz (edytowane)

Proszę

Log do sprawdzenia

OTL logfile created on: 2009-08-16 20:29:19 - Run 2

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\User\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1022,48 Mb Total Physical Memory | 512,12 Mb Available Physical Memory | 50,09% Memory free

2,40 Gb Paging File | 1,99 Gb Available in Paging File | 82,73% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19,87 Gb Total Space | 1,35 Gb Free Space | 6,81% Space Free | Partition Type: NTFS

Drive D: | 113,01 Gb Total Space | 5,16 Gb Free Space | 4,57% Space Free | Partition Type: NTFS

Drive E: | 100,01 Gb Total Space | 0,45 Gb Free Space | 0,45% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CENTRAL

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009-06-11 01:07:06 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2005-12-14 16:14:26 | 00,176,128 | ---- | M] (A4Tech Co., Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe

PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2006-01-30 11:00:00 | 00,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

PRC - [2003-09-17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

PRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009-05-28 11:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- D:\Programy\Gadu-Gadu\gg.exe

PRC - [2009-05-28 10:33:44 | 00,077,824 | ---- | M] () -- D:\Programy\Gadu-Gadu\spellchecker_gg.exe

PRC - [2009-08-06 09:15:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2007-02-04 00:57:51 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

PRC - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe

PRC - [2002-10-16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

PRC - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2006-03-30 14:54:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

PRC - [2006-03-30 14:54:18 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

PRC - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2007-12-26 14:17:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe

PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe

PRC - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe

PRC - [2006-03-30 14:58:14 | 00,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

PRC - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

PRC - [2004-08-04 00:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2009-08-05 11:20:23 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-08-16 00:02:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

PRC - [2004-08-04 00:44:30 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-01-10 12:54:54 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

SRV - [2009-06-11 01:07:06 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])

SRV - [2009-08-06 09:15:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])

SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2007-02-04 00:57:51 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])

SRV - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])

SRV - [2002-10-16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper [Auto | Running])

SRV - [2008-07-11 21:56:21 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

SRV - [2006-03-30 14:58:14 | 00,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])

SRV - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running])

SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008-06-08 14:47:28 | 00,078,536 | ---- | M] (Macrovision ) -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service [On_Demand | Stopped])

SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2006-03-30 14:54:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])

SRV - [2006-03-30 14:54:18 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])

SRV - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2007-12-26 14:17:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])

SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

SRV - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running])

DRV - [2005-12-08 02:38:12 | 00,007,168 | R--- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amfilter.sys -- (Amfilter [system | Running])

DRV - [2005-12-08 02:38:40 | 00,013,312 | R--- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amusbprt.sys -- (Amusbprt [On_Demand | Running])

DRV - [2005-12-22 04:22:18 | 00,005,685 | R--- | M] () -- C:\WINDOWS\System32\drivers\AsIO.sys -- (AsIO [system | Running])

DRV - [2002-08-14 15:03:36 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])

DRV - [2005-09-26 11:24:38 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [system | Running])

DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running])

DRV - [2009-08-06 09:15:53 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])

DRV - [2009-06-08 19:08:55 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])

DRV - [2003-09-22 02:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])

DRV - [2004-10-25 20:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.SYS -- (ENTECH [On_Demand | Stopped])

DRV - [2009-08-13 22:57:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])

DRV - [2004-08-13 04:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])

DRV - [2008-06-01 09:13:10 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (npf [Auto | Running])

DRV - [2006-10-22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2006-04-24 17:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [boot | Running])

DRV - [2006-03-22 14:24:00 | 00,052,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])

DRV - [2006-03-22 14:24:02 | 00,018,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])

DRV - [2006-03-22 14:23:50 | 00,109,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVTcp.sys -- (NVTCP [system | Running])

DRV - [2003-09-22 02:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])

DRV - [2004-06-04 10:27:46 | 00,840,960 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])

DRV - [2003-03-05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])

DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2009-03-27 14:23:12 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER [On_Demand | Running])

DRV - [2006-08-29 18:06:50 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

DRV - [2005-08-10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running])

DRV - [2005-05-16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running])

DRV - [2005-12-12 21:12:01 | 00,049,664 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04 [boot | Running])

DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running])

DRV - [2009-04-18 10:35:41 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2009-06-11 01:07:06 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])

DRV - [2006-01-29 12:48:22 | 00,016,896 | ---- | M] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\SynasUSB.sys -- (SynasUSB [On_Demand | Stopped])

DRV - [2006-08-27 16:52:13 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])

DRV - [2008-12-10 16:56:26 | 00,017,792 | ---- | M] (Avnex) -- C:\WINDOWS\System32\DRIVERS\vcsvad.sys -- (VCSVADHWSer [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.order.1: "Yahoo"

FF - prefs.js..browser.search.order.2: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "megaup"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-01 19:05:42 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-06 14:04:56 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-05 11:20:25 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-08-03 09:26:54 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008-08-29 09:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions

[2008-08-29 09:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-08-02 19:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Firefox\Profiles\dqoqnkge.default\extensions

[2009-08-16 12:47:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-08-05 11:20:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-03-01 19:05:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

[2009-04-20 09:40:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009-08-05 11:20:22 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-08-05 11:20:22 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009-03-09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009-08-05 11:20:24 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2008-04-28 05:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2008-04-28 05:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2009-07-20 11:41:31 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll

[2009-07-15 21:00:25 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2009-07-15 21:00:25 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-07-15 21:00:25 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-07-15 21:00:25 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-07-15 21:00:25 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-07-15 21:00:25 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-07-15 21:00:25 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co., Ltd.)

O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)

O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [Nowe Gadu-Gadu] D:\Programy\Gadu-Gadu\gg.exe (GG Network S.A.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: ÓñČĚŘľ«ÁéĎÂÔŘ(&B) - Reg Error: Value error. File not found

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm ()

O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()

O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()

O9 - Extra Button: BitBuddy - {8FCCDD73-C9F3-443a-AB53-7A25FD925808} - C:\Program Files\BitBuddy\BitBuddy.EXE (BtVampire,Inc.)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..Trusted Domains: ([]msn in Mój komputer)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-08-23 20:42:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-08-16 19:19:50 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009-08-16 19:09:58 | 00,000,223 | ---- | C] () -- C:\Boot.bak

[2009-08-16 19:09:54 | 00,262,400 | ---- | C] () -- C:\cmldr

[2009-08-16 19:09:53 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009-08-16 12:27:07 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\normy.doc

[2009-08-16 00:03:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Malwarebytes

[2009-08-16 00:03:12 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-08-16 00:03:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-08-16 00:03:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-08-16 00:03:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2009-08-16 00:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009-08-16 00:02:44 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

[2009-08-16 00:01:26 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe

[2009-08-15 23:48:25 | 00,561,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys

[2009-08-15 23:48:24 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys

[2009-08-15 23:39:09 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys

[2009-08-15 23:39:09 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys

[2009-08-15 21:42:12 | 03,003,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll

[2009-08-15 21:42:12 | 02,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe

[2009-08-15 21:42:12 | 02,058,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe

[2009-08-15 21:42:12 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll

[2009-08-15 21:42:12 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe

[2009-08-15 21:42:12 | 01,012,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll

[2009-08-15 21:42:12 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll

[2009-08-15 21:42:12 | 00,822,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll

[2009-08-15 21:42:12 | 00,658,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll

[2009-08-15 21:42:12 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll

[2009-08-15 21:42:12 | 00,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe

[2009-08-15 21:42:12 | 00,435,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll

[2009-08-15 21:42:12 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll

[2009-08-15 21:42:12 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll

[2009-08-15 21:42:12 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll

[2009-08-15 21:42:12 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys

[2009-08-15 21:42:12 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll

[2009-08-15 21:42:12 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll

[2009-08-15 21:42:12 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys

[2009-08-15 21:42:12 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll

[2009-08-15 21:42:12 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll

[2009-08-15 21:42:12 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys

[2009-08-15 21:42:12 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe

[2009-08-15 21:42:12 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll

[2009-08-15 21:42:12 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe

[2009-08-15 21:42:12 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll

[2009-08-15 21:42:12 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll

[2009-08-15 21:42:12 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe

[2009-08-15 21:42:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll

[2009-08-15 21:42:12 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys

[2009-08-15 21:42:12 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe

[2009-08-15 21:42:12 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys

[2009-08-15 21:42:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll

[2009-08-15 21:42:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll

[2009-08-15 21:42:12 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe

[2009-08-15 21:42:12 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys

[2009-08-15 21:42:12 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe

[2009-08-15 21:42:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe

[2009-08-15 21:42:12 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys

[2009-08-15 21:42:12 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll

[2009-08-15 21:42:12 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys

[2009-08-15 21:42:11 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll

[2009-08-15 21:42:11 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe

[2009-08-15 21:42:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache

[2009-08-15 21:26:57 | 00,216,064 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009-08-15 21:26:57 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009-08-15 21:26:08 | 03,124,187 | R--- | C] () -- C:\Documents and Settings\User\Pulpit\gnnnf.exe

[2009-08-15 21:13:42 | 00,019,975 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr

[2009-08-15 21:13:42 | 00,019,590 | ---- | C] () -- C:\Program Files\Common Files\ifice.dat

[2009-08-15 21:13:42 | 00,019,082 | ---- | C] () -- C:\WINDOWS\lysuw.reg

[2009-08-15 21:13:42 | 00,018,777 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg

[2009-08-15 21:13:42 | 00,018,417 | ---- | C] () -- C:\WINDOWS\efejoxivax.dl

[2009-08-15 21:13:42 | 00,018,388 | ---- | C] () -- C:\WINDOWS\xakesyxup._sy

[2009-08-15 21:13:42 | 00,018,011 | ---- | C] () -- C:\Program Files\Common Files\gonucyxyko.inf

[2009-08-15 21:13:42 | 00,017,874 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib

[2009-08-15 21:13:42 | 00,017,700 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs

[2009-08-15 21:13:42 | 00,016,780 | ---- | C] () -- C:\WINDOWS\vaxuna.pif

[2009-08-15 21:13:42 | 00,016,114 | ---- | C] () -- C:\Program Files\Common Files\aloquni.reg

[2009-08-15 21:13:42 | 00,014,911 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf

[2009-08-15 21:13:42 | 00,014,735 | ---- | C] () -- C:\WINDOWS\eqify.vbs

[2009-08-15 21:13:42 | 00,014,687 | ---- | C] () -- C:\WINDOWS\magycodyk.com

[2009-08-15 21:13:42 | 00,013,735 | ---- | C] () -- C:\WINDOWS\System32\bije._sy

[2009-08-15 21:13:42 | 00,013,445 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll

[2009-08-15 21:13:42 | 00,013,317 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib

[2009-08-15 21:13:42 | 00,013,083 | ---- | C] () -- C:\WINDOWS\System32\isirina.scr

[2009-08-15 21:13:42 | 00,012,539 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif

[2009-08-15 21:13:42 | 00,012,004 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com

[2009-08-15 21:13:42 | 00,011,432 | ---- | C] () -- C:\WINDOWS\bodole.dl

[2009-08-15 21:13:42 | 00,011,301 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com

[2009-08-15 21:13:42 | 00,011,221 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif

[2009-08-15 21:13:42 | 00,010,442 | ---- | C] () -- C:\WINDOWS\tysuliwa.db

[2009-08-15 21:13:42 | 00,010,360 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe

[2009-08-15 21:13:42 | 00,010,009 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr

[2009-08-15 17:11:09 | 00,034,564 | ---- | C] () -- D:\Dokumenty\1570995_podloga1.jpg

[2009-08-15 17:04:20 | 00,028,545 | ---- | C] () -- D:\Dokumenty\IMAGE0006.JPG

[2009-08-15 17:03:13 | 00,128,836 | ---- | C] () -- D:\Dokumenty\przekroj_podlogi_2.jpg

[2009-08-15 17:01:54 | 00,217,636 | ---- | C] () -- D:\Dokumenty\P-01.jpg

[2009-08-15 12:33:13 | 00,001,737 | ---- | C] () -- D:\Dokumenty\HijackThis.lnk

[2009-08-15 12:33:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009-08-14 13:22:44 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)

[2009-08-14 13:22:42 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)

[2009-08-14 13:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)

[2009-08-14 13:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

[2009-08-14 13:20:09 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009-08-13 22:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Hamachi

[2009-08-13 22:57:16 | 00,000,000 | ---D | C] -- C:\Program Files\Hamachi

[2009-08-13 16:25:18 | 00,000,469 | ---- | C] () -- D:\Dokumenty\Co jest.lnk

[2009-08-13 13:56:11 | 00,000,152 | ---- | C] () -- C:\WINDOWS\Aslan.INI

[2009-08-13 13:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\Aslan Wydawnictwa Elektroniczne

[2009-08-06 11:47:45 | 00,000,599 | ---- | C] () -- D:\Dokumenty\Lancraft.lnk

[2009-08-05 09:16:50 | 00,030,520 | ---- | C] () -- C:\WINDOWS\System32\midiwrap3405.deu

[2009-08-05 09:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\KB Piano

[2009-08-05 09:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\KB Piano 2

[2009-08-05 00:16:45 | 00,000,560 | ---- | C] () -- C:\Program Files\Global.sw

[2009-08-05 00:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\SoftwrapLicense

[2009-08-03 09:26:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Thunderbird

[2009-08-03 09:26:50 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[2009-08-03 09:14:55 | 00,000,000 | ---D | C] -- C:\Program Files\MozBackup

[2009-08-02 20:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Thunderbird

[2009-08-02 12:52:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\LastPass

[2009-07-24 23:44:15 | 00,000,000 | ---D | C] -- C:\Program Files\Neuro

[2009-07-23 11:50:12 | 00,000,000 | ---D | C] -- C:\AV_LOGS

[2009-07-23 11:49:17 | 00,017,792 | ---- | C] (Avnex) -- C:\WINDOWS\System32\drivers\vcsvad.sys

[2009-07-23 11:29:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Screaming Bee

[2009-07-23 11:29:17 | 00,001,838 | ---- | C] () -- D:\Dokumenty\MorphVOX Pro.lnk

[2009-07-23 11:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\Screaming Bee

[2009-07-23 11:29:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee

[2009-07-23 09:04:44 | 00,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk

[2009-07-21 09:49:38 | 00,000,531 | ---- | C] () -- D:\Dokumenty\Diablo II.lnk

[2009-07-20 11:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmSB

[2009-07-20 11:41:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier

[2009-07-20 11:00:37 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker

[2009-07-20 11:00:20 | 00,000,000 | ---D | C] -- C:\!KillBox

[2009-03-30 13:37:03 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll

[2009-02-27 01:34:26 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009-01-10 12:30:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wordpad.ini

[2008-07-04 20:22:25 | 00,000,417 | ---- | C] () -- C:\WINDOWS\WGPLAYER.INI

[2008-07-04 20:22:08 | 00,000,827 | ---- | C] () -- C:\WINDOWS\WINGROOV.INI

[2008-07-04 13:14:35 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini

[2008-07-04 12:51:01 | 00,000,005 | -HS- | C] () -- C:\WINDOWS\System32\edffcbabd_s.dll

