x-kom hosting

Avast wykrywa wirusa Win32:Confi [Wrm]

cypherq
utworzono
utworzono (edytowane)

Krótko. Avast na komputerze mojej dziewczyny od kilku dni krzyczy, że po pececie grasuje Win32:Confi [Wrm]. Próbowaliśmy już wszystkiego, ostatecznie sam zainteresowany na komputer powracał, co więcej, system od tych kilku dni chodzi zauważalnie wolniej. Nie mam naocznego kontaktu z komputerem, jednak poleciłem (i nadzorowałem) wyczyszczenie autostartu, rejestru, przeskanowanie systemu przed jego startem. Po przejrzeniu zapisów z Hijjack doszedłem do wniosku, że nieodzowne będzie użycie Combofixa. Poniżej wklejam loga. Proszę o przeanalizowanie go i ew. wskazówki dt. usuniecia Win32:Confi [Wrm].

[log]
ComboFix 09-10-04.01 - ala 2009-10-04 20:12.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.639.370 [GMT 2:00]
Uruchomiony z: c:\documents and settings\ala\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091004-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ala\Pulpit\[Torrentsworld.net] - Potwory kontra Obcy pl dubbing rip DvD test avi.torrent
c:\documents and settings\ala\Pulpit\[Torrentsworld.net] - Potwory kontra Obcy pl dubbing rip DvD test avi.torrent
c:\windows\Installer\132e58d.msi
c:\windows\Installer\2d269.msi
c:\windows\Installer\49d7b2.msi
c:\windows\Installer\49d7be.msi
c:\windows\Installer\49d7c4.msi
c:\windows\Installer\49d7ca.msi
c:\windows\Installer\72557a.msi
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Pliki utworzone od 2009-09-04 do 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-04 17:13 . 2003-12-11 09:15 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2009-10-04 17:13 . 2003-12-11 09:15 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2009-10-04 17:13 . 2003-12-11 09:15 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2009-10-04 17:13 . 2003-12-11 09:15 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2009-10-04 17:09 . 2009-10-04 17:14 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-04 17:09 . 2009-10-04 17:09 -------- d-----w- c:\program files\HP
2009-10-04 16:55 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-04 16:55 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-04 13:36 . 2009-10-04 13:36 -------- d-----w- c:\documents and settings\ala\Dane aplikacji\VSRevoGroup
2009-10-04 13:35 . 2009-10-04 13:35 -------- d-----w- c:\program files\VS Revo Group
2009-10-04 13:04 . 2009-10-04 13:04 -------- d-----w- c:\program files\Trend Micro
2009-10-04 12:15 . 2009-10-04 12:15 -------- d-----w- c:\documents and settings\ala\Dane aplikacji\PCToolsFirewallPlus
2009-10-04 12:14 . 2009-09-23 13:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-04 12:14 . 2009-09-16 12:19 87656 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-04 12:14 . 2009-09-24 06:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-04 12:14 . 2009-10-04 18:20 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-10-04 12:13 . 2009-10-04 12:14 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-04 12:13 . 2009-09-16 06:39 70280 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-10-04 12:13 . 2009-08-14 10:44 32552 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-10-04 12:13 . 2009-07-29 07:54 46592 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2009-10-04 12:13 . 2009-09-08 10:48 115088 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-10-04 12:13 . 2009-10-04 12:16 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-10-03 13:12 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2009-09-19 10:52 . 2009-09-19 10:52 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-09-19 09:55 . 2009-09-19 09:55 -------- d-----w- c:\program files\JAM Software
2009-09-17 20:13 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-09-17 20:08 . 2009-09-17 20:08 -------- d-----w- c:\program files\Microsoft Works
2009-09-17 20:08 . 2009-09-17 20:08 -------- d-----w- c:\program files\MSBuild
2009-09-17 20:05 . 2009-09-17 20:05 -------- d-----w- c:\program files\Microsoft.NET
2009-09-17 19:59 . 2009-09-17 19:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-17 19:58 . 2009-09-17 19:58 -------- d-----w- c:\documents and settings\ala\Ustawienia lokalne\Dane aplikacji\Microsoft Help
2009-09-17 19:58 . 2009-09-17 20:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-09-17 19:52 . 2009-09-17 19:52 -------- d-----r- C:\MSOCache
2009-09-16 17:50 . 2009-09-30 15:30 -------- d-----w- c:\documents and settings\ala\Dane aplikacji\vlc
2009-09-16 17:50 . 2009-09-30 13:12 -------- d-----w- c:\documents and settings\ala\Dane aplikacji\dvdcss
2009-09-16 17:47 . 2009-09-16 17:47 -------- d-----w- c:\program files\VideoLAN
2009-09-11 21:46 . 2009-09-11 21:46 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Free_Lunch_Design

