x-kom hosting

Problem z Firefox

Deeriox
utworzono
utworzono

Cześć,

No więc mam problem z Firefox, który postaram się szczegółowo opisać. A więc lecimy. Nie mogę się zalogować na Gmail (długi czas pokazuje "Ładowanie..." a potem "To trwa dłużej niż zwykle"), ani na swoją stronę projektu, zaś na onecie pokazuje mi stronę, ale w specyficzny sposób (na górze strony jest Logo i górne menu, potem długo, długo nic i reszta - patrz [URL=http://img39.imageshack.us/i/onets.jpg/][IMG]http://img39.imageshack.us/img39/3263/onets.th.jpg[/IMG][/URL]

Na Gmail mogę się zalogować tylko jeśli wezmę widok podstawowy HTML. Jednak na pocztę na onet.pl na Firefoxie loguje się bez problemu. Pod IE zarówno Gmail, jak i onet.pl otwiera się bezproblemowo.

Wiem, że coś miałem z wirusami, skanowałem swoim F-Secure, coś tam wykrył, ale problem nie minął. Przeskanowałem kilkoma skanerami online (sporo nie chciało mi się otworzyć), coś tam wykryły, wykasowałem. Ponieważ F-Secure kończy mi się licencja, a na dodatek te wirusy - więc go odinstalowałem i wziąłem darmową wersje Avira. Też coś wykryła, naprawiłem, ale strony nadal nie działają. Myślałem, że coś się Javą spieprzyło, zainstalowałem jeszcze raz najnowszą - nic. Już nie wiem co mam zrobić, a problem jest naprawdę spory. Jedyne moje podejrzenia, że może to nadal jakieś wirusy, których nie umiem się pozbyć, ale dlaczego blokowały by tylko pojedyncze strony.

jaskowski
komentarz
komentarz

jak takie podejrzenia to daj logi http://www.forumpc.pl/index.php?showtopic=104338