[2008-06-01 09:13:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2008-02-11 17:17:55 | 00,000,058 | ---- | C] () -- C:\WINDOWS\ISIS.INI

[2008-02-11 17:12:49 | 00,001,615 | ---- | C] () -- C:\WINDOWS\ISISAIHP.INI

[2008-02-11 17:12:49 | 00,000,736 | ---- | C] () -- C:\WINDOWS\ISISAIM.INI

[2008-01-31 07:47:36 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2008-01-31 07:46:09 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2008-01-31 07:46:09 | 00,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2007-10-01 15:02:24 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll

[2007-07-21 13:19:03 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2007-05-25 21:07:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2007-02-18 21:05:49 | 00,720,896 | ---- | C] () -- C:\WINDOWS\EAInstall.dll

[2007-01-02 13:59:13 | 00,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2007-01-02 13:59:12 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2007-01-02 13:59:12 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007-01-02 13:59:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007-01-02 13:59:10 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007-01-02 13:59:10 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2006-11-06 20:04:20 | 00,000,320 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini

[2006-11-06 20:02:59 | 00,000,666 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2006-11-03 20:44:11 | 00,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI

[2006-10-01 22:13:20 | 00,000,870 | ---- | C] () -- C:\WINDOWS\VPlayer.INI

[2006-09-12 16:31:10 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2006-09-03 10:43:27 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2006-08-31 10:05:10 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2006-08-31 10:04:51 | 00,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini

[2006-08-31 10:04:51 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2006-08-31 10:04:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2006-08-31 10:04:50 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll

[2006-08-31 10:04:48 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[2006-08-29 23:27:36 | 00,000,113 | ---- | C] () -- C:\WINDOWS\ksjp.ini

[2006-08-29 20:33:24 | 00,000,030 | ---- | C] () -- C:\WINDOWS\nfsulan.ini

[2006-08-28 10:22:39 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006-08-27 19:48:13 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2006-08-25 19:44:59 | 00,001,768 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI

[2006-08-25 19:12:50 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2006-08-25 19:12:43 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2006-08-25 15:45:09 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2006-08-25 08:49:24 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2006-08-25 08:49:24 | 00,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2006-08-25 08:49:22 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2006-08-25 08:49:22 | 00,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2006-08-25 08:46:19 | 00,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini

[2006-08-25 08:46:19 | 00,000,402 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini

[2006-08-25 08:45:15 | 00,023,145 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2006-08-25 08:45:15 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2006-08-25 08:45:03 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2006-08-24 11:15:43 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2006-08-24 09:49:17 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2006-08-23 22:49:46 | 00,003,101 | ---- | C] () -- C:\WINDOWS\bestplayer.ini

[2006-08-23 22:23:15 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2006-08-23 22:18:23 | 00,000,532 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006-08-23 21:56:24 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2006-08-23 21:55:44 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2006-06-01 17:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006-06-01 17:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006-06-01 17:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006-06-01 17:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006-06-01 17:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006-06-01 17:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006-06-01 17:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005-10-21 00:58:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\vspxvfw.dll

[2005-09-26 11:24:38 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys

[2005-09-01 16:20:46 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll

[2001-10-26 17:45:34 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL

[2001-07-22 00:16:20 | 00,001,059 | ---- | C] () -- C:\WINDOWS\win.ini

[2001-07-22 00:15:52 | 00,000,462 | ---- | C] () -- C:\WINDOWS\system.ini

[1999-01-22 22:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]

[2009-08-16 19:36:40 | 00,088,399 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-08-16 19:36:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-08-16 19:36:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-08-16 19:15:01 | 00,000,462 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-08-16 19:09:58 | 00,000,293 | RHS- | M] () -- C:\boot.ini

[2009-08-16 19:05:39 | 00,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini

[2009-08-16 12:27:46 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\normy.doc

[2009-08-16 00:03:12 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-08-16 00:02:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

[2009-08-16 00:01:45 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe

[2009-08-15 23:44:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009-08-15 21:26:22 | 03,124,187 | R--- | M] () -- C:\Documents and Settings\User\Pulpit\gnnnf.exe

[2009-08-15 21:13:42 | 00,019,975 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr

[2009-08-15 21:13:42 | 00,019,590 | ---- | M] () -- C:\Program Files\Common Files\ifice.dat

[2009-08-15 21:13:42 | 00,019,082 | ---- | M] () -- C:\WINDOWS\lysuw.reg

[2009-08-15 21:13:42 | 00,018,777 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg

[2009-08-15 21:13:42 | 00,018,417 | ---- | M] () -- C:\WINDOWS\efejoxivax.dl

[2009-08-15 21:13:42 | 00,018,388 | ---- | M] () -- C:\WINDOWS\xakesyxup._sy

[2009-08-15 21:13:42 | 00,018,011 | ---- | M] () -- C:\Program Files\Common Files\gonucyxyko.inf

[2009-08-15 21:13:42 | 00,017,874 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib

[2009-08-15 21:13:42 | 00,017,700 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs

[2009-08-15 21:13:42 | 00,016,780 | ---- | M] () -- C:\WINDOWS\vaxuna.pif

[2009-08-15 21:13:42 | 00,016,114 | ---- | M] () -- C:\Program Files\Common Files\aloquni.reg

[2009-08-15 21:13:42 | 00,014,911 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf

[2009-08-15 21:13:42 | 00,014,735 | ---- | M] () -- C:\WINDOWS\eqify.vbs

[2009-08-15 21:13:42 | 00,014,687 | ---- | M] () -- C:\WINDOWS\magycodyk.com

[2009-08-15 21:13:42 | 00,013,735 | ---- | M] () -- C:\WINDOWS\System32\bije._sy

[2009-08-15 21:13:42 | 00,013,445 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll

[2009-08-15 21:13:42 | 00,013,317 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib

[2009-08-15 21:13:42 | 00,013,083 | ---- | M] () -- C:\WINDOWS\System32\isirina.scr

[2009-08-15 21:13:42 | 00,012,539 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif

[2009-08-15 21:13:42 | 00,012,004 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com

[2009-08-15 21:13:42 | 00,011,432 | ---- | M] () -- C:\WINDOWS\bodole.dl

[2009-08-15 21:13:42 | 00,011,301 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com

[2009-08-15 21:13:42 | 00,011,221 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif

[2009-08-15 21:13:42 | 00,010,442 | ---- | M] () -- C:\WINDOWS\tysuliwa.db

[2009-08-15 21:13:42 | 00,010,360 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe

[2009-08-15 21:13:42 | 00,010,009 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr

[2009-08-15 17:11:09 | 00,034,564 | ---- | M] () -- D:\Dokumenty\1570995_podloga1.jpg

[2009-08-15 17:04:20 | 00,028,545 | ---- | M] () -- D:\Dokumenty\IMAGE0006.JPG

[2009-08-15 17:03:13 | 00,128,836 | ---- | M] () -- D:\Dokumenty\przekroj_podlogi_2.jpg

[2009-08-15 17:01:54 | 00,217,636 | ---- | M] () -- D:\Dokumenty\P-01.jpg

[2009-08-15 12:33:13 | 00,001,737 | ---- | M] () -- D:\Dokumenty\HijackThis.lnk

[2009-08-15 00:10:15 | 00,133,300 | ---- | M] () -- C:\WINDOWS\bestplayer.bbt

[2009-08-15 00:10:15 | 00,003,101 | ---- | M] () -- C:\WINDOWS\bestplayer.ini

[2009-08-15 00:10:15 | 00,000,035 | ---- | M] () -- C:\WINDOWS\bestplayer.bpp

[2009-08-14 23:22:25 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-08-14 23:22:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-08-13 22:57:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys

[2009-08-13 16:25:18 | 00,000,469 | ---- | M] () -- D:\Dokumenty\Co jest.lnk

[2009-08-13 15:43:38 | 00,000,666 | ---- | M] () -- C:\WINDOWS\wincmd.ini

[2009-08-13 13:56:11 | 00,000,152 | ---- | M] () -- C:\WINDOWS\Aslan.INI

[2009-08-13 12:59:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009-08-11 11:40:39 | 00,001,059 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-08-11 11:40:39 | 00,000,223 | ---- | M] () -- C:\Boot.bak

[2009-08-08 12:10:14 | 00,216,064 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009-08-06 11:47:45 | 00,000,599 | ---- | M] () -- D:\Dokumenty\Lancraft.lnk

[2009-08-06 09:15:53 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009-08-05 09:16:50 | 00,030,520 | ---- | M] () -- C:\WINDOWS\System32\midiwrap3405.deu

[2009-08-05 09:16:04 | 00,000,560 | ---- | M] () -- C:\Program Files\Global.sw

[2009-08-03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-08-03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-07-30 16:44:36 | 03,169,804 | -H-- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-07-28 16:11:18 | 00,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv

[2009-07-27 18:23:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-07-23 11:29:17 | 00,001,838 | ---- | M] () -- D:\Dokumenty\MorphVOX Pro.lnk

[2009-07-23 09:04:44 | 00,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk

[2009-07-21 09:49:38 | 00,000,531 | ---- | M] () -- D:\Dokumenty\Diablo II.lnk

========== LOP Check ==========

[2009-08-16 00:03:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji

[2008-12-06 12:52:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{66F5A32C-70B3-414C-92F3-56D2AF967193}

[2009-05-20 09:43:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{92E7A367-8E12-4830-AA70-29C32E331A81}

[2008-09-08 09:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo

[2008-07-04 23:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk

[2009-03-01 18:16:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus

[2008-10-20 23:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard

[2008-07-13 18:03:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\espionServerData

[2008-07-11 22:05:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet

[2009-08-05 09:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KB Piano

[2006-09-03 13:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Locktime

[2009-07-20 11:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier

[2006-12-29 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MSN6

[2009-07-28 16:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\pdf995

[2009-07-23 11:30:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee

[2009-05-04 09:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2006-08-23 21:35:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji

[2009-05-16 10:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji

[2006-08-23 20:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji

[2009-08-16 00:03:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\User\Dane aplikacji

[2006-09-01 09:54:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\.bittorrent

[2008-09-06 13:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ahead

[2008-09-08 09:19:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ashampoo

[2006-11-27 09:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Autodesk

[2009-04-13 10:29:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Azureus

[2009-03-17 13:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BitSpirit

[2009-06-25 01:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Bullzip

[2008-10-11 23:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Cakewalk

[2006-09-04 14:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\CEZEO software

[2007-07-12 11:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Command & Conquer 3 Tiberium Wars

[2006-09-05 16:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Czat

[2007-02-10 22:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\EAST Technologies

[2009-06-05 13:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\FontCreator

[2009-01-05 23:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\foobar2000

[2009-08-15 14:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Hamachi

[2008-12-06 11:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\HEXelon

[2008-05-18 16:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\iLibrary Reader

[2006-12-24 22:31:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Kingston

[2006-09-03 13:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Locktime

[2006-12-29 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\MSN6

[2008-07-03 22:58:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Music Recognition

[2009-06-11 19:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nokia

[2009-02-27 10:20:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nowe Gadu-Gadu

[2008-07-04 12:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Offline Explorer

[2009-01-25 01:16:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Opera

[2008-01-31 07:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\pdf995

[2009-07-23 11:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Screaming Bee

[2007-07-01 21:06:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\User\Dane aplikacji\SecuROM

[2009-05-04 12:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Softi Software

[2008-04-27 19:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Softplicity

[2009-04-19 01:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Steinberg

[2006-09-04 15:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\teamspeak2

[2009-08-03 09:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Thunderbird

[2007-08-30 14:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Tlen.pl

[2009-08-14 12:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\uTorrent

[2006-09-04 15:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ventrilo

[2001-07-22 00:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-08-16 19:36:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C8B8CEBD

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:364682BC

< End of report >

Gość
komentarz
komentarz

[2009-08-15 21:13:42 | 00,019,975 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr

[2009-08-15 21:13:42 | 00,019,590 | ---- | C] () -- C:\Program Files\Common Files\ifice.dat

[2009-08-15 21:13:42 | 00,019,082 | ---- | C] () -- C:\WINDOWS\lysuw.reg

[2009-08-15 21:13:42 | 00,018,777 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg

[2009-08-15 21:13:42 | 00,018,417 | ---- | C] () -- C:\WINDOWS\efejoxivax.dl

[2009-08-15 21:13:42 | 00,018,388 | ---- | C] () -- C:\WINDOWS\xakesyxup._sy

[2009-08-15 21:13:42 | 00,018,011 | ---- | C] () -- C:\Program Files\Common Files\gonucyxyko.inf

[2009-08-15 21:13:42 | 00,017,874 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib

[2009-08-15 21:13:42 | 00,017,700 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs

[2009-08-15 21:13:42 | 00,016,780 | ---- | C] () -- C:\WINDOWS\vaxuna.pif

[2009-08-15 21:13:42 | 00,016,114 | ---- | C] () -- C:\Program Files\Common Files\aloquni.reg

[2009-08-15 21:13:42 | 00,014,911 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf

[2009-08-15 21:13:42 | 00,014,735 | ---- | C] () -- C:\WINDOWS\eqify.vbs

[2009-08-15 21:13:42 | 00,014,687 | ---- | C] () -- C:\WINDOWS\magycodyk.com

[2009-08-15 21:13:42 | 00,013,735 | ---- | C] () -- C:\WINDOWS\System32\bije._sy

[2009-08-15 21:13:42 | 00,013,445 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll

[2009-08-15 21:13:42 | 00,013,317 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib

[2009-08-15 21:13:42 | 00,013,083 | ---- | C] () -- C:\WINDOWS\System32\isirina.scr

[2009-08-15 21:13:42 | 00,012,539 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif

[2009-08-15 21:13:42 | 00,012,004 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com

[2009-08-15 21:13:42 | 00,011,432 | ---- | C] () -- C:\WINDOWS\bodole.dl

[2009-08-15 21:13:42 | 00,011,301 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com

[2009-08-15 21:13:42 | 00,011,221 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif

[2009-08-15 21:13:42 | 00,010,442 | ---- | C] () -- C:\WINDOWS\tysuliwa.db

[2009-08-15 21:13:42 | 00,010,360 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe

[2009-08-15 21:13:42 | 00,010,009 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr

To mi wygląda na jakieś trojany (robaki) mają dziwnę nazwę + powstały w tej samej sekundzie, korci żeby to usunąć, lecz narazie nie dam usuwania.

C:\WINDOWS\efejoxivax.dl

Sprawdź go na ---> VIRUSSCAN.

Albo na --> VIRUSTOTAL.

Lub na --> VIRSCAN.

.

Adwrond
komentarz
komentarz

Przeskanowałem go i jeszcze kilka z tych plików i nic nie znalazło. Poza tym w sumie się nic na kompie chyba nie działo od ostatniego przejechania ComboFixem i po usuwaniu Malwarebytesem więc może już nic nie wyskoczy... Komputer działa i mogę kończyć swoją pracę. :)

Tak czy inaczej wielkie dzięki Jesiona za nieocenioną pomoc KamilJB za ostatnie posty!