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 18:20 . 2009-03-18 20:51 -------- d-----w- c:\documents and settings\ala\Dane aplikacji\uTorrent
2009-10-04 18:15 . 2007-07-13 11:04 -------- d-----w- c:\documents and settings\ala\Dane aplikacji\Skype
2009-10-04 13:42 . 2007-07-18 19:55 -------- d-----w- c:\program files\SubEdit-Player
2009-09-29 12:56 . 2009-05-03 09:12 -------- d-----w- c:\documents and settings\ala\Dane aplikacji\foobar2000
2009-09-23 08:24 . 2007-09-03 21:46 -------- d-----w- c:\program files\Gadu-Gadu
2009-09-23 07:16 . 2007-07-26 10:57 70080 -c--a-w- c:\documents and settings\ala\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-09-19 10:52 . 2008-02-14 08:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-19 10:45 . 2008-03-14 17:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 00:20 . 2009-10-04 12:14 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-14 23:12 . 2009-10-04 12:14 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-14 23:01 . 2009-10-04 12:14 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-08-24 14:14 . 2001-10-26 18:15 74230 ----a-w- c:\windows\system32\perfc015.dat
2009-08-24 14:14 . 2001-10-26 18:15 448004 ----a-w- c:\windows\system32\perfh015.dat
2008-05-26 18:19 . 2008-05-26 18:19 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2007-12-05 57344]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre1.dll" [2009-07-06 2215960]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2009-07-06 19:22 2215960 ----a-w- c:\program files\Free_Lunch_Design\tbFre1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 12:54 1555480 ----a-w- c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre1.dll" [2009-07-06 2215960]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
"{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFre1.dll" [2009-07-06 2215960]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-09-18 288048]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-09-24 2971608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^ala^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
path=c:\documents and settings\ala\Menu Start\Programy\Autostart\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"NMSAccessU"=2 (0x2)
"NMIndexingService"=3 (0x3)
"GoogleDesktopManager-022208-143751"=3 (0x3)
"gusvc"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-12 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-10-04 229304]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-12 20560]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-10-04 87656]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-10-04 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-10-04 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-10-04 46592]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-10-04 115088]
S4 GoogleDesktopManager-022208-143751;Menedżer Google Desktop 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-26 29744]
.
Zawartość folderu 'Zaplanowane zadania'

2009-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/ig?ct=1056755551
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ala\Dane aplikacji\Mozilla\Firefox\Profiles\7ee0ncdc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.pl
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\ala\Dane aplikacji\Mozilla\Firefox\Profiles\7ee0ncdc.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 20:19
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(2892)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Czas ukończenia: 2009-10-04 20:25 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-10-04 18:25
ComboFix2.txt 2009-02-22 15:49

Przed: 2 314 866 688 bajtów wolnych
Po: 2 375 905 280 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

218 --- E O F --- 2008-02-14 07:21

[/log]
[color="#0000FF"]
//Zmieniam nazwę tematu
//MarekM25[/color]

Psycholandia
komentarz
komentarz

Zapoznaj się z regulaminem działu bezpieczeństwo, nie dajemy bez prośby sprawdzającego loga z Combofixa, ponieważ bywa szkodliwy.
Daj loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338

cypherq
komentarz
komentarz

Bardzo przepraszam za uchybienia, zamieszczam log i jeszcze raz proszę o pomoc:

[log]OTL logfile created on: 2009-10-05 20:30:09 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\ala\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

639,48 Mb Total Physical Memory | 196,57 Mb Available Physical Memory | 30,74% Memory free
793,64 Mb Paging File | 339,79 Mb Available in Paging File | 42,81% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 2,23 Gb Free Space | 15,22% Space Free | Partition Type: NTFS
Drive D: | 41,27 Gb Total Space | 0,23 Gb Free Space | 0,55% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALA-D3CBB00432D
Current User Name: ala
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2006-10-22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009-09-23 08:43:00 | 00,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2007-06-13 15:23:49 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2008-06-10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2009-02-05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007-04-10 15:01:48 | 00,337,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
PRC - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-09-24 08:59:28 | 02,971,608 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2004-08-04 02:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2003-12-22 08:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2004-03-04 16:46:24 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2004-02-18 19:55:28 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
PRC - [2009-04-16 13:36:36 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2003-12-22 08:38:40 | 00,217,088 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\soln\HPOSM.exe
PRC - [2007-11-14 12:54:24 | 02,131,392 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2009-09-18 00:08:48 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-06-10 04:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2009-10-05 20:11:06 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ala\Moje dokumenty\Downloads\OTL.exe
PRC - [2004-08-04 02:44:26 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2004-08-04 02:44:26 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009-02-05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008-05-26 20:18:46 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-022208-143751 [Disabled | Stopped])
SRV - [2009-10-01 14:27:55 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
SRV - [2004-08-04 02:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006-10-27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [Disabled | Stopped])
SRV - File not found -- -- (NMIndexingService [Disabled | Stopped])
SRV - [2008-10-20 22:18:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Disabled | Stopped])
SRV - [2006-10-22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [Disabled | Stopped])
SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009-09-23 08:43:00 | 00,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus [Auto | Running])
SRV - [2008-11-11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [Disabled | Stopped])
SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-02-05 22:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2004-08-04 01:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2009-02-05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009-02-05 22:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009-02-05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009-02-05 22:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009-02-05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007-01-31 15:33:46 | 00,005,632 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit [Boot | Running])
DRV - [2007-01-18 14:00:28 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgArCln.sys -- (AvgArCln [System | Running])
DRV - [2004-08-04 01:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008-09-15 08:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008-09-15 08:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2006-10-22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2008-08-26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2008-10-22 14:20:34 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2009-09-16 14:19:24 | 00,087,656 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent [Auto | Running])
DRV - [2009-08-14 12:44:18 | 00,032,552 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys -- (PCTFW-DNS [On_Demand | Running])
DRV - [2009-09-16 08:39:54 | 00,070,280 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter [On_Demand | Running])
DRV - [2009-09-24 08:55:46 | 00,229,304 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys -- (pctgntdi [System | Running])
DRV - [2009-07-29 09:54:42 | 00,046,592 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\DRIVERS\pctNdis.sys -- (pctNDIS [On_Demand | Running])
DRV - [2009-09-08 12:48:36 | 00,115,088 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys -- (pctplfw [On_Demand | Running])
DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004-08-04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008-09-24 21:08:50 | 00,716,272 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005-08-30 17:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV - [2005-08-30 17:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV - [2005-08-30 17:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV - [2008-09-15 08:56:24 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2004-08-04 00:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008-09-15 08:56:34 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2004-08-04 00:32:32 | 00,084,480 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\ac97via.sys -- (VIAudio [On_Demand | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ig?ct=1056755551
IE - HKCU\..\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}:2.2.0.9
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090813W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=megaup&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-02-08 15:36:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-18 00:08:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-18 00:08:56 | 00,000,000 | ---D | M]