Deeriox
komentarz
komentarz

[log]OTL logfile created on: 2009-09-30 17:49:02 - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Administrator\Pulpit\Download
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 64,86% Memory free
3,85 Gb Paging File | 3,00 Gb Available in Paging File | 78,07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 42,97 Gb Free Space | 73,34% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 72,74 Gb Free Space | 93,11% Space Free | Partition Type: NTFS
Drive E: | 92,77 Gb Total Space | 24,18 Gb Free Space | 26,06% Space Free | Partition Type: NTFS
Drive F: | 68,58 Gb Total Space | 61,10 Gb Free Space | 89,08% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KOMP-90FD06073
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\sched.exe
PRC - [2009-07-21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-08-14 13:26:56 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2009-09-14 16:55:40 | 00,476,288 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
PRC - [2008-06-25 15:42:48 | 00,117,400 | ---- | M] (F-Secure Corporation) -- D:\typowe\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2009-07-31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-06-25 15:42:50 | 00,232,088 | ---- | M] (F-Secure Corporation) -- D:\typowe\F-Secure Internet Security\Common\FSMB32.EXE
PRC - [2008-06-25 15:42:48 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FCH32.EXE
PRC - [2008-06-25 15:42:48 | 00,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FAMEH32.EXE
PRC - [2008-06-25 15:41:34 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
PRC - [2008-06-25 15:41:04 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
PRC - [2009-09-14 16:55:40 | 00,599,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2008-06-25 15:43:10 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
PRC - [2008-06-25 15:41:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
PRC - [2008-06-25 17:28:24 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsus.exe
PRC - [2009-08-14 13:26:56 | 00,348,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008-06-25 15:42:48 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSM32.EXE
PRC - [2008-09-02 12:48:12 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008-11-20 15:35:08 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008-06-25 15:42:32 | 00,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSGUI\fsguidll.exe
PRC - [2009-07-31 15:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-03-02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-12-10 11:02:30 | 00,216,520 | ---- | M] (DT Soft Ltd) -- D:\typowe\DAEMON Tools Lite\daemon.exe
PRC - [2008-09-02 12:40:46 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009-09-12 11:25:28 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\typowe\Firefox 3\firefox.exe
PRC - [2008-06-25 15:42:36 | 01,251,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSGUI\scanwizard.exe
PRC - [2008-12-30 21:28:26 | 00,358,400 | ---- | M] (AIMP DevTeam) -- D:\typowe\AIMP2\AIMP2.exe
PRC - [2009-08-31 18:07:34 | 11,391,592 | ---- | M] (GG Network S.A.) -- D:\typowe\Nowe Gadu-Gadu\gg.exe
PRC - [2009-08-31 16:56:26 | 00,077,824 | ---- | M] () -- D:\typowe\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2009-09-30 17:47:31 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\Download\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009-07-21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009-03-17 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009-08-14 13:26:56 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running])
SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008-06-25 15:41:04 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Running])
SRV - [2008-06-25 15:41:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD [On_Demand | Running])
SRV - [2008-06-25 15:42:48 | 00,117,400 | ---- | M] (F-Secure Corporation) -- D:\typowe\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA [Auto | Running])
SRV - [2008-06-25 15:43:10 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient [On_Demand | Running])
SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009-07-31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006-10-27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- D:\typowe\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007-06-29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- D:\typowe\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007-06-27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-03-16 23:33:02 | 03,597,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007-11-14 09:48:20 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV - [2008-10-04 22:03:30 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009-02-13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009-07-28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009-03-30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2007-09-25 16:59:46 | 00,015,152 | ---- | M] () -- D:\typowe\MediaCoder\SysInfo.sys -- (CrystalSysInfo [On_Demand | Stopped])
DRV - [2008-06-25 15:41:36 | 00,039,776 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter [Disabled | Stopped])
DRV - [2009-09-14 16:56:29 | 00,099,960 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running])
DRV - [2008-06-25 15:42:40 | 00,066,720 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS [System | Running])
DRV - [2008-06-25 15:41:36 | 00,025,184 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer [Disabled | Stopped])
DRV - [2009-07-08 13:17:40 | 00,033,920 | ---- | M] () -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts [Boot | Running])
DRV - [2008-06-25 15:41:54 | 00,079,904 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW [Boot | Running])
DRV - [2008-04-13 22:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008-02-14 11:04:06 | 04,676,096 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007-11-02 13:08:28 | 00,068,096 | ---- | M] (EZB Systems, Inc.) -- D:\typowe\UltraISO\drivers\ISODrive.sys -- (ISODrive [System | Running])
DRV - [2008-10-04 22:03:23 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008-10-21 21:51:08 | 00,027,904 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\Ndisprot.sys -- (Ndisprot [On_Demand | Stopped])
DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009-05-13 23:56:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008-01-03 16:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009-02-11 23:58:12 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009-05-11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1343024091-484763869-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1343024091-484763869-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1343024091-484763869-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blackicetales.com/
IE - HKU\S-1-5-21-1343024091-484763869-682003330-500\S-1-5-21-1343024091-484763869-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dd68c513-9296-4b63-8d8b-8f1c991c8a48}:0.1.7.3
FF - prefs.js..extensions.enabledItems: {eaf8a4ef-d221-45ca-9deb-d0934b45fa34}:1.3.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-11-20 15:35:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-08-13 15:34:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-25 13:29:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\typowe\Firefox 3\components [2009-09-29 06:45:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\typowe\Firefox 3\plugins [2009-09-12 11:25:30 | 00,000,000 | ---D | M]