Gość
komentarz
komentarz

Czyli końcówka:

1. Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt:

:OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not foundO18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not foundO16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O8 - Extra context menu item: ÓñČĚŘľ«ÁéĎÂÔŘ(&B) - Reg Error: Value error. File not foundO3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.:Commands[emptytemp][start explorer][Reboot]

Klikasz w Run Fix i zatwierdzasz restart komputera.

2. Po restarcie odpalasz ponowie OTL i tym razem wywołujesz go z opcji CleanUp, zgadzasz się na czyszczenie + na kolejny restart komputera.

3. Przeskanuj obszar ,,Mój Komputer" http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

.

Adwrond
komentarz
komentarz (edytowane)

Pierwsze dwa kroki wykonałem ale skanowania Kasperskym nie bo Klucz utracił ważność czy coś takiego. Za to log z OTL jaki się pojawił wygląda tak:

Log do sprawdzenia

OTL logfile created on: 2009-08-16 20:29:19 - Run 2

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\User\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1022,48 Mb Total Physical Memory | 512,12 Mb Available Physical Memory | 50,09% Memory free

2,40 Gb Paging File | 1,99 Gb Available in Paging File | 82,73% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19,87 Gb Total Space | 1,35 Gb Free Space | 6,81% Space Free | Partition Type: NTFS

Drive D: | 113,01 Gb Total Space | 5,16 Gb Free Space | 4,57% Space Free | Partition Type: NTFS

Drive E: | 100,01 Gb Total Space | 0,45 Gb Free Space | 0,45% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CENTRAL

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2004-08-04 00:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009-06-11 01:07:06 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2005-12-14 16:14:26 | 00,176,128 | ---- | M] (A4Tech Co., Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe

PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2006-01-30 11:00:00 | 00,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

PRC - [2003-09-17 10:43:36 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

PRC - [2009-03-02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2009-05-28 11:23:12 | 10,486,376 | ---- | M] (GG Network S.A.) -- D:\Programy\Gadu-Gadu\gg.exe

PRC - [2009-05-28 10:33:44 | 00,077,824 | ---- | M] () -- D:\Programy\Gadu-Gadu\spellchecker_gg.exe

PRC - [2009-08-06 09:15:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2007-02-04 00:57:51 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

PRC - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

PRC - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe

PRC - [2002-10-16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

PRC - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2006-03-30 14:54:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

PRC - [2006-03-30 14:54:18 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

PRC - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2007-12-26 14:17:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe

PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe

PRC - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe

PRC - [2006-03-30 14:58:14 | 00,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

PRC - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

PRC - [2004-08-04 00:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe

PRC - [2009-08-05 11:20:23 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-08-16 00:02:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

PRC - [2004-08-04 00:44:30 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-01-10 12:54:54 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

SRV - [2009-06-11 01:07:06 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])

SRV - [2009-08-06 09:15:52 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])

SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2007-02-04 00:57:51 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])

SRV - [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [1999-12-13 03:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])

SRV - [2002-10-16 21:56:00 | 00,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper [Auto | Running])

SRV - [2008-07-11 21:56:21 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

SRV - [2006-03-30 14:58:14 | 00,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])

SRV - [2006-02-07 00:13:32 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running])

SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - [2008-06-08 14:47:28 | 00,078,536 | ---- | M] (Macrovision ) -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service [On_Demand | Stopped])

SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2006-03-30 14:54:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])

SRV - [2006-03-30 14:54:18 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])

SRV - [2006-10-22 13:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2007-12-26 14:17:37 | 00,066,872 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])

SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

SRV - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys -- (AmdK8 [system | Running])

DRV - [2005-12-08 02:38:12 | 00,007,168 | R--- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amfilter.sys -- (Amfilter [system | Running])

DRV - [2005-12-08 02:38:40 | 00,013,312 | R--- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amusbprt.sys -- (Amusbprt [On_Demand | Running])

DRV - [2005-12-22 04:22:18 | 00,005,685 | R--- | M] () -- C:\WINDOWS\System32\drivers\AsIO.sys -- (AsIO [system | Running])

DRV - [2002-08-14 15:03:36 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])

DRV - [2005-09-26 11:24:38 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [system | Running])

DRV - [2009-02-13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [system | Running])

DRV - [2009-08-06 09:15:53 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])

DRV - [2009-06-08 19:08:55 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [system | Running])

DRV - [2003-09-22 02:48:06 | 00,130,192 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])

DRV - [2004-10-25 20:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.SYS -- (ENTECH [On_Demand | Stopped])

DRV - [2009-08-13 22:57:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])

DRV - [2004-08-13 04:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])

DRV - [2008-06-01 09:13:10 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (npf [Auto | Running])

DRV - [2006-10-22 13:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2006-04-24 17:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [boot | Running])

DRV - [2006-03-22 14:24:00 | 00,052,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])

DRV - [2006-03-22 14:24:02 | 00,018,944 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])

DRV - [2006-03-22 14:23:50 | 00,109,568 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVTcp.sys -- (NVTCP [system | Running])

DRV - [2003-09-22 02:47:38 | 00,178,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])

DRV - [2004-06-04 10:27:46 | 00,840,960 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])

DRV - [2003-03-05 12:19:28 | 00,015,840 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PfModNT.sys -- (PfModNT [Auto | Running])

DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2009-03-27 14:23:12 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- C:\WINDOWS\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER [On_Demand | Running])

DRV - [2006-08-29 18:06:50 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])

DRV - [2005-08-10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running])

DRV - [2005-05-16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running])

DRV - [2005-12-12 21:12:01 | 00,049,664 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync04.sys -- (sfsync04 [boot | Running])

DRV - [2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running])

DRV - [2009-04-18 10:35:41 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2009-06-11 01:07:06 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [system | Running])

DRV - [2006-01-29 12:48:22 | 00,016,896 | ---- | M] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\SynasUSB.sys -- (SynasUSB [On_Demand | Stopped])

DRV - [2006-08-27 16:52:13 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])

DRV - [2008-12-10 16:56:26 | 00,017,792 | ---- | M] (Avnex) -- C:\WINDOWS\System32\DRIVERS\vcsvad.sys -- (VCSVADHWSer [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.order.1: "Yahoo"

FF - prefs.js..browser.search.order.2: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "megaup"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-01 19:05:42 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-06 14:04:56 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-05 11:20:25 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-08-03 09:26:54 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008-08-29 09:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions

[2008-08-29 09:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-08-02 19:07:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Firefox\Profiles\dqoqnkge.default\extensions

[2009-08-16 12:47:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-08-05 11:20:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-03-01 19:05:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

[2009-04-20 09:40:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009-08-05 11:20:22 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-08-05 11:20:22 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009-03-09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009-08-05 11:20:24 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2008-04-28 05:00:00 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2006-09-05 23:45:58 | 00,090,112 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2008-04-28 05:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2009-07-20 11:41:31 | 00,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll

[2009-07-15 21:00:25 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2009-07-15 21:00:25 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-07-15 21:00:25 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-07-15 21:00:25 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-07-15 21:00:25 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-07-15 21:00:25 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-07-15 21:00:25 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.

O3 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co., Ltd.)