[2008-11-09 23:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ala\Dane aplikacji\mozilla\Extensions
[2008-11-09 23:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ala\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-10-04 22:58:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ala\Dane aplikacji\mozilla\Firefox\Profiles\7ee0ncdc.default\extensions
[2009-09-16 00:08:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ala\Dane aplikacji\mozilla\Firefox\Profiles\7ee0ncdc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009-08-19 20:20:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ala\Dane aplikacji\mozilla\Firefox\Profiles\7ee0ncdc.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}
[2008-06-09 21:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ala\Dane aplikacji\mozilla\Firefox\Profiles\7ee0ncdc.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2009-08-19 20:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ala\Dane aplikacji\mozilla\Firefox\Profiles\7ee0ncdc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008-12-02 12:34:50 | 00,000,896 | ---- | M] () -- C:\Documents and Settings\ala\Dane aplikacji\Mozilla\FireFox\Profiles\7ee0ncdc.default\searchplugins\conduit.xml
[2009-10-04 22:58:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008-10-31 23:43:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009-09-18 00:08:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008-07-08 17:33:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B7D3E479-CC68-42B5-A338-938ECE35F419}
[2008-07-12 09:13:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008-10-31 23:43:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\google-ggic@partners.mozilla.com
[2008-10-30 22:07:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\real-networks@partners.mozilla.com
[2009-09-18 00:08:45 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-09-18 00:08:45 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008-05-26 20:19:05 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007-12-19 14:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007-10-11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009-09-18 00:08:51 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007-05-10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008-09-10 21:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008-09-10 21:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009-09-08 09:32:45 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009-09-08 09:32:45 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009-09-08 09:32:45 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009-09-08 09:32:45 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009-09-08 09:32:45 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-09-08 09:32:45 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009-09-08 09:32:45 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - C:\Program Files\Free_Lunch_Design\tbFre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.14.127.138 85.14.126.126
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://i184.photobucket.com/albums/x24/cerimorriss/Williams%20birthday/DSC_4912.jpg?t=1185537424
O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-07-13 11:18:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-09-17 21:58:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
[2009-10-04 14:14:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-09-16 19:50:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ala\Dane aplikacji\dvdcss
[2009-10-04 14:15:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ala\Dane aplikacji\PCToolsFirewallPlus
[2009-09-16 19:50:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ala\Dane aplikacji\vlc
[2009-10-04 15:36:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ala\Dane aplikacji\VSRevoGroup
[2009-09-17 21:58:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ala\Ustawienia lokalne\Dane aplikacji\Microsoft Help
[2009-09-19 12:52:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2009-09-17 22:07:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009-10-04 14:13:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009-10-03 15:12:27 | 00,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2009-10-04 19:09:55 | 00,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2009-10-04 19:09:13 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009-09-19 11:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2009-09-17 22:07:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009-09-17 21:59:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009-09-17 22:08:33 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009-09-17 22:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009-09-17 22:08:14 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009-10-04 14:13:43 | 00,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2009-10-04 15:04:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-09-16 19:47:36 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009-10-04 15:35:40 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009-10-04 20:11:13 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-10-04 19:13:19 | 00,044,544 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSXML4a.dll
[2009-10-04 19:13:18 | 00,626,960 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpvaut32.dll
[2009-10-04 19:13:17 | 00,487,424 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpvcp70.dll
[2009-10-04 19:13:17 | 00,344,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hpvcr70.dll
[2009-10-04 18:55:42 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009-10-04 18:55:42 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009-10-04 14:14:47 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009-10-04 14:14:47 | 00,087,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009-10-04 14:14:42 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009-10-04 14:13:54 | 00,070,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2009-10-04 14:13:54 | 00,046,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2009-10-04 14:13:54 | 00,032,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2009-10-04 14:13:50 | 00,115,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys
[2009-10-03 15:12:29 | 00,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2009-09-19 12:33:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ala\Moje dokumenty\Updater
[2009-09-19 12:07:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Adobe PDF
[2009-09-17 22:13:19 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2009-09-17 21:52:11 | 00,000,000 | R--D | C] -- C:\MSOCache
[2008-10-22 14:20:34 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ala\Dane aplikacji\pcouffin.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-10-05 20:03:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-10-05 20:03:45 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-10-05 20:03:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-10-05 20:02:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-10-05 20:02:56 | 67,061,7600 | -HS- | M] () -- C:\hiberfil.sys
[2009-10-04 20:19:41 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-10-04 20:11:19 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009-10-04 20:07:42 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-10-04 20:07:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-10-04 20:07:42 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009-10-04 19:32:13 | 03,325,144 | R--- | M] () -- C:\Documents and Settings\ala\Pulpit\ComboFix.exe
[2009-10-04 19:15:55 | 00,578,692 | ---- | M] () -- C:\WINDOWS\hpdj5700.his
[2009-10-04 19:15:55 | 00,012,231 | ---- | M] () -- C:\WINDOWS\hpdj5700.ini
[2009-10-04 19:10:21 | 00,000,893 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\HP Deskjet 5700 Series Podręcznik użytkownika.lnk
[2009-10-04 19:10:21 | 00,000,884 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Drukowanie fotografii HP.lnk
[2009-10-04 15:35:41 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\ala\Pulpit\Revo Uninstaller.lnk
[2009-10-04 15:04:07 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\ala\Pulpit\HijackThis.lnk
[2009-10-03 15:12:29 | 00,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG Anti-Rootkit Free.lnk
[2009-10-02 23:46:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-10-01 21:07:20 | 00,012,064 | ---- | M] () -- C:\Documents and Settings\ala\Moje dokumenty\kolejowa.xlsx
[2009-09-29 11:16:01 | 00,144,384 | ---- | M] () -- C:\Documents and Settings\ala\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-24 08:55:46 | 00,229,304 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009-09-23 15:10:06 | 00,207,280 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009-09-23 09:16:59 | 00,070,080 | ---- | M] () -- C:\Documents and Settings\ala\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-09-19 23:26:35 | 00,180,224 | ---- | M] () -- C:\Documents and Settings\ala\Moje dokumenty\db1.mdb
[2009-09-18 09:11:10 | 00,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-09-16 19:48:12 | 00,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\VLC media player.lnk
[2009-09-16 14:19:24 | 00,087,656 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009-09-16 08:39:54 | 00,070,280 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2009-09-16 02:20:50 | 00,007,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009-09-15 01:12:04 | 00,007,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009-09-15 01:01:44 | 00,007,387 | ---- | M] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009-09-14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009-09-08 14:15:32 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\ala\Pulpit\Skype.lnk
[2009-09-08 14:10:02 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\ala\Pulpit\foobar2000.lnk
[2009-09-08 14:09:50 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\ala\Pulpit\Mozilla Firefox.lnk
[2009-09-08 12:48:36 | 00,115,088 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys

[color=#E56717]========== Files - No Company Name ==========[/color]
[2009-10-04 20:11:19 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009-10-04 20:11:15 | 00,262,400 | ---- | C] () -- C:\cmldr
[2009-10-04 19:42:20 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009-10-04 19:31:32 | 03,325,144 | R--- | C] () -- C:\Documents and Settings\ala\Pulpit\ComboFix.exe
[2009-10-04 19:10:21 | 00,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\HP Deskjet 5700 Series Podręcznik użytkownika.lnk
[2009-10-04 19:10:21 | 00,000,884 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Drukowanie fotografii HP.lnk
[2009-10-04 19:07:41 | 00,578,692 | ---- | C] () -- C:\WINDOWS\hpdj5700.his
[2009-10-04 19:07:41 | 00,012,231 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2009-10-04 15:35:41 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\ala\Pulpit\Revo Uninstaller.lnk
[2009-10-04 15:04:06 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\ala\Pulpit\HijackThis.lnk
[2009-10-04 14:14:47 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009-10-04 14:14:47 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009-10-04 14:14:42 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009-10-03 15:12:29 | 00,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AVG Anti-Rootkit Free.lnk
[2009-09-20 00:28:46 | 00,012,064 | ---- | C] () -- C:\Documents and Settings\ala\Moje dokumenty\kolejowa.xlsx
[2009-09-17 08:59:55 | 00,180,224 | ---- | C] () -- C:\Documents and Settings\ala\Moje dokumenty\db1.mdb
[2009-09-16 19:48:11 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\VLC media player.lnk
[2009-09-08 14:10:02 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\ala\Pulpit\foobar2000.lnk
[2009-09-08 14:09:50 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\ala\Pulpit\Mozilla Firefox.lnk
[2009-03-01 22:07:06 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-03-01 22:07:03 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009-03-01 22:07:02 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-03-01 22:07:02 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-03-01 22:06:59 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-03-01 22:06:59 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-10-31 16:19:04 | 04,840,778 | -H-- | C] () -- C:\Documents and Settings\ala\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2008-10-22 14:20:59 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\ala\Dane aplikacji\pcouffin.log
[2008-10-22 14:20:35 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\ala\Dane aplikacji\pcouffin.cat
[2008-10-22 14:20:34 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\ala\Dane aplikacji\pcouffin.inf
[2008-10-12 11:46:19 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
[2008-09-24 21:08:49 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-08-14 09:31:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008-05-28 11:42:04 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2008-05-28 11:41:54 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008-03-31 18:57:18 | 00,000,556 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-03-14 19:54:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2008-03-06 14:34:43 | 00,000,013 | ---- | C] () -- C:\WINDOWS\TEXTware.ini
[2008-02-02 09:34:52 | 00,001,725 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-07-31 13:07:54 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-07-26 12:57:46 | 00,070,080 | ---- | C] () -- C:\Documents and Settings\ala\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2007-07-26 12:39:57 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2007-07-26 11:51:51 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007-07-23 21:20:28 | 00,144,384 | ---- | C] () -- C:\Documents and Settings\ala\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-07-13 12:53:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2007-07-13 11:26:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\ala\Dane aplikacji\desktop.ini
[2007-07-02 21:41:13 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-03-29 23:00:40 | 00,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006-11-28 13:23:25 | 00,224,768 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2006-10-22 12:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-22 12:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-10-22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-22 12:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-10-22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-10-22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004-08-04 02:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2002-03-21 16:39:02 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002-03-21 14:51:52 | 00,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002-03-21 12:51:52 | 00,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002-03-21 12:51:52 | 00,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002-03-21 12:51:52 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002-03-21 12:51:52 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002-03-21 12:51:52 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002-03-21 12:51:52 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002-03-20 21:01:06 | 00,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002-03-20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002-03-20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002-03-20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002-03-20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001-07-22 02:16:20 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 02:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999-01-22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:C31F31E6
< End of report >
[/log]