[2009-04-26 23:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions
[2008-10-04 17:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-04-26 23:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\MediaCoder
[2009-09-29 20:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions
[2009-09-01 19:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48}
[2009-04-25 13:09:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}
[2009-08-05 17:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions\foxyproxy@eric.h.jung
[2009-09-23 21:23:56 | 00,001,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\p3nivm1g.default\searchplugins\pwn-sjp.xml
[2009-03-23 12:29:26 | 00,001,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\p3nivm1g.default\searchplugins\translaticapl---angielsko-polski.xml
[2009-03-23 12:29:28 | 00,001,819 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\p3nivm1g.default\searchplugins\translaticapl---polsko-angielski.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\typowe\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O3 - HKU\S-1-5-21-1343024091-484763869-682003330-500\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\typowe\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\typowe\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\typowe\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] D:\typowe\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1343024091-484763869-682003330-500..\Run: [DAEMON Tools Lite] D:\typowe\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-484763869-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\typowe\MICROS~1\OFFICE11\EXCEL.EXE File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\typowe\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\typowe\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\typowe\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\typowe\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} http://www.quest3d.com/webplugin/download/quest3dactivex2.cab (Quest3DCtlr2 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\typowe\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\typowe\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-10-04 16:08:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[5 C:\WINDOWS\*.tmp files]
[2009-09-30 16:58:26 | 00,046,014 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Onet.JPG
[2009-09-30 07:58:41 | 00,015,173 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Angielski Tech.docx
[2009-09-30 07:02:47 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk
[2009-09-30 07:02:39 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-09-30 07:02:39 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009-09-30 07:02:39 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009-09-30 07:02:39 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009-09-30 07:02:39 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009-09-30 07:02:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira
[2009-09-29 21:16:18 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009-09-29 07:12:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\ArcaBit
[2009-09-29 06:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\fotki
[2009-09-28 22:52:49 | 00,000,615 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan.lnk
[2009-09-28 22:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\ArcaMicroScan
[2009-09-28 14:35:28 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2009-09-28 06:28:43 | 00,000,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\YouTube Downloader.lnk
[2009-09-12 17:35:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Internet Saving Optimizer
[2009-09-12 17:23:37 | 00,000,000 | ---D | C] -- C:\Program Files\Sukoku
[2009-09-12 17:23:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sukoku
[2009-09-12 17:23:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Media Access Startup
[2009-09-12 17:22:22 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{7F4A1B90-59B3-4968-96A3-F7C1BE30DEBE}
[2009-09-12 17:22:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DoubleD
[2009-09-10 22:24:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\cache
[2009-09-05 15:43:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AGI
[2009-09-01 20:04:45 | 00,296,049 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\sexi pulpit.jpg
[2009-08-08 00:05:08 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-08-08 00:05:07 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-08-08 00:05:02 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-08-08 00:05:02 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-08-08 00:05:01 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-08-08 00:05:00 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-08-08 00:04:59 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-02-11 23:58:12 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-12-29 19:59:33 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008-12-16 20:48:44 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-12-06 13:35:08 | 00,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008-11-04 20:25:37 | 00,000,146 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-10-05 22:11:19 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-10-05 12:55:24 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-10-04 22:03:24 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008-10-04 22:03:05 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008-10-04 16:24:10 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001-07-22 00:16:20 | 00,000,692 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 00:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009-09-30 16:58:26 | 00,046,014 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Onet.JPG
[2009-09-30 15:16:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-09-30 15:16:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-09-30 15:16:01 | 00,173,776 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009-09-30 08:02:28 | 00,015,173 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Angielski Tech.docx
[2009-09-30 07:02:47 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk
[2009-09-30 02:00:52 | 00,000,538 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2009-09-29 19:46:14 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-09-29 16:18:11 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-09-28 22:52:49 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan.lnk
[2009-09-28 06:28:43 | 00,000,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\YouTube Downloader.lnk
[2009-09-25 19:31:34 | 00,052,736 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-23 20:30:27 | 00,000,692 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-09-16 19:44:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-09-01 20:05:07 | 00,296,049 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\sexi pulpit.jpg

[color=#E56717]========== LOP Check ==========[/color]

[2009-09-29 07:12:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji
[2009-08-27 23:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\AGI
[2009-02-28 18:41:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Ahead
[2009-09-30 15:25:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\AIMP
[2009-09-29 07:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ArcaBit
[2009-09-29 19:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ArcaMicroScan
[2008-10-04 16:30:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\ATI
[2009-04-26 23:09:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Broad Intelligence
[2009-02-19 22:38:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools
[2009-02-19 22:40:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools Lite
[2009-02-12 00:12:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\DAEMON Tools Pro
[2008-12-15 00:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Expressivo
[2009-02-11 21:15:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\F-Secure
[2009-04-23 02:55:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\HateML
[2008-12-19 14:33:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Kingston
[2009-09-20 20:37:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu
[2009-04-26 23:09:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenCandy
[2009-07-18 15:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenFM
[2009-08-04 11:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera
[2009-07-15 17:20:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\SecuROM
[2009-08-27 23:13:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Temp
[2009-08-07 15:28:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Tor
[2009-05-08 19:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft
[2009-02-19 04:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent
[2009-08-07 15:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Vidalia
[2009-09-05 15:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Webshots
[2009-02-20 00:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\WSPWNOUP2007
[2008-10-04 22:04:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Xfire
[2009-09-30 07:02:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji
[2009-09-12 17:22:58 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{7F4A1B90-59B3-4968-96A3-F7C1BE30DEBE}
[2009-09-05 15:43:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AGI
[2008-10-05 20:49:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead
[2008-12-29 20:06:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI
[2009-02-19 22:36:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-02-12 00:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
[2008-10-21 22:13:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\f-secure
[2008-12-06 13:07:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\fssg
[2009-07-27 19:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Mistrz Klawiatury II Data
[2009-09-22 08:39:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2009-09-25 14:07:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sukoku
[2009-08-28 00:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-05-08 19:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
[2008-10-04 18:00:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji
[2009-09-30 07:41:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji
[2008-10-04 16:11:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji
[2009-09-16 19:44:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001-07-22 00:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-09-30 15:16:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009-09-30 02:00:52 | 00,000,538 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 508 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
< End of report >
[/log]