O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)

O4 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003..\Run: [Nowe Gadu-Gadu] D:\Programy\Gadu-Gadu\gg.exe (GG Network S.A.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: ÓñČĚŘľ«ÁéĎÂÔŘ(&B) - Reg Error: Value error. File not found

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm ()

O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()

O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()

O9 - Extra Button: BitBuddy - {8FCCDD73-C9F3-443a-AB53-7A25FD925808} - C:\Program Files\BitBuddy\BitBuddy.EXE (BtVampire,Inc.)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\nvappfilter.dll (NVIDIA)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1659004503-1979792683-839522115-1003\..Trusted Domains: ([]msn in Mój komputer)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Value error. File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-08-23 20:42:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-08-16 19:19:50 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009-08-16 19:09:58 | 00,000,223 | ---- | C] () -- C:\Boot.bak

[2009-08-16 19:09:54 | 00,262,400 | ---- | C] () -- C:\cmldr

[2009-08-16 19:09:53 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009-08-16 12:27:07 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\normy.doc

[2009-08-16 00:03:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Malwarebytes

[2009-08-16 00:03:12 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-08-16 00:03:10 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-08-16 00:03:08 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-08-16 00:03:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2009-08-16 00:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009-08-16 00:02:44 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

[2009-08-16 00:01:26 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe

[2009-08-15 23:48:25 | 00,561,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys

[2009-08-15 23:48:24 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys

[2009-08-15 23:39:09 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys

[2009-08-15 23:39:09 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys

[2009-08-15 21:42:12 | 03,003,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll

[2009-08-15 21:42:12 | 02,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe

[2009-08-15 21:42:12 | 02,058,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe

[2009-08-15 21:42:12 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll

[2009-08-15 21:42:12 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe

[2009-08-15 21:42:12 | 01,012,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll

[2009-08-15 21:42:12 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll

[2009-08-15 21:42:12 | 00,822,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll

[2009-08-15 21:42:12 | 00,658,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll

[2009-08-15 21:42:12 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll

[2009-08-15 21:42:12 | 00,504,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe

[2009-08-15 21:42:12 | 00,435,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll

[2009-08-15 21:42:12 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll

[2009-08-15 21:42:12 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll

[2009-08-15 21:42:12 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll

[2009-08-15 21:42:12 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys

[2009-08-15 21:42:12 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll

[2009-08-15 21:42:12 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll

[2009-08-15 21:42:12 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys

[2009-08-15 21:42:12 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll

[2009-08-15 21:42:12 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll

[2009-08-15 21:42:12 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys

[2009-08-15 21:42:12 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe

[2009-08-15 21:42:12 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll

[2009-08-15 21:42:12 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe

[2009-08-15 21:42:12 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll

[2009-08-15 21:42:12 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll

[2009-08-15 21:42:12 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe

[2009-08-15 21:42:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll

[2009-08-15 21:42:12 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys

[2009-08-15 21:42:12 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe

[2009-08-15 21:42:12 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys

[2009-08-15 21:42:12 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll

[2009-08-15 21:42:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll

[2009-08-15 21:42:12 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe

[2009-08-15 21:42:12 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys

[2009-08-15 21:42:12 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe

[2009-08-15 21:42:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe

[2009-08-15 21:42:12 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys

[2009-08-15 21:42:12 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll

[2009-08-15 21:42:12 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys

[2009-08-15 21:42:11 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll

[2009-08-15 21:42:11 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe

[2009-08-15 21:42:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache

[2009-08-15 21:26:57 | 00,216,064 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009-08-15 21:26:57 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009-08-15 21:26:08 | 03,124,187 | R--- | C] () -- C:\Documents and Settings\User\Pulpit\gnnnf.exe

[2009-08-15 21:13:42 | 00,019,975 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr

[2009-08-15 21:13:42 | 00,019,590 | ---- | C] () -- C:\Program Files\Common Files\ifice.dat

[2009-08-15 21:13:42 | 00,019,082 | ---- | C] () -- C:\WINDOWS\lysuw.reg

[2009-08-15 21:13:42 | 00,018,777 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg

[2009-08-15 21:13:42 | 00,018,417 | ---- | C] () -- C:\WINDOWS\efejoxivax.dl

[2009-08-15 21:13:42 | 00,018,388 | ---- | C] () -- C:\WINDOWS\xakesyxup._sy

[2009-08-15 21:13:42 | 00,018,011 | ---- | C] () -- C:\Program Files\Common Files\gonucyxyko.inf

[2009-08-15 21:13:42 | 00,017,874 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib

[2009-08-15 21:13:42 | 00,017,700 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs

[2009-08-15 21:13:42 | 00,016,780 | ---- | C] () -- C:\WINDOWS\vaxuna.pif

[2009-08-15 21:13:42 | 00,016,114 | ---- | C] () -- C:\Program Files\Common Files\aloquni.reg

[2009-08-15 21:13:42 | 00,014,911 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf

[2009-08-15 21:13:42 | 00,014,735 | ---- | C] () -- C:\WINDOWS\eqify.vbs

[2009-08-15 21:13:42 | 00,014,687 | ---- | C] () -- C:\WINDOWS\magycodyk.com

[2009-08-15 21:13:42 | 00,013,735 | ---- | C] () -- C:\WINDOWS\System32\bije._sy

[2009-08-15 21:13:42 | 00,013,445 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll

[2009-08-15 21:13:42 | 00,013,317 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib

[2009-08-15 21:13:42 | 00,013,083 | ---- | C] () -- C:\WINDOWS\System32\isirina.scr

[2009-08-15 21:13:42 | 00,012,539 | ---- | C] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif

[2009-08-15 21:13:42 | 00,012,004 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com

[2009-08-15 21:13:42 | 00,011,432 | ---- | C] () -- C:\WINDOWS\bodole.dl

[2009-08-15 21:13:42 | 00,011,301 | ---- | C] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com

[2009-08-15 21:13:42 | 00,011,221 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif

[2009-08-15 21:13:42 | 00,010,442 | ---- | C] () -- C:\WINDOWS\tysuliwa.db

[2009-08-15 21:13:42 | 00,010,360 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe

[2009-08-15 21:13:42 | 00,010,009 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr

[2009-08-15 17:11:09 | 00,034,564 | ---- | C] () -- D:\Dokumenty\1570995_podloga1.jpg

[2009-08-15 17:04:20 | 00,028,545 | ---- | C] () -- D:\Dokumenty\IMAGE0006.JPG

[2009-08-15 17:03:13 | 00,128,836 | ---- | C] () -- D:\Dokumenty\przekroj_podlogi_2.jpg

[2009-08-15 17:01:54 | 00,217,636 | ---- | C] () -- D:\Dokumenty\P-01.jpg

[2009-08-15 12:33:13 | 00,001,737 | ---- | C] () -- D:\Dokumenty\HijackThis.lnk

[2009-08-15 12:33:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009-08-14 13:22:44 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)

[2009-08-14 13:22:42 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)

[2009-08-14 13:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)

[2009-08-14 13:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

[2009-08-14 13:20:09 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009-08-13 22:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Hamachi

[2009-08-13 22:57:16 | 00,000,000 | ---D | C] -- C:\Program Files\Hamachi

[2009-08-13 16:25:18 | 00,000,469 | ---- | C] () -- D:\Dokumenty\Co jest.lnk

[2009-08-13 13:56:11 | 00,000,152 | ---- | C] () -- C:\WINDOWS\Aslan.INI

[2009-08-13 13:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\Aslan Wydawnictwa Elektroniczne

[2009-08-06 11:47:45 | 00,000,599 | ---- | C] () -- D:\Dokumenty\Lancraft.lnk

[2009-08-05 09:16:50 | 00,030,520 | ---- | C] () -- C:\WINDOWS\System32\midiwrap3405.deu

[2009-08-05 09:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\KB Piano

[2009-08-05 09:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\KB Piano 2

[2009-08-05 00:16:45 | 00,000,560 | ---- | C] () -- C:\Program Files\Global.sw

[2009-08-05 00:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\SoftwrapLicense