Psycholandia
komentarz
komentarz

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

[code]:Processes
explorer.exe

:OTL
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

:Files
C:\Program Files\AskTBar

:Commands
[emptytemp]
[start explorer]
[Reboot]
[/code]

Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
W którym miejscu występował wirus?

cypherq
komentarz
komentarz

Wirus cały czas siedzi w C:\Windows\system32\

Oto log:

[log]Malwarebytes' Anti-Malware 1.41
Wersja bazy definicji: 2916
Windows 5.1.2600 Dodatek Service Pack 2

2009-10-06 21:44:45
mbam-log-2009-10-06 (21-44-45).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowane obiekty: 144828
Upłynęło: 1 hour(s), 24 minute(s), 38 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 1
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 5

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
C:\32788R22FWJFW\Combo-Fix.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EF825337-E9C2-4D6E-9754-C27BABB29494}\RP583\A0174630.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EF825337-E9C2-4D6E-9754-C27BABB29494}\RP583\A0174713.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EF825337-E9C2-4D6E-9754-C27BABB29494}\RP583\A0174856.sys (Worm.Agent) -> Quarantined and deleted successfully.
[/log]

MarekM25
komentarz
komentarz

Więc daj ponownie loga z otl.

C:\Windows\system32\ i czasami nie ma nic dalej? :P to ważne

Przeskanuj komputer skanerem online.

cypherq
komentarz
komentarz

Jeszcze raz powtórzę, nie widziałem na oczy kompa z którym jest problem. Avast mówi zawsze C:\Windows\system32\nazwa.pliku

Dlaczego mam jeszcze raz dać loga z OTL?

Psycholandia
komentarz
komentarz

Dowiedz się dokładnie o nazwę pliku. Ponownie loga OTL, żeby go przeanalizować znów.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.