Psycholandia
komentarz
komentarz

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

[code]:Processes
explorer.exe

:OTL
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O3 - HKU\S-1-5-21-1343024091-484763869-682003330-500\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found

:Files
C:\WINDOWS\tasks\Scheduled scanning task.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\Documents and Settings\All Users\Dane aplikacji\Sukoku
C:\Program Files\Sukoku

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]
Daj loga powstałego po usuwaniu.

Deeriox
komentarz
komentarz

Jak włączyłem "Run Fix" po pewnym czasie działania wyskoczył jakiś error. W pasku na dole pisało "Emptying Temp folders. DO NOT INTERRUPT..." niby nie powinienem nic robić, tyle, że komp się zaciął i musiałem ostatecznie go zrestartować ręcznie.

W każdym razie po restarcie i skanie wyszedł taki log...

[log]OTL logfile created on: 2009-09-30 22:05:03 - Run 2
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Documents and Settings\Administrator\Pulpit\Download
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,35% Memory free
3,85 Gb Paging File | 3,25 Gb Available in Paging File | 84,59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 48,78 Gb Free Space | 83,24% Space Free | Partition Type: NTFS
Drive D: | 78,13 Gb Total Space | 72,74 Gb Free Space | 93,11% Space Free | Partition Type: NTFS
Drive E: | 92,77 Gb Total Space | 24,38 Gb Free Space | 26,28% Space Free | Partition Type: NTFS
Drive F: | 68,58 Gb Total Space | 61,10 Gb Free Space | 89,08% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KOMP-90FD06073
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009-07-21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-08-14 13:26:56 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2009-09-14 16:55:40 | 00,476,288 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
PRC - [2008-06-25 15:42:48 | 00,117,400 | ---- | M] (F-Secure Corporation) -- D:\typowe\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2009-07-31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-06-25 15:42:50 | 00,232,088 | ---- | M] (F-Secure Corporation) -- D:\typowe\F-Secure Internet Security\Common\FSMB32.EXE
PRC - [2008-06-25 15:42:48 | 00,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FCH32.EXE
PRC - [2008-06-25 15:42:48 | 00,404,064 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FAMEH32.EXE
PRC - [2008-06-25 15:41:34 | 00,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
PRC - [2008-06-25 15:43:10 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
PRC - [2008-06-25 15:41:04 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
PRC - [2008-06-25 15:41:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
PRC - [2009-09-14 16:55:40 | 00,599,168 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
PRC - [2008-06-25 17:28:24 | 00,174,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsus.exe
PRC - [2009-08-14 13:26:56 | 00,348,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
PRC - [2008-06-25 15:42:48 | 00,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSM32.EXE
PRC - [2008-06-25 15:42:32 | 00,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSGUI\fsguidll.exe
PRC - [2009-02-27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- D:\typowe\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2008-09-02 12:48:12 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008-11-20 15:35:08 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009-07-31 15:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-03-02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-12-10 11:02:30 | 00,216,520 | ---- | M] (DT Soft Ltd) -- D:\typowe\DAEMON Tools Lite\daemon.exe
PRC - [2008-09-02 12:40:46 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009-09-30 17:47:31 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\Download\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009-07-21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009-03-17 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009-08-14 13:26:56 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running])
SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008-06-25 15:41:04 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Running])
SRV - [2008-06-25 15:41:54 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD [On_Demand | Running])
SRV - [2008-06-25 15:42:48 | 00,117,400 | ---- | M] (F-Secure Corporation) -- D:\typowe\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA [Auto | Running])
SRV - [2008-06-25 15:43:10 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient [On_Demand | Running])
SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009-07-31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006-10-27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- D:\typowe\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007-06-29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- D:\typowe\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007-06-27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-03-16 23:33:02 | 03,597,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007-11-14 09:48:20 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV - [2008-10-04 22:03:30 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009-02-13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- D:\typowe\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009-07-28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009-03-30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2007-09-25 16:59:46 | 00,015,152 | ---- | M] () -- D:\typowe\MediaCoder\SysInfo.sys -- (CrystalSysInfo [On_Demand | Stopped])
DRV - [2008-06-25 15:41:36 | 00,039,776 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter [Disabled | Stopped])
DRV - [2009-09-14 16:56:29 | 00,099,960 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running])
DRV - [2008-06-25 15:42:40 | 00,066,720 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS [System | Running])
DRV - [2008-06-25 15:41:36 | 00,025,184 | ---- | M] () -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer [Disabled | Stopped])
DRV - [2009-07-08 13:17:40 | 00,033,920 | ---- | M] () -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts [Boot | Running])
DRV - [2008-06-25 15:41:54 | 00,079,904 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW [Boot | Running])
DRV - [2008-04-13 22:06:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008-02-14 11:04:06 | 04,676,096 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007-11-02 13:08:28 | 00,068,096 | ---- | M] (EZB Systems, Inc.) -- D:\typowe\UltraISO\drivers\ISODrive.sys -- (ISODrive [System | Running])
DRV - [2008-10-04 22:03:23 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008-10-21 21:51:08 | 00,027,904 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\Ndisprot.sys -- (Ndisprot [On_Demand | Stopped])
DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009-05-13 23:56:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008-01-03 16:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009-02-11 23:58:12 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009-05-11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blackicetales.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dd68c513-9296-4b63-8d8b-8f1c991c8a48}:0.1.7.3
FF - prefs.js..extensions.enabledItems: {eaf8a4ef-d221-45ca-9deb-d0934b45fa34}:1.3.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-11-20 15:35:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-08-13 15:34:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-25 13:29:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\typowe\Firefox 3\components [2009-09-29 06:45:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\typowe\Firefox 3\plugins [2009-09-12 11:25:30 | 00,000,000 | ---D | M]