[2009-08-03 09:26:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Thunderbird

[2009-08-03 09:26:50 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[2009-08-03 09:14:55 | 00,000,000 | ---D | C] -- C:\Program Files\MozBackup

[2009-08-02 20:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\Thunderbird

[2009-08-02 12:52:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\LastPass

[2009-07-24 23:44:15 | 00,000,000 | ---D | C] -- C:\Program Files\Neuro

[2009-07-23 11:50:12 | 00,000,000 | ---D | C] -- C:\AV_LOGS

[2009-07-23 11:49:17 | 00,017,792 | ---- | C] (Avnex) -- C:\WINDOWS\System32\drivers\vcsvad.sys

[2009-07-23 11:29:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Screaming Bee

[2009-07-23 11:29:17 | 00,001,838 | ---- | C] () -- D:\Dokumenty\MorphVOX Pro.lnk

[2009-07-23 11:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\Screaming Bee

[2009-07-23 11:29:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee

[2009-07-23 09:04:44 | 00,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk

[2009-07-21 09:49:38 | 00,000,531 | ---- | C] () -- D:\Dokumenty\Diablo II.lnk

[2009-07-20 11:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmSB

[2009-07-20 11:41:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier

[2009-07-20 11:00:37 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker

[2009-07-20 11:00:20 | 00,000,000 | ---D | C] -- C:\!KillBox

[2009-03-30 13:37:03 | 00,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll

[2009-02-27 01:34:26 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009-01-10 12:30:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\wordpad.ini

[2008-07-04 20:22:25 | 00,000,417 | ---- | C] () -- C:\WINDOWS\WGPLAYER.INI

[2008-07-04 20:22:08 | 00,000,827 | ---- | C] () -- C:\WINDOWS\WINGROOV.INI

[2008-07-04 13:14:35 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini

[2008-07-04 12:51:01 | 00,000,005 | -HS- | C] () -- C:\WINDOWS\System32\edffcbabd_s.dll

[2008-06-01 09:13:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2008-02-11 17:17:55 | 00,000,058 | ---- | C] () -- C:\WINDOWS\ISIS.INI

[2008-02-11 17:12:49 | 00,001,615 | ---- | C] () -- C:\WINDOWS\ISISAIHP.INI

[2008-02-11 17:12:49 | 00,000,736 | ---- | C] () -- C:\WINDOWS\ISISAIM.INI

[2008-01-31 07:47:36 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2008-01-31 07:46:09 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2008-01-31 07:46:09 | 00,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2007-10-01 15:02:24 | 00,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll

[2007-07-21 13:19:03 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2007-05-25 21:07:45 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2007-02-18 21:05:49 | 00,720,896 | ---- | C] () -- C:\WINDOWS\EAInstall.dll

[2007-01-02 13:59:13 | 00,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2007-01-02 13:59:12 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2007-01-02 13:59:12 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007-01-02 13:59:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007-01-02 13:59:10 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007-01-02 13:59:10 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2006-11-06 20:04:20 | 00,000,320 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini

[2006-11-06 20:02:59 | 00,000,666 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2006-11-03 20:44:11 | 00,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI

[2006-10-01 22:13:20 | 00,000,870 | ---- | C] () -- C:\WINDOWS\VPlayer.INI

[2006-09-12 16:31:10 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2006-09-03 10:43:27 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2006-08-31 10:05:10 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2006-08-31 10:04:51 | 00,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini

[2006-08-31 10:04:51 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2006-08-31 10:04:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2006-08-31 10:04:50 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll

[2006-08-31 10:04:48 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[2006-08-29 23:27:36 | 00,000,113 | ---- | C] () -- C:\WINDOWS\ksjp.ini

[2006-08-29 20:33:24 | 00,000,030 | ---- | C] () -- C:\WINDOWS\nfsulan.ini

[2006-08-28 10:22:39 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006-08-27 19:48:13 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

[2006-08-25 19:44:59 | 00,001,768 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI

[2006-08-25 19:12:50 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2006-08-25 19:12:43 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2006-08-25 15:45:09 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2006-08-25 08:49:24 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2006-08-25 08:49:24 | 00,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2006-08-25 08:49:22 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2006-08-25 08:49:22 | 00,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2006-08-25 08:46:19 | 00,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini

[2006-08-25 08:46:19 | 00,000,402 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini

[2006-08-25 08:45:15 | 00,023,145 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2006-08-25 08:45:15 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2006-08-25 08:45:03 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2006-08-24 11:15:43 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2006-08-24 09:49:17 | 00,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2006-08-23 22:49:46 | 00,003,101 | ---- | C] () -- C:\WINDOWS\bestplayer.ini

[2006-08-23 22:23:15 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2006-08-23 22:18:23 | 00,000,532 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006-08-23 21:56:24 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2006-08-23 21:55:44 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2006-06-01 17:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006-06-01 17:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006-06-01 17:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006-06-01 17:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006-06-01 17:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006-06-01 17:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006-06-01 17:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2005-10-21 00:58:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\vspxvfw.dll

[2005-09-26 11:24:38 | 00,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys

[2005-09-01 16:20:46 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll

[2001-10-26 17:45:34 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL

[2001-07-22 00:16:20 | 00,001,059 | ---- | C] () -- C:\WINDOWS\win.ini

[2001-07-22 00:15:52 | 00,000,462 | ---- | C] () -- C:\WINDOWS\system.ini

[1999-01-22 22:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]

[2009-08-16 19:36:40 | 00,088,399 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009-08-16 19:36:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-08-16 19:36:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-08-16 19:15:01 | 00,000,462 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-08-16 19:09:58 | 00,000,293 | RHS- | M] () -- C:\boot.ini

[2009-08-16 19:05:39 | 00,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini

[2009-08-16 12:27:46 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\normy.doc

[2009-08-16 00:03:12 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-08-16 00:02:46 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTL.exe

[2009-08-16 00:01:45 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe

[2009-08-15 23:44:40 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009-08-15 21:26:22 | 03,124,187 | R--- | M] () -- C:\Documents and Settings\User\Pulpit\gnnnf.exe

[2009-08-15 21:13:42 | 00,019,975 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\hirevezud.scr

[2009-08-15 21:13:42 | 00,019,590 | ---- | M] () -- C:\Program Files\Common Files\ifice.dat

[2009-08-15 21:13:42 | 00,019,082 | ---- | M] () -- C:\WINDOWS\lysuw.reg

[2009-08-15 21:13:42 | 00,018,777 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\unininyr.reg

[2009-08-15 21:13:42 | 00,018,417 | ---- | M] () -- C:\WINDOWS\efejoxivax.dl

[2009-08-15 21:13:42 | 00,018,388 | ---- | M] () -- C:\WINDOWS\xakesyxup._sy

[2009-08-15 21:13:42 | 00,018,011 | ---- | M] () -- C:\Program Files\Common Files\gonucyxyko.inf

[2009-08-15 21:13:42 | 00,017,874 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\jylutunynu.lib

[2009-08-15 21:13:42 | 00,017,700 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\zirixa.vbs

[2009-08-15 21:13:42 | 00,016,780 | ---- | M] () -- C:\WINDOWS\vaxuna.pif

[2009-08-15 21:13:42 | 00,016,114 | ---- | M] () -- C:\Program Files\Common Files\aloquni.reg

[2009-08-15 21:13:42 | 00,014,911 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\afehevub.inf

[2009-08-15 21:13:42 | 00,014,735 | ---- | M] () -- C:\WINDOWS\eqify.vbs

[2009-08-15 21:13:42 | 00,014,687 | ---- | M] () -- C:\WINDOWS\magycodyk.com

[2009-08-15 21:13:42 | 00,013,735 | ---- | M] () -- C:\WINDOWS\System32\bije._sy

[2009-08-15 21:13:42 | 00,013,445 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\carak.dll

[2009-08-15 21:13:42 | 00,013,317 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\joja.lib

[2009-08-15 21:13:42 | 00,013,083 | ---- | M] () -- C:\WINDOWS\System32\isirina.scr

[2009-08-15 21:13:42 | 00,012,539 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\fyqovu.pif

[2009-08-15 21:13:42 | 00,012,004 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\otezuh.com

[2009-08-15 21:13:42 | 00,011,432 | ---- | M] () -- C:\WINDOWS\bodole.dl

[2009-08-15 21:13:42 | 00,011,301 | ---- | M] () -- C:\Documents and Settings\User\Dane aplikacji\ocykuhyc.com

[2009-08-15 21:13:42 | 00,011,221 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\puwogecup.pif

[2009-08-15 21:13:42 | 00,010,442 | ---- | M] () -- C:\WINDOWS\tysuliwa.db

[2009-08-15 21:13:42 | 00,010,360 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ololal.exe

[2009-08-15 21:13:42 | 00,010,009 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\zaxe.scr

[2009-08-15 17:11:09 | 00,034,564 | ---- | M] () -- D:\Dokumenty\1570995_podloga1.jpg

[2009-08-15 17:04:20 | 00,028,545 | ---- | M] () -- D:\Dokumenty\IMAGE0006.JPG

[2009-08-15 17:03:13 | 00,128,836 | ---- | M] () -- D:\Dokumenty\przekroj_podlogi_2.jpg

[2009-08-15 17:01:54 | 00,217,636 | ---- | M] () -- D:\Dokumenty\P-01.jpg

[2009-08-15 12:33:13 | 00,001,737 | ---- | M] () -- D:\Dokumenty\HijackThis.lnk

[2009-08-15 00:10:15 | 00,133,300 | ---- | M] () -- C:\WINDOWS\bestplayer.bbt

[2009-08-15 00:10:15 | 00,003,101 | ---- | M] () -- C:\WINDOWS\bestplayer.ini

[2009-08-15 00:10:15 | 00,000,035 | ---- | M] () -- C:\WINDOWS\bestplayer.bpp

[2009-08-14 23:22:25 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-08-14 23:22:25 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-08-13 22:57:16 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys

[2009-08-13 16:25:18 | 00,000,469 | ---- | M] () -- D:\Dokumenty\Co jest.lnk

[2009-08-13 15:43:38 | 00,000,666 | ---- | M] () -- C:\WINDOWS\wincmd.ini

[2009-08-13 13:56:11 | 00,000,152 | ---- | M] () -- C:\WINDOWS\Aslan.INI

[2009-08-13 12:59:35 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009-08-11 11:40:39 | 00,001,059 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-08-11 11:40:39 | 00,000,223 | ---- | M] () -- C:\Boot.bak

[2009-08-08 12:10:14 | 00,216,064 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009-08-06 11:47:45 | 00,000,599 | ---- | M] () -- D:\Dokumenty\Lancraft.lnk

[2009-08-06 09:15:53 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009-08-05 09:16:50 | 00,030,520 | ---- | M] () -- C:\WINDOWS\System32\midiwrap3405.deu

[2009-08-05 09:16:04 | 00,000,560 | ---- | M] () -- C:\Program Files\Global.sw

[2009-08-03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-08-03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-07-30 16:44:36 | 03,169,804 | -H-- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-07-28 16:11:18 | 00,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv

[2009-07-27 18:23:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-07-23 11:29:17 | 00,001,838 | ---- | M] () -- D:\Dokumenty\MorphVOX Pro.lnk

[2009-07-23 09:04:44 | 00,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk

[2009-07-21 09:49:38 | 00,000,531 | ---- | M] () -- D:\Dokumenty\Diablo II.lnk

========== LOP Check ==========

[2009-08-16 00:03:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji

[2008-12-06 12:52:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{66F5A32C-70B3-414C-92F3-56D2AF967193}

[2009-05-20 09:43:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{92E7A367-8E12-4830-AA70-29C32E331A81}

[2008-09-08 09:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo

[2008-07-04 23:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk

[2009-03-01 18:16:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus

[2008-10-20 23:36:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard

[2008-07-13 18:03:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\espionServerData

[2008-07-11 22:05:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet

[2009-08-05 09:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KB Piano

[2006-09-03 13:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Locktime

[2009-07-20 11:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier

[2006-12-29 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MSN6

[2009-07-28 16:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\pdf995

[2009-07-23 11:30:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Screaming Bee

[2009-05-04 09:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2006-08-23 21:35:19 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji

[2009-05-16 10:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji

[2006-08-23 20:45:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji

[2009-08-16 00:03:14 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\User\Dane aplikacji

[2006-09-01 09:54:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\.bittorrent

[2008-09-06 13:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ahead

[2008-09-08 09:19:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ashampoo

[2006-11-27 09:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Autodesk

[2009-04-13 10:29:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Azureus

[2009-03-17 13:53:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\BitSpirit

[2009-06-25 01:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Bullzip

[2008-10-11 23:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Cakewalk

[2006-09-04 14:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\CEZEO software

[2007-07-12 11:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Command & Conquer 3 Tiberium Wars

[2006-09-05 16:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Czat

[2007-02-10 22:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\EAST Technologies

[2009-06-05 13:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\FontCreator

[2009-01-05 23:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\foobar2000

[2009-08-15 14:32:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Hamachi

[2008-12-06 11:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\HEXelon

[2008-05-18 16:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\iLibrary Reader

[2006-12-24 22:31:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Kingston

[2006-09-03 13:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Locktime

[2006-12-29 14:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\MSN6

[2008-07-03 22:58:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Music Recognition

[2009-06-11 19:12:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nokia

[2009-02-27 10:20:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Nowe Gadu-Gadu

[2008-07-04 12:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Offline Explorer

[2009-01-25 01:16:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Opera

[2008-01-31 07:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\pdf995

[2009-07-23 11:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Screaming Bee

[2007-07-01 21:06:39 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\User\Dane aplikacji\SecuROM

[2009-05-04 12:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Softi Software

[2008-04-27 19:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Softplicity

[2009-04-19 01:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Steinberg

[2006-09-04 15:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\teamspeak2

[2009-08-03 09:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Thunderbird

[2007-08-30 14:52:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Tlen.pl

[2009-08-14 12:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\uTorrent

[2006-09-04 15:02:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\Ventrilo

[2001-07-22 00:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-08-16 19:36:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C8B8CEBD

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:364682BC

< End of report >

W każdym razie na razie żadnych problemów nie mam z komputerem.

Gość
komentarz
komentarz

Nic się nie usuneło.

Pokaż log z HijackThis.

.

Adwrond
komentarz
komentarz

Proszę

Log do sprawdzenia

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:47:28, on 2009-08-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

D:\Programy\Gadu-Gadu\gg.exe

D:\Programy\Gadu-Gadu\spellchecker_gg.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: BitBuddy - {8FCCDD73-C9F3-443a-AB53-7A25FD925808} - C:\Program Files\BitBuddy\BitBuddy.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 8167 bytes

Adwrond
komentarz
komentarz

Dr.Web coś tam jeszcze znalazł i pousuwał no i chyba wszystko jest ok. Komp działa dobrze w każdym razie. Thx 4 all!!

Gość
komentarz
komentarz

W takim razie - jest OK.

.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.