[2009-04-26 23:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions
[2008-10-04 17:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-04-26 23:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions\MediaCoder
[2009-09-30 21:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions
[2009-09-01 19:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48}
[2009-04-25 13:09:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}
[2009-08-05 17:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\p3nivm1g.default\extensions\foxyproxy@eric.h.jung
[2009-09-30 21:40:37 | 00,001,285 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\p3nivm1g.default\searchplugins\pwn-sjp.xml
[2009-03-23 12:29:26 | 00,001,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\p3nivm1g.default\searchplugins\translaticapl---angielsko-polski.xml
[2009-03-23 12:29:28 | 00,001,819 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\FireFox\Profiles\p3nivm1g.default\searchplugins\translaticapl---polsko-angielski.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\typowe\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\typowe\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] D:\typowe\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\typowe\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] D:\typowe\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\typowe\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\typowe\MICROS~1\OFFICE11\EXCEL.EXE File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - D:\typowe\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\typowe\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\typowe\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\typowe\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\F-Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {6CE31B8D-8340-4DBD-B78E-BF59620924DC} http://www.quest3d.com/webplugin/download/quest3dactivex2.cab (Quest3DCtlr2 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\typowe\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\typowe\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-10-04 16:08:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-09-30 21:58:54 | 00,000,538 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2009-09-30 21:56:35 | 00,000,000 | ---D | C] -- C:\_OTL
[2009-09-30 16:58:26 | 00,046,014 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Onet.JPG
[2009-09-30 07:58:41 | 00,015,173 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Angielski Tech.docx
[2009-09-30 07:02:47 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk
[2009-09-30 07:02:39 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-09-30 07:02:39 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009-09-30 07:02:39 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009-09-30 07:02:39 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009-09-30 07:02:39 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009-09-30 07:02:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira
[2009-09-29 21:16:18 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009-09-29 07:12:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\ArcaBit
[2009-09-29 06:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\fotki
[2009-09-28 22:52:49 | 00,000,615 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan.lnk
[2009-09-28 22:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\ArcaMicroScan
[2009-09-28 22:31:07 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009-09-28 22:31:07 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009-09-28 22:31:07 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009-09-28 14:35:28 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2009-09-28 06:28:43 | 00,000,624 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\YouTube Downloader.lnk
[2009-09-12 17:35:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Internet Saving Optimizer
[2009-09-12 17:23:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Media Access Startup
[2009-09-12 17:22:22 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{7F4A1B90-59B3-4968-96A3-F7C1BE30DEBE}
[2009-09-12 17:22:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DoubleD
[2009-09-10 22:24:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\cache
[2009-09-05 15:43:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AGI
[2009-09-01 20:04:45 | 00,296,049 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\sexi pulpit.jpg
[2009-08-08 00:05:08 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-08-08 00:05:07 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-08-08 00:05:02 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-08-08 00:05:02 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-08-08 00:05:01 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-08-08 00:05:00 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-08-08 00:04:59 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-02-11 23:58:12 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-12-29 19:59:33 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008-12-16 20:48:44 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008-12-06 13:35:08 | 00,033,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2008-11-04 20:25:37 | 00,000,146 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-10-05 22:11:19 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-10-05 12:55:24 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-10-04 22:03:24 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008-10-04 22:03:05 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008-10-04 16:24:10 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001-07-22 00:16:20 | 00,000,692 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 00:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-09-30 22:01:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-09-30 22:01:42 | 00,173,776 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009-09-30 22:01:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-09-30 21:58:55 | 00,000,538 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2009-09-30 16:58:26 | 00,046,014 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Onet.JPG
[2009-09-30 08:02:28 | 00,015,173 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Angielski Tech.docx
[2009-09-30 07:02:47 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Avira AntiVir Control Center.lnk
[2009-09-29 19:46:14 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-09-29 16:18:11 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-09-28 22:52:49 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\ArcaMicroScan.lnk
[2009-09-28 06:28:43 | 00,000,624 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\YouTube Downloader.lnk
[2009-09-25 19:31:34 | 00,052,736 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-23 20:30:27 | 00,000,692 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-09-01 20:05:07 | 00,296,049 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\sexi pulpit.jpg
< End of report >
[/log]

Psycholandia
komentarz
komentarz

uruchom OTL i kliknij na CleanUP.
Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

Deeriox
komentarz
komentarz

Trochę to bezsensowne. Podczas skanu w Malwarebytes pokazywało mi parę komunikatów, brałem deny access, ale w logu nic nie pokazało.

[log]Malwarebytes' Anti-Malware 1.41
Wersja bazy definicji: 2886
Windows 5.1.2600 Dodatek Service Pack 3

2009-10-01 19:25:10
mbam-log-2009-10-01 (19-25-10).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|)
Przeskanowane obiekty: 185719
Upłynęło: 25 minute(s), 50 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
(Nie wykryto groźnych plików)
[/log]

Psycholandia
komentarz
komentarz

A jak się teraz zachowuje komputer? Problem ustąpił?

Deeriox
komentarz
komentarz

Niestety nie, nadal jest. Co ciekawe, dla sprawdzenia, po ponownym skanowaniu w Malwarebytes znowu wykryło mi jakieś 'podejrzane pliki'. Tym razem wrzuciłem do kwarantanny (właściwie to przy większości plików miałem tylko trzy opcje - wstrzymanie dostępu, kwarantanna, zignorowanie - bez możliwości usunięcia, naprawienia, itd.). W każdym razie problem nie ustąpił.

Psycholandia
komentarz
komentarz

jakie to były pliki?
Wykonaj: http://support.microsoft.com/kb/310405/pl
Daj nowego loga z OTL

Deeriox
komentarz
komentarz (edytowane)

Nie pamiętam dokładnie, a po kolejnym skanowaniu już ich nie wykryło.
Mam dylemat do kiedy zrobić przywracanie, problem występuje już dłuższy czas i nie pamiętam kiedy wystąpił.

Psycholandia
komentarz
komentarz

Weź może jakiś miesiąc wstecz o ile masz takie punkty.

Deeriox
komentarz
komentarz (edytowane)

Punkty mam do lipca. Próbowałem różnych siedmiokrotnie, od punktów sprzed 2 tyg. do 13 sierpnia - za każdym razem "Przywracanie niekompletne". Szukałem na google jak to rozwiązać/naprawić, ale nic nie znalazłem.




Minął prawie tydzień. I co, ma ktoś jeszcze jakieś pomysły, sugestie, cokolwiek? Bo problem jak był - tak jest i ani mu się śni sobie pójść.

Taus
komentarz
komentarz

Witam. Mam pewien problem z przeglądarka ff. Otóż za każdym razem przy przesyłaniu strony internetowej automatycznie otwiera mi się inna niepożądana strona. Jak mógłbym pozbyć się tego problemu? Pozdrawiam :)

rokko
komentarz
komentarz

[quote]automatycznie otwiera mi się inna niepożądana strona[/quote]
Masz najprawdopodobniej zainfekowany system. Daj logi według zasad panujących na forum http://www.forumpc.pl/index.php?showtopic=117272

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.